frakman1

Community Developer
  • Posts

    169
  • Joined

  • Last visited

Everything posted by frakman1

  1. SSL/TLS is now supported in Unraid but is off by default. You can turn it on by going to Settings > Management Access and changing Use SSL/TLS to Yes. See screenshot for more details:
  2. @thenhz @Tucubanito07 @Northwave Author of the frak-gvm template here (not the actual container). Sorry for pointing the support page to here. I think it was my first template and I didn't have a page on the forum to point it to, or perhaps I started with the nessus template and inherited by accident. Either way, sorry for the confusion. As I recall, the OpenVAS/GVM container takes a really long time to come up the first time as it downloads a ton of NVTs and other databases from the web. After it's done, it should come up. Just be patient and monitor the logs. It spends most of the time in the 'Updating xxx' lines then finally goes to: Your GVM 11 container is now ready to use! 9:C 14 Mar 2024 13:23:34.863 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo 9:C 14 Mar 2024 13:23:34.863 # Redis version=5.0.7, bits=64, commit=00000000, modified=0, pid=9, just started 9:C 14 Mar 2024 13:23:34.863 # Configuration loaded Wait for redis socket to be created... Testing redis status... Redis ready. Starting PostgreSQL... waiting for server to start....2024-03-14 13:23:35.963 EDT [21] LOG: starting PostgreSQL 12.3 (Ubuntu 12.3-1.pgdg20.04+1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 9.3.0-10ubuntu2) 9.3.0, 64-bit 2024-03-14 13:23:35.964 EDT [21] LOG: listening on IPv4 address "127.0.0.1", port 5432 2024-03-14 13:23:35.964 EDT [21] LOG: could not bind IPv6 address "::1": Cannot assign requested address 2024-03-14 13:23:35.964 EDT [21] HINT: Is another postmaster already running on port 5432? If not, wait a few seconds and retry. 2024-03-14 13:23:35.983 EDT [21] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432" 2024-03-14 13:23:36.016 EDT [22] LOG: database system was interrupted; last known up at 2024-03-14 13:20:10 EDT ............2024-03-14 13:23:48.242 EDT [22] LOG: database system was not properly shut down; automatic recovery in progress 2024-03-14 13:23:48.249 EDT [22] LOG: redo starts at 6/AFF8A7C8 ...2024-03-14 13:23:51.958 EDT [22] LOG: invalid record length at 6/C435B610: wanted 24, got 0 2024-03-14 13:23:51.958 EDT [22] LOG: redo done at 6/C435AEA8 ....2024-03-14 13:23:55.066 EDT [21] LOG: database system is ready to accept connections done server started Updating NVTs... Updating CERT data... 2024-03-14 13:24:55.160 EDT [43] LOG: autovacuum: dropping orphan temp table "gvmd.pg_temp_5.current_credentials" rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection timed out (110) rsync: failed to connect to feed.openvas.org (2a01:130:2000:127::d1): Cannot assign requested address (99) rsync error: error in socket IO (code 10) at clientserver.c(127) [Receiver=3.1.3] Updating SCAP data... rsync: failed to connect to feed.openvas.org (89.146.224.58): Connection timed out (110) rsync: failed to connect to feed.openvas.org (2a01:130:2000:127::d1): Cannot assign requested address (99) rsync error: error in socket IO (code 10) at clientserver.c(127) [Receiver=3.1.3] Starting Open Scanner Protocol daemon for OpenVAS... Starting Greenbone Vulnerability Manager... admin Starting Greenbone Security Assistant... Oops, secure memory pool already initialized Starting OpenSSH Server... ++++++++++++++++++++++++++++++++++++++++++++++ + Your GVM 11 container is now ready to use! + ++++++++++++++++++++++++++++++++++++++++++++++ I would also monitor the output of: netstat -tulpn | grep LISTEN and look for the 9392 port which corresponds to the Web UI port. When it finally completes, the output of that command should look like this: root@e2885647614f:/# netstat -tulpn | grep LISTEN tcp 0 0 0.0.0.0:9390 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 10/redis-server 0.0 tcp 0 0 127.0.0.11:32801 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 379/sshd: /usr/sbin tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN - tcp6 0 0 :::9392 :::* LISTEN - tcp6 0 0 :::22 :::* LISTEN 379/sshd: /usr/sbin Pointing the browser to <ip-address>:9392 should look like this:
  3. Thanks. I will try and get some logs but it's good to know which driver to use now.
  4. I have the Nvidia Quadro K4000 graphics card. When I try to install the latest from the plugin, I get this error: The Nvidia drivers page points me to this driver for Linux 64bit which is fairly recent (March 2023) However, when I use the plugin, the only 470.xxx one that it provides is the one at the bottom: v470.141.03 I want to be able to use this card with Docker for apps that use the "--runtime=nvidia" parameter like stable-diffusion etc. that detect the NVIDIA GPU and ask for its GPUID e.g. GPU-xxxxxxx-xxxx-xxxx-xxxx-xxxxxxx. Is this something that can be supported?
