February 15, 20251 yr 9 hours ago, Mainfrezzer said: The cloudflare tunnel is directed to redirect wing.magnon.ovh to 172.17.0.1:8080 thankyou for clarifying, this is how i thought it to worked. The wording of "its working fine with cloudflare tunnels on 443" made me think you was pointing the CF tunnel hostname to 433 but you are using 172.17.0.1:8080. This is how i tested without going through swag, still unable to communicate, at a loss what to try next.. :Update, at last, it was a typo in the wings nginx!! Edited February 15, 20251 yr by KeyBoardDabbler
February 21, 20251 yr Author Just a notice for anyone who might use GPTWOL they changed the container a bit that needs an update to the template. The computer.txt is now located in /app/db. Changing the bind from "/app/computers.txt" on "/mnt/user/appdata/gptwol/computers.txt" to "/app/db" on "/mnt/user/appdata/gptwol/db" and then moving the file manually into the folder should migrate without issue.
February 24, 20251 yr I've recently migrated from the Adguard Home implementation in Siwat2545's Repository to Mainfrezzer's Adguard-Home-Unbound implementation to take advantage of Unbound—special thanks for making that migration easy. I'm not sure if that was intentional or not. Still, the directories and files matched up perfectly. All I needed to do was stop one container and start the other, and had absolutely no discontinuity in the database, query log, or operation. However, I do have a few questions about the Unbound implementation I was hoping I could get some help with. What's the best way to view the Unbound logs? I'm no Docker expert, but the only logs I see from the container are from AdGuard Home. I attempted to edit the config file to make them available via the standard docker logs output by switching to stderr log output, but I'm pretty sure that won't work since unbound is running as a daemon. Outputting to a file didn't work, and using syslog as per the default in the config didn't work either (I am not sure syslog is set up correctly in the image.) I'd like to implement DNSSEC for upstream recursive resolution, but I don't think the image is set up for that either. From what I can tell, the unbound configuration is similar to that setup in pi-hole guides, which doesn't have DNSSEC setup for upstream resolution either. I attempted to follow this guide from NLnetlabs but quickly abandoned it because it would require a persistent image change (setting up a reoccurring command to run unbound-anchor to update the trust anchor, just like the reoccurring command to update root-hints.) However, the image does seem to have an initial trust anchor certificate setup at the default location. Was it intended to have DNSSEC setup for upstream resolution? Has anyone been successful in setting up the trust anchor? Generally, though, I want to give a big thank you to @Mainfrezzer for maintaining this excellent app. Edited February 24, 20251 yr by FirbyKirby
February 25, 20251 yr Author 16 hours ago, FirbyKirby said: I've recently migrated from the Adguard Home implementation in Siwat2545's Repository to Mainfrezzer's Adguard-Home-Unbound implementation to take advantage of Unbound—special thanks for making that migration easy. I'm not sure if that was intentional or not. Still, the directories and files matched up perfectly. All I needed to do was stop one container and start the other, and had absolutely no discontinuity in the database, query log, or operation. However, I do have a few questions about the Unbound implementation I was hoping I could get some help with. What's the best way to view the Unbound logs? I'm no Docker expert, but the only logs I see from the container are from AdGuard Home. I attempted to edit the config file to make them available via the standard docker logs output by switching to stderr log output, but I'm pretty sure that won't work since unbound is running as a daemon. Outputting to a file didn't work, and using syslog as per the default in the config didn't work either (I am not sure syslog is set up correctly in the image.) I'd like to implement DNSSEC for upstream recursive resolution, but I don't think the image is set up for that either. From what I can tell, the unbound configuration is similar to that setup in pi-hole guides, which doesn't have DNSSEC setup for upstream resolution either. I attempted to follow this guide from NLnetlabs but quickly abandoned it because it would require a persistent image change (setting up a reoccurring command to run unbound-anchor to update the trust anchor, just like the reoccurring command to update root-hints.) However, the image does seem to have an initial trust anchor certificate setup at the default location. Was it intended to have DNSSEC setup for upstream resolution? Has anyone been successful in setting up the trust anchor? Generally, though, I want to give a big thank you to @Mainfrezzer for maintaining this excellent app. Yes it was more or less intended^^ f you want to get the unbound logs, the easiest way would be to include log-time-ascii: yes logfile: /opt/adguardhome/conf/unbound.log in the unbound config. (you have to modify the permissions for the config dir in appdata because its writing with the unbound user and cannot write by default in there) for your second problem. I did push an update which adds the option to create the root.key upon startup. You would have to include a new variable in your adguard template with the "DNSSEC_ENABLE" as key and a value of 1. Upon start it will start unbound-anchor and create the root.key file at /etc/unbound/ So adding auto-trust-anchor-file: "/etc/unbound/root.key" should work without a fuss. (hopefully) if it doesnt, complain please Edit: I actually needed to update the container twice now BUT im pretty sure it works now Edited February 25, 20251 yr by Mainfrezzer added missing "and", rephrasing
February 25, 20251 yr just installed GTPWOL and works great, I can use the gui to manually wake a machine on the lan. Im creating some scripts to do backups, and wondered if I could call the WOL tool from a script rather then having to use the cron scheduler in the gui to wake my server, then a separate script scheduled a few mins later to do the backup.
