Jump to content

repomanz

Members
  • Content Count

    41
  • Joined

  • Last visited

Everything posted by repomanz

  1. MineOS / forge / mod question. generator-options={"profile"\:"rarecities"} Does anyone know how to work around the \ being inserted in this server.properties upon start up? This is messing up a mod from properly running. Obviously the : needs to be escaped but in doing so mod doesn't load the profile. Seen this before?
  2. Hi Unraid Dev, Saw this in one of my feeds today and wanted to bring to your attention. https://nakedsecurity.sophos.com/2019/05/31/unpatched-docker-bug-allows-read-write-access-to-host-os/ https://seclists.org/oss-sec/2019/q2/131 repo
  3. I can see both sides of this discussion and what risk is appropriate for unraid's primary audience. Personally I like the idea of encrypted usb within this process, just to keep the file systems all encrypted. As a side note; I'd like my unraid to boot needing both the usb boot device but also a yubikey. What about a docker container escape writing to the usb drive? My understanding is once the array is booted up, the file systems can be read/write which includes the boot usb device.
  4. little late replying to my own thread here but agree with melmurp. unraid, and it's community, leverage a lot of docker containers and just making an assumption that those dev owners who author containers for use of unraid have taken steps is a bit risky. I know emails, password resets including api tokens has occurred. I may jump over to the community plugin support page to see if they are mitigating this at all. Would make me feel better about it at least.
  5. https://news.ycombinator.com/item?id=19763413. May be worth a bulletin to users given the significant use of containers within unraid.
  6. Hey guys - unsure if Alpine / Unraid is impacted but passing along just in case. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736 https://seclists.org/oss-sec/2019/q1/119 repo
  7. silly question as I'm trying to get this functioning. Is setting up the openvpn as server with google 2fa required on logins supported on the android openvpn app? If so; I must be missing this setting somewhere.
  8. appears some back-end service has fixed this issue auto-magically. crisis averted.
  9. Hi folks - i misconfigured the CA backup plugin and pointed it /mnt/cache/backups/unraid folder instead of the proper /mnt/user/backups. It filled up my cache drive and hung so i went in and deleted the file (85gb) via console. However after doing so, I am not showing the cache drive recovering that space. Is there a service that will auto-correct this or do i need to do something manually here? Side note; how can i safely force the backups share to point to my disk volumes, including moving all currently files on cache to the new directory?
  10. I don't run any privileged docker containers but would that change if the container was actually ran as privileged? What's interesting is that team is aware of other exploit techniques they chose not to make public.
  11. Hey guys - wanted you to be aware of this one. Hot off the press today. https://www.cyberark.com/threat-research-blog/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host/ repo
  12. Wanted to close this thread out / show my configuration in case someone runs across it switch configuration, - port 5 connected to eth4 on unraid nic - port 1 connected to pfsense eth4 NIC configuration on Unraid OS docker configuration within Unraid OS pfsense vlan interface
  13. Hi Bonienl - with your help I believe we have success. I now have - internal docker containers running on the trusted lan - external docker containers running on eth4 / vlan 5 Confirmed routing on router also working lan to vlan, vlan to lan and vlan to inet. Really appreciate you walking me through this.
  14. Hi Bonienl - thanks for responding! What about this? - remove eth4 vlan settings within unraid - bridge eth4 nic - assign port on managed switch eth4 is connected to to vlan 5 - create vlan 5 interface on router Would I be able to put dockers on the bridged eth4 NIC as it's operating within the vlan 5 network?
  15. Hi folks - I'm new to vlans / managed switches and learning unraid so bare with me. Is there a version of this guide that deals with vlans with using multiple network cards? I have a 4 port intel nic so currently unraid sees eth0 - eth4. Here is what I'm wanting to do (or something similar) 1) leverage eth4 physical network 2) create a vlan off the eth4 interface 3) put external facing dockers on the vlan I've tried various combinations of things on the router, managed switch and unraid. So far the best i have gotten is eth4 was successful in getting a dhcp IP address defined for the vlan. However doing so I can no longer reach unraid. Admittedly; I'm likely doing some things wrong here either within unraid or my managed switch. Any coaching or guides would be helpful so i can accomplish my goal here. Thanks in advance!
