maciekish

So anything writing in a docker or VM could show up as shfs activity? Pardon me but i have no idea what shfs is. Any way to tell more precisely what is happening other than iotop?

Can anyone figure out what is going on here please? Mover is not running (anyway it should read not write if anything). Mechanical disks are completely idle, both SSDs in cache have writes of 300Mb/s.

For future reference the issue is due to "buffering" in gzip in Caddy. Workaround: gzip { not /plugins }

Interesting, i thought you would have to reenter all shared folders, ip adresses and so on. Either way, moving back the original file with COW disabled won't hurt will it?

Won’t recreating the image remove all dockers and force you to redownload the images and reconfigure them? Sure appdata wont be lost but if you have 20+ dockers this takes a lot longer than just copying the file twice? Also my method doesn't introduce any issues does it?

It is - in fact checking for the C or NOCOW flag. The problem is that you can't set the NOCOW flag for a file larger than 0 bytes. That is - already containing data. You can only set it for newly created 0 byte files which have not yet been written to. There is a workaround though: 1) Move your docker.img to a safe location on a different device. 2) Make sure the "live" image /mnt/cache/system/docker/docker.img is removed and that you only have an empty docker folder. 2) chattr +C /mnt/cache/system/docker (Yes, the folder, not the file). By setting the C or NOCOW flag on the folder, it will apply to all files inside of it! 3) Move your docker.img back to the btrfs filesystem. It will now have the C or NOCOW flag set because the flag is set on the folder, and you didn't lose any data!

As a matter of fact, i never got the answer "no". And even if you would said no, you cannot answer for everybody. Maybe someone else would be able to help. You made your suggestion and i wasn't interested. Why continue forcing it on me?

I respectfully disagree. It is a arguably easier to set up a password-only PPTP VPN than a reverse proxy as this is built-into for example Windows-Server and provides a point-and-click UI to do it. Incorrectly configured VPN and reverse proxy will both be equally insecure. Correctly configured VPN and reverse proxy will both be equally secure. I was asking if anyone knows why a small part of the web ui doesn't work and instead i'm being lectured on security... Gee, thanks.

I don't understand this witch hunt on reverse proxies. They can be made to require client certificates as well just like a VPN has a private key or a certificate, encrypt their traffic like a VPN and don't pass anything through to unRAID until authentication has been satisified. And im not the only one to want this

Admin, please delete/lock this thread. This conversation is absolutely useless.

What is with the attitude on this forum? I asked a simple question which could even be a well known issue. I don't mind suggestions. I politely refused because it is not suitable for me, yet it was forced upon me in the next post, that is my problem with all this.

I didnt ask what the most secure solution is. Please leave the security to me. I want to know why it doesnt work over a reverse proxy and how to fix it.

You are not helping. I have reported these posts.

The webGUI isnt exposed until you login. Anyone can attempt to login to your VPN as well.

I disagree. The most secure solution is to disable the webGUI. Can we focus on solving the issue instead of discussing this please?