Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

teh0wner

Members
  • Joined

  • Last visited

Everything posted by teh0wner

  1. I've had an issue with the mount script today.. complaining about cache running out of space. 2020/03/01 09:17:44 ERROR : downloads/ABC.mkv: Failed to copy: multpart copy: write failed: write /root/.cache/rclone/vfs/google_drive_encrypted_vfs/ABC.mkv: no space left on device Is there a way I can change the cache location? AFAIK /root/.cache is on the sdcard, which barely has any space. Ideally this would be my cache disk. Fix Common Problems has flagged it up too - diagnostics attached. Got that working using --cache-dir in rclone_mount script during mounting, however, it (weirdly) seems mergerfs doesn't like that. I can see the rclone_mount just fine, but trying to access merger_fs mount, just hangs. Any ideas why this might be the case? Thanks r2-d2-diagnostics-20200301-1115.zip
  2. Something very weird is going on... root@R2-D2:/# du -xh --max-depth=1 / 0 /opt 160K /tmp 16M /etc 1.3G /usr 22M /lib64 0 /mnt 20M /sbin 0 /home 6.6M /lib 13M /bin 5.3M /var 24K /root 1.4G / and I can login just fine now.. How did root all of a sudden empty out?
  3. root@R2-D2:/# du -xh /root 0 /root/.cache/rclone/vfs 0 /root/.cache/rclone 0 /root/.cache 0 /root/.config/procps 4.0K /root/.config/sakura 4.0K /root/.config/remmina 4.0K /root/.config/htop 12K /root/.config 24K /root Go figure..
  4. root@R2-D2:/# ls -ltrah /root total 12K -rwxr-xr-x 1 root root 60 Jan 26 17:28 .bashrc* -rw-r--r-- 1 root root 0 Feb 2 21:15 .wget-hsts lrwxrwxrwx 1 root root 30 Feb 2 21:15 .docker -> /boot/config/plugins/dockerMan/ -rwxr-xr-x 1 root root 316 Feb 2 21:15 .bash_profile* lrwxrwxrwx 1 root root 21 Mar 1 09:05 mdcmd -> /usr/local/sbin/mdcmd* -rw-rw-rw- 1 root root 32 Mar 1 09:05 .tmux.conf drwx------ 3 root root 60 Mar 1 09:11 .cache/ drwxr-xr-x 4 root root 200 Mar 1 09:11 ./ drwxr-xr-x 6 root root 120 Mar 1 09:33 .config/ drwxr-xr-x 20 root root 420 Mar 1 09:44 ../ Nothing pops out.
  5. So I've just rebooted my unRaid Server, and I've been greeted with the following Warning: session_write_close(): write failed: No space left on device (28) in /usr/local/emhttp/login.php on line 33 Warning: session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php) in /usr/local/emhttp/login.php on line 33 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/emhttp/login.php:33) in /usr/local/emhttp/login.php on line 35 I've tried to run diagnostics, but that doesn't work properly it seems, as there's no space on device. I get the following : Starting diagnostics collection... Warning: file_put_contents(): Only 0 of 5 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 80 Warning: file_put_contents(): Only 0 of 15 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 85 Warning: file_put_contents(): Only 0 of 12 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 85 Warning: file_put_contents(): Only 0 of 173 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 85 Warning: file_put_contents(): Only 0 of 9066 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 85 Warning: file_put_contents(): Only 0 of 180 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 85 Warning: file_put_contents(): Only 0 of 1032 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 85 Warning: file_put_contents(): Only 0 of 7450 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 85 Warning: file_put_contents(): Only 0 of 7606 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 85 Warning: file_put_contents(): Only 0 of 4480 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 85 Warning: file_put_contents(): Only 0 of 4667 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 85 Warning: file_put_contents(): Only 0 of 4240 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 85 Warning: file_put_contents(): Only 0 of 165 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 101 Warning: file_put_contents(): Only 0 of 2 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 120 Warning: file_put_contents(): Only 0 of 34 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 122 Warning: file_put_contents(): Only 0 of 2 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 120 Warning: file_put_contents(): Only 0 of 34 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 122 echo: write error: No space left on device echo: write error: No space left on device echo: write error: No space left on device echo: write error: No space left on device echo: write error: No space left on device echo: write error: No space left