-
Posts
3,064 -
Joined
-
Last visited
-
Days Won
3
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by aptalca
-
-
82 is my unraid box, all my other dockers ive just set a different port, perhaps im hosing up life there, ive got plex, ombi, nextcloud all running that way
I guess i should say the only things i want external facing are my nextcloud and my ombi
Docker is forwarding port 8888 to 80. Nginx inside the container will see/listen on port 80. There won't be a connection coming from/to localhost -
Are you trying to use port 80? Unraid gui runs on there so you have to pick a different port- 1
-
Did you try to connect to https://yourip:943/admin ? Or click on the webui link in the unraid gui?
-
I wondered if you had any plans of supporting manual updates, or forcing the use of the same CA cert, in order to be able to manage hpkp pinning?
I have the certs setup and working, but the auto update would mean I likely lock myself out of my site each time the renewal occurs.
I wondered if anyone had a working hpkp pinning process at all?
Thanks in advance
certbot-http-public-key-pinning-hpkp/
Probably not. It seems to be more hassle than it's worth. IE and Edge don't support it either.
Plus, the whole purpose of this container is the automated certs.
You can use the plain nginx container and add the certs yourself if you only want manual updates. You can also run the letsencrypt container once, let it create the certs and stop it, then use the certs in the plain nginx container -
Hello
Thank you for the zoneminder 1.29 docker.
Is it possible for you to update the docker to the most recent version of zoneminder?
Also is there a way to change the location where the recordings are saved to?
Thanks
Each version of zoneminder requires a new separate image and likely a fresh install because of all the drastic structural changes they implement. It's too much work and I gave up.
You can use symlinks to change recording location -
Is it possible to add a subdomain that doesnt use SSL? I have a need to serve some files via HTTP but my current setup redirects all traffic to https. I want to set up a subdomain dnd.server.com that allows me to serve up files without https, with the root in a different location from the main server.
Sure, just create a new server block in the site config for the new subdomain and set it to listen to port 80 -
Thanks, I got it to load now. And I had to do port forwarding. Now I need to find out how to block http requests or redirect to https version. Any idea how do I edit the 443 page?
Config files are in the /config folder. You will want to modify the site config as well as the html file under www -
Its normal for all servers to be under endless attack though..
Yeah, except my public web servers are using passwordless ssh logins and are running fail2ban to ban repeat offenders and dos'ers.
Does unraid even do anything about brute force attempts?
I once got a virus that disabled all power saving and sleep settings on my laptop, ran it full speed until it brute forced my router admin password, then changed the dns settings to inject ads to all websites visited from all computers at home. It was quite brilliant
-
Yea it says could not connect to server if I tried to access the ssl port or non ssl port. Then docker died.
Something like this happened:
/var/run/s6/etc/cont-init.d/50-config: line 105: cd: /config/keys/letsencrypt: No such file or directory
there are no other errors, just warnings.
You mentioned you only forward the subdomain to your home server. Did you use the only subdomains option?
Your cert generation was unsuccessful. The logs should tell you that -
Thanks. I did and it created fine. How do I know if it's working? I tried to access my Sub domain with the http port or even the 443 port but nothing happened..
Define "nothing happened". Did you get an error?
You should try to access https://yoururl.com and you should see the default welcome page
Check your docker log -
Ran the command and restarted, new errors now about initialising ip6tables2017-03-28 23:29:51,870 fail2ban.utils [264]: ERROR ip6tables -w -N f2b-nginx-botsearchip6tables -w -A f2b-nginx-botsearch -j RETURNip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- stderr:2017-03-28 23:29:51,871 fail2ban.utils [264]: ERROR -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory"2017-03-28 23:29:51,871 fail2ban.utils [264]: ERROR -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"2017-03-28 23:29:51,871 fail2ban.utils [264]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'2017-03-28 23:29:51,871 fail2ban.utils [264]: ERROR -- stderr: "modprobe: can't change directory to '/lib/modules': No such file or directory"2017-03-28 23:29:51,871 fail2ban.utils [264]: ERROR -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"2017-03-28 23:29:51,872 fail2ban.utils [264]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'2017-03-28 23:29:51,872 fail2ban.utils [264]: ERROR -- stderr: 'Could not open socket to kernel: Address family not supported by protocol'2017-03-28 23:29:51,872 fail2ban.utils [264]: ERROR ip6tables -w -N f2b-nginx-botsearchip6tables -w -A f2b-nginx-botsearch -j RETURNip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- returned 12017-03-28 23:29:51,872 fail2ban.actions [264]: ERROR Failed to start jail 'nginx-botsearch' action 'iptables-multiport': Error starting action Jail('nginx-botsearch')/iptables-multiport
So tried passing unraids /lib/modules as a read-only path to the container but now get
2017-03-28 23:40:37,382 fail2ban.utils [261]: ERROR ip6tables -w -N f2b-nginx-botsearchip6tables -w -A f2b-nginx-botsearch -j RETURNip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- stderr:2017-03-28 23:40:37,382 fail2ban.utils [261]: ERROR -- stderr: 'modprobe: module ip6_tables not found in modules.dep'2017-03-28 23:40:37,383 fail2ban.utils [261]: ERROR -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"2017-03-28 23:40:37,383 fail2ban.utils [261]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'2017-03-28 23:40:37,383 fail2ban.utils [261]: ERROR -- stderr: 'modprobe: module ip6_tables not found in modules.dep'2017-03-28 23:40:37,383 fail2ban.utils [261]: ERROR -- stderr: "ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)"2017-03-28 23:40:37,383 fail2ban.utils [261]: ERROR -- stderr: 'Perhaps ip6tables or your kernel needs to be upgraded.'2017-03-28 23:40:37,383 fail2ban.utils [261]: ERROR -- stderr: 'Could not open socket to kernel: Address family not supported by protocol'2017-03-28 23:40:37,383 fail2ban.utils [261]: ERROR ip6tables -w -N f2b-nginx-botsearchip6tables -w -A f2b-nginx-botsearch -j RETURNip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-botsearch -- returned 12017-03-28 23:40:37,383 fail2ban.actions [261]: ERROR Failed to start jail 'nginx-botsearch' action 'iptables-multiport': Error starting action Jail('nginx-botsearch')/iptables-multiport
So maybe I need to install that apk in unraid but I'd really rather not as I don't use ipv6 on my network.
