Selmak
-
Posts
21 -
Joined
-
Last visited
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by Selmak
-
-
On 12/8/2022 at 8:06 AM, DrBobke said:
KING!!!!
Also in Nextcloud all checks are fine, thanks a lot for providing the definitive answer, it really helped me!
Glad I could help.
-
1
-
-
occ db:add-missing-indices
-
19 hours ago, DrBobke said:
I have tried in different possibilities, but none of them seem to work... 😞
see screenshot:
Too bad that you don't know about Swag, anyone else? 🙂
If you are not using Swag, do you have a reverse proxy that you use and if so, what are you using?
Thanks again,
DrBobke
Have you tired just using occ ?
https://docs.linuxserver.io/images/docker-nextcloud
Note: Both occ and updater.phar can be run without prepending with sudo -u abc php or sudo -u www-data php
It also looks like the dir you are trying to use in the container is wrong it should be i.e /config/www/nextcloud.
Try running running occ then the command without specifying the dir.
-
On 5/8/2022 at 11:32 PM, bonienl said:
Unraid does not accept a system wide DNS setting, instead - if a specific DNS is required - you should configure that under extra parameters of the docker container.
Like:
--dns=100.x.y.zI used resolvconf from slackware.pkgs.org to do dns. (I haven't actually used my script in a while guess I don't have to now seeing as its integrated into the UI)
-
Thank you for this.
I have been trying to get swag fail2ban working for the last day with Authelia. I had it banning the IP address but it was not actually blocking the connection.
Here is the error just in case anyone knows what it is.
2022-01-26 13:06:07,664 fail2ban.utils [1756]: ERROR 150757ff7190 -- exec: ip6tables -w -N f2b-authelia ip6tables -w -A f2b-authelia -j RETURN ip6tables -w -I DOCKER-USER -p tcp -j f2b-authelia 2022-01-26 13:06:07,664 fail2ban.utils [1756]: ERROR 150757ff7190 -- stderr: 'ip6tables: Chain already exists.' 2022-01-26 13:06:07,665 fail2ban.utils [1756]: ERROR 150757ff7190 -- stderr: 'ip6tables: No chain/target/match by that name.' 2022-01-26 13:06:07,665 fail2ban.utils [1756]: ERROR 150757ff7190 -- returned 1Anyway 10 mins after reading your post fail2ban is working with cloudflare.
-
1
-
-
Yep not hard to add something in the GO file
-
I found an easy solution for the time being just delete /usr/local/emhttp/plugins/dynamix.my.servers/webComps/unraid.min.js
It's nuked everything in the right corner of the banner i.e server Identification and uptime but looks better already.
-
1
-
-
It is really ugly and pretty much a nag screen. Why does it have to be on the banner?
-
2
-
-
To be honest the cloud based management services inc key management is not for me. In the past 6 years I have have only changed my usb drive once or twice.
So how can I remove the sign in option on the banner and from my system?
-
Hi I have been routing some of my dockers via a custom wireguard network .
I got the idea from nickb.dev and Reddit
The way I have it starting up is via the go file.
I did install resolvconf from slackware.pkgs.org. You can also just use the --dns= flag on the docker containers.
ip link add dev vpnac-us19 type wireguard wg setconf vpnac-us19 /etc/wireguard/vpnac-us19.conf ip address add 10.11.2.55 dev vpnac-us19 ip link set up dev vpnac-us19 printf 'nameserver %s\n' 10.11.0.1 | resolvconf -a tun.vpnac-us19 -m 0 -x sysctl -w net.ipv4.conf.all.rp_filter=2 ip rule add from 172.18.0.0/16 table 200 ip route add default via 10.11.2.55 metric 2 table 200 ip rule add table main suppress_prefixlength 0 ip route add blackhole default metric 3 table 200 ip link set mtu 1420 up dev vpnac-us19
Everything seems to work I can access the web ui of the containers.
If I manually bring down the link with
ip link del dev vpnac-us19
the containers get null routed via.
ip route add blackhole default metric 3 table 200I have been playing with a script from reddit. If I run it manually it works.. however it does not seem to insert the dns into the /etc/resolv.conf file?. If I run the command manually it works.
printf 'nameserver %s\n' 10.11.0.1 | resolvconf -a tun.vpnac-us19 -m 0 -x
I tried getting the script to run via the go file and the userscripts but for some reason it would not work?.
