Energen

What we, as an Unraid community, really needs... is an up to date guide on all things SMB speed related topics. There are so many threads with people asking about SMB speed and performance and I don't think there is any single source to go to for answers. I was always like "eh" about my SMB speed, I figured it is what it is, and my 10-50mb transfers were the best I was going to get.. but when I see people with 100-200-300+ mb/s transfers that really gets me wondering what I'm doing wrong. I don't do a ton of transferring where I really need that speed but if I could get it, and should get it, I WANT it. Right now a transfer from my Unraid to my new PC build with an NVMe drive I transfer 1.4gb file ar around 112mb/s which is an improvement over my old system. Copying the file back to Unraid (cache enabled) is the same speed. But it's certainly not 710mb/sec like the image above. Share to share that same 1.4gb was about 500mb/s just now, so that's not terrible (not using mapped drives at the moment), if it matters. So this thread is a good start but if we could somehow gather all the SMB information from the entire forum and make it useable, that would be something special. Another related topic is how your network hardware affects your SMB speeds. That should be included as well. mgutt is using a 10G network adapter so clearly his results cannot be expected for someone using a 100mbit LAN. @mgutt have you tweaked your Unraid smb.conf for the SMB protocol version at all? I'm currently using server min protocol = SMB3_11 client min protocol = SMB3_11 to theoretically use the latest (fastest?) version of SMB for Unraid <-> Windows 10.

Good to know, don't think I've ever looked at the advanced view. However, the one shortcoming is that this would only apply if you actively knew there was an update. I guess you could go around in circles about the usefulness of the feature to force checking for updates rather than forcing an update. You either have reason to believe there is an update (so force update would suffice) or are randomly checking for single updates at a greater interval than, let's say, the CA Auto Update plugin. Small example that just so happens to have popped up right now........... Right now my FreshRSS docker is "up to date", and won't be checked until my scheduled update check time (CA Auto Update).. but my FreshRSS feed tells me that there has been a new version released as of this afternoon. So at this point I know there has been an update. I can 'force update' to "see" if the docker has been updated (a linuxserver docker, so maybe it hasn't pulled the update yet, who knows), or I can 'check for updates' to "know" if an update is available or not. If I don't know there's an update then no harm no foul, I don't know that I should even be checking for updates. I guess in the end the same thing is accomplished in either case, it's either updated or it's not. But it's 2020, every app in the world has a "check for updates" option so Unraid should have it too, for individual dockers!

Can you mount it with Unassigned Devices? I'm asking because I don't have a dvd drive in my Unraid server to verify. If so then you would be able to access it from Krusader at that point.

I don't see a current way of doing this, so.. the ability to check for updates on a single docker at a time would be nice. We shouldn't have to check 10-20-30 dockers at a time when you really only want to update one docker that's being worked on.

Except that it's not unnecessary because that's how the cache works. The mover runs as scheduled to clear the cache drives as configured. You're thinking of Unraid's cache drive in the same way as an SSD's cache where it's automatically written to memory from the cache as a simultaneous process..... that's not what Unraid is or does. The cache drives aren't meant, per se, to be used during a data transfer migration that would constantly fill them up. The faster transfer speeds are nice but your result is what happens.. The cache drives are mainly for faster data storage when your array is up and running where you want things on the speedier SSDs... VMs, docker data, transcoding, etc... For an initial data load you should have your cache turned off and write directly to the array. It's a slower transfer speed but you don't have the problems of full cache drives... and if you consider it, what is the actual time savings? When you fill up the cache you have to stop everything, and then run the mover to clear the cache drives -- a second write process, time consuming also.

After a good sleep, got this running...

This is a bit off topic but can anyone guide me through settings this up to use in Docker Desktop on Windows? I'd like to try it with my new Ryzen pc but honestly don't know one bit about using Docker on Windows....

You'd probably need to use a user script... such as if [ "$( docker container inspect -f '{{.State.Status}}' the_docker_name )" == "exited" ]; then docker start the_docker_name Something along those lines...

I think the only way to accomplish that would be to have a custom user script that just restarts everything.. Simple form, docker restart privoxyvpn docker restart thisone docker restart thatone

Read the documentation about what the command does and see how safe it is for you to run and how it applies to your system. Yes it is safe. Yes it could be unsafe if it deletes something you actually want to keep.

