[** VIDEO GUIDE ** How to securely autostart an encrypted unRAID array]

Right, so far...

 

Created keyfile in kate + nano

    Used webUI to select keyfile from desktop through Firefox.

    Copied keyfile to /root

Checked 5 times passphrase in keyfile is definitely correct.

    End-of-line appears to be correct

For some reason, stopping the array is not enough, need to reboot server each time, to test.

    I know this because entering the normal passphrase after failed login with keyfile, will fail.

 

Surely there is a command in linux, to force print the currently used keyfile. I mean, up until 6.8.0-rc1 the keyfile was printed to /root/keyfile, and we were simply copying it to be used for this unlocking method. The new update stops emhttp from printing the file. So there`s got to be a command I can use in terminal and have the server print/create/write the keyfile it is currently using, on unlocked array, to disk so I can copy it?

 

[** VIDEO GUIDE ** How to securely autostart an encrypted unRAID array]

I was just using the webGUI and selecting the keyfile from my desktop, to test before i setup all the ftp.

 

Will give it a try now tho

[** VIDEO GUIDE ** How to securely autostart an encrypted unRAID array]

Tried `cat`, and the output is all on 1 line

 

Also, vi is scary

[** VIDEO GUIDE ** How to securely autostart an encrypted unRAID array]

No luck,

 

Opened up terminal, pasted the passphrase, saved, exited

 

Rebooted server, "Wrong Encryption Key"

 

How do I make a keyfile, without an end-of-line?

[** VIDEO GUIDE ** How to securely autostart an encrypted unRAID array]

10 minutes ago, itimpi said:

It is critical that you. do NOT have an end-of-line character present or that will be treated as part of the key.  

Hey,

 

I understand that I need to NOT have eol. But I just dont know how to do it. All i did was paste my passphrase into the file, click save and close.

I'll try with nano and see if that makes any difference

[** VIDEO GUIDE ** How to securely autostart an encrypted unRAID array]

Also,

 

Random weirdness, after failing to unlock the array with the keyfile, I need to reboot in order for my passphrase to work.

 

Yes im using ctrl+c/ctrl+v correctly from my password manager

[** VIDEO GUIDE ** How to securely autostart an encrypted unRAID array]

Ok,

 

So, opened up kate, pasted in my passphrase, saved the file as `keyfile`

Tried opening the array using the keyfile, and no dice. Won`t work

 

I gonna guess its to do with the end-of-line. But not a clue about that.

 

[** VIDEO GUIDE ** How to securely autostart an encrypted unRAID array]

?

 

Nobody can check their keyfile and verify?

[** VIDEO GUIDE ** How to securely autostart an encrypted unRAID array]

Well, can someone check there keyfile and confirm.

 

If all i have to do is make a file with the password in it, and call it `keyfile` then thats an easy fix.

 

But seems too easy

[How to get `keyfile` in 6.8.0?]

Hey guys,

 

So, im a slight id10t

 

Updated to 6.8.0-rc3, and then to 6.8.0-rc4 2 days ago. Yesterday I finally got bored with having to go through the rigmarole of unlocking the server every time she boots up. (My system shuts down every night, thats just how i have it) Also, im using KeepassXC with stupid long crazy passwords.

 

Found SpaceInvaderOne`s Video Guide on unlocking the server using FTP from my phone.

BUT...

As of rc1 "emhttpd: do not write /root/keyfile if encryption passphrase provided via webGUI"

 

This means,

Linux 5.3.7-Unraid.
Last login: Sat Oct 26 13:14:30 +0100 2019 on /dev/pts/0.
root@Hal-9000:~# cp /root/keyfile /boot/keyfile
cp: cannot stat '/root/keyfile': No such file or directory
root@Hal-9000:~#

 

So how do i get the keyfile without rolling back to an old USB backup?

I know theres gonna be a command somewhere but my googlefu is broken.

[** VIDEO GUIDE ** How to securely autostart an encrypted unRAID array]

Yeah, we're editing the go file to bring the keyfile over from the FTP server.

But in order to do that, I need the keyfile in the first place to put onto the FTP, and from what I see, the new build has been tweaked to NOT write the keyfile when unlocking the array (from the webGUI atleast)

 

Is there another way to unlock the array? Through terminal perhaps, that would print the keyfile?

[** VIDEO GUIDE ** How to securely autostart an encrypted unRAID array]

No problem.

Maybe you had the file there from a previous use?

I've never gone through this, so will be creating the file for the first time.

 

I`m just trying to figure out if there`s a command to force print/write the currently used keyfile. As the new build seems setup to not write automatically

[** VIDEO GUIDE ** How to securely autostart an encrypted unRAID array]

Yes.

 

Booted server > Opened firefox on desktop > logged in > Entered encryption password > unlocked array

 

Then opened terminal from link in toolbar, and voila....problem

 

[** VIDEO GUIDE ** How to securely autostart an encrypted unRAID array]

Unlocking my array via firefox from desktop

[** VIDEO GUIDE ** How to securely autostart an encrypted unRAID array]

Really? I get this....