Here is the script I have been using.
#!/bin/bash # Script to create a split tunnel wireguard interface that will only tunnel a specific # Docker network through wireguard. All other traffic will not be vpn'ed. The script will # create a boot configuration so the interface comes back online after reboots. # It also creates the routes so that WebGUIs are still accessible from the LAN and the # vpn'ed containers can still reach other docker containers. # Usage wireguard <up|down|status> ## Set variables # Name of the docker network to route through wireguard # This network will be created if it does not exist using 10.30.0.0/16 DOCKER_NET_NAME="vpn-docker" # Name of wireguard interface to create DEV_NAME="vpnac-us19" ########################################################################################## # Nothing to edit below this line tecreset=$(tput sgr0) COL="12G" set_ok () { echo -e -n "\\033[0G[ \E[0;32m OK $tecreset ] "; } set_failed () { echo -e -n "\\033[0G[ \E[0;31mFAILED$tecreset ] "; } echo_and_run () { echo -n -e "\\033[$COL$*" ; "$@" > /dev/null 2>&1; } while_check () { RETVAL=$? while [ $RETVAL -ne 0 ]; do set_failed; echo_and_run $1 echo $2 RETVAL=$? done set_ok; echo -e "\\033[$COL$CMD" } if_check () { CMD=$1 echo_and_run $1 CHECK=$2 RETVAL=$? if [ $RETVAL -ne 0 ]; then set_failed; echo exit 1 fi set_ok; echo } vpn_check () { VPNIP=`docker run -ti --rm --net=$DOCKER_NET_NAME appropriate/curl https://api.ipify.org` IP=`curl --silent https://api.ipify.org` if [[ $VPNIP == *"Could not resolve host"* ]]; then set_ok; echo "Not Connected to Endpoint: Blackhole active" elif [[ $VPNIP == $ENDPOINT_IP ]]; then set_ok; echo "Connected to $ENDPOINT_IP" elif [[ $VPNIP == $IP ]]; then set_failed; echo "Not Connected to Endpoint: Blackhole NOT active!" fi } # check module is installed MOD_CHECK=`lsmod | grep wire` RETVAL=$? if [ $RETVAL -ne 0 ]; then set_failed; echo -e "WireGuard Module Not Installed." exit 1 fi set_ok; echo -e "\\033[$COL WireGuard Module Installed" # check for conf file if [ ! -f "/etc/wireguard/$DEV_NAME.conf" ]; then set_failed; echo -e "\\033[$COL/etc/wireguard/$DEV_NAME.conf" exit 1 fi set_ok; echo -e "\\033[$COL/etc/wireguard/$DEV_NAME.conf" # check for wireguard module # Get IP addresses and subnets needed DOCKER_NET=`docker network inspect $DOCKER_NET_NAME | grep Subnet | awk '{print $2}' | sed 's/[",]//g'` INTERFACE_IP=`grep Address /etc/wireguard/$DEV_NAME.conf | awk '{print $3}' | cut -d/ -f1` ENDPOINT_IP=`grep Endpoint /etc/wireguard/$DEV_NAME.conf | awk '{print $3}' | cut -d: -f1` #FILE="/mnt/user/temppc/$DEV_NAME" up (){ # add wireguard interface CMD="ip link add $DEV_NAME type wireguard" CHECK=`ip addr | grep $DEV_NAME` if_check "$CMD" "$CHECK" # set wireguard conf CMD="wg setconf $DEV_NAME /etc/wireguard/$DEV_NAME.conf" CHECK=`wg showconf $DEV_NAME 2>/dev/null` if_check "$CMD" "$CHECK" # assign ip to wireguard interface CMD="ip addr add $INTERFACE_IP dev $DEV_NAME" CHECK=`ip addr | grep $INTERFACE_IP` if_check "$CMD" "$CHECK" # set sysctl CMD="sysctl -w net.ipv4.conf.all.rp_filter=2" set_ok; echo $CMD # set mtu for wireguard interface CMD="ip link set mtu 1420 up dev $DEV_NAME" set_ok; echo_and_run $CMD # bring wireguard interface up CMD="ip link set up dev $DEV_NAME" CHECK=`ip addr | grep $DEV_NAME | grep UP` if_check "$CMD" "$CHECK" # create docker network CMD="docker network create $DOCKER_NET_NAME --subnet 10.30.0.0/16 -o "com.docker.network.driver.mtu"="1420"" CHECK=`docker network inspect $DOCKER_NET_NAME > /dev/null 2>&1` while_check "$CMD" "$CHECK" # add table 200 CMD="ip rule add from $DOCKER_NET table 200" CHECK=`ip rule show | grep -w "lookup 200"` while_check "$CMD" "$CHECK" # add blackhole CMD="ip route add blackhole default metric 3 table 200" CHECK=`ip route show table 200 | grep -w "blackhole"` while_check "$CMD" "$CHECK" # add default route for table 200 CMD="ip route add default via $INTERFACE_IP metric 2 table 200" CHECK=`ip route show table 200 | grep -w $INTERFACE_IP` while_check "$CMD" "$CHECK" # add local lan route CMD="ip rule add table main suppress_prefixlength 0" CHECK=`ip rule show | grep -w "suppress_prefixlength"` while_check "$CMD" "$CHECK" # add dns CMD="printf 'nameserver %s\n' 10.11.0.1 | resolvconf -a tun.vpnac-us19 -m 0 -x" set_ok; echo $CMD # check vpn ip vpn_check } down (){ # del wireguard interface CMD="ip link del $DEV_NAME" CHECK=`ip addr | grep $DEV_NAME` if_check "$CMD" "$CHECK" # check table 200 CMD="ip rule add from $DOCKER_NET table 200" CHECK=`ip rule show | grep -w "lookup 200"` while_check "$CMD" "$CHECK" # check blackhole CMD="ip route add blackhole default metric 3 table 200" CHECK=`ip route show table 200 | grep -w "blackhole"` while_check "$CMD" "$CHECK" # check to make sure blackhole is active vpn_check } status(){ # check blackhole CMD="ip route add blackhole default metric 3 table 200" CHECK=`ip route show table 200 | grep -w "blackhole"` while_check "$CMD" "$CHECK" # check to make sure blackhole is active vpn_check } command="$1" shift case "$command" in up) up "$@" ;; down) down "$@" ;; create) create "$@" ;; status) status "$@" ;; *) echo "Usage: $0 up|down|status" >&2; exit 1 ;; esac
Does anyone know a better way to have it run?
-
8 hours ago, TheIstar said:
Something I do not get from your text thought, first you say: "...they have put in so much time helping people..." -> have to.
Later you say: "They don't have to help and share their toys." -> Don't have to.
Which is it now, have or don't have?
I literally said Just for the sake of helping.
8 hours ago, TheIstar said:helping people just for the sake of helping the community.
8 hours ago, TheIstar said:I do agree with 1 thing though. It would be great if the developers put in effort to work closely with the community as objectively it is something that contributes greatly to the success of UnRaid
I agree on this if Unraid didn't have Docker and CA I would not personally be using it.
9 hours ago, TheIstar said:I am thankful but I should not be forced to be thankful. I am because I choose to.
No one is forcing anyone to be thankful however that should just come with someone helping you. Basic respect and all that.
Obviously everyone's moral compass tilts in different directions that's just life I guess.
@limetech FWIW I am enjoying having the GPU drivers integrated into Unraid looking forward to future updates.
-
On 11/23/2020 at 8:07 PM, TheIstar said:
Now with this analogy, ask yourself.
Is the reaction of @CHBMB (the uncle) proportionate and justified? Does a parent (@limetech) need to inform the uncle of these kind of things? Sure it is nice, but is it really needed? Do you think it is right for the uncle to punish the kid? Should the parent even be grateful that the uncle presents the kid a toy with sharp edges (I know I wouldn't).
The only one the uncle should expect thanks from i.m.o is the kid. The community is and was grateful. Yet @CHBMB is the one who decided to punish the community and take away their toy because of his hurt feelings.
