Roxedus

Community Developer
  • Content Count

    225
  • Joined

  • Last visited

  • Days Won

    1

Posts posted by Roxedus

  1. Can anybody point me in the right direction with radarrsync? I have been using it for maybe a year and it has been working without issue and then all of a sudden today i notice that there are things that should have been synced but were not. I opened up the logs and see this:
     
    Traceback (most recent call last):File "/RadarrSync.py", line 86, in searchid.append(int(r.json()['id']))TypeError: list indices must be integers or slices, not str

     
    From what i can tell is that its a profile ID issue but for the life of me i cannot figure out how to determine the profile ID. I assumed i just counted the profiles but for some reason in my config i have 5 whereas in radarr(s) my 4k is the 6th one listed, if i change the config to 6 i no longer get an error but nothing syncs over either. Nothing in the radarrsync logs or radarr logs that i can find either.
     
    Any insight?


    Radarrsync is pretty pointless, as radarr has the functionality built in now, IL remove it when I get to a computer
  2. I did see it behave like it should a few minutes after Squid replied with his success, I just wanted to wait a few hours to confirm. It does look solved, I would say. 

    As for the cause, all the token stuff worked everywhere else I use them, so its a mystery to me. 

    • Like 1
  3. Some time during the 25th the Docker update check function stopped working for images hosted on GHCR, other repositories like Gitlab seems to work fine. 
    I'm inclined to think that this is due to some change done by GitHub, but automations using the same method to authenticate seems to still work, which brings my suspicion back to Unraid.

  4. 1 hour ago, cybrnook said:

    "The advantage of using this setup is that you benefit from Cloudflare fast DNS resolution and add an extra layer of security by hiding your server identity while ensuring that all the connections pass through Cloudflare. This prevents any malicious requests from reaching the server."

    You can do this without their certs. I also like to use my site when cloudflare isnt working. 

  5. 1 hour ago, cybrnook said:

    Thanks for this! I asked back in December if the Swag container supported this in the LInuxserver.io groups Discord and @Roxedus said it did not support it and I should instead use a VPN basically. So I ended up going a different direction with the whole thing, but I AM pleased to hear you got it going. Means I could shift back to it if I come back to Swag 🙂 

    It is still unsupported, and I don't even see the appeal of doing this.

  6. On 3/15/2021 at 5:27 AM, IronBeardKnight said:

    Currently Invoiceninja unraid container is not working at all and no instructions to navigate the errors.

     

    It appears your docker container is broken.

    Not only do you have to run php artisan migrate but after you get the db and everything setup for this you run into the below errors along with many more of the same type.


    [15-Mar-2021 14:19:32] WARNING: [pool www] child 31 said into stderr: "[2021-03-15 04:19:32] production.ERROR: ***RuntimeException*** [0] : /var/www/app/vendor/turbo124/framework/src/Illuminate/Encryption/Encrypter.php [Line 43] => The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths. {"context":"PHP","user_id":0,"account_id":0,"user_name":"","method":"GET","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.86 Safari/537.36","locale":"en","ip":"192.168.1.14","count":1,"is_console":"no","is_api":"no","db_server":"mysql","url":"/"} []"
    [15-Mar-2021 14:19:32] WARNING: [pool www] child 31 said into stderr: "[2021-03-15 04:19:32] production.ERROR: [stacktrace] 2021-03-15 04:19:32 The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths.: #0 /var/www/app/vendor/turbo124/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php(28): Illuminate\Encryption\Encrypter->__construct('7kg2Ca9E8BTaSa8...', 'AES-256-CBC') #1 /var/www/app/vendor/turbo124/framework/src/Illuminate/Container/Container.php(749): Illuminate\Encryption\EncryptionServiceProvider->Illuminate\Encryption\{closure}(Object(Illuminate\Foundation\Application), Array) #2 /var/www/app/vendor/turbo124/framework/src/Illuminate/Container/Container.php(631): Illuminate\Container\Container->build(Object(Closure)) #3 /var/www/app/vendor/turbo124/framework/src/Illuminate/Container/Container.php(586): Illuminate\Container\Container->resolve('encrypter', Array) #4 /var/www/app/vendor/turbo124/framework/src/Illuminate/Foundation/Application.php(732): Illu...

     


    As noted in OP, it is not *usually* my images. This thread is here mainly to pick up issues with the templates only, but I do join in on the applications/errors I have experience in.

    There was a update to the image 2 days ago, that addressed this. 

  7. I’m trying to follow the rule re matching name - I already have a discord account for another forum with the same rule. I tried to change my username on here but there’s no option to do so. I also tried setting up a new account so I can get on discord that way but I keep getting this message -
     
    You are not permitted to register a user account with this site.
    Error code: 2S129/1
     
    Are you able to help me either change username or setup another forum account?

    You can use your existing Discord account, as you can have nicknames, which is what the bot sets
    • Like 1
    • Thanks 3
  8. 3 minutes ago, Aceriz said:

    On another note...  for protecting the /admin page.... thought I would comment that i used the default SWAG config file with appropriate edits.. which does have the /admin exposed via reverse proxy. but then I  added and configured the fail2ban as per the last post on the 1st page of this forum.. which then appears to protect me  from brute force attacks.. 

    the admin panel needs another regex to catch failed attempts 

  9. 7 minutes ago, Aceriz said:

    I have tried having the box ticked and not ticked.... saved inbetween with reset of docker  each time without any difference...

     

    image.png.e70ff582e597f120a08d3c654ff8378c.png

     

    Just checked the wiki
     

    Quote

    Note that when SIGNUPS_ALLOWED=false, the Create Account button will still be shown in the web vault UI, but actually attempting to create an account will result in an error message. Upstream Bitwarden isn't designed to allow disabling signups, so this can't be worked around easily.