on device echo: write error: No space left on device echo: write error: No space left on device echo: write error: No space left on device Warning: file_put_contents(): Only 0 of 25 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 160 Warning: file_put_contents(): Only 0 of 29 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 160 Warning: file_put_contents(): Only 0 of 25 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 160 Warning: file_put_contents(): Only 0 of 29 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 160 Warning: file_put_contents(): Only 0 of 25 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 160 Warning: file_put_contents(): Only 0 of 25 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 160 Warning: file_put_contents(): Only 0 of 25 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 160 Warning: file_put_contents(): Only 0 of 29 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 160 Warning: file_put_contents(): Only 0 of 29 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 160 Warning: file_put_contents(): Only 0 of 29 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 160 Warning: file_put_contents(): Only 0 of 29 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 160 Warning: file_put_contents(): Only 0 of 29 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 160 Warning: file_put_contents(): Only 0 of 29 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 160 Warning: file_put_contents(): Only 0 of 29 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 160 Warning: file_put_contents(): Only 0 of 29 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 160 Warning: file_put_contents(): Only 0 of 31 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 160 Warning: file_put_contents(): Only 0 of 25 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 160 Warning: file_put_contents(): Only 0 of 775 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix/scripts/diagnostics on line 210 done. ZIP file '/boot/logs/r2-d2-diagnostics-20200301-0944.zip' created. running " du -xh --max-depth=1 /" gives me the following: 0 /opt 148K /tmp 16M /etc 1.3G /usr 22M /lib64 0 /mnt 20M /sbin 0 /home 6.6M /lib 13M /bin 5.2M /var 6.3G /root 7.6G / The diagnostics file produced is just 18K, and every file in there seems empty. I can't access SMB to grab it on my Windows machine, but unzipping via SSH and looking at the contents, everything looks like 0 byte files. Any help appreciated
  6. Excellent, thanks for the explanation. So just to confirm, the script today have no way of doing a MergeFS of a 100% Local Folder (which you never want to move to the cloud) and the Cloud. The LocalFilesShare will always eventually move to the cloud. I guess the above can be achievied by just modifying the mergefs command in the script slightly to also include an 100% local I want to 'merge'. I would also like to ask, what's the purpose of MountFolders? Wouldn't everything in Local get eventually moved on?
  7. For Point 3 though, if I'm understanding this correctly, it will eventually 'move' whatever is in LocalFilesShare to rclone mount. Or will the upload script only move what's in MergeFS Folder, that hasn't been 'moved' yet, leaving LocalFilesShare untouched?
  8. One thing I'm trying to wrap my head around, which sounds a bit silly. The mount script does the following : a) Creates/Uses a LocalFilesShare (Local Folder) which is used by MergerFS later (Not quite sure what the purpose of MountFolders are) b) Mounts an rclone drive c) MergerFS takes a + b and creates a 'unified' folder The upload script does the following : a) Takes whatever is in LocalFilesShare and moves/copies/whatever you set to the rclone drive I have a few questions : 1) What will happen if I put something directly into the rclone mount? 2) If I put something in MergerFS folder, will it be immedeately uploaded to the rclone drive? 3) Is there a way I can have local data + remote data? i.e. make MergerFS 'bind' my local data, whilst also having remote data? I hope this makes sense. Thanks
  9. The latter sounds quite neat actually - any tutorialshowing how to set this up? Thanks
  10. In the scripts, when specifying the RcloneRemoteName, do you point it to the encrypted type? Also, I'm not quite sure when RcloneUploadRemoteName would apply? Thanks
  11. Is there a way to share username/passwords set-up in Heimdall with other apps like Sonarr and Radarr instead of having to rely on .htpasswd? The issue right now I need a password for heimdall, and then another u/p on redirect for the linked apps.