Late to the party.
I love unraid I have been using it for years, I have even recommend it to a family member and a friend who have gotten licenses.
I have even contributed in my own little way.
I have read your analogy twice and all I am getting from it is you think @CHBMB is acting like a Spoiled brat and they should only expect thanks from the community. Even know they and other like them stepped up to help the community (parented) when the community were being ignored from the Unraid team (parents).
Now that the unraid team has decided to parent again the uncle should expect no thanks and if other community members don't like it they can leave?
Of course their feelings are hurt they have put in so much time helping people just for the sake of helping the community.
Just like you said why should they help the kids if the parents aren't grateful and are scared their help will damage the kids?.
Remember they aren't getting paid like the unraid team.They don't have to help and share their toys.
With that being said maybe unraid will put more of an effort in when it comes to the community devs they are after all what make unraid what it is imo.
-
4
-
-
7 hours ago, bonienl said:
With Unraid containers may have either fixed addresses or dynamic addresses when used on a custom (macvlan) network.
To ensure that "any" container can be accessed by the host, I took the approach as described in the blog, and modified it to the needs for Unraid.
Instead of defining a subnet associated with the DHCP pool for containers, the complete macvlan subnet is split in two smaller subnets, e.g. a 1 x /24 becomes 2 x /25 and these subnets are used to set up a "shim" network which allows the host (Unraid) to access any container in the associated macvlan network.
To make use of this feature it is a simple matter of enabling it in the Docker settings page (new setting which defaults to "disabled").
Now I can ping the container "Pi-hole" with (fixed) address 10.0.101.100 on custom network br0
root@vesta:/# ping 10.0.101.100 PING 10.0.101.100 (10.0.101.100) 56(84) bytes of data. 64 bytes from 10.0.101.100: icmp_seq=1 ttl=64 time=0.096 ms 64 bytes from 10.0.101.100: icmp_seq=2 ttl=64 time=0.040 ms 64 bytes from 10.0.101.100: icmp_seq=3 ttl=64 time=0.032 ms 64 bytes from 10.0.101.100: icmp_seq=4 ttl=64 time=0.020 msAnd I can ping the container "Tautulli" with (dynamic) address 10.0.101.128 on custom network br0
root@vesta:/# ping 10.0.101.128 PING 10.0.101.128 (10.0.101.128) 56(84) bytes of data. 64 bytes from 10.0.101.128: icmp_seq=1 ttl=64 time=0.111 ms 64 bytes from 10.0.101.128: icmp_seq=2 ttl=64 time=0.032 ms 64 bytes from 10.0.101.128: icmp_seq=3 ttl=64 time=0.026 ms 64 bytes from 10.0.101.128: icmp_seq=4 ttl=64 time=0.024 msThere is ONE CAVEAT ...
When remotely accessing a container on a custom network over a WireGuard tunnel, you MUST define a route on your router (gateway) which points back to the tunnel on the server. E.g. route 10.253.0.0/24 ==> 192.168.1.2 (Unraid server)
This is required because it is not possible to use NAT between a custom network and a WG tunnel, since everything is handled internally on the server and never leaves the physical interface, hence NAT is never in the picture here.
Awesome work mate
-
First of all thanks for the wireguard gui creating a vpn has never been easier.
Like a lot of people here I couldn't access my dockers on custom IP address using the default macvlan network that unraid creates.
However there seems to be a workaround. I found this blog by Lars Kellogg-Stedman which describes the problem and a solution.
Instead of letting unraid create the docker network do it yourself and use the --aux-address option.
Then create another macvlan network to communicate to the containers.
This is what I did.
I deleted the network that the unraid gui made then I set up my docker network with the following.
docker network create -d macvlan -o parent=br0 --subnet 192.168.1.0/24 --gateway 192.168.1.1 --ip-range 192.168.1.128/28 --aux-address 'host=192.168.1.223' mynetThen I added the other macvlan and these ip routes. I also added them to the go file.
ip link add mynet-shim link br0 type macvlan mode bridge ip addr add 192.168.1.223/32 dev mynet-shim ip link set mynet-shim up ip route add 192.168.1.128/28 dev mynet-shimNow I can access all my dockers
Hope this helps people and thank Lars for his blog.
