Figro's Docker Repo Support Thread


Figro

Recommended Posts

Unraid-Cloudflared-Tunnel

 

The only thing needed to get the container up and running is the token from Coudflare's zero trust dashboard under Acess > Tunnels. Once you create a tunnel you will be given your token. The token will look similar to the string of text seen below.

 

eyJhIjoiNjAwNGU3OTkxMDUzZjc1ZDNkY2e5MWMyZmI5MTViNDMiLCJ0IjoiZDgwZZZmZGUtOTQ3ZS00MWRhLWJmYzgtZmQzZGJmMmNmOTg1IiwiCyI6Ik1TWm1NR1JtWWpBdFlqSXlaQzAWWVRVNExUbGhaV1F0WXpsallqZzNOEEEzTmpoaiJ9

 

Leave a message on this thread or send a message on Discord and I will support you as well as I can when I get the chance.
 

Cloudflared Docs: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/

https://hub.docker.com/r/cloudflare/cloudflared

https://github.com/cloudflare/cloudflared

 

Github: https://github.com/AriaGomes/Unraid-Cloudflared-Tunnel
DockerHub: https://hub.docker.com/r/figro/unraid-cloudflared-tunnel

Discord: Figro#4064

 

Leon-AI

 

Setup the Leon data path and change the port (if needed). Will take a couple minutes to spin up. Check the logs and you should see when its up and running. You can mess around with the files for the app in the configured path.

 

To configure Leon-AI settings, edit the .env file inside the data path you configured. This will correlate to the env variables listed on the docs here: https://docs.getleon.ai/configuration

 

The insturction below can also be used with Flood-UI!

 

Updating the app can be done by opening the containers terminal session with either

docker exec -it Leon-AI sh

Or clicking "Console" from the unraid webui on the container as seen below

K7ug4sB.png

Once in the terminal change to this directory "/home/docker/leon" with

cd /home/docker/leon

Once in this directory you can run a

git pull

You can also git pull from the data path using your local terminal or the terminal inside of vscode.

if there is new commits in the master branch it will pull them from github. Be aware that this may overwrite changes you made to code in the app. If you are familar with using git you can also checkout to other branches or anything else you desire.

 

Leave a message on this thread or send a message on Discord and I will support you as well as I can when I get the chance. Let me know if there is anything that is not accessible with this implementation.

 

Leon-AI Docs: https://docs.getleon.ai

 

Github: https://github.com/AriaGomes/leon-docker
DockerHub: https://hub.docker.com/r/figro/leon-ai

Discord: Figro#4064

 

Flood-UI

 

Source code building is available with the :dev branch

 

Setup the appdata path and change the port (if needed). Will take a couple minutes to spin up. Check the logs and you should see when its up and running. You can mess around with the files for the app in the configured path as you can with Leon-AI. Check the bolded portion in Leon-AI above. Those instructions can be replicated to do development work on this container as well.

 

The entire configuration is done once the server is up and running and you can add your torrent client instance and view and manipulate your client using flood-ui. Please let me know if you run into any issues and I will do my best to assist :)

 

Flood Docs: https://github.com/jesec/flood/wiki

 

Github: https://github.com/AriaGomes/Flood-UI
DockerHub: https://hub.docker.com/r/figro/flood-ui

Discord: Figro#4064

 

Ory-Kratos

 

Setup the appdata path and change the port (if needed). You can configure your schema and config for kratos in the appdata path there will be 2 files that are read by ory kratos. When you make changes restart the container. Please note that some changes made to the schema will require you to make a new user for with that schema and that new user and any created after with that schema will have the new schema parameters. This is to not cause unwanted functionality for older users and allows for backwards compatibility. There is alot more documentation on the ory kratos site linked below. 

 

Please let me know if things need to be added to allow for some type of functionality as I have not tested this application throughly yet. I will try to assist or create an update to the container when I get a chance

 

Flood Docs: https://www.ory.sh/docs

 

Github: https://github.com/AriaGomes/ory-kratos-container
DockerHub: https://hub.docker.com/r/figro/ory-kratos

Discord: Figro#4064

Edited by Figro
Added Ory Kratos
  • Like 1
Link to comment
  • Figro changed the title to Figro's Docker Repo Support Thread

Hi

Just a little question (which isn't directly connected to your project)

when I set (public hostname) *.mydomain.com to (service) https://swag:443 it's working only if I check "No TLS Verify"

mydomain.com has a wildcard certificate by let's encrypt (which obviously isn't being used while using cloudflare proxy/tunnel)

my local host/ip (swag/192.168.X.X) doesn't have a certificate (do I need one? and if so, how to issue one?)