  5. To get this to work on my Windows 10 (Enterprise) I had to set AllowInsecureGuestAuth to 1 in [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] in the Registry Editor. Then I had to login with username "\" and no password.
  6. Can you please change the template to use br0 instead of eth0 by default? It doesn't work otherwise and that's the default interface for most Unraid users and I would never have known to change this without spending way too much time trying to figure out which interface (out of dozens) to use and if I had to change the network from host to bridge etc. This should work 'out-of-the-box' without any fuss.
  7. Once you get your C prompt, did you try running the three commands in the comment above?
  8. Is there a workaround that doesn't involve having to generate a new key? I'd like to continue using the same key I have on the various different machines that I connect from. I just upgraded from 6.9.2 to 6.10.3 and can no longer ssh into my Unraid server from my MacBook Air (High Sierra) I realize that the algorithm I use is outdated (2048 SHA256). My pub key in the Users->root>SSH authorized keys starts with ssh-rsa. I changed the ending comment to read root@Tower where Tower is the hostname of the Unraid server as the comments above suggested but it still doesn't work. I tried this: (since -oPubkeyAcceptedAlgorithms was not recognized on my system) (tower is set to my IP address in /etc/hosts) ssh -oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedKeyTypes=+ssh-rsa root@tower ssh_exchange_identification: Connection closed by remote host I tried changing sshd_config on the server to include these options based on some post I saw online: RSAAuthentication yes PubkeyAuthentication yes HostKeyAlgorithms=ssh-rsa,[email protected] PubkeyAcceptedAlgorithms=+ssh-rsa,[email protected] in /boot/config/ssh/sshd_config and restarted the ssh server using /etc/rc.d/rc.sshd restart But that didn't work. I then found that ssh'ing from my modern M1 MacBook Pro (ventura) worked. I then reverted all my server changes including the comment at the end of the public key. ssh still worked from my new MacBok Pro. I also confirmed that it works from my Ubuntu 18 machine. Is there anything I can do to enable SSH from my old MacBook Air on High Sierra (macOS 10.13.6)?
  9. I don't know but a Google of the error message took me to this forum discussion: > Initializing to bash, running gitlab-ctl reconfigure (waiting for the db to fail, then start accepting connections, which took ~12 minutes for me) and then running reconfigure again allows it start.
  10. You can limit log file sizes by changing the environment variable in your Edit docker template page. Mine looks like this. I disabled prometheus because it's a giant hog. --log-opt max-size=10m --log-opt max-file=1 --env GITLAB_OMNIBUS_CONFIG="external_url 'http://MY-UNRAID-IP:9080/'; postgresql['shared_buffers'] = '256MB'; sidekiq['concurrency'] = 15; prometheus_monitoring['enable'] = false;"
  11. You right click on the GitLab-CE entry in the Docker tab of the UnRaid webpage, then select Console Hope that helps!
  12. Unfortunately, I'm not sure I can help with your specific setup as I have it configured very differently. I use Cloudflare for my DNS and Let's Encrypt for the SSL certificate management within NginxProxyManager. You may need to map my logic to your specific setup. After some trial and error, I was able to get the external URL to work with SSL and have the Clone button in my repo point to the external URL instead of the local IP address: Browser Location bar: Gitlab Clone panel: How come you are setting env variables manually? I put them all as one string under Extra Parameters: I changed external_url to https://mysite.com/ I then made the following changes to gitlab.rb: external_url 'https://mysite.com' nginx['listen_port'] = 9080 nginx['listen_https'] = false and ran gitlab-ctl reconfigure In Nginx Proxy Manager: With the appropriate SSL certificate details for Let's Encrypt The problem I now have is that I am unable to do a git clone on either https or ssh without getting some authentication/SSL error. It used to work when I used the local server's IP address before I changed it to external URL.
  13. I had a similar problem with localhost URL instead of my actual server when I clone. In the docker template page in Unraid, I had to add the external_url parameter to Extra Parameters and set it to my Gitlab WebUI IP:PORT. In your case, you may want to change it to your actual site URL. --log-opt max-size=10m --log-opt max-file=1 --env GITLAB_OMNIBUS_CONFIG="external_url 'http://MY-UNRAID-IP:9080/'; postgresql['shared_buffers'] = '256MB'; sidekiq['concurrency'] = 15; prometheus_monitoring['enable'] = false;" I use NginxProxyManager to manage the internet-facing URL.
  14. I put mine around line 116: I now notice that I use log_format while the file seems to be using log-format. Not sure if it makes a difference. You may want to try both if it isn't working like you expect.