  16. while unpacking; seems it does not honor cpu pinning. IE; even though i have cpu 1,5 pinned, it's maxing out all of my cpus. Seeing above posts are there plans to fix unpacking issues? Other issues i have with unpacking is that it hangs or takes forever
  17. Hi folks - i think this is network related as I VPN all of my traffic out of my house. When I check for updates for dockers the page will just spin / do nothing. I have unraid's dns pointed to pihole (on my network). Pihole then requests dns out through my VPN interfaces if not cached. My suspicion is the update URL or code to check for updates is somehow not resolving dns or is possibly being blocked since I'm coming from a VPN connection. Can someone explain how unraid checks for docker updates and if there is specific URLs used?
  18. Hi folks - if I assign a docker container an IP address where does this IP address get it's DNS information? From my DNS settings defined with unraid OR my network/gateway?
  19. *bump* hoping someone can confirm this for me.
  20. I found a few threads regarding this so i'd like to confirm before moving forward. Here is my sys devices: I OMMU group 16: [111d:8018] 07:02.0 PCI bridge: Microsemi / PMC / IDT PES12N3A 12-lane 3-Port PCI Express Switch (rev 0e) [8086:10bc] 08:00.0 Ethernet controller: Intel Corporation 82571EB/82571GB Gigabit Ethernet Controller (Copper) (rev 06) [8086:10bc] 08:00.1 Ethernet controller: Intel Corporation 82571EB/82571GB Gigabit Ethernet Controller (Copper) (rev 06) IOMMU group 17: [111d:8018] 07:04.0 PCI bridge: Microsemi / PMC / IDT PES12N3A 12-lane 3-Port PCI Express Switch (rev 0e) [8086:10bc] 09:00.0 Ethernet controller: Intel Corporation 82571EB/82571GB Gigabit Ethernet Controller (Copper) (rev 06) [8086:10bc] 09:00.1 Ethernet controller: Intel Corporation 82571EB/82571GB Gigabit Ethernet Controller (Copper) (rev 06) I would like to hide pci id 09:00.0 and 09:00.1 so I can make 09:00.0 and 09:00.1 specifically available to a pfsense vm (lan / wan interfaces). Questions: 1) Is it a safe assumption that the PCI bridge 07:04.0 should be hidden as well? 2) My edits would be to the unraid os section and look like this? Unraid OS: kernel /bzimage append xen-pciback.hide=(07:04.0)(09:00.0)(09:00.1) initrd=/bzroot The result i'm assuming: Unraid OS would see: PCI Bridge: 07:02.0 NIC: 08:00.0 NIC: 08:00.1 PFSense VM would have the ability to leverage 07:04.0, 09:00.0 and 09:00.1 Please let me know if I'm doing this right and the outcome is what I believe it to be. JJ
  21. Hi @SpaceInvaderOne. First off thanks for all of your videos. They have been beyond helpful! Quick question about pfsense in particular to part 3 of your video. I have the same 4 port intel nic you have; instead of applying the pci patch to separate out the nic is there any reason why we couldn't do the host dev method you've mentioned in another one of your videos?
  22. Hi everyone. I'm new to unraid and somewhat new to docker and containers. I have a 4 port Intel nic in my unraid box that I would like to leverage and hoping to get some input / direction on what I'm wanting to do. 1) i would like for unraid to remain on the current NIC (on the MB) 2) going to install pfsense to act as my vm firewall on eth1 and eth2 3) going to build VM lab that will remain in a network inside eth2. In virutal box my machines the networking of the guests are set to "internal network" so I would like to mimic that if i can. 4) would like to create docker networks for eth3 and eth4 eth3 would cover the internal docker containers. eth4 would cover the external facing docker containers. Seems there was something called pipework that could do this but seems that information is old and either dock / unraid supports what I want to do now naively. just unsure how to do it. Hoping the community here can point me in the right direction.
  23. Committed to the plus license a couple days ago. i7 6700k 32 gb memory Nvidia GEforce 660 LSI 9211 SAS Intel 4 port NIC Corsair 750 powersupply thermaltake v71 case
  24. All of my internal network is VPNd 24/7 with exception of a few services (like netflix). I have used windscribe and PIA previously but what I found for my use case is that ProtonVPN is very reliable for 24/7 connectivity and I get full bandwidth (200/20).
  25. another test. I needed to reboot the entire server. 8 of 10 docker containers are set to auto-start. Upon reboot, all my containers were down. None would start until i disabled the docker service and then re-enabled it. As soon as I do this, the containers that were set to auto start started right up automatically. This is the same issue as the above, just throwing the reboot into the mix. Please help me trouble shoot this; some services are important (like the pihole container)