Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Restart only the webgui?

Featured Replies

Hello everyone,

 

I'm currently on unraid 6.9.2 and I ran into an issue this morning. I cannot access my webgui from firefox but it work from Edge. The error I get is certificate revoked, so it seems Edge doesn't do CRL check. I know the problem, I did renew my certificate with SWAG. I'm might not do that the right way, if there's another please tell me.

 

I'm using SWAG for reverse proxy, but I don't have unraid in the reverse proxy for security reason. Unraid isn't accessible from the outside. But I do use a FAQDN for my server that is on my subdomain. So what I do is to generate the certificate with swag and then I copy the ssl file to my flash drive. This work well, but it require a full server reboot just because there's no button to restart the webgui.

 

Now, I was wondering if there's command I can run to restart the webgui? I would add them in my script that sync the certificate or simply run it by hand.

 

Thank you

Solved by ljm42

  • Solution

This should do it:

/etc/rc.d/rc.nginx reload

 

FYI - Unraid 6.10 is a bit more strict with making sure your certificate matches your settings. I'd recommend running the Fix Common Problems plugin, it will warn you if your certificate is actually valid or not before you upgrade.

  • Author

Ah, that worked, thanks!

 

As for the certificate, I don't really remember why I did that. I do have set my servername and local tld so in the end, it does something like myserver.duckdns.org (tld = duckdns.org). I just ran fix commong problem and no error.

 

Is the certificate generated by unraid would cover both ip and name? Because I think that was my issue, the server was signed for my ip, with a self signed instead of a trusted CA.

 

thanks again!

1 minute ago, Nodiaque said:

Ah, that worked, thanks!

woot!

 

2 minutes ago, Nodiaque said:

As for the certificate, I don't really remember why I did that. I do have set my servername and local tld so in the end, it does something like myserver.duckdns.org (tld = duckdns.org). I just ran fix commong problem and no error.

Unraid 6.9.2 isn't as picky, but in 6.10.0 the Subject of the cert has to exactly match servername.localTLD.  FCP would warn about this so you should be good.

 

3 minutes ago, Nodiaque said:

Is the certificate generated by unraid would cover both ip and name? Because I think that was my issue, the server was signed for my ip, with a self signed instead of a trusted CA.

Unraid will generate a self-signed cert for servername.localTLD. It does not include the IP in the cert because of complications with IP addresses changing. Plus, it is self-signed so you would have to ignore a browser whether the IP was in the cert or not.

  • Author

Ah ok, that's why I'm using a script to copy the certificate from swag, since it's generating a servername.localtld certificate for that server. This way, no browser warning except for ip (while my server have fixed ip).

 

Thanks!

  • Author

if I add the nginx reload command in a user script (from the plugin), would the plugin be interrupted when the nginx is rebooted?

As long as you do 'reload' and not 'restart' you should be fine

  • 8 months later...

I've successfully done the exact same thing here except I'm using a traefik docker container for my automatic certificate provisioning for my services and not SWAG. I created a User Script that extracts the certs using jq, concats the cert and key into a .pem bundle, then it uses openssl verify to check that the cert is valid before issuing the command to reload the web ui.

Here's the script:
 

#!/bin/bash
traefik_path=/mnt/user/appdata/traefik
acme_json=$traefik_path/acme.json
domain=mydomain.com
domain_cert=$traefik_path/certs/$domain.crt
domain_key=$traefik_path/certs/$domain.key
unraid_cert=/boot/config/ssl/certs/tower_unraid_bundle.pem

# Use jq to extract the cert and the key - decode them from base64 - store them in files for later use
jq -r '.[].Certificates[] | select(.domain.main=="'${domain}'") | .certificate' $acme_json | base64 -d > $domain_cert
jq -r '.[].Certificates[] | select(.domain.main=="'${domain}'") | .key' $acme_json | base64 -d > $domain_key

# concatenate the certs and the key into a .pem file at the correct location for unraid to utilize
cat $domain_cert $domain_key > $unraid_cert

# if openssl can verify the cert as valid, recycle the webui
openssl verify -untrusted $domain_cert $unraid_cert 2>/tmp/err
if [ -s /tmp/err ]
then
  echo Certificate Failed to verify.
else
  echo Certificate verified Successfully - recycling Unraid Web UI...
  # reload the web UI to accept the new cert
  /etc/rc.d/rc.nginx reload
fi


I believe jq comes with the NerdPack plugin, so you'll need to install that first. I haven't found a lot of info for people who use Traefik proxy, so hopefully this helps others who do.

A possible enhancement to this might be to check that the acme.json has been updated, or check if the specific domain cert has been updated before running the script. A watch might be able to be used on the acme.json file to do this, or inotify, but this version works for me and the reload of the web UI doesn't seem to cause any issues. I don't have to re-log in for my logged in session, I can run this via the User Scripts UI and it doesn't cause issues, etc.

To be honest, I'm not entirely sure that the way I used OpenSSL to verify is the correct way to do it.

Edited by Earendur

  • 1 year later...
On 5/19/2022 at 1:17 PM, ljm42 said:

This should do it:

/etc/rc.d/rc.nginx reload

 

FYI - Unraid 6.10 is a bit more strict with making sure your certificate matches your settings. I'd recommend running the Fix Common Problems plugin, it will warn you if your certificate is actually valid or not before you upgrade.

 

Also worked for me, boom. 

 

What things should I look for to stop from crashing tho?

 

  • 6 months later...
On 5/19/2022 at 1:17 PM, ljm42 said:

This should do it:

/etc/rc.d/rc.nginx reload

 

FYI - Unraid 6.10 is a bit more strict with making sure your certificate matches your settings. I'd recommend running the Fix Common Problems plugin, it will warn you if your certificate is actually valid or not before you upgrade.

This worked! Thank you. 

 

I too am using `swag` with `letsencrypt` to generate SSL certificates. Whenever swag renews the certificate, I have to copy the `priv-fullchain-bundle.pem` cert to `/boot/config/ssl/certs/` folder as `unraid_unraid_bundle.pem`. I do this because I have a DNS record at Cloudflare that maps `unraid.<secondleveldomain>.cc` to my LAN IP address for the unraid server - i.e., 192.168.50.229. I can access my unraid server via the hostname with a SSL cert that is not self-signed, and the unraid server is still not exposed to the public internet. 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.