 

Linux 5.3.7-Unraid.
Last login: Sat Oct 26 13:14:30 +0100 2019 on /dev/pts/0.
root@Hal-9000:~# cp /root/keyfile /boot/keyfile
cp: cannot stat '/root/keyfile': No such file or directory
root@Hal-9000:~#

 

So, i checked the changelog for 6.8.0-rc and found

 

emhttpd: do not write /root/keyfile if encryption passphrase provided via webGUI

Under Management section of rc1

[** VIDEO GUIDE ** How to securely autostart an encrypted unRAID array]

1 hour ago, 7hr08ik said:

Found this video, but.....

As of rc1 "emhttpd: do not write /root/keyfile if encryption passphrase provided via webGUI"

Erm....

 

This update in 6.8.0.rc1 means the keyfile is not written. So i cant copy it to my phone as it is not written.

Im asking for the command to write it manually, but i cant seem to use my amazing googlefu

 

If someone couls hepl pme with this, then i could follow the rest of video and get things setup. Im hoping to do this without rolling back to a USB backup

 

Thanks

[** VIDEO GUIDE ** How to securely autostart an encrypted unRAID array]

Hey guys,

 

So, im a slight id10t

 

Updated to 6.8.0-rc3, and then to 6.8.0-rc4 2 days ago. Yesterday I finally got bored with having to go through the rigmarole of unlocking the server every time she boots up. (My system shuts down every night, thats just how i have it) Also, im using KeepassXC with stupid long crazy passwords.

 

Found this video, but.....

As of rc1 "emhttpd: do not write /root/keyfile if encryption passphrase provided via webGUI"

 

So how do i get the keyfile without rolling back to an old USB backup?

I know theres gonna be a command somewhere but my googlefu is broken.

[[Support] binhex - DelugeVPN]

1 minute ago, binhex said:

lol nice to be appreciated :-), for a list of good name servers (as in ones that dont log) see the github repo for this container in OP, there is a list at the bottom of the readme.md.

Thank you again sir

[[Support] binhex - DelugeVPN]

DUDE TAKE THIS DOWN NOW!!!

 

Your password is in there

 

[[Support] binhex - DelugeVPN]

Hello,

 

Please forgive my brevity, this message come from a happy place...

 

OMFG I LOVE YOU!!!! I didnt even realise my router had reset. God damn mothaf/*-!"$£&*%$" ISPs. Router had reset to auto DNS.

Set to cloudfare and works again! WOOOHOOOO!!!

 

As an aside....Cloudfare DNS? OpenDNS? Now to figure out whos the best choice, as it seems vodafone are redirecting my traffic.

 

Thank you oh great and powerful Lord Binhex.

May many pleasures fall upon you

[[Support] binhex - DelugeVPN]

Also,

 

If i go change the env var to change vpn to OFF. The container boots without issue. This is with Privoxy set to ON.

[[Support] binhex - DelugeVPN]

Hey guys,

 

Sorry for the late reply. Life!!

 

Well, been trying to give the server a bit of TLC.

- Cache drive, re-run through Preclear, with full erase

- Cache drive re-formatted

- Checked 'Fix Common Problems'

- Rebuilt Docker.img

- Re-downloaded the docker image.

- Checked log, noticed msg about password containing character that might hinder login. Changed password.

- Noticed msg about running '/sbin/modprobe iptable_mangle' so ran this

- Stopped and started the container

 

Still no luck, there are a few errors in the log files, but im sure ive seen some of these when everything was working just fine. Obviously im no expert, but it seems the container is in a loop. Trying to connect, then reloading

 

I've attached my supervisord.log

supervisord.log

[[Support] binhex - DelugeVPN]

Thanks Binhex.

 

Ill take a look at this, and ill report back if I figure out what caused it. Im thinking it might be my ISP and VPN. Had problems with MX Linux downloading and installing PIA.

 

Think its about time I got pfsense setup

[[Support] binhex - DelugeVPN]

Im at work at the moment. Will send when I get home.

 

But I don't see how configs would be it. Everything was working. Didnt even log into unfair for 3 weeks, and dropped working. I know its to do with VPN. Thinking I might try different provider as I've been having 1 or 2 issues with pia past few weeks.

 

Will report back later. Where do I find run command? All I did was serious in docker edit tab and start

[[Support] binhex - DelugeVPN]

Hey guys.

 

Having an issue here at the moment.

Not sure how long its been going on, but at least a week, maybe since 6.7.1 release. Unsure Tbh.

 

The docker image will not load into WebUI, or accept connections from sonarr radarr etc. When the VPN is set to on.

 

First thing I did was, Restore a backup from 2 weeks ago, rebuild docker.IMG etc. No luck.

 

Removed, reset, and rebuilt the image for delugevpn, no luck.

 

Tried multiplie endpoints, all with portforwaeding. Running PIA BTW.

 

I noticed, when rebuilding the damn thing, that with VPN OFF the docker boots, loads and works fine.

 

Is there an issue with pia? Or am I missing something