-
2
-
1
-
-
Edit: It seems that rdp-calibre docker was not on the latest version of calibre.
I changes "Set Container Variable: EDGE" to 1 and that download the newest version of calibre now they are both on 3.4.2.
My books are importing no problems now.
Can somebody help please.
I am unable to import books via LL calibredb using the content server.
I have LL docker and the rdp-calibre docker installed.
I have enabled the content server with a username and password.
I have read / write access to the db
calibredb ok, version 3.42 Database READ ok Database WRITE okI have the same paths mapped for the books library and download paths and a import path.
When I try to import for example I get this error
11-May-2019 12:53:42 - DEBUG :: IMPORTALT : librarysync.py:find_book_in_db:171 : Searching database for [The Girl In The Clockwork Collar] by [Kady Cross] 11-May-2019 12:53:42 - DEBUG :: IMPORTALT : librarysync.py:find_book_in_db:215 : Exact match [The Girl In The Clockwork Collar] 11-May-2019 12:53:42 - DEBUG :: IMPORTALT : postprocess.py:processDestination:1889 : Importing Steampunk Chronicles - The Girl in the Clockwork Collar - Book #2 - - Kady Cross into calibre library 11-May-2019 12:53:42 - DEBUG :: IMPORTALT : common.py:runScript:1313 : [u'/opt/calibre/calibredb', 'add', '--username', u'calibre', '--password', u'calibre', '-1', '--with-library', u'http://172.17.0.8:8081/', u'/import'] 11-May-2019 12:53:43 - DEBUG :: IMPORTALT : calibre.py:calibredb:434 : calibredb rc 1 11-May-2019 12:53:43 - DEBUG :: IMPORTALT : calibre.py:calibredb:438 : calibredb res 218[Traceback (most recent call last): File "site-packages/calibre/srv/cdb.py", line 48, in cdb_run File "site-packages/calibre/db/cli/cmd_add.py", line 64, in implementation KeyError: u'format_group' u'format_group' ] 11-May-2019 12:53:43 - DEBUG :: IMPORTALT : calibre.py:calibredb:439 : calibredb err 0[] 11-May-2019 12:53:43 - ERROR :: IMPORTALT : postprocess.py:process_book:1741 : Postprocessing for u'Steampunk Chronicles - The Girl in the Clockwork Collar - Book #2 - - Kady Cross' has failed: u'calibredb rc 1 from /opt/calibre/calibredb'If I use the rdp-calibre gui I can import the same book with out issues from the same dir.
Not sure what I am missing?
-
I wish it was made more clear that it would be raid 1 when adding a second cache drive. It would of saved a lot hassle for me.
There should be an option on the GUI to add a 2nd cache drive to just increase storage on the cache pool for those that don't want redundancy.
-
Hi would it be possible to get an inotifywait script added to the RDP-Calibre docker please.
Example inotify watches the ebook download dir then calls the update calibre script when it detects changes.
inotifywait script at boot
while true #run indefinitely do inotifywait -r -e ,close_write,move,create, /download && /calibre-update.sh done
something like this for calibre-update.sh
/opt/calibre/calibredb add --recurse --library-path "/config/" "/download" 2>&1
-
-
Hi I have a quick Question about "Your server must have access to the Internet to use the unRAID 6.2-rc"
I am using the trial and I think it is great.I am about to buy a licence but I am a bit concerned about always having an active internet connection to verify the licence.
Will this be the case when the final release come out?
I might be moving to a house with no internet access for a few months and I am concerned that I wont be able to use my server?
[指南] 如何解决自定义网络上容器的 macvlan 和 ipvlan 问题
in Docker Containers
Posted
Following the upgrade to version 6.12, my system has become less stable, with random crashes that seem to be kernel panics. To address this issue, I took the advice of @bonienl and installed a second network card, which has mitigated the system crashes to some extent.
However, I still encounter occasional kernel panics. I have attached my diagnostics in the hopes that they might shed light on the situation. In contrast, before the update (6.11.5), my system was running without any problems while utilizing macvlan.
nexus-diagnostics-20230726-1316.zip