Is there anyway just to configure fail2ban not to try using ip6tables and drop ipv6 support instead?
Thanks
FYI, I reported the issue to fail2ban and they confirmed it as a bug, which will be fixed. Until then, your workaround should be sufficient
https://github.com/fail2ban/fail2ban/issues/1741 -
2 hours ago, Weavus said:
Figured it out. I commented out the last section of iptables-common.conf in action.d
#[Init?family=inet6] # Option: blocktype (ipv6) # Note: This is what the action does with rules. This can be any jump target # as per the iptables man page (section 8). Common values are DROP # REJECT, REJECT --reject-with icmp6-port-unreachable # Values: STRING #blocktype = REJECT --reject-with icmp6-port-unreachable # Option: iptables (ipv6) # Notes.: Actual command to be executed, including common to all calls options # Values: STRING #iptables = ip6tables <lockingopt>
Now fail2ban is starting without errors
Right, that will fix your issue, however, you're not really supposed to edit the conf files. You are supposed to append them through .local files. The issue is, I don't know how to append and remove something from the conf via a local file. I know how to replace it with something else. I'll give it some more thought.
This is the newest beta version of fail2ban and ipv6 is the newest feature. I guess this is one of the bugs they will have to fix.
-
3 hours ago, Weavus said:
I'm having trouble getting Fail2ban working. I'm seeing this in the logs:
2017-03-26 04:04:46,710 fail2ban.jail [266]: INFO Jail 'nginx-http-auth' started 2017-03-26 04:04:46,712 fail2ban.jail [266]: INFO Jail 'nginx-botsearch' started 2017-03-26 04:04:46,714 fail2ban.jail [266]: INFO Jail 'nginx-badbots' started 2017-03-26 04:04:46,799 fail2ban.utils [266]: ERROR ip6tables -w -N f2b-nginx-http-auth ip6tables -w -A f2b-nginx-http-auth -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth -- stderr: 2017-03-26 04:04:46,799 fail2ban.utils [266]: ERROR -- stderr: '/bin/sh: ip6tables: not found' 2017-03-26 04:04:46,800 fail2ban.utils [266]: ERROR -- stderr: '/bin/sh: ip6tables: not found' 2017-03-26 04:04:46,800 fail2ban.utils [266]: ERROR -- stderr: '/bin/sh: ip6tables: not found' 2017-03-26 04:04:46,800 fail2ban.utils [266]: ERROR ip6tables -w -N f2b-nginx-http-auth ip6tables -w -A f2b-nginx-http-auth -j RETURN ip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth -- returned 127 2017-03-26 04:04:46,800 fail2ban.utils [266]: INFO HINT on 127: "Command not found". Make sure that all commands in 'ip6tables -w -N f2b-nginx-http-auth\nip6tables -w -A f2b-nginx-http-auth -j RETURN\nip6tables -w -I INPUT -p tcp -m multiport --dports http,https -j f2b-nginx-http-auth' are in the PATH of fail2ban-server process (grep -a PATH= /proc/`pidof -x fail2ban-server`/environ). You may want to start "fail2ban-server -f" separately, initiate it with "fail2ban-client reload" in another shell session and observe if additional informative error messages appear in the terminals. 2017-03-26 04:04:46,826 fail2ban.actions [266]: ERROR Failed to start jail 'nginx-http-auth' action 'iptables-multiport': Error starting action Jail('nginx-http-auth')/iptables-multiport
How do I turn off ip6 support in fail2ban or make the ip6tables command available?
Thanks
Can you exec into the container ( docker exec -it letsencrypt bash ) and then install the package ( apk add --update ip6tables ) and restart? If that fixes it, we'll go ahead and add the package to the image
Thanks
-
Is there a way to have crontabs remain past an update at all please, like the letsencrypt container.