Thanks in advance

 

Link to comment
18 minutes ago, Omri said:

Hi

Just a little question (which isn't directly connected to your project)

when I set (public hostname) *.mydomain.com to (service) https://swag:443 it's working only if I check "No TLS Verify"

mydomain.com has a wildcard certificate by let's encrypt (which obviously isn't being used while using cloudflare proxy/tunnel)

my local host/ip (swag/192.168.X.X) doesn't have a certificate (do I need one? and if so, how to issue one?)

Thanks in advance

 

 

Hello, While I have not done this myself, I belive this can be done a couple of ways through cloudflares domain managment dashboard.

You can create or download existing certs as shown in the screenshot below and you can use these instead of the lets encrypt certs.

 vivaldi_Ujbsvn3Liu.thumb.png.2520e0bb0b1c40a3463f9fa8fdcf9eda.png

If you prefer to use the letsencrypt certs I believe you can also upload them to cloudflare, however it looks like this is a paid feature under cloudflare. (screenshot below)

vivaldi_TuYxyAAO6u.thumb.png.04bf6bb409e84a01d3790339e479fe2e.png

You can also turn off SSL completly from cloudflare's side and only use letsencrpt however this will be globally across all subdomains (Not sure if thats what you are looking for)

vivaldi_EHzDxgac3m.thumb.png.cc0592278bd4c98da4df27c99ffd072b.png

The way I use the tunnel is by adding them without SSL with a HTTP connection and once you access through the subdomain cloudflare will encrpyt the connection via HTTPS with their certs. Hope this was helpful and if you have any more questions or need to clear anything up let me know :)

Edited by Figro
  • Thanks 1
Link to comment

I'm assuming to get the token you go to setup docker tunnel in cloudflared first?

 

The next step is a bunch of inputs.  Apologies, but although I've gotten this working with a tunnel to my home assistant VM, I'm lost when it comes to setting this stuff correctly.

 

image.thumb.png.f75237bef5732d7bbe189615845b28fc.png

Link to comment
1 minute ago, ryry said:

I got it working - in case it helps anyone else:
-the subdomain is what you want it to be to access publicly, domain is the selected path.

-the type can be http then the url to access your unraid instance locally (assumed static IP) e.g. 192.168.2.32

 

Glad you got it working just going to leave this here for other having issues finding their tokens. The token can be found in the blurred out portion in the second screenshot. You will need to get rid of the other text and make sure to only copy your token. It looks similar to the text in the first forum post here.

vivaldi_OG4wBKUtyM.thumb.png.4a5b64d7063a83753b7e417a005d963a.png

 

vivaldi_B3WT5VdJLQ.thumb.png.2e058b8dde0128aa7e1245304e8beb24.png

Link to comment

I have a question... As I'm behind a double NAT CGNAT config, I was want to set up a tunnel so that I can access by home LAN remotely on the road.

 

Has anyone been successful in getting this to work? I can access the tunnel OK using my android mobile and the WARP 1.1.1.1 app, but can't seem to access any of my LAN servers/resources using the 192.168.0.1 IP address range.

 

Any pointer would be appreciate. (I have already the 192.168.0.0 arrange range routed in the Cloudlfare dashboard.)

Link to comment
2 hours ago, WizP said:

I have a question... As I'm behind a double NAT CGNAT config, I was want to set up a tunnel so that I can access by home LAN remotely on the road.

 

Has anyone been successful in getting this to work? I can access the tunnel OK using my android mobile and the WARP 1.1.1.1 app, but can't seem to access any of my LAN servers/resources using the 192.168.0.1 IP address range.

 

Any pointer would be appreciate. (I have already the 192.168.0.0 arrange range routed in the Cloudlfare dashboard.)

I wasn't aware this was something that could be achieved with the WARP client. As such I do not know much about this however I found this documentation explaining that you have to change a setting under split tunnels to include instead of exclude and configure your IP's. Not sure this helps or not but I will leave the link for that below. Feel free to update with any information and progress made as I find this feature quite interesting. Currently I use Unraid's Wireguard VPN to achieve that. I wish you luck and hope there are others that may be able to better answer this.

 

Documentation: https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel/#route-private-ip-ranges-through-warp 

Link to comment
48 minutes ago, Figro said:

I wasn't aware this was something that could be achieved with the WARP client. As such I do not know much about this however I found this documentation explaining that you have to change a setting under split tunnels to include instead of exclude and configure your IP's. Not sure this helps or not but I will leave the link for that below. Feel free to update with any information and progress made as I find this feature quite interesting. Currently I use Unraid's Wireguard VPN to achieve that. I wish you luck and hope there are others that may be able to better answer this.

 

Documentation: https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel/#route-private-ip-ranges-through-warp 

I also used to use wireguard to connect into Unraid, but with the double CGNAT, and not IP6 I can't use that any more...