     

  10. 12 minutes ago, Aceriz said:

    Hi all... So I have read through all 11 pages here.   By the way thanks @Roxedus..  

     

    My problem I am having is that within the Bitwarden  log I am getting the following error... .   Within the unraid docker container editor I do have the Signups_allowed set to FALSE...  I have tried to under the general setting select "Default:false" for allow new signups  saving..  but still get error...

     

    My problem is that when I am on the reverse proxy page for bitwarden... I am still given the option to signup.. which I don't want. 

     

     

    [WARNING] The following environment variables are being overriden by the config file,
    [WARNING] please use the admin panel to make changes to them:
    [WARNING] SIGNUPS_ALLOWED, INVITATIONS_ALLOWED, ADMIN_TOKEN

     

    And singup is disallowed in the admin panel?

  11. 1 hour ago, ChadwickTheCrab said:

    I just migrated to this today from LastPass and it works great so far. What's a good practice for backing up my password database. It's just me, a single user. I like the idea of being able to keep a USB stick with the exported encrypted json. If my Unraid server craps the bed, can I spin up a new Bitwarden container and be fine as long as I have my master password and the encrypted json? The encryption key stuff on the bitwarden support page confused me.

    I just use CA backup, then rclone that archive to the cloud. 

  12. 13 hours ago, drugdoctor said:

    How can I do this with DNS instead of port forwarding?  I tried to use spaceinvaders subdomain file but get the following error.

     

    nginx: [emerg] host not found in upstream "bitwardenrs:80" in /config/nginx/proxy-confs/bitwarden.subdomain.conf:9

     

    The bitwarden.subdomain.conf he provides in his video.

    If you are using swag, use the sample in swag. 

  13. Can someone explain to me, why am I forced to use https with Bitwardenrs (wasn't so with the old container). My server has no connection to the Internet whatsoever, all my Docker apps are also only allowed inside my net, my ISP is not able/willing to give me access from outside (this is a University thing, no DDNS, no port-forwarding, no nothing...), the only way, to reach all this from outside is via a Win-PC with Zerotier-VPN, from which I use my apps then. Bitwarden is mobile on my iPhone with cached credentials, if I need passwords on the move, so for me, it makes not the slightest sense being forced to this security, I don't need an Intranet-CA, certs, whatever... Is there any solution to this, is there any way to be able to login to admin web page from Bitwarden without all this hassle, or am I missing something? Thanks in advance.

    It all boils down to security. For the webpage, it is a limitation set by the browser. And for the apps, Its a decision by bitwarden.
  14. 2 hours ago, spants said:

    The problem with the 404 method is that if you use a custom network (say PROXYNET for dockers that can be reached from outside), then you cannot (well, I couldn't!) reach the /admin endpoint from inside either.

    It really should work if you map the port.

  15. Why? I currently am using the method recommended with the post at the top of every page, but if you convince me, I'll switch the recommendation, or recommend both posts.
     
    I haven't taken the time to look at the differences, so don't be offended, I'm genuinely curious, just not curious enough to do the work myself.
     

    They both do the work, and cater to different scenarios. My reasoning for my suggestion is that I dont want to be able to reach /admin at all with my reverse proxy.
    Another thing to think about is the resulting error code, where my suggestion gives a 404, while the deny gives a 403. A 403 might say to a potential attacker that there is something there (you could have it respond with a 404 instead)
  16. Hi everybody,
    Did anyone already try to setup a full local selfhosted bitwarden (without any Let's Encrypt) and make it working with Android ?
     
    I have bitwarde docker running on my Unraid, reachable on all web browser through https://tower:18443/bitwarden (including Web browsers on my phone) thanks to a self signed certificate with self CA. The only thing I can't have working is the bitwarden Android App which throw me a "Trust anchor for certification path not found" error even though i've imported the CA certificate.
     
    Here is how I generate my stuff :
    # >>>>> CA Keyopenssl genrsa -des3 -out towerrootCA.key 4096# >>>>> CA Certopenssl req -x509 -new -nodes -key towerrootCA.key -sha256 -extensions v3_ca -config conf.file -days 365 -out towerrootCA.crt# >>>>> Server Keyopenssl genrsa -out tower.key 2048# >>>>> Server csropenssl req -new -sha256 -key tower.key -subj "/C=FR/ST=FR/O=MyNas/CN=tower" -extensions v3_req -out tower.csr# >>>>> Server certopenssl x509 -req -in tower.csr -CA towerrootCA.crt -CAkey towerrootCA.key -CAcreateserial -out tower.crt -extensions v3_req -days 365 -sha256 -extfile conf.file cat tower.crt towerrootCA.crt > finalcertif.crt

     
    With my config.file :

    [req]distinguished_name = req_distinguished_namex509_extensions = v3_reqprompt = no[req_distinguished_name]C = FRST = FRL = LocalO = MyNasOU = MyNasCN = tower[ v3_ca ]subjectKeyIdentifier=hashauthorityKeyIdentifier=keyid:always,issuerbasicConstraints = critical, CA:TRUE, pathlen:3keyUsage = critical, cRLSign, keyCertSignnsCertType = sslCA, emailCA[v3_req]keyUsage = nonRepudiation, digitalSignature, keyEnciphermentextendedKeyUsage = serverAuthsubjectAltName = u/alt_names[alt_names]DNS.1 = towerDNS.2 = tower.localDNS.3 = tower:18443

     
    Thank you for help, have a good day,


    If it is anything like the iOS app, if keeps its own chain of certs