  15. The link to the script shows exactly how it's used. In any case, you don't have to use the script because I already did and provided the output. Those are the three lines you need to copy into the goaccess.conf file.
  16. Thank you for the definitive answer and suggestion. I don't understand where the previous container's digest would be. Doesn't the old container get blown away after an upgrade? The only "inspect" I can run is on the new container. I also thought that an upgrade explicitly removed the orphan image that was the previous "latest" tagged image. I remember seeing that in the logs as the last step of the upgrade process. So after an upgrade, both the old container and the old image are gone and all I have is the new image and the new container created from it. Am I missing something? Maybe there's a misunderstanding. I'm not trying to figure out what version the current "latest" tag corresponds to. Yes, I can compare digests to published values. I am trying to determine the version of the previous version of the app just before the failed upgrade. It was also tagged as "latest".
  17. Unfortunately there is no way of knowing what the version I had running before the upgrade was. Was it the previous version? Was the it the one before that? etc. I don't upgrade as soon as a new release is made so it could be anything in the last year. Is there a log of the docker upgrade operations and associated output anywhere? @Squid It just seems wrong that if I didn't happen to take a screenshot of the docker upgrade popup then it's gone forever.
  18. I have a slightly different but related question. When I upgrade a docker app, there is a pop up with details about the upgrade. After the upgrade completes and I close that window and later find out that the upgrade failed, how do I know what the previous version of the docker image was? It's always set to xxx:latest in the template so there's no way of knowing after the operation completes what it was before. Is this information/log saved anywhere? When filing an issue/ticket against the app, I'd like to know what the source and destination versions where that caused the failure.
  19. Sorry, I misunderstood earlier. I didn't know there was a second 'official' app on Community Applications. I'll have to try is out and get back to you later. UPDATE: Sorry, it's highly unlikely that I will revisit this on a different version of the app. It seems it was added after I started using the one from Grack's Repository. I updated my post to show which version I am using. You can use that one if you like.
  20. I am using this docker jlesage/nginx-proxy-manager If you're talking about jc21/nginx-proxy-manager:latest Then its /etc/nginx/nginx.conf configuration has this line: access_log /data/logs/fallback_access.log proxy; Which mean you will need to map the /data/logs folder to a location that the goaccess container can also access. You will also need to change the goaccess configuration to look for that log file instead of the one currently configured
  21. You do that by editing the docker template page. Goto the DOCKER tab, click on Gitlab-CE and select "Edit" Locate the field labeled Repository. It should be set to gitlab/gitlab-ce:latest This is what controls what version of Gitlab-CE you are using. A quick breakdown of the components of this string is: gitlab: user on dockerhub gitlab-ce: name of the repository latest: version To change it to something else, first find out what the official tags are from the dockerhub page for that project here. Click on the Tags tab and search for the version that you want. For example, 13.9.2, would correspond to 13.9.2-ce.0 Now enter that version instead of latest in the Repository field of the Gitlab-CE docker template: Repository: gitlab/gitlab-ce:13.9.2-ce.0 Hope that helps!
  22. I address this point in Step One of my post. The idea is not to have to change anything in nginx.conf and map the folders appropriately.
  23. Can you please share your private repo so I can try the tftp app? I tried to PM but it didn't work
  24. You can do that by modifying the repository that the docker template is using. It looks like it is currently using the "master" tag: To change it, head out to where it is hosted on docker hub: https://hub.docker.com/r/mattermost/mattermost-team-edition/tags?page=1&ordering=last_updated and pick the tag that you want and replace it. Example: mattermost/mattermost-team-edition:5.33.4-rc1
  25. I'm not 100% sure what the original state of the "Use SSL/TLS" setting was but I think it was originally No and that installing the Unraid.net plugin enabled it. If I'm wrong and it was set to Yes already, then removing the plugin should remove the new Unraid.net certificate so that it would continue using the self-signed hostname certificate.