Revrto

Hey, @oliverde8 I am messing with your revision of @Squid 's cool hot swap script. I am trying to hot swap a keyboard and mouse through a hub (similar to your KVM situation). For reference the script is named "KM Script." I am running into an issue where it works for a few seconds and then everything automatically disconnects. I have tried both via the bus option and with the hubname option with both the same result. Additionally, I keep getting the following error every few seconds in the logs. Attached is my version of the script and a snip from my logs. Any insight would be appreciated. V/R Revrto LSUSB: Bus 006 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 005 Device 002: ID 0781:5571 SanDisk Corp. Cruzer Fit Bus 005 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 004 Device 002: ID 05e3:0612 Genesys Logic, Inc. Hub Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 003 Device 003: ID 051d:0003 American Power Conversion UPS Bus 003 Device 009: ID 05e3:0610 Genesys Logic, Inc. 4-port hub Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 002: ID 8087:0aa7 Intel Corp. Bus 001 Device 003: ID 1e71:170e NZXT NZXT USB Device Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub MY VERSION OF SCRIPT: #!/usr/bin/php <?PHP #backgroundOnly=true #description=A script designed to monitor a USB hub or a particular USB bus for changes and then attach or detach devices to an applicable VM /* * Configuration's */ $vmName = "Truff-Metal"; // must be the exact name $pollingTime = 10; // the interval between checks in seconds $startupDelay = 10; // startup delay before monitoring for changes in seconds (set to enough time for the VM to get up and running) $waitBetweenPlugs = 10; // If using a device such a KVM mounting multiple usb drives at once can cause some issues with the host. Wait in between. $ignoredDevices = [ // List of device names that should be ignored. 'American Power Conversion UPS / Linux Foundation 2.0 root hub' // must be exact as listed via lsusb ]; // only use one or the other of the following lines not both See thread for details $hubName = "Genesys Logic, Inc. 4-port hub"; // must be exact as listed via lsusb #$bus = "003"; // see thread for details /** * Code don't change from here on. */ function getDeviceList($bus, $ignoredDevices) { exec("lsusb | grep 'Bus $bus'",$allDevicesOnBus); foreach ($allDevicesOnBus as $Devices) { $deviceLine = explode(" ",$Devices); if (!in_array($deviceLine[5], $ignoredDevices)) { $initialState[$deviceLine[5]] = $deviceLine[5]; } else { logger("Ignoring device $Devices"); } var_dump(); } return $initialState; } function createXML($deviceID, $waitBetweenPlugs) { sleep($waitBetweenPlugs); $usb = explode(":",$deviceID); $usbstr .= "<hostdev mode='subsystem' type='usb'> <source> <vendor id='0x".$usb[0]."'/> <product id='0x".$usb[1]."'/> </source> </hostdev>"; file_put_contents("/tmp/USBTempXML.xml",$usbstr); } function logger($string) { echo "$string\n"; shell_exec("logger ".escapeshellarg($string)); } # Begin Main logger("Sleeping for $startupDelay before monitoring $bus for changes to passthrough to $vmName"); sleep($startupDelay); $hubBus = $bus; if ( ! $hubBus ) { $hub = explode(" ",exec("lsusb | grep '$hubName'")); $hubBus = $hub[1]; } logger("Monitoring $hubBus for changes"); $initialState = getDeviceList($hubBus, $ignoredDevices); while (true) { $unRaidVars = parse_ini_file("/var/local/emhttp/var.ini"); if ($unRaidVars['mdState'] != "STARTED") { break; } $currentDevices = getDeviceList($hubBus, $ignoredDevices); foreach ($currentDevices as $Device) { if ( ! $initialState[$Device] ) { logger("$Device Added to bus $hubBus Attaching to $vmName"); createXML($Device, $waitBetweenPlugs); exec("/usr/sbin/virsh attach-device '$vmName' /tmp/USBTempXML.xml 2>&1"); $initialState[$Device] = $Device; } } foreach ($initialState as $Device) { if ( ! $currentDevices[$Device] ) { logger("$Device Removed from bus $hubBus Detaching from $vmName"); createXML($Device, $waitBetweenPlugs); exec("/usr/sbin/virsh detach-device '$vmName' /tmp/USBTempXML.xml 2>&1"); unset ($initialState[$Device]); } } sleep($pollingTime); } ?> LOG: Warning: var_dump() expects at least 1 parameter, 0 given in /tmp/user.scripts/tmpScripts/KM Switch/script on line 35 046d:c07e Added to bus Attaching to Truff-Metal 04d9:a0d1 Added to bus Attaching to Truff-Metal 05e3:0610 Added to bus Attaching to Truff-Metal Warning: var_dump() expects at least 1 parameter, 0 given in /tmp/user.scripts/tmpScripts/KM Switch/script on line 35 Warning: var_dump() expects at least 1 parameter, 0 given in /tmp/user.scripts/tmpScripts/KM Switch/script on line 35 Warning: var_dump() expects at least 1 parameter, 0 given in /tmp/user.scripts/tmpScripts/KM Switch/script on line 35 Warning: var_dump() expects at least 1 parameter, 0 given in /tmp/user.scripts/tmpScripts/KM Switch/script on line 35 Warning: var_dump() expects at least 1 parameter, 0 given in /tmp/user.scripts/tmpScripts/KM Switch/script on line 35 Warning: var_dump() expects at least 1 parameter, 0 given in /tmp/user.scripts/tmpScripts/KM Switch/script on line 35 Warning: var_dump() expects at least 1 parameter, 0 given in /tmp/user.scripts/tmpScripts/KM Switch/script on line 35 Warning: var_dump() expects at least 1 parameter, 0 given in /tmp/user.scripts/tmpScripts/KM Switch/script on line 35 Warning: var_dump() expects at least 1 parameter, 0 given in /tmp/user.scripts/tmpScripts/KM Switch/script on line 35 Warning: var_dump() expects at least 1 parameter, 0 given in /tmp/user.scripts/tmpScripts/KM Switch/script on line 35 Warning: var_dump() expects at least 1 parameter, 0 given in /tmp/user.scripts/tmpScripts/KM Switch/script on line 35 Warning: var_dump() expects at least 1 parameter, 0 given in /tmp/user.scripts/tmpScripts/KM Switch/script on line 35 046d:c07e Removed from bus Detaching from Truff-Metal 04d9:a0d1 Removed from bus Detaching from Truff-Metal Warning: var_dump() expects at least 1 parameter, 0 given in /tmp/user.scripts/tmpScripts/KM Switch/script on line 35