So one thing I have considered is that there is no file name encryption/obfuscation, correct? Does not seem like that is a feature of any mainstream backup providers.

echo -n "passphrase" > keyfile

If you are dead set on some sort of ftp... then you might look at using proftpd.. it's not quite an easy set up though, it would take a fair amount of manual setup for the user access. The built in user accounts for Unraid don't really offer a full set of security features for user permissions.

It depends what your purpose is and how you plan to access the shares with sftp. sftp is just a protocol, it's secure ftp. Generally speaking you can't mount an sftp server as a share (mapped drive) on Windows (that's why SMB is used). You can, but it's not "usable". Let's say you have a Word document and an Excel spreadsheet on the share, and you want to access them / use them / change them. With SMB, you can directly open the files and manipulate them, and save them directly to the share. No problem, right? With SFTP if you "open" the file, you are actually downloading it from the server (because sftp is secure file transfer protocol) and the file will generally end up in your Windows Downloads location, because when you attempt to access the file it will ask you want you want to open the file with .. and if you select a web browser it will open your web browser, ask you for the ftp login details again, and then download the file to the default download location. If you select another app to open the file with, it may end up in a temporary file location somewhere. So now that the file is [somewhere] on your computer... you edit it, make changes to it, do whatever... and save it. That file is saved on your computer. You now have to add it to your Unraid array and overwrite the old file with the new copy. If you forget to do that you will always have only the original file on your array, because with sftp you only downloaded a copy of it.... Do you understand? So while what you're asking is technically possible, depending on your use case and what files you are accessing and everything like that, using sftp may end up being more of a problem for you.

https://discourse.pi-hole.net/t/what-is-the-correct-way-to-get-local-hostname-resolution-without-pihole-as-dhcp/11775/7

The only way for pihole to display client names is to either, 1) use pihole's dhcp instead of your router, or 2) use a hosts file in pihole where it has your static ip address to each client.

Nah, I know nothing.. I guess you can only go by what is said on the website. And maybe I'm wrong.. maybe it does contribute to 'something'. Here's what they said about an Ebola FAH thing.. If you can understand any of that, the FAH data did 'something'... but whether or not it's anything real useful is a mystery. So it's probably all about who's looking at the data .. does FAH have some direct link to any major pharma companies if they discovered anything? Some interest from the media... sounds astonishingly valuable to AstraZeneca, BioNTech, GlaxoSmithKline, Johnson & Johnson, Merck, Moderna, Novavax, Pfizer, Sanofi, etc. I'm just being cynical, it's probably useful. Keep at it!

Yes, I think you hit the nail on the head there. And you are most likely alone in this. You download a virtio iso, and put it where you want it based on how you keep your storage. What's the problem? It literally takes about, oh, 1 second to drag/drop the iso into a different folder. Done. You probably don't need to be "mass downloading" virtio files. You only need the latest version as it comes out, unless there's some specific reason to use a different one. So because you choose to mass download them, the storage dilemma is only yours. As well as what other drivers? Unraid downloads -nothing- else. So you'll still have to manually move them to your drivers folder. If you need the latest graphics card driver package, you're getting that yourself. If you need your printer drivers, you're getting that yourself. I don't see how you think you're going to make that any "easier". All those mac/linux isos in your folders you moved there manually, but you're not suggesting the ability to download OS isos and move them, are you? So what's the problem with a tiny virtio iso? So what *you* have done based on *your* preference, *you* "broke" how the GUI works and created an extra step for *yourself*. Hmmm.. let me ponder on that. What about when you're selecting your OS ISO from all your carefully crafted subfolders? You still have to do that, because you created it that way.. but you want the virtio iso to default to a subdir? Just that one? Look, it wouldn't be a major deal for an option to be included in the VM settings page to specify a default location and use that variable location in the VM template, but my point of view is that even that minor thing is more work / hassle than it's worth. They would have to add the variable and then apply it to the virtio download process, the vm template code, the vm iso mounting code, etc... for what? So you have to move a file, and select it in a subfolder, because that's how YOU want to maintain your iso directory... it takes two seconds. I know for a 100% fact that you are not downloading new virtio isos and creating a new VM every 2 minutes where you are constantly having to move them. I can't speak for the Unraid team, only myself, but this seems like a pretty pointless suggestion that makes no practical sense.