February 26, 20251 yr Author 11 hours ago, rorton said: just installed GTPWOL and works great, I can use the gui to manually wake a machine on the lan. Im creating some scripts to do backups, and wondered if I could call the WOL tool from a script rather then having to use the cron scheduler in the gui to wake my server, then a separate script scheduled a few mins later to do the backup. Thats a bit tricky(given it seems to use python). Im gonna assume youre trying to run the script on Unraid itself as one script, in that case i would recommend using etherwake.
February 27, 20251 yr I'm getting a lot of error log with AdGuard-Home-Unbound app. Web browsing seem pretty normal. Is there anyway to fix this? [error] dnsproxy: unpacking udp packet err="dns: buffer size too small"
February 27, 20251 yr Author 24 minutes ago, socool said: I'm getting a lot of error log with AdGuard-Home-Unbound app. Web browsing seem pretty normal. Is there anyway to fix this? [error] dnsproxy: unpacking udp packet err="dns: buffer size too small" Whats is the "so-rcvbuf:" size in the unbound.conf? if its 1m, you could try to set it higher, to like 3m Otherwise, if that doesnt help with it, puh, you could enable verbose debug loging in your adguard config (https://github.com/adguardTeam/adGuardHome/wiki/FAQ#verboselog) and ask Adguard directly about it. if i remember correctly this appeared a bit more widespread a while ago, but the usual "fixes" arent needed because unraid already ships with "16777216"
February 28, 20251 yr On 2/25/2025 at 6:22 AM, Mainfrezzer said: I did push an update which adds the option to create the root.key upon startup. You would have to include a new variable in your adguard template with the "DNSSEC_ENABLE" as key and a value of 1. Upon start it will start unbound-anchor and create the root.key file at /etc/unbound/ So adding auto-trust-anchor-file: "/etc/unbound/root.key" should work without a fuss. (hopefully) if it doesnt, complain please Thanks! Finally had a chance to test the new version and I'm happy to report it works exactly as expected. I also tested with the fail01.dnssec.works and dnssec.works addresses after implementing the new label and config file line pointing to the trust anchor. SERVFAIL is the expected result when resolving the fail01 variant as it won't use DNSSEC. I spent a bit of time doing some research before responding because the docs state that you have to periodically run an unbound-anchor to keep the anchor up to date. I assumed we'd need to update the image to run a cron job. From NLnetlabs: Quote Set the unbound-anchor tool to run at system startup, it is part of the unbound package. This tool checks if the anchor is out-of-date and attempts to update it. But, I think you actually set it up just right by having unbound-anchor run in the start.sh script. Unless my very amateur docker-fu is way off, that script will run every time the container starts up or is updated, thus achieving what the docs recommend for regular updates since the anchor is managed actively while unbound is running. From NLnetlabs: Quote Unbound uses RFC5011 updates to keep the anchor updated if it is changed while the computer is in operation, but the unbound-anchor tool is used if it is changed while the computer is not in operation. I would humbly recommend one edit to your README file on GitHub, though. You have this today: Quote To get DNSSEC up and running, provide the environment variable DNSSEC_ENABLE with a value of 1. That will create the root.key at /etc/unbound/ But you need to specify the addition of the auto trust anchor file location in the config as well for anyone arriving at the container without this forum as additional documentation. So, something like this maybe? Quote To get DNSSEC up and running, provide the environment variable DNSSEC_Enable with a value of 1. That will create the root.key at /etc/unbound. Then, just add this line to the unbound.conf file under the server attribute: auto-trust-anchor-file: "/etc/unbound/root.key" Last, and this is really nit-picky so feel free to ignore it, it would be nice to be consistent with your boolean operator in the Unraid template. For the PROVIDE_CONFIG variable it's "yes" but for the DNSSEC_ENABLE its "1". Might be nice to make the