I've used this as a generic container for my web based apps, but am struggling with the cron getting wiped out.
Thanks in advance.
I'll look into it -
I have my own domain on dreamhost and I have configured a sub domain to point to my home tower. I want to https some of my dockers like ombi and Plex py or sabznbd etc. (Currently only Plex py and ombi has been port forwarded. The rest is not.)
Im having problems with the blanks in the docker settings. I have put everything as default but it says port 80 is used for http.. which is true since the server is already running on port 80 for the web Gui? So not sure what I am suppose to do?
Put in any port in there, like 87. Don't have blanks, otherwise unraid won't be able to create the container -
You can modify the action files. Copy the sendmail-common.conf to sendmail-common.local and modify the sendmail command and add your email addresses
-
thanks, I think I figured it out. Not really sure why (probably my lack of understanding), but it was the container mapping on radarr.
NZBGet was pointing to /mnt/cache/downloads and Radarr was pointing to /mnt/user/downloads. Despite that just being the shared version of the cache drive (to my understanding at least), I switched it over and my img file immediately went down 20 GB. Weirdly enough, CP is pointing to the User share and never caused an issue for me.
Radarr is smarter. It actually retrieves the download path from sab and nzbget and looks for the downloaded files there.
Cp asks you to enter the location where the files are supposed to be, in its settings -
You don't need to configure sendmail. You can define the smtp server and other options while sending the e-mail in command line
Type the following in commandline to see the available options:
sendmail -?
EDIT: I tested something like this and it works: sendmail -t -v -H 'exec openssl s_client -quiet -tls1 -connect smtp.gmail.com:465' -auMYEMAILADDRESS -apMYPASSWORD <mail.txt
mail.txt looks like this:
To: [email protected] Subject: Whatever you like Here's the body of the e-mail
- 1
-
6 hours ago, tazire said:
I am having an issue with this docker not updating my ip. logs show this every 5 mins when it tries to update the ip....
/app/duck.conf: line 1: ********************************: command not found
Something went wrong, please check your settings Tue Mar 21 18:40:02 GMT 2017I deleted the docker and reinstalled it but no joy. and there is no appdata folder so i have no idea what else to change....
basically i need to update the ip manually atm.
the stared out bit is my token
Edit***
I updated my token and reinstalled the docker again but i still get an issue...
Something went wrong, please check your settings Tue Mar 21 18:50:00 GMT 2017
Something went wrong, please check your settings Tue Mar 21 18:55:00 GMT 2017Did you enter one subdomain or multiple? If multiple, are they comma separated with no spaces? Did you input just the subdomain or the whole domain? Do either the subdomains or the token contain any weird characters? Any quotation marks? There should only be letters, numbers, dash and maybe underline in either
-
Is there seriously no HTTPS? now I have to implement VPN to remote in to manage my NAS rather than port forward. If a media server why no media server out of the box without having to install flex docker or a plugin?
Unraid is not a media server. It's a NAS intended for LAN access.
If you turn it into a media server by installing services through docker or VMs, you can also install a reverse proxy in docker to provide access to those guis securely. You can try the linuxserver letsencrypt container which gets and maintains free 3rd party validated certs automatically.
For remote smb or ssh access to unraid, you can set up vpn through docker as well -
Great container, replaces a VM I had running that had the same functions, but took a lot more resources.
In the VM I had running, I used sSMTP to send fail2ban emails. Would it be possible to add this in a future release? Or is there already a way of sending email in the container?
The container has sendmail you can use -
I had a hard time getting ZoneMinder set up for the first time. The live preview image would not work. I was getting a lot of socket errors like these:
socket_sendto( /var/run/zm/zms-427772s.sock ) failed: No such file or directory
Googling kept telling me it was an issue with Apache, but it wasn't. Long story short, the problem was with the PATH_ZMS variable that is set in this docker.
By default, it was "/cgi-bin/nph-zms" for me. However, I noticed that this path is actually not found. I made it relative by setting it to "cgi-bin/nph-zms" and live streaming finally worked for me.
The absolute path is /zm/cgi-bin/nph-zms
It was a requirement for zm 1.29
It is detailed in the container description/instructions on docker hub: https://hub.docker.com/r/aptalca/zoneminder-1.29/ -
I got a question regarding fail2ban and my docker containers running behind nginx.
Am I right that I'm not able to setup any custom fail2ban filters here as my letsencrypt-nginx container obviously can't see any logfiles from other containers such as Emby or Nextcloud!?
As I understand the use of fail2ban here is that it's restricted to basic_auth only when used with Docker.
Is this correct or is there a way to get this working together with Emby for example?
you can mount the locations of the log files in the letsencrypt container -
When you guys check the transcode info in the currently playing tab in plex web, does it show "Transcoding H264 (hw) to H264 (hw)"?
Mine shows "Transcoding H264 (hw) to H264" where the (hw) is only after the from part. And the cpu usage is just as high as software transcode.
[DEPRECATED] Linuxserver.io - Rutorrent
in Docker Containers
Posted
nano should be in there. If not, install it with "apk add --no-cache nano"