Add a new one by using a different name. So if the first docker was named pihole start a new template with the name pihole-2, or whatever.

So @DarphBobo, nobody really cares about politics, your political view, your satire, innuendo, or anything else. There is no light discussion when it comes to politics, and whichever side of the fence you are on your side is always right and the other side is always wrong, no compromise. This thread was about the FAH app so keep the discussion there. Why do people push these apps? Because it makes them feel good and like they are contributing to something greater. Does anyone really do anything with the results of these apps? Probably not. Way back in the day I ran SETI@Home for a little while... nice graphics to looks at..... we never found aliens (allegedly). Are any of the dozens of pharma companies working with Covid going to see what FAH is producing for data? I highly doubt it. Would you take a vaccine if it was developed from "data on FAH from some random person's computer somewhere told us".. I'm not sure that's part of the scientific method of research and development. Maybe I'm wrong. But I'm not. Trump for life.

I understand your concern, ISPs, like cell phone companies, cable companies, etc, sell data related to what you're doing on the internet. But just remember, someone, somewhere, will always know what you are doing. All the traffic you route through a VPN --- the VPN knows what you are doing, just like the ISP. Whether or not they collect that data and do anything with it ............................ they still know. You're just changing the "who" of who knows.. so yes, the DNS server would help keep [some] stuff away from the ISP, but the DNS server only does lookups, like where to connect to, so you type in "google.com" and the DNS resolves it to 172.217.12.78 or whatever, so the ISP doesn't know that you tried to connect to google.com --- but once you're on google and search for something that search is now in the hands of the ISP (unless it's encrypted https). So DNS = lookups, but VPN = traffic. And we won't even get into the latest stuff of DNS over HTTPS, so even DNS queries are encrypted from prying eyes. But that's a good option too. So that should answer your last question also. Most people change their DNS servers for the perceived speed of the DNS queries.. your ISP query might take 30ms but cloudflare's query might be 20ms, I mean it really doesn't make much of a real world difference for a lot of people, but some DNS servers like cloudflare build in protection on their DNS to block malware sites and stuff (at their discretion). Access is only obtained through a vulnerability of something on an open port. On an incoming attack*. So you can use a port scanner (app, website) to scan your public IP address and see what kind of ports someone can see. Whether or not they can be penetrated depends on what's running on that port and it's security. If they scan port 80 and see that you have nginx running, it would depend on whether or not nginx has any unpatched vulnerabilities to attack. https://www.whatismyip.com/port-scanner/ https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap * Not a lot of attacks are from incoming connections. I'm just kind of guessing here but most attackers aren't scanning the entire internet looking for someone to attack. They target specific people, companies, etc. Most attacks on a personal level are outgoing connections from malware that you've downloaded/opened/executed. Outgoing connections are not blocked by default on any platform. That's where a 2 way firewall comes into play. A firewall that can block outgoing connections. It can hamper your ever day internet life by blocking outgoing connections because everything would have to be (in the most hardened configuration) explicitly allowed to connect, which can be a major pain in the butt, especially on Windows where's there's 100 things in the system background with outgoing connections.

Cache encryption works the same as the data disks... stop all your dockers and whatever else has data on the cache drive, move that data off them... encrypt drive... replace data. There's some threads here talking about this... here's one I quickly looked at. Funny thought.... I never encrypted my cache drives.... whoops! Project for another day.. If you have SSDs as the cache, read the comments about TRIM support.. could potentially be an issue. As for the parity drives.. you don't need to do anything with those.

You look like you're in pretty good condition to get going.. nothing too crazy here. WebUI to https, there is an option in the GUI to enable it, but I haven't done it.... so won't try to give you the wrong advice. I believe you will need an SSL cert for it to work, but could be wrong. Array encryption -- I use it now, and to be perfectly honest it's quite annoying. Thankfully I don't restart the server all that often. If you consider what the point of encryption is and then look at the implementation of the keyfile on Unraid, how it's typically used, it doesn't make any sense. If someone had physical access to the server -- which encryption is supposed to protect your data from -- the keyfile is typically stored, unencrypted and accessible, on the boot usb to start the array and expose your data. Attempting to secure the key file brings it's own sets of problems but is able to be done (there are a few threads here already about this). My implementation doesn't work too well right now, it works fine if I'm rebooting the server but if I'm only restarting the array from a stopped state then it's a hassle to get running. Wireguard / OpenVPN is basically the same thing. They are VPNs. The only potential problem with your idea on using it is that you would have to install software on the computers you are using in offices in order to connect to the VPN. So that brings up a couple potential problems. 1) The ability to install software might be restricted. 2) You just might not want to install software on the computers to begin with. 3) Are the office computers on a corporate network? The VPN software would take over control of the computer and take it "off" the company network. Those are all things you might have to contend with.