DNSSEC_ENABLE be "yes" as well. I also confirmed the logging recommendation you made. Ultimately, I don't plan to use logging since it doesn't have a good mechanism in the config to limit their size, and it reduces performance, but I get itchy when I can't access logs at all, so this works. For anyone interested, I briefly toyed with redirecting the log file location to /dev/stdout to see if I could get the unbound logs to be available alongside the Adguard logs in the docker logs implementation, but it didn't work. I'm not entirely sure why, but this is good enough for me to be able to review and fix things when needed. Edited February 28, 20251 yr by FirbyKirby
February 28, 20251 yr Author 23 minutes ago, FirbyKirby said: Thanks! Finally had a chance to test the new version and I'm happy to report it works exactly as expected. I also tested with the fail01.dnssec.works and dnssec.works addresses after implementing the new label and config file line pointing to the trust anchor. SERVFAIL is the expected result when resolving the fail01 variant as it won't use DNSSEC. I spent a bit of time doing some research before responding because the docs state that you have to periodically run an unbound-anchor to keep the anchor up to date. I assumed we'd need to update the image to run a cron job. From NLnetlabs: But, I think you actually set it up just right by having unbound-anchor run in the start.sh script. Unless my very amateur docker-fu is way off, that script will run every time the container starts up or is updated, thus achieving what the docs recommend for regular updates since the anchor is managed actively while unbound is running. From NLnetlabs: I would humbly recommend one edit to your README file on GitHub, though. You have this today: But you need to specify the addition of the auto trust anchor file location in the config as well for anyone arriving at the container without this forum as additional documentation. So, something like this maybe? Last, and this is really nit-picky so feel free to ignore it, it would be nice to be consistent with your boolean operator in the Unraid template. For the PROVIDE_CONFIG variable it's "yes" but for the DNSSEC_ENABLE its "1". Might be nice to make the DNSSEC_ENABLE be "yes" as well. I also confirmed the logging recommendation you made. Ultimately, I don't plan to use logging since it doesn't have a good mechanism in the config to limit their size, and it reduces performance, but I get itchy when I can't access logs at all, so this works. For anyone interested, I briefly toyed with redirecting the log file location to /dev/stdout to see if I could get the unbound logs to be available alongside the Adguard logs in the docker logs implementation, but it didn't work. I'm not entirely sure why, but this is good enough for me to be able to review and fix things when needed. Thats great, good to hear. What i got from the docs is that unbound itself is managing they keyfile as long as unbound is up and updates it correctly (from what ive seen it creates new subkeys) and the anchor is only used when unbound wasnt running. So setting the anchor at startup was the most logical way. I will add it to the readme at some point, i did assume that someone who wants to enable dnssec knows about the setting in the unbound config. The semantic difference between the config "yes" and DNSSEC_ENABLE is mostly for the unraid-template sake. I added the dnssec as an advanced option to it which is not shown unless you expand the options. I find a "yes" as setting is a more clear way for it to communicate what that one specific setting does, as where 0 and 1 would suffice to get the point accross to you and me, it might not to someone else. (i would otherwise just use 0 and 1 respectively accross all and will be, with the exception for the "provide config" one, that ill keep at yes^^) Edited February 28, 20251 yr by Mainfrezzer
February 28, 20251 yr This thing killed my VMs. Had to uninstall the Docker image and reboot the UnRAID server. Beware.
February 28, 20251 yr Author 4 minutes ago, ripeart said: This thing killed my VMs. Had to uninstall the Docker image and reboot the UnRAID server. Beware. You should really include what someone has to be afraid of, "this thing" could be anything.