  12. Removing the comment didn't seem to work. A few things that might trigger a few thoughts : Running nginx -t when I connect to the docker container gives me : root@f973a7ead368:/$ nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: [emerg] open() "/run/nginx/nginx.pid" failed (2: No such file or directory) nginx: configuration file /etc/nginx/nginx.conf test failed I've tried a small test to see if default even gets triggered, but it looks like it doesn't.. Is that even possible? I've changed my default to (see below), but it goes thru to sonar just fine without returning the code and message. ## Version 2018/09/12 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/default # listening on port 80 disabled by default, remove the "#" signs to enable # redirect all traffic to https server { listen 80; server_name _; return 301 https://$host$request_uri; } # main server block server { location / { return 200 "Country code is : $geoip_country_code"; #try_files $uri $uri/ /index.html /index.php?$args =404; } listen 443 ssl default_server; root /config/www; index index.html index.htm index.php; server_name _; # enable subfolder method reverse proxy confs include /config/nginx/proxy-confs/*.subfolder.conf; # all ssl related config moved to ssl.conf include /config/nginx/ssl.conf; # enable for ldap auth #include /config/nginx/ldap.conf; client_max_body_size 0; location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } # LOCAL IP ALLOW GEO BLOCK if ($lan-ip = yes) { set $allowed_country yes; } # COUNTRY GEO BLOCK if ($allowed_country = no) { return 444; } # sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp" # notice this is within the same server block as the base # don't forget to generate the .htpasswd file as described on docker hub # location ^~ /cp { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; # include /config/nginx/proxy.conf; # proxy_pass http://192.168.1.50:5050/cp; # } } # sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above # notice this is a new server block, you need a new server block for each subdomain #server { # listen 443 ssl; # # root /config/www; # index index.html index.htm index.php; # # server_name cp.*; # # include /config/nginx/ssl.conf; # # client_max_body_size 0; # # location / { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; # include /config/nginx/proxy.conf; # proxy_pass http://192.168.1.50:5050; # } #} # sample reverse proxy config for "heimdall" via subdomain, with ldap authentication # ldap-auth container has to be running and the /config/nginx/ldap.conf file should be filled with ldap info # notice this is a new server block, you need a new server block for each subdomain #server { # listen 443 ssl; # # root /config/www; # index index.html index.htm index.php; # # server_name heimdall.*; # # include /config/nginx/ssl.conf; # # include /config/nginx/ldap.conf; # # client_max_body_size 0; # # location / { # # the next two lines will enable ldap auth along with the included ldap.conf in the server block # auth_request /auth; # error_page 401 =200 /login; # # include /config/nginx/proxy.conf; # resolver 127.0.0.11 valid=30s; # set $upstream_heimdall heimdall; # proxy_pass https://$upstream_heimdall:443; # } #} # enable subdomain method reverse proxy confs include /config/nginx/proxy-confs/*.subdomain.conf; # enable proxy cache for auth proxy_cache_path cache/ keys_zone=auth_cache:10m; However, putting it in my sonar config server block, returns 200 with the country code just fine.. Edit: For completeness sake, here's my sonarr.subdomain.conf which seems to work. # make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url server { listen 443 ssl; listen [::]:443 ssl; server_name sonarr.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; # LOCAL IP ALLOW GEO BLOCK if ($lan-ip = yes) { set $allowed_country yes; } # COUNTRY GEO BLOCK if ($allowed_country = no) { return 444; } location / { # enable the next two lines for http auth auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /login; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_sonarr sonarr; proxy_pass http://$upstream_sonarr:8989; } location ~ (/sonarr)?/api { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_sonarr sonarr; proxy_pass http://$upstream_sonarr:8989; } }
