CrimsonTyphoon

Hello, I followed the @SpaceInvaderOne's excellent guide on reverse proxy w/ letsencrypt. I want to get the custom network (i.e. proxynet) it's own IP address so I can assign docker's on it there own IP addresses (mainly only one, the letsencrypt docker). I want to this because I want to expose 80 and 443, but I cannot because the unraid is using these ports (I do not want to change the unraid port) Is this possible?

Exact same issue, i recently moved my Dockers/VMs to an unassigned SSD and they do not autostart Help?

My favorite unRAID feature: VMs One thing I would like to see: Multiple arrays

+1

Okay Let me explain my situation and summarize my last few posts...lets get some new light in here! pfsense router - 192.168.8.1 (pfsense also acts as DNS server) (network is 192.168.8.0/24) unraid - 192.168.8.151 br0 - docker's on unraid's IP (192.168.8.151:XXXX) & VMs br1.15 - dockers with their own IP. br1.15 is linked to VLAN 15, which I can access no problem throughout my LAN, (i.e sabnzbd.domain.com, sonarr.domain.com) Wireguard network: 10.253.0.0/24 WIreguard is set for remote tunnel access (Allow 0.0.0.0/24) and using pfsense as DNS server (192.168.8.1) pfsense has a static route setup: Network Gateway Interface 10.253.0.0/16 unRAID - 192.168.8.151 Vlan_Internal Things that work through wireguard VPN: Access the internet with unraid/pfsense's WAN IP Access my lan (192.168.8.0/24) Access unraid server Access unraid VMs (They have their own IP on 192.168.8.0/24) Access dockers running on unraid (192.168.8.151:XXXX) DNS lookup dockers with there own IP (I.e. sabnzbd.domain.com resolves to 192.168.8.175) This is a host override in pfsense settings; it will not resolve to any other DNS server, only on my network. Things that dont work through wireguard VPN: Access dockers w/ there own IP (I.e. sabnzbd.domain.com or 192.168.8.175 does not work) Ping docker's with there own custom IP (see below for example) I am looking to be able to access my docker's with there own IP through the wireguard VPN connection. Things I have tried / notes: wireguard settings Nat OFF or Nat ON. Nat OFF nothing works, Nat ON is the behavior above. unraid's routing table: ROTOCOL ROUTE GATEWAY METRIC IPv4 default 192.168.8.1 via br0 1 IPv4 10.253.0.2 wg0 1 IPv4 172.17.0.0/16 docker0 1 IPv4 192.168.8.0/24 br0 1 IPv4 192.168.122.0/24 virbr0 1 Ping on my local LAN: $ traceroute 192.168.8.175 1?: [LOCALHOST] pmtu 1500 1: sabnzbd.domain.com 10.045ms reached 1: sabnzbd.domain.com 2.332ms reached Resume: pmtu 1500 hops 1 back 1 Ping through the wireguard tunnel: $ traceroute 192.168.8.175 1?: [LOCALHOST] pmtu 1280 1: 10.253.0.1 52.842ms 1: 10.253.0.1 63.555ms 2: no reply 3: no reply ^C Rebooted pfsense and unraid Made sure there were allow rules pfsense Pfsense does not show anything in logs blocking the 10.253.0.0/16 network. So...who's got ideas?

Through wireguard, I cannot access dockers that have custom IPs.....

@bonienl First and foremost, thank you for all of your help and your wonderful plugin! Everything you do for the community is greatly appreciated :-) I did some troubleshooting but still no dice. I turned off NAT in wireguard settings. Nothing works (no surprise there?) When i do a nslookup, I get an error message, "Got recursion not available from 8.8.4.4, trying next server". Then it does not work and I get, "server cannot find sabnzbd.domain.com: Refused. This is interesting - I specifically put my pfsense router as the DNS server. However, when I turn on NAT and do the same thing, it uses 8.8.8.8, and resolves sabnzbd.domain.com . Note: sabnzbd.domain.com will only resolve internally, as I have a domain override in pfSense. Therefore, even though it says its using 8.8.8.8 it is really using 192.168.8.1 (pfsense) I did a packet capture on the lan port on pfSense: - When I visit a docker with it's own IP, I do not see the packet. - When I visit a docker with unraid's IP, I do not see the packet. This makes sense because unraid is not sending it the router and back, its routing it internally Because I dont see the packet both times I am going to assume that the macvlan driver is blocking it as a docker security mechanism (again, I am not an expert in networking, so for all I know I am completely off base here). I actually had t his same problem with the OpenVPN docker, but gave up and just used OpenVPN on pfsense. Going to try to make a new vlan, and assign unraid to it somehow so it wireguard only uses that interface? Back to the drawing board I suppose (although since I have to stop the array, gotta wait until the server is not in use :-) )