March 1, 20251 yr 7 hours ago, Mainfrezzer said: What i got from the docs is that unbound itself is managing they keyfile as long as unbound is up and updates it correctly (from what ive seen it creates new subkeys) and the anchor is only used when unbound wasnt running. So setting the anchor at startup was the most logical way. I will add it to the readme at some point, i did assume that someone who wants to enable dnssec knows about the setting in the unbound config. The semantic difference between the config "yes" and DNSSEC_ENABLE is mostly for the unraid-template sake. I added the dnssec as an advanced option to it which is not shown unless you expand the options. I find a "yes" as setting is a more clear way for it to communicate what that one specific setting does, as where 0 and 1 would suffice to get the point accross to you and me, it might not to someone else. (i would otherwise just use 0 and 1 respectively accross all and will be, with the exception for the "provide config" one, that ill keep at yes^^) Your logic makes perfect sense to me. No other issues on my side. Great work on maintaining this app.
March 15, 20251 yr HI there Is Pelican something you are still supporting? I ask because I am having an issue whereby the node cannot connect to wings. I am attaching my config.yml. I have removed the uui/token/tokenid as they didnt seem relevant. I did change the ports as the default was being used by something else. Both components (panel and wing) show no errors in the log files. Thanks debug: false uuid: uuid token_id: blank token: blankh api: host: 0.0.0.0 port: 443 ssl: enabled: false cert: /etc/letsencrypt/live/mydomain.com/fullchain.pem key: /etc/letsencrypt/live/mydomain.com/privkey.pem upload_limit: 256 system: data: /mnt/user/appdata/pelican-wing/data sftp: bind_port: 2022 allowed_mounts: [] remote: 'http://192.168.1.161:8013' Edited March 15, 20251 yr by korefuji
March 15, 20251 yr Author 5 hours ago, korefuji said: HI there Is Pelican something you are still supporting? I ask because I am having an issue whereby the node cannot connect to wings. I am attaching my config.yml. I have removed the uui/token/tokenid as they didnt seem relevant. I did change the ports as the default was being used by something else. Both components (panel and wing) show no errors in the log files. Thanks debug: false uuid: uuid token_id: blank token: blankh api: host: 0.0.0.0 port: 443 ssl: enabled: false cert: /etc/letsencrypt/live/mydomain.com/fullchain.pem key: /etc/letsencrypt/live/mydomain.com/privkey.pem upload_limit: 256 system: data: /mnt/user/appdata/pelican-wing/data sftp: bind_port: 2022 allowed_mounts: [] remote: 'http://192.168.1.161:8013' Looks like youre mix and matching domains and ips. If you use https, all has to be https, including how your wing talks to your panel and vice versa. Edit: also, your wing apparently is running on port 443, which is by default not mapped. "should" be 8080 there, unless you did add a mapping for 443 Edit2: I did do a quick internal test Wing Template Edited March 15, 20251 yr by Mainfrezzer
March 15, 20251 yr 14 hours ago, Mainfrezzer said: Looks like youre mix and matching domains and ips. If you use https, all has to be https, including how your wing talks to your panel and vice versa. Edit: also, your wing apparently is running on port 443, which is by default not mapped. "should" be 8080 there, unless you did add a mapping for 443 Edit2: I did do a quick internal test Wing Template I appreciate your help. So I was able to get it working. I can't however, get it working with my domain. Is it because I need to used the domain for both Wing and Panel? ty Separately, will you be updating the image or does it autoupdate as there was a new release pushed which fixes some security issues and more Edited March 15, 20251 yr by korefuji
March 16, 20251 yr Author 9 hours ago, korefuji said: I appreciate your help. So I was able to get it working. I can't however, get it working with my domain. Is it because I need to used the domain for both Wing and Panel? ty Separately, will you be updating the image or does it autoupdate as there was a new release pushed which fixes some security issues and more Yes, for example. panel.domain.tld is for the panel, wing.domain.tld is for the wing. Examples for the config for that can be found on page 4, in case it gives trouble. Already been updated to beta 18 and beta 10 respectivly
March 16, 20251 yr 4 hours ago, Mainfrezzer said: Yes, for example. panel.domain.tld is for the panel, wing.domain.tld is for the wing. Examples for the config for that can be found on page 4, in case it gives trouble. Already been updated to beta 18 and beta 10 respectivly very much appreciated thank you. One last question, the game servers show as "uuid" instead of a name on the container, within Unraid's docker page. Is there a way to change this to a name, rather than UUID? I can't tell what server is what just by the UUID, it's not a big deal, just looks a mess and I will prolly use Folder View to collect them under a folder Edited March 16, 20251 yr by korefuji
March 17, 20251 yr Author 21 hours ago, korefuji said: very much appreciated thank you. One last question, the game servers show as "uuid" instead of a name on the container, within Unraid's docker page. Is there a way to change this to a name, rather than UUID? I can't tell what server is what just by the UUID, it's not a big deal, just looks a mess and I will prolly use Folder View to collect them under a folder Sadly, im not aware of an easy manner to do that.