But thanks for the help

Link to comment
3 hours ago, WizP said:

I have a question... As I'm behind a double NAT CGNAT config, I was want to set up a tunnel so that I can access by home LAN remotely on the road.

 

Has anyone been successful in getting this to work? I can access the tunnel OK using my android mobile and the WARP 1.1.1.1 app, but can't seem to access any of my LAN servers/resources using the 192.168.0.1 IP address range.

 

Any pointer would be appreciate. (I have already the 192.168.0.0 arrange range routed in the Cloudlfare dashboard.)

have you enabled "Host access to custom networks:" in docker settings?

 

Link to comment

Hi @Figro, thank you for making this. I had this setup and it was working perfectly until a few hours ago. Now it's not loading the webpages at all.

 

I can still access the dockers locally, I didn't change anything on Cloudflare. The tunnel shows up as 'Active' and tunnel docker is up. 

 

I restarted the docker and the logs now show what I've attached. But it still doesn't connect. They show some errors but I've really only noticed I couldn't connect a couple of hours ago. Any ideas?

 

 

edit: Update. I can access the public hostnames fine outside of my home network. Still trying to figure it out.

 

edit2: So it seems I can't access the Cloudflare IPs of my tunnel endpoint from my home network. If I use my mobile connection, I am able to. I can't even ping.image.png.970ef2f916be740536a90683c0de9b8a.png

edit3: the IPs of the tunnel rotated and my DNS (Google) had stale entries. Updated to CF's DNS.

image.png

Edited by migueldias
Link to comment
1 hour ago, migueldias said:

Hi @Figro, thank you for making this. I had this setup and it was working perfectly until a few hours ago. Now it's not loading the webpages at all.

 

I can still access the dockers locally, I didn't change anything on Cloudflare. The tunnel shows up as 'Active' and tunnel docker is up. 

 

I restarted the docker and the logs now show what I've attached. But it still doesn't connect. They show some errors but I've really only noticed I couldn't connect a couple of hours ago. Any ideas?

 

 

edit: Update. I can access the public hostnames fine outside of my home network. Still trying to figure it out.

 

edit2: So it seems I can't access the Cloudflare IPs of my tunnel endpoint from my home network. If I use my mobile connection, I am able to. I can't even ping.image.png.970ef2f916be740536a90683c0de9b8a.png

edit3: the IPs of the tunnel rotated and my DNS (Google) had stale entries. Updated to CF's DNS.

image.png

Hello, Thanks for updating your post and sharing. Did the third edit fix your issue?

Link to comment
On 10/24/2022 at 6:28 PM, WizP said:

I also used to use wireguard to connect into Unraid, but with the double CGNAT, and not IP6 I can't use that any more...

But thanks for the help

OK guys, I got this working... I can now access my home SERVERS/lan which is being the CGNAT. Everything is accessible, just like it was with wireguard... 

 

I just needed to remove my home IP subnet range from the exclude list in the cloudflare zerotrust dashboard. 

 

Hooe this helps other people... It would be great to have something like this built directly into Unraid, but am happy with the docker for now. 

Link to comment

I've just had an issue of all my websites going down, with an error of; 

You've requested a page on a website *** that is on the Cloudflare network. The host *** is configured as an Argo Tunnel, and Cloudflare is currently unable to resolve it.

 

When I checked the logs I got the following;

cloudflared has been updated to version 2022.10.3

** Press ANY KEY to close this window ** 

 

I had to restart the docker, and they all popped back online. Is there an issue wiith cloudflared updating within the docker, and bringing it down? And requiring a docker restart to resolve it.

  • Upvote 1
Link to comment

I walked through this a few times and maybe the simplicity of the container has obscured something important to me. If I want this to point to one specific container ie. Nginx proxy manager and I made the service https://npm:443 then and my subdomain like:  blah.mydomain.net then that would make it so everytime I was on the internet, I could hit my nginx proxy manager by going to blah.mydomain.net? All of my NPM services are set to service1.mydomain.net or service2.mydomain.net, etc. (using internal DNS);

 

How do I lock this down so that I can only access some of the services in the nginx proxy? Do I need to create ACLs in Nginx?  I want granularity on what the tunnel can access inside the network/host.

 

Also, with my example above, what URL do I use to access a service...  If I go to blah.mydomain.net how will Nginx know where I really want to go? Would I instead need to be attempting to hit service1.blah.mydomain.net? I'm fuzzy on the DNS internally here.

Link to comment
6 hours ago, jmmrly said:

I've just had an issue of all my websites going down, with an error of; 

You've requested a page on a website *** that is on the Cloudflare network. The host *** is configured as an Argo Tunnel, and Cloudflare is currently unable to resolve it.

