werfsd
-
Posts
8 -
Joined
-
Last visited
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by werfsd
-
-
This was very helpful, thanks.
That being said, if you follow these simple rules then I think you are safe:
1. Do not expose the Connect or Admin interfaces to the Internet.
There is literally no need to open these interfaces to the internet in the majority of cases. You're a home user (I imagine, as are the majority of those who use unRAID) and you can access these interfaces on your LAN to configure / download config files.
2. Use UDP protocol on port 1194 (or other) only for VPN access.
When TCP mode is chosen for the VPN Server protocol, the VPN Server can optionally provide access to these services through its IP address and port. You don't want to do this or forget that its set. So just don't enable it. These settings are however maintained across updates.
3. Update your Container carefully.
If you are really worried, before you update the Container: disable your port forwarding, have a terminal session open with the command ready to execute. If you are even more worried you could have your unRAID server (along with any configuring client) on a dedicated switch so you can isolate other local clients from being able to access the unRAID server for that period of time.
I want to add that #3 is way OTT IMHO but #1 and #2 should be followed to maintain security. I don't run in an environment where LAN clients are not trusted (in that I would never expect someone on the LAN side to maliciously "hack" into the OpenVPN-AS interfaces in the short time they are open when I upgrade). Therefore #3 is not something I really thought about until your question. I would suggest that most unRAID users (without getting Philosophical about it) would consider their LAN secure.
Anyway, in summary, not that much of an issue IMHO.
-
Just a heads up for anyone that is wondering...
I tried installing this on my Unraid 6.2.2 server, and the WebUI would fail to load. Finally had to add in an extra command when setting up the app.
--net=bridge -p 0.0.0.0:8123:8123
Found the solution here
https://community.home-assistant.io/t/docker-on-mac-install-front-end-nowhere-to-be-found/5553/5
This worked great, thanks!
-
Should dnsmasq be running by default on unraid? I think this may be the issue and am wondering if there will be any adverse affects if I remove it.
So I ran
killall dnsmasq
then was able to start Pihole just fine. Not sure if this will persist after a reboot, no idea if I have broken anything else but things seem to be working at the moment.
-
Should dnsmasq be running by default on unraid? I think this may be the issue and am wondering if there will be any adverse affects if I remove it.
-
do you have port 53 in use by any other dockers?
No, I did run through all my dockers and did not see any conflicts, unless there are some settings I don't know about. My list of dockers just in case:
- CouchPotato, DDClient, deluge, Dolphin, muximux, openvpn-as, plex, plexpy, sabnzbd, Sonarr.
Try a reboot... worked for me when I was having a similar problem.
Sent from my iPhone using Tapatalk
Rebooted and disabled autostart of all dockers and VM's. Still no luck. Am I able to switch port 53 to 54 or will this break how pihole works?
-
do you have port 53 in use by any other dockers?
No, I did run through all my dockers and did not see any conflicts, unless there are some settings I don't know about. My list of dockers just in case:
- CouchPotato, DDClient, deluge, Dolphin, muximux, openvpn-as, plex, plexpy, sabnzbd, Sonarr.
-
I have also run into the port 53 issue:
docker: Error response from daemon: failed to create endpoint pihole on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:53: bind: address already in use.
If I run 'lsof -Pni | grep 53' the only thing that comes up with port 53 is:
dnsmasq 15316 nobody 5u IPv4 26575 0t0 UDP 192.168.122.1:53
dnsmasq 15316 nobody 6u IPv4 26576 0t0 TCP 192.168.122.1:53 (LISTEN)
Any ideas how to fix this one?
[Support] Linuxserver.io - OpenVPN AS
in Docker Containers
Posted
Upgrade will not work with existing config folder. What I did was take a screen shot of all my settings, set up a new container from the app store with different name and config folder, and just went through the screen shots and copied all my settings across. Took less than 10 min.
You will also need to import a new ovpn file.