  13. It looks very similar to the last one but here they are : nginx.conf: ## Version 2018/01/29 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/nginx.conf user abc; worker_processes 4; pid /run/nginx.pid; include /etc/nginx/modules/*.conf; events { worker_connections 768; # multi_accept on; } http { ## # Custom ## geoip_country /config/geoip/GeoIPv6.dat; geo $lan-ip { default no; 192.168.1.0/24 yes; } map $geoip_country_code $allowed_country { default no; UK yes; } ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; client_max_body_size 0; include /etc/nginx/mime.types; default_type application/octet-stream; ## # Logging Settings ## access_log /config/log/nginx/access.log; error_log /config/log/nginx/error.log; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; ## # nginx-naxsi config ## # Uncomment it if you installed nginx-naxsi ## #include /etc/nginx/naxsi_core.rules; ## # nginx-passenger config ## # Uncomment it if you installed nginx-passenger ## #passenger_root /usr; #passenger_ruby /usr/bin/ruby; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /config/nginx/site-confs/*; } #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # server { # listen localhost:110; # protocol pop3; # proxy on; # } # # server { # listen localhost:143; # protocol imap; # proxy on; # } #} daemon off; default: ## Version 2018/09/12 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/default # listening on port 80 disabled by default, remove the "#" signs to enable # redirect all traffic to https server { listen 80; server_name _; return 301 https://$host$request_uri; } # main server block server { listen 443 ssl default_server; root /config/www; index index.html index.htm index.php; server_name _; # enable subfolder method reverse proxy confs include /config/nginx/proxy-confs/*.subfolder.conf; # all ssl related config moved to ssl.conf include /config/nginx/ssl.conf; # enable for ldap auth #include /config/nginx/ldap.conf; client_max_body_size 0; location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } # LOCAL IP ALLOW GEO BLOCK if ($lan-ip = yes) { set $allowed_country yes; } # COUNTRY GEO BLOCK if ($allowed_country = no) { return 444; } # sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp" # notice this is within the same server block as the base # don't forget to generate the .htpasswd file as described on docker hub # location ^~ /cp { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; # include /config/nginx/proxy.conf; # proxy_pass http://192.168.1.50:5050/cp; # } } # sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above # notice this is a new server block, you need a new server block for each subdomain #server { # listen 443 ssl; # # root /config/www; # index index.html index.htm index.php; # # server_name cp.*; # # include /config/nginx/ssl.conf; # # client_max_body_size 0; # # location / { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; # include /config/nginx/proxy.conf; # proxy_pass http://192.168.1.50:5050; # } #} # sample reverse proxy config for "heimdall" via subdomain, with ldap authentication # ldap-auth container has to be running and the /config/nginx/ldap.conf file should be filled with ldap info # notice this is a new server block, you need a new server block for each subdomain #server { # listen 443 ssl; # # root /config/www; # index index.html index.htm index.php; # # server_name heimdall.*; # # include /config/nginx/ssl.conf; # # include /config/nginx/ldap.conf; # # client_max_body_size 0; # # location / { # # the next two lines will enable ldap auth along with the included ldap.conf in the server block # auth_request /auth; # error_page 401 =200 /login; # # include /config/nginx/proxy.conf; # resolver 127.0.0.11 valid=30s; # set $upstream_heimdall heimdall; # proxy_pass https://$upstream_heimdall:443; # } #} # enable subdomain method reverse proxy confs include /config/nginx/proxy-confs/*.subdomain.conf; # enable proxy cache for auth proxy_cache_path cache/ keys_zone=auth_cache:10m; Thanks in advance. Really appreciate your efforts to help me out.
  14. I've destroyed the container and created one from scratch - and still have the exact same issue. I've followed the steps for a reverse proxy from SpaceInvader One's video (https://www.youtube.com/watch?v=I0lhZc25Sro) and GeoIP set-up from https://technicalramblings.com/blog/blocking-countries-with-geoip2-using-the-letsencrypt-docker-container/
  15. This might be a silly question, but is there a way to make Heimdall if accessed via reverse proxy, to point to subdomain.mydomain.com but when Heimdall is accessed via LAN, make it point to their respective IP:ports? Example : 1) Heimdall has a link to Radarr. If accessed via https://hemdall.mydomain.com and then Radarr is accessed, it redirects to https://radarr.mydomain.com 2) Heimdall has a link to Radarr. If accessed via http://192.168.1.123:9999 and then Radarr is accessed, it redirects to http://192.168.1.123:9998 (Radarr) Alternatively, is there a way if accessed via my domain.com, to make it not ask for the htpasswd if it comes from the same LAN? Thanks
  16. I've tried various ways including using a VPN connected to a 'blocked' country, using a proxy and an online proxy website. All while accessing my domain.