Here you go: On Wifi: $ traceroute 192.168.8.175 1?: [LOCALHOST] pmtu 1500 1: sabnzbd.domain.com 10.045ms reached 1: sabnzbd.domain.com 2.332ms reached Resume: pmtu 1500 hops 1 back 1 On Wireguard: $ traceroute 192.168.8.75 1?: [LOCALHOST] pmtu 1280 1: 10.253.0.1 52.842ms 1: 10.253.0.1 63.555ms 2: no reply 3: no reply ^C I am not a network expert, but it seems that the unRaid server (10.253.0.1) gets the packet, but has no idea what to do with it and drops it? I do not see it blocked in my pfSense logs either.

Hmm, I use the pfSense as the DNS server, because i have custom entries pointing to my various dockers (sabnzbd.domain.com, sonarr.domain.com, etc.) They all sit behind my reverse proxy docker at 192.168.8.175. I have updated the latest version of the plugin to add the DNS settings. Going directly to the domain (sabznbd.domain.com, thru reverse proxy) or accessing directly via IP (192.168.8.100) does not work. Through the WebUI it goes through the IP and does not work either :-/ Edit: Here is unRAID's routing table: PROTOCOL ROUTE GATEWAY METRIC IPv4 default 192.168.8.1 via br0 1 IPv4 10.253.0.2 wg0 1 IPv4 172.17.0.0/16 docker0 1 IPv4 192.168.8.0/24 br0 1 IPv4 192.168.122.0/24 virbr0 1

I have "remote tunnel access" enabled for my peer (the client has AllowedIPs=0.0.0.0/0 to tunnel all traffic thru the VPN tunnel) Updated OP to reflect this

Hello, I must be close but cant figure out the last piece of the puzzle! I have gotten wireguard working, but cannot access dockers not on the bridge network (aka docker's with their own IP) I cannot access dockers with there own IP (192.168.8.0/24). I can access dockers on unraid's IP (192.168.8.151) Wireguard network: 10.253.0.0/24 Router: 192.168.8.1 Unraid IP: 192.168.8.151 (network 192.168.8.0/24) I have "remote tunnel access" enabled for my peer (the client has AllowedIPs=0.0.0.0/0 to tunnel all traffic thru the VPN tunnel) Here's my pfSense static route: Network Gateway Interface 10.253.0.0/16 unRAID - 192.168.8.151 Vlan_Internal What am I missing?

Hello, I stopped using this docker for awhile because I couldn't do what I wanted to do w/ it, but with all the updates I thought I would crack at it again: Vlan 5 - Main network Vlan 15 - Docker network for Sabnzbd, Sonarr, Radarr, etc. If i run this container in bridge mode (Vlan 5), I cannot access Vlan 15 because of the macvlan driver (expected behavior) I cant get the OpenVPN server to start if I run in host, br1.5, br1.15, etc. So how can I run this in bridge mode and be able to access the Vlan15 network? Do I need a static route on my router? (using pfSense)

I would like to know this as well. I want to run it on one of my customer networks (br1.20) so it can access dockers and the unRAID host, but could never figure it out.

That was it, thank you!

Here are my settings under 6.5.3 / 6.6.0 IPv4 custom network on interface br0: Subnet: 192.168.20.0/24 Gateway: 192.168.20.1 DHCP pool: not set IPv4 custom network on interface br1.10: Subnet: 192.168.10.0/24 Gateway: 192.168.10.1 DHCP pool: not set IPv4 custom network on interface br1.20: Subnet: 192.168.20.0/24 Gateway: 192.168.20.254 DHCP pool: not set NETWORK ID NAME DRIVER SCOPE b9b4178725d9 br0 macvlan local 0b839cad0823 br1.10 macvlan local 37bff31973a8 br1.20 macvlan local e1ef694e36c7 bridge bridge local f9bfd58f90c4 host host local 7759dbce282b none null local Under 6.5.3, I can set the network type to any of the networks when adding/updating a container. In 6..6.0, I can pick everything except br1.20

