Mihai

@newillusions I'm running v4.5.37. Unfortunately anojht/invoiceninja repository only has 4.x version so for v5 I think we'd have to create a whole different Docker image since anojht doesn't have issues enabled for the repository unfortunately After a quick Google search I realized that upgrading involves creating a whole new install, and using the migration tool. I'd be willing to create a different repo for this, would you have time to help me test? @IronBeardKnight sorry for being late to the party, but in case it's still relevant: what error did you get when trying to disable GEN_SSL?

hey guys, so just an update on this one: I raised a PR for the original anojht/invoiceninja image, so now it should work on the SSL port, it generates SSL certificates automatically. Feel free to let me know if there are any issues @coolbeams if you want, you can switch back to the original image, should also work. Cheers!

For anyone who has the same issue in the future: I managed to fix the issue by switching to SeaBIOS from OVMF. I had to recreate the VM.

Hey guys, I was able to successfully pass GPU cards to a Linux VM, however it seems that the card which are the same model. I tried passing the 3090 card and it works fine. root@Rick:~# lspci 00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD9x0/RX980 Host Bridge (rev 02) 00:00.2 IOMMU: Advanced Micro Devices, Inc. [AMD/ATI] RD890S/RD990 I/O Memory Management Unit (IOMMU) 00:02.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD890/RD9x0/RX980 PCI to PCI bridge (PCI Express GFX port 0) 00:04.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD890/RD9x0/RX980 PCI to PCI bridge (PCI Express GPP Port 0) 00:05.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD890/RD9x0/RX980 PCI to PCI bridge (PCI Express GPP Port 1) 00:06.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD890/RD9x0/RX980 PCI to PCI bridge (PCI Express GPP Port 2) 00:07.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD890/RD9x0/RX980 PCI to PCI bridge (PCI Express GPP Port 3) 00:09.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD890/RD9x0/RX980 PCI to PCI bridge (PCI Express GPP Port 4) 00:0a.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD890/RD9x0/RX980 PCI to PCI bridge (PCI Express GPP Port 5) 00:0b.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD890/RD990 PCI to PCI bridge (PCI Express GFX2 port 0) 00:0c.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD890/RD990 PCI to PCI bridge (PCI Express GFX2 port 1) 00:0d.0 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] RD890/RD9x0/RX980 PCI to PCI bridge (PCI Express GPP2 Port 0) 00:11.0 SATA controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 SATA Controller [AHCI mode] (rev 40) 00:12.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI0 Controller 00:12.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB EHCI Controller 00:13.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI0 Controller 00:13.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB EHCI Controller 00:14.0 SMBus: Advanced Micro Devices, Inc. [AMD/ATI] SBx00 SMBus Controller (rev 42) 00:14.3 ISA bridge: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 LPC host controller (rev 40) 00:14.4 PCI bridge: Advanced Micro Devices, Inc. [AMD/ATI] SBx00 PCI to PCI Bridge (rev 40) 00:14.5 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI2 Controller 00:16.0 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB OHCI0 Controller 00:16.2 USB controller: Advanced Micro Devices, Inc. [AMD/ATI] SB7x0/SB8x0/SB9x0 USB EHCI Controller 00:18.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h Processor Function 0 00:18.1 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h Processor Function 1 00:18.2 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h Processor Function 2 00:18.3 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h Processor Function 3 00:18.4 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h Processor Function 4 00:18.5 Host bridge: Advanced Micro Devices, Inc. [AMD] Family 15h Processor Function 5 01:00.0 VGA compatible controller: NVIDIA Corporation GA102 [GeForce RTX 3080] (rev a1) 01:00.1 Audio device: NVIDIA Corporation Device 1aef (rev a1) 02:00.0 SATA controller: ASMedia Technology Inc. ASM1062 Serial ATA Controller (rev 01) 03:00.0 Ethernet controller: Intel Corporation 82583V Gigabit Network Connection 04:00.0 USB controller: ASMedia Technology Inc. ASM1042 SuperSpeed USB Host Controller 05:00.0 USB controller: ASMedia Technology Inc. ASM1042 SuperSpeed USB Host Controller 06:00.0 USB controller: ASMedia Technology Inc. ASM1042 SuperSpeed USB Host Controller 07:00.0 SATA controller: ASMedia Technology Inc. ASM1062 Serial ATA Controller (rev 01) 08:00.0 VGA compatible controller: NVIDIA Corporation GA102 [GeForce RTX 3090] (rev a1) 08:00.1 Audio device: NVIDIA Corporation Device 1aef (rev a1) 09:00.0 VGA compatible controller: NVIDIA Corporation GP104 [GeForce GTX 1070] (rev a1) 09:00.1 Audio device: NVIDIA Corporation GP104 High Definition Audio Controller (rev a1) 0a:00.0 VGA compatible controller: NVIDIA Corporation GP104 [GeForce GTX 1070] (rev a1) 0a:00.1 Audio device: NVIDIA Corporation GP104 High Definition Audio Controller (rev a1) root@Rick:~# lspci -nns 09:00.0 09:00.0 VGA compatible controller [0300]: NVIDIA Corporation GP104 [GeForce GTX 1070] [10de:1b81] (rev a1) root@Rick:~# lspci -nns 0a:00.0 0a:00.0 VGA compatible controller [0300]: NVIDIA Corporation GP104 [GeForce GTX 1070] [10de:1b81] (rev a1) root@Rick:~# However I now noticed that the VM sees 2 audio controllers, but only 1 video: root@bee:~# lspci | grep nvidia -i 04:00.0 VGA compatible controller: NVIDIA GP104 [GeForce GTX 1070] (rev a1) 05:00.0 VGA compatible controller: NVIDIA GA102 [GeForce RTX 3090] (rev a1) 07:00.0 Audio device: NVIDIA GP104 High Definition Audio Controller (rev a1) 08:00.0 Audio device: NVIDIA GP104 High Definition Audio Controller (rev a1) 09:00.0 Audio device: NVIDIA GA102 High Definition Audio Controller (rev a1) root@bee:~# Note: I used vfio-pci.ids for these 3 devices, otherwise Unraid would hang whenever I started the VM. Unraid Version: 6.9.0-rc2 EDIT: I swapped the order, and it seems I now the VM only sees the audio from 3090 (GA102) 04:00.0 VGA compatible controller: NVIDIA GP104 [GeForce GTX 1070] (rev a1) 05:00.0 VGA compatible controller: NVIDIA GP104 [GeForce GTX 1070] (rev a1) 06:00.0 Ethernet controller: Realtek Semiconductor RTL-8100/8101L/8139 PCI Fast Ethernet Adapter (rev 20) 07:00.0 Audio device: NVIDIA GA102 High Definition Audio Controller (rev a1) 08:00.0 Audio device: NVIDIA GP104 High Definition Audio Controller (rev a1) 09:00.0 Audio device: NVIDIA GP104 High Definition Audio Controller (rev a1) I even tried adding VNC as the primary video card, but no success: Any idea why this would happen?

