CorneliousJD

Used Catalina both times but it's downloading Mojave still - looks like someone else is now having the same problem, weird. I wont push too hard on it for now. If the container is just grabbing the recovery.img from a URL and that can be posted I can do a manual download and replace of my .img, if not I can wait it out, no real rush here, just something fun to mess with from the server. I really only want this up as an easy way to take how-to screenshots on a fresh mac.

Ok, so when I tried this a few days ago I got stuck, but now I'm booting to the installer just fine. However this time I picked Catalina, and it looks like it downloaded the Mojave recovery media, as it tells me it's going to install Mojave even though I picked Catalina. My old .img file for Catalina-install.img was 2,095.724KB, this new one that says Mojave in the actual installer (filename is still Catalina-install.img) is 2,085.568KB I've put the old file in it's place but it doesn't boot, it starts to load the 2nd bar under the Apple logo and doesn't go any further than that. Any advice? Is it against rules to share a direct download link to the Catalina-install.img?

I was able to roll back to :3.10.5 and get logged in, even tho cameras showed offline. Do a backup, and then run a clean install of the container. It took about 4-5 minutes to "Boot" the container, at which point on the first wizard screen I could restore from the backup I just took. Was able to login again, re-adopt my NVR to my UniFi account, and also analyze the recording database and restore past recordings. Back up and running on 3.10.10 now and all is well, thanks everyone!

Ah whoops, that must have gotten overwritten somehow when I was tweaking stuff via the GUI, good catch! Updated and it seems to be displaying better but still getting stuck here:

Ok so mostly smooth so far but I don't keep my VMs in /mnt/user/domains so i had to do some tweaking. I'm sure I've mucked something up now in the works but cannot figure it out. Anyone care to take a look? This is where it gets stuck now... And my XML is as follows <?xml version='1.0' encoding='UTF-8'?> <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'> <name>MacOS Catalina</name> <uuid>427e2dee-2768-4ceb-90d7-29da86721f8d</uuid> <description>MacOS Catalina</description> <metadata> <vmtemplate xmlns="unraid" name="Windows 10" icon="/mnt/user/vms/MacOS Catalina/icon/catalina.png" os="Catalina"/> </metadata> <memory unit='KiB'>4194304</memory> <currentMemory unit='KiB'>4194304</currentMemory> <memoryBacking> <nosharepages/> </memoryBacking> <vcpu placement='static'>4</vcpu> <cputune> <vcpupin vcpu='0' cpuset='14'/> <vcpupin vcpu='1' cpuset='30'/> <vcpupin vcpu='2' cpuset='15'/> <vcpupin vcpu='3' cpuset='31'/> </cputune> <os> <type arch='x86_64' machine='pc-q35-3.1'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/qemu/ovmf-x64/OVMF_CODE-pure-efi.fd</loader> <nvram>/etc/libvirt/qemu/nvram/427e2dee-2768-4ceb-90d7-29da86721f8d_VARS-pure-efi.fd</nvram> </os> <features> <acpi/> <apic/> </features> <cpu mode='host-passthrough' check='none'/> <clock offset='utc'> <timer name='rtc' tickpolicy='catchup'/> <timer name='pit' tickpolicy='delay'/> <timer name='hpet' present='no'/> </clock> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <emulator>/usr/local/sbin/qemu</emulator> <disk type='file' device='disk'> <driver name='qemu' type='qcow2' cache='writeback'/> <source file='/mnt/user/vms/MacOS Catalina/Clover.qcow2'/> <target dev='hdc' bus='sata'/> <boot order='1'/> <address type='drive' controller='0' bus='0' target='0' unit='2'/> </disk> <disk type='file' device='disk'> <driver name='qemu' type='raw' cache='writeback'/> <source file='/mnt/user/vms/MacOS Catalina/Catalina-install.img'/> <target dev='hdd' bus='sata'/> <address type='drive' controller='0' bus='0' target='0' unit='3'/> </disk> <disk type='file' device='disk'> <driver name='qemu' type='raw' cache='writeback'/> <source file='/mnt/user/vms/MacOS Catalina/macos_disk.img'/> <target dev='hde' bus='sata'/> <address type='drive' controller='0' bus='0' target='0' unit='4'/> </disk> <controller type='pci' index='0' model='pcie-root'/> <controller type='pci' index='1' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='1' port='0x10'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/> </controller> <controller type='pci' index='2' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='2' port='0x11'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/> </controller> <controller type='pci' index='3' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='3' port='0x12'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/> </controller> <controller type='pci' index='4' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='4' port='0x13'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/> </controller> <controller type='virtio-serial' index='0'> <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/> </controller> <controller type='sata' index='0'> <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/> </controller> <controller type='usb' index='0' model='ich9-ehci1'> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x7'/> </controller> <controller type='usb' index='0' model='ich9-uhci1'> <master startport='0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0' multifunction='on'/> </controller> <controller type='usb' index='0' model='ich9-uhci2'> <master startport='2'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x1'/> </controller> <controller type='usb' index='0' model='ich9-uhci3'> <master startport='4'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x2'/> </controller> <interface type='bridge'> <mac address='52:54:00:29:4e:b9'/> <source bridge='br0'/> <model type='e1000-82545em'/> <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> </interface> <serial type='pty'> <target type='isa-serial' port='0'> <model name='isa-serial'/> </target> </serial> <console type='pty'> <target type='serial' port='0'/> </console> <channel type='unix'> <target type='virtio' name='org.qemu.guest_agent.0'/> <address type='virtio-serial' controller='0' bus='0' port='1'/> </channel> <input type='tablet' bus='usb'> <address type='usb' bus='0' port='1'/> </input> <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> <graphics type='vnc' port='-1' autoport='yes' websocket='-1' listen='0.0.0.0' keymap='en-us'> <listen type='address' address='0.0.0.0'/> </graphics> <video> <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/> </video> <memballoon model='virtio'> <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/> </memballoon> </devices> <qemu:commandline> <qemu:arg value='-usb'/> <qemu:arg value='-device'/> <qemu:arg value='usb-kbd,bus=usb-bus.0'/> <qemu:arg value='-device'/> <qemu:arg value='isa-applesmc,osk=redacted'/> <qemu:arg value='-smbios'/> <qemu:arg value='type=2'/> <qemu:arg value='-cpu'/> <qemu:arg value='Penryn,kvm=on,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check'/> </qemu:commandline> </domain>