March 26, 20251 yr Back with another Pelican question. I have scheduled backups and they work, but I need to rotate or delete the backups older than x days. I can use the scheduler to delete files, but idk how to schedule it to delete backups. Someone commented on discord it cannot do this as the files are outside the container. In which case, is it possible to use something else to schedule the first file every x days in that backup folder without it breaking backups?
March 26, 20251 yr Author 1 hour ago, korefuji said: Back with another Pelican question. I have scheduled backups and they work, but I need to rotate or delete the backups older than x days. I can use the scheduler to delete files, but idk how to schedule it to delete backups. Someone commented on discord it cannot do this as the files are outside the container. In which case, is it possible to use something else to schedule the first file every x days in that backup folder without it breaking backups? Given what ive read from that conversations, i think you might have to wait until thats fixed. Quote Quote That's already the case. If the backup limit is reached the oldest backup will be deleted (but there might be a bug where this is not working when using S3 backups) Quote And yes, just deleting the backup folder won't work because the backup metadata is still in the panel database. From what im seeing here by testing, it does work as expected seems to work.mp4 Edit a bit later: It certainly does Edited March 26, 20251 yr by Mainfrezzer
March 26, 20251 yr 1 hour ago, Mainfrezzer said: Given what ive read from that conversations, i think you might have to wait until thats fixed. From what im seeing here by testing, it does work as expected seems to work.mp4 4.87 MB · 0 downloads Edit a bit later: It certainly does EDIT: I think it's working. It may have been that previous schedules were preupdate, and so i redid them and it seems to be good now Any idea on how to troubleshoot this then, if it's working for you it should work at my end too. I did update to the latest image, which was the fix for the backup scheduler I believe. I'll re-do the schedule, but can you outline the steps you did if you dont mind so I can replicate this. Thanks Edited March 26, 20251 yr by korefuji
April 5, 20251 yr Attempting to start the panel docker and it refuses to stay on, logs give me this issue Error: The directory named as part of the path /var/www/html/storage/logs/supervisord/supervisord.log does not exist For help, use /usr/bin/supervisord -h touch: /pelican-data/.env: Permission denied docker/entrypoint.sh: line 16: can't create /pelican-data/.env: Permission denied docker/entrypoint.sh: line 23: can't create /pelican-data/.env: Permission denied grep: .env: No such file or directory Error: The directory named as part of the path /var/www/html/storage/logs/supervisord/supervisord.log does not exist For help, use /usr/bin/supervisord -h touch: /pelican-data/.env: Permission denied docker/entrypoint.sh: line 16: can't create /pelican-data/.env: Permission denied docker/entrypoint.sh: line 23: can't create /pelican-data/.env: Permission denied grep: .env: No such file or directory Error: The directory named as part of the path /var/www/html/storage/logs/supervisord/supervisord.log does not exist For help, use /usr/bin/supervisord -h Starting PHP-FPM with NGINX Starting Supervisord external vars don't exist.