  17. Thanks for this. No luck unfortunately; gets me straight through to the login prompt
  18. Thanks for that - managed to get it working. Now trying to get GeoIP to work, but banging my head against the wall. Followed his instructions step by step, but everything seems to come thru regardless of location. My nginx.conf looks as follows : ## Version 2018/01/29 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/nginx.conf user abc; worker_processes 4; pid /run/nginx.pid; include /etc/nginx/modules/*.conf; events { worker_connections 768; # multi_accept on; } http { ## # Custom ## geoip_country /config/geoip/GeoIPv6.dat; # LOCAL IP ALLOW GEO BLOCK geo $lan-ip { default no; 192.168.1.0/24 yes; } # GEO IP BLOCK SITE 1 map $geoip_country_code $allowed_country { default no; UK yes; } # don't send the nginx version number in error pages and Server header server_tokens off; # config to don't allow the browser to render the page inside an frame or iframe # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options add_header X-Frame-Options SAMEORIGIN; # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, # to disable content-type sniffing on some browsers. # https://www.owasp.org/index.php/List_of_useful_HTTP_headers # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 add_header X-Content-Type-Options nosniff; # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for # this particular website if it was disabled by the user. # https://www.owasp.org/index.php/List_of_useful_HTTP_headers add_header X-XSS-Protection "1; mode=block"; # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy), # you can tell the browser that it can only download content from the domains you explicitly allow # http://www.html5rocks.com/en/tutorials/security/content-security-policy/ # https://www.owasp.org/index.php/Content_Security_Policy # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval' # directives for css and js(if you have inline css or js, you will need to keep it too). # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; client_max_body_size 0; include /etc/nginx/mime.types; default_type application/octet-stream; ## # Logging Settings ## access_log /config/log/nginx/access.log; error_log /config/log/nginx/error.log; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; ## # nginx-naxsi config ## # Uncomment it if you installed nginx-naxsi ## #include /etc/nginx/naxsi_core.rules; ## # nginx-passenger config ## # Uncomment it if you installed nginx-passenger ## #passenger_root /usr; #passenger_ruby /usr/bin/ruby; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /config/nginx/site-confs/*; } #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # server { # listen localhost:110; # protocol pop3; # proxy on; # } # # server { # listen localhost:143; # protocol imap; # proxy on; # } #} daemon off; My default as follows : ## Version 2018/09/12 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/default # listening on port 80 disabled by default, remove the "#" signs to enable # redirect all traffic to https server { listen 80; server_name _; return 301 https://$host$request_uri; } # main server block server { # LOCAL IP ALLOW GEO BLOCK if ($lan-ip = yes) { set $allowed_country yes; } # COUNTRY GEO BLOCK if ($allowed_country = no) { return 403; } listen 443 ssl default_server; root /config/www; index index.html index.htm index.php; server_name _; # enable subfolder method reverse proxy confs include /config/nginx/proxy-confs/*.subfolder.conf; #Custom add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; # all ssl related config moved to ssl.conf include /config/nginx/ssl.conf; # enable for ldap auth #include /config/nginx/ldap.conf; client_max_body_size 0; location / { try_files $uri $uri/ /index.html /index.php?$args =404; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } # sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp" # notice this is within the same server block as the base # don't forget to generate the .htpasswd file as described on docker hub # location ^~ /cp { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; # include /config/nginx/proxy.conf; # proxy_pass http://192.168.1.50:5050/cp; # } } # sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above # notice this is a new server block, you need a new server block for each subdomain #server { # listen 443 ssl; # # root /config/www; # index index.html index.htm index.php; # # server_name cp.*; # # include /config/nginx/ssl.conf; # # client_max_body_size 0; # # location / { # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; # include /config/nginx/proxy.conf; # proxy_pass http://192.168.1.50:5050; # } #} # sample reverse proxy config for "heimdall" via subdomain, with ldap authentication # ldap-auth container has to be running and the /config/nginx/ldap.conf file should be filled with ldap info # notice this is a new server block, you need a new server block for each subdomain #server { # listen 443 ssl; # # root /config/www; # index index.html index.htm index.php; # # server_name heimdall.*; # # include /config/nginx/ssl.conf; # # include /config/nginx/ldap.conf; # # client_max_body_size 0; # # location / { # # the next two lines will enable ldap auth along with the included ldap.conf in the server block # auth_request /auth; # error_page 401 =200 /login; # # include /config/nginx/proxy.conf; # resolver 127.0.0.11 valid=30s; # set $upstream_heimdall heimdall; # proxy_pass https://$upstream_heimdall:443; # } #} # enable subdomain method reverse proxy confs include /config/nginx/proxy-confs/*.subdomain.conf; # enable proxy cache for auth proxy_cache_path cache/ keys_zone=auth_cache:10m; I've tried placing the if blocks in various parts in the server block but no matter where I put them, it won't work. I'm also 100% sure /config/geoip/GeoIPv6.dat; exists with 911 permissions. Any ideas?
