frakman1

Community Developer
  • Posts

    169
  • Joined

  • Last visited

Recent Profile Visitors

2809 profile views

frakman1's Achievements

Apprentice

Apprentice (3/14)

26

Reputation

  1. SSL/TLS is now supported in Unraid but is off by default. You can turn it on by going to Settings > Management Access and changing Use SSL/TLS to Yes. See screenshot for more details:
  2. @thenhz @Tucubanito07 @Northwave Author of the frak-gvm template here (not the actual container). Sorry for pointing the support page to here. I think it was my first template and I didn't have a page on the forum to point it to, or perhaps I started with the nessus template and inherited by accident. Either way, sorry for the confusion. As I recall, the OpenVAS/GVM container takes a really long time to come up the first time as it downloads a ton of NVTs and other databases from the web. After it's done, it should come up. Just be patient and monitor the logs. It spends most of the time in the 'Updating xxx' lines then finally goes to: Your GVM 11 container is now ready to use! 9:C 14 Mar 2024 13:23:34.863 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo 9:C 14 Mar 2024 13:23:34.863 # Redis version=5.0.7, bits=64, commit=00000000, modified=0, pid=9, just started 9:C 14 Mar 2024 13:23:34.863 # Configuration loaded Wait for redis socket to be created... Testing redis status... Redis ready. Starting PostgreSQL... waiting for server to start....2024-03-14 13:23:35.963 EDT [21] LOG: starting PostgreSQL 12.3 (Ubuntu 12.3-1.pgdg20.04+1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 9.3.0-10ubuntu2) 9.3.0, 64-bit 2024-03-14 13:23:35.964 EDT [21] LOG: listening on IPv4 address "127.0.0.1", port 5432 2024-03-14 13:23:35.964 EDT [21] LOG: could not bind IPv6 address "::1": Cannot assign requested address 2024-03-14 13:23:35.964 EDT [21] HINT: Is another postmaster already running on port 5432? If not, wait a few seconds and retry. 2024-03-14 13:23:35.983 EDT [21] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432" 2024-03-14 13:23:36.016 EDT [22] LOG: database system was interrupted; last known up at 2024-03-14 13:20:10 EDT ............2024-03-14 13:23:48.242 EDT [22] LOG: database system was not properly shut down; automatic recovery in progress 2024-03-14 13:23:48.249 EDT [22] LOG: redo starts at 6/AFF8A7C8 ...2024-03-14 13:23:51.958 EDT [22] LOG: invalid record length at 6/C435B610: wanted 24, got 0 2024-03-14 13:23:51.958 EDT [22] LOG: redo done at 6/C435AEA8 ....2024-03-14 13:23:55.066 EDT [21] LOG: database system is ready to accept connections done server started Updating NVTs... Updating CERT data... 2024-03-14 13:24:55.160 EDT [43] LOG: autovacuum: dropping orphan temp table "gvmd.pg_temp_5.current_credentials" rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection timed out (110) rsync: failed to connect to feed.openvas.org (2a01:130:2000:127::d1): Cannot assign requested address (99) rsync error: error in socket IO (code 10) at clientserver.c(127) [Receiver=3.1.3] Updating SCAP data... rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection timed out (110) rsync: failed to connect to feed.openvas.org (2a01:130:2000:127::d1): Cannot assign requested address (99) rsync error: error in socket IO (code 10) at clientserver.c(127) [Receiver=3.1.3] Starting Open Scanner Protocol daemon for OpenVAS... Starting Greenbone Vulnerability Manager... admin Starting Greenbone Security Assistant... Oops, secure memory pool already initialized Starting OpenSSH Server... ++++++++++++++++++++++++++++++++++++++++++++++ + Your GVM 11 container is now ready to use! + ++++++++++++++++++++++++++++++++++++++++++++++ I would also monitor the output of: netstat -tulpn | grep LISTEN and look for the 9392 port which corresponds to the Web UI port. When it finally completes, the output of that command should look like this: root@e2885647614f:/# netstat -tulpn | grep LISTEN tcp 0 0 0.0.0.0:9390 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 10/redis-server 0.0 tcp 0 0 127.0.0.11:32801 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 379/sshd: /usr/sbin tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN - tcp6 0 0 :::9392 :::* LISTEN - tcp6 0 0 :::22 :::* LISTEN 379/sshd: /usr/sbin Pointing the browser to <ip-address>:9392 should look like this:
  3. Thanks. I will try and get some logs but it's good to know which driver to use now.
  4. I have the Nvidia Quadro K4000 graphics card. When I try to install the latest from the plugin, I get this error: The Nvidia drivers page points me to this driver for Linux 64bit which is fairly recent (March 2023) However, when I use the plugin, the only 470.xxx one that it provides is the one at the bottom: v470.141.03 I want to be able to use this card with Docker for apps that use the "--runtime=nvidia" parameter like stable-diffusion etc. that detect the NVIDIA GPU and ask for its GPUID e.g. GPU-xxxxxxx-xxxx-xxxx-xxxx-xxxxxxx. Is this something that can be supported?
  5. To get this to work on my Windows 10 (Enterprise) I had to set AllowInsecureGuestAuth to 1 in [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] in the Registry Editor. Then I had to login with username "\" and no password.
