Mihai

Members
  • Posts

    38
  • Joined

  • Last visited

1 Follower

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Mihai's Achievements

Rookie

Rookie (2/14)

13

Reputation

  1. @ich777 that container would probably run, but will be mostly useless because of the missing `CONFIG_DEBUG_INFO_BTF` kernel option. Unfortunately it's written in such a way that if it doesn't have the necessary environment, it simply refuses to work. It behaves a bit different than traditional AVs, and it won't actually scan files all the time (which can kill the CPU), but more of a behavioral checks, for example if specific files are being copied or even suspicious network traffic.
  2. @Jvic I made it work, but not using Unraid unfortunately because of some limitations, but I did make it work using Docker on a NixOS machine. I guess you could use any OS as a host instead of NixOS, shouldn't matter that much. I wrote a how to here: https://github.com/kiwimato/unifi-protect-arm64#running-unifi-protect-arm64-on-x86-machines Btw, this is about Unifi Protect, so not the old EOL Unifi NVR. You can run that in just plain Docker, there are already ways to do that easily from UnRAID.
  3. probably I'm late to the party, but it seems ARM is runable now thanks to Docker: root@dacia:/mnt/user/nvr/frigate_recordings/recordings# docker run --platform linux/arm64/v8 markdegroot/unifi-protect-arm64 id exec /usr/bin/id: exec format error root@dacia:/mnt/user/nvr/frigate_recordings/recordings# docker run --privileged --rm tonistiigi/binfmt --install all Unable to find image 'tonistiigi/binfmt:latest' locally latest: Pulling from tonistiigi/binfmt 8d4d64c318a5: Pull complete e9c608ddc3cb: Pull complete Digest: sha256:66e11bea77a5ea9d6f0fe79b57cd2b189b5d15b93a2bdb925be22949232e4e55 Status: Downloaded newer image for tonistiigi/binfmt:latest installing: arm64 OK installing: ppc64le OK installing: mips64le OK installing: arm OK installing: s390x OK installing: riscv64 OK installing: mips64 OK { "supported": [ "linux/amd64", "linux/arm64", "linux/riscv64", "linux/ppc64le", "linux/s390x", "linux/386", "linux/mips64le", "linux/mips64", "linux/arm/v7", "linux/arm/v6" ], "emulators": [ "qemu-aarch64", "qemu-arm", "qemu-mips64", "qemu-mips64el", "qemu-ppc64le", "qemu-riscv64", "qemu-s390x" ] } root@dacia:/mnt/user/nvr/frigate_recordings/recordings# docker run --platform linux/arm64/v8 markdegroot/unifi-protect-arm64 id uid=0(root) gid=0(root) groups=0(root) However, after a quick try I couldn't get Unifi protect to work, probably has something to do with the fact that UnRAID doesn't have a working systemd, which seems dependent on because the container shared the cgroup with the host. In any case, if anyone is interesting here are official Docker docs: https://docs.docker.com/build/building/multi-platform/ I'll try tomorrow on a different machine than UnRAID, I suspect it will work there.
  4. Wow, thanks for the fast response! Of course, I will check their EULA, but looking at the Archlinux falcon-sensor package it seems they're only prohibiting people to distribute the package themselves, so most probably it will be a plugin which requires manually downloading the package and then sharing it. In terms of documentation, unfortunately it's behind a paywall, so for customers only but I assume I would be able to share some snippets via PM if you need them, just please let me know. I think you're talking about the "crowdsec" container, which is a different product, and open source, but that's more as a WAF as far as i understand, but I'm also planning to try it out in the near future. In terms of performance/size issues, I can't say much, but I know that for example NixOS and Manjaro are 2 Linux distributions which have all these params on by default in their LTS kernels. I know because I run them both and just installed falcon-agent on both of them. It's definitely no rush from my side, please take your time and I understand you have other priorities. It's just something nice to have.. in these days of increasing cyberattacks. Thank you!
  5. Hey guys, I'm looking into installing and creating a plugin eventually for Crowdstrike agent for UnRAID. Crowdstrike is a next gen antivirus, which relies on behavioral patterns and in my experience it uses a fraction of resources the traditional antivirus types do. Currently the Crowdstrike agent does not run even in "user mode" which would bring good enough security checks. Upon investigation I noticed that only CONFIG_DEBUG_INFO_BTF=y is not enabled in /usr/src/linux-5.19.17-Unraid/.config. All the rest are already enabled in UnRAID. From their documentation: User mode of the sensor requires custom kernels to have a version of 5.8 or later and these kernel config options: CONFIG_BPF=y CONFIG_BPF_SYSCALL=y CONFIG_DEBUG_INFO_BTF=y CONFIG_BPF_EVENTS=y CONFIG_BPF_JIT=y Thank you!
  6. @tfast500 I did not setup e-mail myself, but I know some people managed to do it successfully. Can you check this post if you have all the STMP variables defined? especially `MAIL_MAILER=smtp` one. If you find what works, please let me know so I can update the docs/config. Of course, feel free to create a PR if you have time.