Sounds like a Laravel issue. Can you DM me the container logs? There's a button on the Log column (right) in the "Docker" view in Unraid.

@cyberspectrecan you tell me exactly what behavior you get? or any errors? Otherwise it will be hard for me to fix it. Note: you will have to connect via https and port 8443 port for this to work.

I'm kind of late to the party, but to me it seems the main issue is the lack of ssl certificate on port 443 and it seems lately invoiceninja enforces https. I got it working by generating a self signed certificate. I didn't have time to create another Unraid app, but until then if anyone wants to try it out: Hit Edit on the container and change Repository field to this: maihai/invoiceninja and then hit Apply. EDIT: The way this works is that it generates a SSL certificate on the first container run which is self signed. Of course don't forget to import this certificate in your browser otherwise you will be at risk of MITM. If you're paranoid like me, you can find the code here: https://github.com/mihai-cindea/invoiceninja Feel free to tell me if you have any issues or requests. I also want to add the possibility of feeding custom certificates and generate the certificate CN based on the APP_URL. Currently this is a PoC.

I didn't know about it, not sure how availabie it is in Unraid. I'll check it out, thanks for the info!

I know there are other threads out there for this, but I really think docker-compose yml support would be really nice. The Docker UI thing is nice and all, but I think creating an XML file for everything I want to add can add overhead. Example: I want to use this inside Unraid, but it would be nice if it would also have UI support. https://github.com/hardware/mailserver The way I'm thinking about it an addon to the current Docker app, where it can import/edit docker-compose files.

I would use these sshd configurations + setting the users disabled. I don't think having users with empty passwords is a good idea. Thanks for the fast reply!

Btw, here's a PoC in bash (anonymized the IPs a bit, hope you don't mind ) ``` [root@taicasimaica ~]# curl -ks4 showip.net 124.122.71.51 [root@taicasimaica ~]# ssh -D 3129 -f -C -q -N [email protected] -p 7127 The authenticity of host '[x.ninja]:7127 ([91.82.91.172]:7127)' can't be established. ECDSA key fingerprint is SHA256:/Kg3rfHXB/0XIa2nW5UHOLAiipUztnhNDvxAyz91CP8. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes [root@taicasimaica ~]# export http_proxy=socks5://127.0.0.1:3129 [root@taicasimaica ~]# curl -ks4 showip.net 91.82.91.172 [root@taicasimaica ~]# ```

If you had an SSH port opened to the internet my post I made a few minutes ago will explain this. You can try it yourself: Note: The tunnel opened will be socks5, so you'll have to configure your browser as such to actually test it.

Hello guys, I couldn't find any proper channels for announcing vulnerabilities, so i think this might be the best way to catch your attention. Apologies if there are proper channels, I did not have enough time to search for them. Upon looking at some logs I noticed: ```sshd[28121]: Accepted none for lp from 194.61.26.34 port 26028 ssh2``` Then after i took a close look at /etc/shadow I noticed almost all users don't have passwords. While they can't actually execute commands on the system, they can see information about the system: ``` $ ssh unraid -l news Linux 4.19.107-Unraid. Could not chdir to home directory /usr/lib/news: No such file or directory Connection to unraid closed. $ ``` But most troublesome, and maybe you guys are not aware of this, but in order to open an ssh tunnel you don't need an actual shell. ``` $ ssh -D 3129 -f -C -q -N lp@unraid $ netstat -plan | grep 3129 tcp 0 0 127.0.0.1:3129 0.0.0.0:* LISTEN 1658854/ssh ``` Voila! then you have an ssh tunnel opened. For now I patched my box, but of course it won't survive the reboot. An easy fix would be: `sed -i -e 's/::1/:!!:1/g' /etc/shadow` Cheerio, Mihai

Hey guys, So quick question: How do i make sure emhttpd starts at boot? Around version 6.8.7 I believe I changed the SSL port and for some reason I was starting emhttpd through /boot/config/go, but since in 6.8.1 that doesn't work anymore, I don't know why I changed it in the first place. So I was wondering if there's some setting I can revert. The only thing I remember is that at one I changed the 443 port to a non standard one 1443, and since then I've been starting it with the `go` file. AAfter upgrading to 6.8.1 at every reboot I need to login via ssh and execute emhttpd. Thank you!