 

When I checked the logs I got the following;

cloudflared has been updated to version 2022.10.3

** Press ANY KEY to close this window ** 

 

I had to restart the docker, and they all popped back online. Is there an issue wiith cloudflared updating within the docker, and bringing it down? And requiring a docker restart to resolve it.

This shouldn't happen unless cloudflared itself updates itself when theres a new version available while running. The container only checks for a new version at startup. If you are able to find anything regarding the cloudflared software updates itself while running I'll take a look into that and release an update. I have not run into this myself but if there is a pattern of this please feel free to update here

Link to comment
3 minutes ago, Figro said:

This shouldn't happen unless cloudflared itself updates itself when theres a new version available while running. The container only checks for a new version at startup. If you are able to find anything regarding the cloudflared software updates itself while running I'll take a look into that and release an update. I have not run into this myself but if there is a pattern of this please feel free to update here

I do think it auto updated whilst it was running from what the logs showed. You can add a switch to stop the auto updating, not sure if this can be used in this docker? `cloudflared tunnel --no-autoupdate`

I'll let you know if it happens again.

Link to comment
6 hours ago, birdsofprey02 said:

I walked through this a few times and maybe the simplicity of the container has obscured something important to me. If I want this to point to one specific container ie. Nginx proxy manager and I made the service https://npm:443 then and my subdomain like:  blah.mydomain.net then that would make it so everytime I was on the internet, I could hit my nginx proxy manager by going to blah.mydomain.net? All of my NPM services are set to service1.mydomain.net or service2.mydomain.net, etc. (using internal DNS);

 

How do I lock this down so that I can only access some of the services in the nginx proxy? Do I need to create ACLs in Nginx?  I want granularity on what the tunnel can access inside the network/host.

 

Also, with my example above, what URL do I use to access a service...  If I go to blah.mydomain.net how will Nginx know where I really want to go? Would I instead need to be attempting to hit service1.blah.mydomain.net? I'm fuzzy on the DNS internally here.

I believe you would want to look into the cloudflare dashboard for what you are looking for. Under the tunnel you should be able to configure public hostnames and point them to an IP. I've never tried with another domain but I think that will work as well. There is alot of options under the cloudflare dashboard. Check above at @ryry's post for a little explination on that

Link to comment
Just now, jmmrly said:

I do think it auto updated whilst it was running from what the logs showed. You can add a switch to stop the auto updating, not sure if this can be used in this docker? `cloudflared tunnel --no-autoupdate`

I'll let you know if it happens again.

Yea I can add this to the container. Look for an update in an hour or so

  • Thanks 2
Link to comment
6 hours ago, birdsofprey02 said:

I walked through this a few times and maybe the simplicity of the container has obscured something important to me. If I want this to point to one specific container ie. Nginx proxy manager and I made the service https://npm:443 then and my subdomain like:  blah.mydomain.net then that would make it so everytime I was on the internet, I could hit my nginx proxy manager by going to blah.mydomain.net? All of my NPM services are set to service1.mydomain.net or service2.mydomain.net, etc. (using internal DNS);

 

How do I lock this down so that I can only access some of the services in the nginx proxy? Do I need to create ACLs in Nginx?  I want granularity on what the tunnel can access inside the network/host.

 

Also, with my example above, what URL do I use to access a service...  If I go to blah.mydomain.net how will Nginx know where I really want to go? Would I instead need to be attempting to hit service1.blah.mydomain.net? I'm fuzzy on the DNS internally here.

If the dashboard doesnt have what you are looking for I would recommend using the offical cloudflared docker container where you would be able to attach to the container and run the configuration commands you are looking to run.

 

https://hub.docker.com/r/cloudflare/cloudflared

Link to comment
22 hours ago, Figro said:

Hello, Thanks for updating your post and sharing. Did the third edit fix your issue?

It did! Thank you!

 

1 hour ago, Figro said:

Yea I can add this to the container. Look for an update in an hour or so

Thank you. Will update once you push it. I had the exact same thing happen to me as @jmmrly where the tunnel auto-updated :).

Edited by migueldias
  • Like 1
Link to comment
On 10/26/2022 at 3:00 AM, WizP said:

OK guys, I got this working... I can now access my home SERVERS/lan which is being the CGNAT. Everything is accessible, just like it was with wireguard... 

 

I just needed to remove my home IP subnet range from the exclude list in the cloudflare zerotrust dashboard. 

 

Hooe this helps other people... It would be great to have something like this built directly into Unraid, but am happy with the docker for now. 

 

I've tried removing my home IP subnet range, and also enabling 'Host access to custom networks' under docker settings but I still can't access my local devices through the WARP app.

Edited by jmmrly
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.