April 5, 20251 yr Author 3 hours ago, Uplinkpro said: Attempting to start the panel docker and it refuses to stay on, logs give me this issue Error: The directory named as part of the path /var/www/html/storage/logs/supervisord/supervisord.log does not exist For help, use /usr/bin/supervisord -h touch: /pelican-data/.env: Permission denied docker/entrypoint.sh: line 16: can't create /pelican-data/.env: Permission denied docker/entrypoint.sh: line 23: can't create /pelican-data/.env: Permission denied grep: .env: No such file or directory Error: The directory named as part of the path /var/www/html/storage/logs/supervisord/supervisord.log does not exist For help, use /usr/bin/supervisord -h touch: /pelican-data/.env: Permission denied docker/entrypoint.sh: line 16: can't create /pelican-data/.env: Permission denied docker/entrypoint.sh: line 23: can't create /pelican-data/.env: Permission denied grep: .env: No such file or directory Error: The directory named as part of the path /var/www/html/storage/logs/supervisord/supervisord.log does not exist For help, use /usr/bin/supervisord -h Starting PHP-FPM with NGINX Starting Supervisord external vars don't exist. For the moment, you need to change the permissions of the appdata folder to allow read and write will look at it in a bit if i can avoid that. Edit: i did update the docker image which *should* fix the issue for all new installs. To manually fix it, update the container to the new beta18 version, once its published, change the owner of the pelican-panel folder to nobody Edited April 5, 20251 yr by Mainfrezzer
April 5, 20251 yr 8 hours ago, Mainfrezzer said: For the moment, you need to change the permissions of the appdata folder to allow read and write will look at it in a bit if i can avoid that That fixed it, now im having issues starting wings says no file is there but it absolutely is and its able to access it this is the log : INFO: [Apr 5 09:33:59.805] writing log files to disk path=/var/log/pelican/wings.log INFO: [Apr 5 09:33:59.805] loading configuration from file config_file=/etc/pelican/config.yml INFO: [Apr 5 09:33:59.809] configured wings with system timezone timezone=America/Los_Angeles INFO: [Apr 5 09:33:59.809] configured system user successfully gid=100 uid=99 username=nobody INFO: [Apr 5 09:33:59.810] fetching list of servers from API INFO: [Apr 5 09:34:00.058] processing servers returned by the API total_configs=0 INFO: [Apr 5 09:34:00.058] finished processing server configurations duration=57.358µs INFO: [Apr 5 09:34:00.060] configuring system crons interval=1m0s subsystem=cron INFO: [Apr 5 09:34:00.060] starting cron processes subsystem=cron INFO: [Apr 5 09:34:00.060] updating server states on Panel: marking installing/restoring servers as normal INFO: [Apr 5 09:34:00.060] configuring internal webserver host_address=0.0.0.0 host_port=8443 use_auto_tls=false use_ssl=true FATAL: [Apr 5 09:34:00.060] failed to configure HTTPS server auto_tls=false error=open /etc/letsencrypt/live/node.upclutch.xyz/fullchain.pem: no such file or directory Stacktrace: open /etc/letsencrypt/live/node.upclutch.xyz/fullchain.pem: no such file or directory github.com/pelican-dev/wings/cmd.rootCmdRun github.com/pelican-dev/wings/cmd/root.go:392 github.com/spf13/cobra.(*Command).execute github.com/spf13/[email protected]/command.go:989 github.com/spf13/cobra.(*Command).ExecuteC github.com/spf13/[email protected]/command.go:1117 github.com/spf13/cobra.(*Command).Execute github.com/spf13/[email protected]/command.go:1041 github.com/pelican-dev/wings/cmd.Execute github.com/pelican-dev/wings/cmd/root.go:71 main.main ./wings.go:17 runtime.main runtime/proc.go:271 runtime.goexit runtime/asm_amd64.s:1695 My config.yml : debug: false uuid: ef7170ba-047f-4e9c-8360-d0f8b125af29 token_id: slX4KidQjXLT8bH1 token: JABT7ebQA8NPFMBcPwHWcaGAk22wJfNwMignEBWxrh1r49XJG6myEIgpo7OJvMF5 api: host: 0.0.0.0 port: 8443 ssl: enabled: true cert: /etc/letsencrypt/live/node.upclutch.xyz/fullchain.pem key: /etc/letsencrypt/live/node.upclutch.xyz/privkey.pem upload_limit: 1024 system: data: /mnt/user/appdata/pelican-wing/data sftp: bind_port: 2022 allowed_mounts: [] remote: 'https://panel.upclutch.xyz' Finally my docker config for wings is below, if i use ssl it will not fully boot wings, If I attempt just port 8080 it will boot but panel will never see it.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.