  7. @martinpeter this sounds more like a InvoiceNinja issue, rather than actual docker image that I'm supporting in this thread. I can't test it right now because my InvoiceNinja server is down, but it might be that v5 doesn't yet have all translations finished, judging by this thread here, but you could download a translatiom from Transfinex and use that, but I never tried it, to be honest: https://explore.transifex.com/invoice-ninja/invoice-ninja/ Since this is unrelated to this Docker image and most probably also not relevant to the people in this thread, feel free to send me a Private message in case you need more help going forward just to avoid spamming the other poeple around. Cheers!
  8. @TekDRu MAIL_MAILER must be smtp in your case I think, this is more of a Invoiceninja config issue, see: https://forum.invoiceninja.com/t/sending-invoice-e-mail/6398/2 @Kees Fluitmanthe certificates should be generated automatically, not sure exactly why it doesn't work. Can you please send container logs and also laravel.log(can be found in storage mount folder) via PM?
  9. Yeah i think the invoiceninja image just doesn't have that specific package for this encryption needed by mysql, should be an easy fix.
  10. I don't think the VLANs are the problem. What MariaDB image are you using? To me it sounds like it's expecting a different auth mechanism. Just googled and it seems to be a user setting issue: https://stackoverflow.com/questions/49194719/authentication-plugin-caching-sha2-password-cannot-be-loaded How did you create the user? If it's the default nowadays I can try to add that to the invoiceninja image, but in a few days because I'm on the road at the moment
  11. @TekDRu In my case, it's: `/mnt/user/docker/appdata/swag/etc/letsencrypt/live/domain.com`, yours might be similar. Yes, unfortunately I did not manage to make it work any other way. It could work on IP, but I did not try it out. You could get a wildcard certificate for example *.domain.com and then create invoiceninja.domain.com subdomain which points to your internal IP. Personally I use PiHole as DNS and simply override my domain to internal whenever I'm connected to the VPN, but I realize this might be a complicated setup. https://www.techrepublic.com/article/how-to-add-a-trusted-certificate-authority-certificate-to-chrome-and-firefox/ Yes, as I mentioned in the Readme, I did not manage to make it work without SSL enabled. You will have all sorts of issues. If you find out how, please teach me. See first question answer, also the scrip at the end of this section gives an example where I find it in SWAG: https://github.com/kiwimato/invoiceninja-v5-unraid#ssl Depends, I think LetsEncrypt has 6 months max age of certs, so you could copy them weekly or even monthly. But i know other tools like Cloudflare give certificates which have 30 years of validity, so I guess you can only copy those once. Good point, I just added MEMORY_LIMIT variable to the unraid template, maybe if you didn't already install it you might be able to see it there. If you don't, you can add it manually: Right click, Edit container -> scroll to bottom -> Add another Path, Port, Variable, Label or Device -> Config Type -> Variable -> set Name and Key to MEMORY_LIMIT and value to 512M. Let me know how it goes, also maybe it makes sense to move this discussion private just to avoid spamming people around here. Of course if there are general issues we should still post here for visibility. Cheers!
  12. @TekDRu I just wrote some installation information here: https://github.com/kiwimato/invoiceninja-v5-unraid/blob/main/Readme.md#installation Please let me know if this is enough or not clear enough. * Do I need to create a database before installing the docker? Yes, I mentioned it in the docs too * Is it required to use swag with this docker or can I use only locally? You don't explicitly need to forward things through swag, I don't personally. I just copy over the certificates from swag to invoice ninja, and I just access it directly, not through swag.
  13. I personally use swag container which gets LeysEncrypt certificates and overwrites the ones in storage/certs, but if you use the ones self-generated you will have to import them in your browser, so the browser sees the connection as secure and you don't get the SSL error when you open the website. It is mentioned already here, please let me know if it's not clear enough: https://github.com/kiwimato/invoiceninja-v5-unraid#ssl-certificates
  14. @Danuel first of all, did you properly install SSL certificates? PDF would not work without. Mailing I did not test, but I know logo is not working, I'm working on a fix. For the others, please DM me container logs and laravel.log logs(from storage) mount point.
  15. Just before anything, did you install proper SSL certificates? Or do you get a SSL warning when you access InvoiceNinja? 1. Can you provide container logs via DM? 2. What are the steps to reproduce it? They work fine on my side. 3. I didn't set up e-mail, but laravel.logs(you can find it in storage mountpoint) and container logs after you try to send an e-mail would he useful. 4. I don't use a logo either, but i can try this only on Wednesday since I'm on the road right now