So I think your head is all over the place.. and that's normal because you don't know much about these topics... so first try to simplify what you actually want to do.. what you need to do... and what, in reality, you should do... 3 levels there. With that you need to separate home and work capabilities to narrow down your options. To answer a couple of your questions first.. So yes, you could set up a VPN for your entire network and all traffic could go through the VPN. Does it slow down the connection? Possibly.. depends on the quality of the service, the location of the servers, etc.. I wouldn't use a VPN for online gaming, you'd probably introduce too much latency.. unless you weren't playing games where ping speed mattered. Any online multiplayer/FPS games should be as fast as possible -- no vpn. Wireguard on Unraid is it's own VPN.. if you had Wireguard running, and then also had another VPN like Mullvad running on your network... well, to be honest I'm not actually sure on that one.. You would either be able to connect to Wireguard directly still, or you would have to connect to the network VPN first (think of that as a top layer), and then connect to the Wireguard vpn running "below" the network VPN. Not sure if that's even possible. So this is where you have to go back to what I said about planning what you actually want/need/can do. The difference between a VPN and a firewall is a VPN is a "virtual private network", and a firewall is a firewall. A VPN only handles connections to/from the network. A firewall blocks attackers, etc. Two different things. You "need" a firewall of some type, although usually your router can handle it. The open ports for docker containers are as secure as the docker is. I wouldn't worry too much about that. If you have a VM and SMB shares in the VM, then theoretically yes your entire Unraid server would be at risk of being exposed if something were to happen in the VM. The SMB share can be penetrated to your entire array. If the VM has no shares and more importantly has the network connection in the template configured for a virtual network connection rather than bridged or whatever, nothing could leave the VM. If you are even able to map an SMB share in the VM to Unraid then it could be vulnerable, theoretically. VPN and/or DNS could be as easy as setting it on your router. For a custom DNS you can simply change your router's DHCP settings so that every device gets a DNS server of 1.1.1.1 (cloudflare, I believe), 4.4.4.4 (quad4 or something like that), 8.8.8.8 (google). That one change takes all routing away from your ISP's dns servers. Nextcloud or something like that would be infinitely more secure / better for accessing from a business. That's how you connect to your ISP, don't change those. Unless you need to for a VPN, I guess.. never actually put my entire system on a VPN. That's entirely possible. I don't know what router you have but it could have VPN capabilities built in. That would essentially give you what Wireguard on Unraid does. You'd connect to your VPN network ---- but that has nothing to do with your outgoing connections. Your outgoing connection would still be on your ISP. So yes, paid service for outgoing. 1) Yes 2) Yes all containers would still be behind your network level VPN since Unraid still connects through your router. Which may or may not be desirable. You'd also have to make sure the VPN doesn't block certain services or ports or whatever else that you might be using. 3) Yes, still need a firewall -- but router should be able to handle most things since anything not explicitly allowed is blocked. So after all of this, we can circle around to planning what you actually need/want to do. Do you *need* ALL of your home traffic routed through a VPN? And what implications could that have on what sites you're going to? Would you want a local country VPN server or from another country? If you log into your bank account and it shows that you are connecting from Bulgaria, what will happen? Will you get blocked for suspicious login attempt? What happens if you log in from within your own country but from a different location? Do you want your banking information passed through the VPN which you are believing is secure but don't actually know if it is? What do you do if you go to a site that explicitly blocks your VPN connection, do you then have to disable your entire network so that you can log in without the VPN? Why do you want all your traffic through a VPN is the question, it's not necessary. I actually forget what else I was going to say.. I'm at work so I've been writing this for the last 2 hours because I can't get anything done uninterrupted :D

https://www.google.com/search?q=0x80070035