  6. Can you please change the template to use br0 instead of eth0 by default? It doesn't work otherwise and that's the default interface for most Unraid users and I would never have known to change this without spending way too much time trying to figure out which interface (out of dozens) to use and if I had to change the network from host to bridge etc. This should work 'out-of-the-box' without any fuss.
  7. Once you get your C prompt, did you try running the three commands in the comment above?
  8. Is there a workaround that doesn't involve having to generate a new key? I'd like to continue using the same key I have on the various different machines that I connect from. I just upgraded from 6.9.2 to 6.10.3 and can no longer ssh into my Unraid server from my MacBook Air (High Sierra) I realize that the algorithm I use is outdated (2048 SHA256). My pub key in the Users->root>SSH authorized keys starts with ssh-rsa. I changed the ending comment to read root@Tower where Tower is the hostname of the Unraid server as the comments above suggested but it still doesn't work. I tried this: (since -oPubkeyAcceptedAlgorithms was not recognized on my system) (tower is set to my IP address in /etc/hosts) ssh -oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedKeyTypes=+ssh-rsa root@tower ssh_exchange_identification: Connection closed by remote host I tried changing sshd_config on the server to include these options based on some post I saw online: RSAAuthentication yes PubkeyAuthentication yes HostKeyAlgorithms=ssh-rsa,[email protected] PubkeyAcceptedAlgorithms=+ssh-rsa,[email protected] in /boot/config/ssh/sshd_config and restarted the ssh server using /etc/rc.d/rc.sshd restart But that didn't work. I then found that ssh'ing from my modern M1 MacBook Pro (ventura) worked. I then reverted all my server changes including the comment at the end of the public key. ssh still worked from my new MacBok Pro. I also confirmed that it works from my Ubuntu 18 machine. Is there anything I can do to enable SSH from my old MacBook Air on High Sierra (macOS 10.13.6)?
  9. I don't know but a Google of the error message took me to this forum discussion: > Initializing to bash, running gitlab-ctl reconfigure (waiting for the db to fail, then start accepting connections, which took ~12 minutes for me) and then running reconfigure again allows it start.
  10. You can limit log file sizes by changing the environment variable in your Edit docker template page. Mine looks like this. I disabled prometheus because it's a giant hog. --log-opt max-size=10m --log-opt max-file=1 --env GITLAB_OMNIBUS_CONFIG="external_url 'http://MY-UNRAID-IP:9080/'; postgresql['shared_buffers'] = '256MB'; sidekiq['concurrency'] = 15; prometheus_monitoring['enable'] = false;"
  11. You right click on the GitLab-CE entry in the Docker tab of the UnRaid webpage, then select Console Hope that helps!
  12. Unfortunately, I'm not sure I can help with your specific setup as I have it configured very differently. I use Cloudflare for my DNS and Let's Encrypt for the SSL certificate management within NginxProxyManager. You may need to map my logic to your specific setup. After some trial and error, I was able to get the external URL to work with SSL and have the Clone button in my repo point to the external URL instead of the local IP address: Browser Location bar: Gitlab Clone panel: How come you are setting env variables manually? I put them all as one string under Extra Parameters: I changed external_url to https://mysite.com/ I then made the following changes to gitlab.rb: external_url 'https://mysite.com' nginx['listen_port'] = 9080 nginx['listen_https'] = false and ran gitlab-ctl reconfigure In Nginx Proxy Manager: With the appropriate SSL certificate details for Let's Encrypt The problem I now have is that I am unable to do a git clone on either https or ssh without getting some authentication/SSL error. It used to work when I used the local server's IP address before I changed it to external URL.
  13. I had a similar problem with localhost URL instead of my actual server when I clone. In the docker template page in Unraid, I had to add the external_url parameter to Extra Parameters and set it to my Gitlab WebUI IP:PORT. In your case, you may want to change it to your actual site URL. --log-opt max-size=10m --log-opt max-file=1 --env GITLAB_OMNIBUS_CONFIG="external_url 'http://MY-UNRAID-IP:9080/'; postgresql['shared_buffers'] = '256MB'; sidekiq['concurrency'] = 15; prometheus_monitoring['enable'] = false;" I use NginxProxyManager to manage the internet-facing URL.
  14. I put mine around line 116: I now notice that I use log_format while the file seems to be using log-format. Not sure if it makes a difference. You may want to try both if it isn't working like you expect.
  15. The link to the script shows exactly how it's used. In any case, you don't have to use the script because I already did and provided the output. Those are the three lines you need to copy into the goaccess.conf file.