Thanks... haha this was by FAR the easiest solution. Worked great. Can confirm the newly generated default site conf looks like it has the fixes in place! EDIT: Although after doing this now I'm getting one small error on the security check page. The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin", "strict-origin-when-cross-origin" or "same-origin". But as H2O_King89 noted above, this is an easy fix. I just commented out line #21 on the newly generated config!

My file is VASTLY different here than yours. upstream php-handler { server 127.0.0.1:9000; # server unix:/var/run/php/php7.0-fpm.sock; } server { listen 80; server_name _; # enforce https return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name _; ssl_certificate /config/keys/cert.crt; ssl_certificate_key /config/keys/cert.key; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; # add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Path to the root of your installation root /config/www/nextcloud/; # set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; # Disable gzip to avoid the removal of the ETag header gzip off; # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; index index.php; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; rewrite ^/.well-known/carddav /remote.php/dav/ permanent; rewrite ^/.well-known/caldav /remote.php/dav/ permanent; # The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location / { rewrite ^/remote/(.*) /remote.php last; rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; try_files $uri $uri/ =404; } location ~ \.php(?:$|/) { fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice fastcgi_pass php-handler; fastcgi_intercept_errors on; } # Adding the cache control header for js and css files # Make sure it is BELOW the location ~ \.php(?:$|/) { block location ~* \.(?:css|js)$ { add_header Cache-Control "public, max-age=7200"; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } # Optional: Don't log access to other assets location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ { access_log off; } }

Thanks for confirming, my next questions is then exactly what we need to change to mitigate this, because the link shows sections of config files that do not seem to exist inside of this container at all? These two lines I can't seem to find anywhere. rewrite ^ /index.php$request_uri; location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { Perhaps I'm looking in the wrong spot? But I went into my /appdata/nextcloud/nginx/nginx.conf and /appdata/nextcloud/nginx/site-confs/default Those lines weren't in either of those files. If I know what to change and where I can make it happen, but I'm lost for right now. Thanks in advance!

Are you able to confirm that LSIO will push an update that fixes this security issue - or is it something we have to actually go in and edit the config files for? This post from Nextcloud shows 2 options, one with updating php packages and one with editing nginx config: https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/

Cool, thanks Squid! I did already have auto-update plugin installed and up to date and I did still get the update notice last night of a ton of containers updating, even though one in particular (Deluge) i have set to be locked at a specific version. This isn't a big deal to me though, it's just a notice I can ignore daily since I assume this will be fixed in the next unraid release as well? Server: Docker Auto Update Community Applications Deluge Grocy Heimdall HomeAssistant Jackett LetsEncrypt Lidarr MariaDB Nextcloud Ombi PiHole Portainer Radarr Sonarr UniFi Automatically Updated normal

Got this over night last night on scheduled run of scanning for common problems (Fix Common Problems plugin) Event: Fix Common Problems - Server Subject: Warnings have been found with your server.(Server) Description: Investigate at Settings / User Utilities / Fix Common Problems Importance: warning **** Template URL for docker application Bitwarden is missing. **** **** Template URL for docker application FileBot is missing. **** **** Template URL for docker application Grocy is missing. **** **** Template URL for docker application HA-Dockermon is missing. **** **** Template URL for docker application HomeAssistant is missing. **** **** Template URL for docker application PiHole is missing. **** **** Template URL for docker application Portainer is not the as what the template author specified. **** **** Template URL for docker application Tautulli is not the as what the template author specified. **** **** Template URL for docker application UniFi is not the as what the template author specified. **** **** Template URL for docker application UniFiVideo is missing. **** I re-ran the scan and am still seeing this. Nothing had changed previously, server uptime is almost 18 days right now. PS I had been getting repeat notices of docker containers updating every night despite not having an update available, but I've gathered that's a known bug in this version of unraid, maybe these two are related. Wondering how I can fix this, or both? Not sure if it's safe to apply template URL from fix common problems or if I should be waiting this out. So here I am

Just dropping by to say this affected me when adding a new RAID1 member to cache, thankfully johnnie.black is on the forums directing users here, was able to make sure metadata is updated correctly to RAID1 now.

Woo, wonderful! Back to showing a 500GB drive now. I also made a full backup before I did this just incase, but I will plan to follow the link from your first post to add a new drive and have it be 2 slots This will RAID1 the 2 drives and I shouldn't loose any data from what I'm understanding?

Ok, I did the conversion and it resulted with Done, had to relocate 5 out of 176 chunks But when I do btrfs device delete missing it results with btrfs device delete: not enough arguments: 1 but at least 2 expected

+1 here as well, this also just happened to me, every time array starts it tries to re-balance.