  19. I've been trying to get auto-redirect from http to https (including subdomains) all night but can't seem to get it working. It seems going from http://subdomain.mydomain.com always redirects to https://mydomain.com. For example I'd like http://sonarr.mydomain.com to automatically redirect to https://sonarr.mydomain.com I've added the following in nginx.conf in the http block just below the brace: server { listen 80; server_name mydomain.com; return 301 https://$server_name$request_uri; } In whole, here's my nginx.conf - nothing else has been modified besides the "custom" stuff ## Version 2018/01/29 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/nginx.conf user abc; worker_processes 4; pid /run/nginx.pid; include /etc/nginx/modules/*.conf; events { worker_connections 768; # multi_accept on; } http { ## # Custom ## server { listen 80; server_name mydomain.com; return 301 https://$server_name$request_uri; } # don't send the nginx version number in error pages and Server header server_tokens off; # config to don't allow the browser to render the page inside an frame or iframe # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options add_header X-Frame-Options SAMEORIGIN; # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, # to disable content-type sniffing on some browsers. # https://www.owasp.org/index.php/List_of_useful_HTTP_headers # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 add_header X-Content-Type-Options nosniff; # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for # this particular website if it was disabled by the user. # https://www.owasp.org/index.php/List_of_useful_HTTP_headers add_header X-XSS-Protection "1; mode=block"; # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy), # you can tell the browser that it can only download content from the domains you explicitly allow # http://www.html5rocks.com/en/tutorials/security/content-security-policy/ # https://www.owasp.org/index.php/Content_Security_Policy # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval' # directives for css and js(if you have inline css or js, you will need to keep it too). # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; client_max_body_size 0; include /etc/nginx/mime.types; default_type application/octet-stream; ## # Logging Settings ## access_log /config/log/nginx/access.log; error_log /config/log/nginx/error.log; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; ## # nginx-naxsi config ## # Uncomment it if you installed nginx-naxsi ## #include /etc/nginx/naxsi_core.rules; ## # nginx-passenger config ## # Uncomment it if you installed nginx-passenger ## #passenger_root /usr; #passenger_ruby /usr/bin/ruby; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /config/nginx/site-confs/*; } Thanks
  20. My VPN provider only allows a limited number of connected devices, so I'm trying to get multple docker containers to connect thru the binhex-delugevpn container. In particular, I'm trying to get multiple Deluge docker containers to route through DelugeVPN, however, I get the following error : "conflicting options: port publishing and the container type network mode." All I have done is add an extra argument in the binhex-deluge advanced view: --network="container:binhex-delugevpn" I have set-up different ports for each instance of binhex-deluge and binhex-delugevpn but can't get it to work. Any ideas? All help appreciated.
  21. I've been trying to set-up nginx to work with .htpasswrd so I can leverage fail2ban (and make the whole reverse proxy business more secure) but can't seem to get it working. I followed the below steps : 1 - Uncomment the lines in the auth_basic and auth_basic_user_file in letsencrypt/nginx/proxy-conf/ 2 - Used the following command to generate and add a username/password to .htpasswd "docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd <username>" However, I keep getting the username/password prompt, as if the username/password I enter is incorrect. Also, I'm trying to find out whether fail2ban works properly as it seems I might have blocked my IP (oops) but can't figure out how to list banned IPs (and unban them) - I've had to resort testing from my 4G network. Any help appreciated (and any more tips how to make a reverse proxy more secure, greatly appreciated) Thanks
  22. Greetings, Installed unRAID yesterday and I'm thoroughly impressed, however, I've got a question with regards to using Docker apps. Coming from docker-compose, I could create an .env file, where I could stick in 'common stuff' and use via variables in docker-compose.yml. For example my .env could look like : PUID=1000 PGID=1000 TZ="London/Europe" and use that throughout docker-compose.yml as such : organizr: container_name: organizr hostname: organizr restart: always image: lsiocommunity/organizr volumes: - ${ROOT}/Docker/organizr:/config - ${ROOT}/Docker/shared:/shared ports: - "9000:80" environment: - PUID=${PUID} - PGID=${PGID} - TZ=${TZ} Is there a way I can achieve the same in unRAID? Thanks

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.