I think that makes sense if i switch to dns verification and use a wildcard for the certs (I have not migrated that yet). I saw the post about proxy_pass and that seems like it might work if I pair that with danioj's method of restricting to local. You mentioned to him about using http auth as well for good measure. I am not familiar with it, I assume that is different than using 2FA with an authenticator, correct?. Could you point me to a link on implementing it in this scenario? Thanks btw for all your help.

Thats, what I was thinking about doing but I cant figure out a way to have letsencrypt pass through a valid cert to unraid and point it at that IP. Much less doing that while restricting access to that device to only the local network. Similar to the pfSense example in my second question.

All, Any help you all can provide would be greatly appreciated. I am stuck in a “less than desirable” network layout and have been beating my head against this wall for the past few days and I am at a loss. Apologies in advance for the book. Background: I have started experimenting with the letsencrypt docker as a reverse proxy to access services externally and so far, external services are working. I purchased my own domain name and have that CNAME point over to DuckDNS. I am using a pfSense VM on Unraid as my router and configured everything as Spaceinvader One recommends. Unfortunately, I am in an apartment with a roommate who refuses to let his devices fall under my network because he does not want a chance of his games being disrupted. So, I am currently forced to have my pfSense router double NAT underneath his Spectrum(ISP) provided router (I know that is terrible and it does pain me to say it). I was able to place my pfSense router in the DMZ on his router to at least get external services working. (i.e. nextcloud, etc.) However, even though pfSense supports NAT reflection the ISP router does not. So, I cannot access the devices through their domain name (i.e. nextcloud.mydomain.com) and thus do not have https connections on the local network. I thought this would not be a big deal and I would use DNS host overrides in pfSense to do a Split-DNS, however the pfSense host override does not allow DNS host assignments to IP and port (i.e. 192.168.1.5:443). It goes straight to port 80/443. This ends up that anything I try to resolve on the server dumps me at the Unraid WebUI. Objectives: Hopefully, that is enough background. My two objectives I cannot find answers on anywhere are: 1. How should I work around this host override/NAT reflection issue? I am open to other ideas, but I was thinking of swapping the Unraid WebUI and letsencrypt proxy ports so it routes through the proxy but then I can't find anywhere that says how to have letsencrypt make a cert and passthrough the unraid UI as a subdomain (i.e. UnraidUI.mydomain.com). 2. Related, how can I have the letsencrypt reverse proxy provide valid domains and certificates to other devices and dockers yet restrict them to only the local network. For example, I would like letsencrypt to provide a valid domain name and cert to my pfSense router residing on 192.168.1.1 and make it so It had a valid cert from letsencrypt but the subdomain ‘pfsense.mydomain.com’ was only accessible from the internal network. I am open to any other solutions be they in docker, Unraid, or pfSense. Thanks in advance for any help. This has been making my eyes bleed for days. V/R Revrto

Unfortunately I'm not familiar with what advertising routes is. I am able to ping the ip address. upon further investigation I am able to access the webui if i go directly to the IP address without a hostname. Any thoughts on how to get the hostnames working?

I'm successfully connected to my OpenVPN-as docker using Spaceinvader one's tutorial but i cannot access my unraid webui. I followed his tutorial precisely. Is there something I'm missing?

thanks for the quick reply. Yes I added my own user as an admin. I get the error in notepad++, when I try to edit and save the file to the appdata folder, that I don't have proper permissions. Even though I have appdata set to public and am an admin on the windows system I am editing from. I am currently away from my desk so I cant send a screenshot but hopefully this gives some clarification.

Relatively new to UnRaid, but I am following a guide from Spaceinvader One (guide linked below with timestamp for the specific step) on how to set up this docker and when I get to disabling the default admin when the docker is updated his instructions give me a rights error. I own the server, have the appdata export set to public (temporarily of course) and am running as an admin on the windows PC I am using to manipulate everything. Any insight on the subject or direction to an existing thread would be greatly appreciated. Spaceinvader One - How to setup an openvpn server on unRAID for secure remote connections updated guide https://youtu.be/EfBvvilnasU?t=8m20s