Thank you, will try this out

I posted about this issue in the main 6.6.0 release thread (link), but wanted to make a separate thread specifically on this issue. On 6.5.3, I have 3 separate docker networks: br0: 192.168.20.0/24. Gateway 192.168.20.1 br1.10: 192.168.10.0/24. Gateway 192.168.10.1. (VLAN 10) br1.20: 192.168.20.0/24. Gateway 192.168.20.254 (VLAN 20) Note: br0 and br1.20 are in the same subnet, but have different gateways. I do this so dockers in br1.20 can connect to both the Unraid host, and dockers in all subnets (circumventing macvlan from blocking the connection between docker and host) All 3 networks have no DHCP pool, i manually set them for my docker containers. Now the problem. When I upgraded to 6.6.0, I could still see my 3 docker networks in docker settings, but I could no not select br1.20 in Update Container, under Network Type, it is simply not listed. Can someone let me know how I can do this, preferably through the GUI?

Upgraded to 6.6.0 last. Really like the CPU pinning but unfortunately had to roll back to 6.5.3 due to a few minor issues: Docker custom networks. Besides the standard br0, I also run br1.10 and br1.20, linked to my VLANs (10 and 20 respectively). br1.20 is the same subnet as br0, but with a different gateway (br0: 192.168.20.0/24 gateway 192.168.20.1, br1.10 192.168.10.0/24 gateway 192.168.10.1, br1.20 192.168.20.0/24 gateway 192.168.20.254) DHCP is off on all custom networks, I set them manually. After upgrading to 6.6.0, I could no longer select br1.20 as a custom network in docker, even though it was listed in my docker settings. Unfortunately, this was the deal breaker for me and I had to roll back. I presume I could have made in manually via the CLI, but was not up to that yet Theme - It has to grow on me, but I liked the only theme of 6.5.3 and below. I believe I just need new time with the new theme. Docker Autostart - I removed the CA Docker Autostart plugin, due to it not being compatible with 6.6.0. I could not find the option in 6.6.0 where to set delay timers and to change the order that dockers are started in. @Squid showed me were this was, thank you! I am going to upgrade back tonight and play around with the custom docker networks so I can get my br1.20. If someone could shed some light on this as well, it would be greatly appreciated. EDIT: Spun off docker issue here

unraid bare metal simple as that :-)

@panzerschreck, don't mean to bump an old-ish topic, but this is GREAT!!! Thank you for your guide on Reddit, it was very helpful and I am on my way to creating my own dashboards! Even though I couldn't import your dashboard, the pictures of your settings are easy to follow and a great learning tool. :-) Thank you again!

Did a quick search in this thread but couldn't find what i was looking for... Is there a way to have different share settings for different unassigned drives? Let me explain: I have 2 drives in UD Drive A for MythTV Recordings Drive B as a download location for Sabnzbd & hosting some files I have 2 SMB users, User1 and User2 I want User1 to only access 1 folder on DriveB (Sabnzbd), and User2 to access everything (DriveA and DriveB) I couldn't find a way in UD settings to have different users accessing different folders.

^^. This exactly. I was also trying to do this, loosely following this guide, but I am on 6.4. However, I just noticed the 6.4 updates and will have to try them out

Alright I think i jumped the gun a little bit... 192.168.15.11 can see 192.168.77.51, but wont connect to any dockers. I'll explain: 192.168.15.11 (nzbhydra) can connect to 192.168.7.251:32816 (unRaid/sabnzbd), but not the other way (192.168.7.251:32816 cannot ping/traceroute/etc 192.168.15.11) 192.168.7.251:32817 (unRaid/sonarr) cannot connect to 192.168.15.11 (hydra) I see its going over the docker interface (172.17.0.1) which is not I want. I presume I need another static route, so I tried this: Needless to say it didn't work :-(.

BINGO it works! It half works. See post below Now just need to tighten up security on the pfSense side and add this to run at docker launch. Thanks again :-)

I have played around with itbut was still not able to get it working :-/. Can you be more specific on how you did it?