sparklyballs Posted June 22, 2015 Share Posted June 22, 2015 Can i ask you a completely unrelated question to your containers about iptables ? Of course! shoot i'm trying to make a mythtv container fly and would really like to keep it as network type bridge to make mythweb easier. however it seems that hdhomerun doesn't want to work unless host is set. i believe the issue is this. https://code.mythtv.org/trac/ticket/7272 but i don't know how to implement it for a test build. hmm ok, well unless the docker image has the firewall defined (via iptable entries) then i doubt this is the issue, did you see this is also marked as invalid? if you type iptables -L when the mythtv docker container is running what does it show? im assuming just the default ACCEPT for the 3 iptable rule sets? that command just returns not found. i think it was marked invalid because it didn't specifcally pertain to mythtv code. i'm trying to find a way to not have to resort to host mode, i can of course move the mythweb from port 80 etc... but i'd prefer to not have to. Link to comment
binhex Posted June 22, 2015 Author Share Posted June 22, 2015 Can i ask you a completely unrelated question to your containers about iptables ? Of course! shoot i'm trying to make a mythtv container fly and would really like to keep it as network type bridge to make mythweb easier. however it seems that hdhomerun doesn't want to work unless host is set. i believe the issue is this. https://code.mythtv.org/trac/ticket/7272 but i don't know how to implement it for a test build. hmm ok, well unless the docker image has the firewall defined (via iptable entries) then i doubt this is the issue, did you see this is also marked as invalid? if you type iptables -L when the mythtv docker container is running what does it show? im assuming just the default ACCEPT for the 3 iptable rule sets? that command just returns not found. i think it was marked invalid because it didn't specifcally pertain to mythtv code. i'm trying to find a way to not have to resort to host mode, i can of course move the mythweb from port 80 etc... but i'd prefer to not have to. hmm ok, interesting!, have you considered installing tcpdump to see whats coming in, you can use wireshark to analyse the dump, also can you see if ufw is installed, if it is then try allowing anything on the local lan in, example sudo ufw allow from 192.168.1.0/24 dunno if youve seen this but a few interesting posts on mythtv and hdhomerun issues http://ubuntuforums.org/showthread.php?t=2073370 Link to comment
sparklyballs Posted June 22, 2015 Share Posted June 22, 2015 Can i ask you a completely unrelated question to your containers about iptables ? Of course! shoot i'm trying to make a mythtv container fly and would really like to keep it as network type bridge to make mythweb easier. however it seems that hdhomerun doesn't want to work unless host is set. i believe the issue is this. https://code.mythtv.org/trac/ticket/7272 but i don't know how to implement it for a test build. hmm ok, well unless the docker image has the firewall defined (via iptable entries) then i doubt this is the issue, did you see this is also marked as invalid? if you type iptables -L when the mythtv docker container is running what does it show? im assuming just the default ACCEPT for the 3 iptable rule sets? that command just returns not found. i think it was marked invalid because it didn't specifcally pertain to mythtv code. i'm trying to find a way to not have to resort to host mode, i can of course move the mythweb from port 80 etc... but i'd prefer to not have to. hmm ok, interesting!, have you considered installing tcpdump to see whats coming in, you can use wireshark to analyse the dump, also can you see if ufw is installed, if it is then try allowing anything on the local lan in, example sudo ufw allow from 192.168.1.0/24 dunno if youve seen this but a few interesting posts on mythtv and hdhomerun issues http://ubuntuforums.org/showthread.php?t=2073370 cool , thanks for the pointers. i'll have another play later, movie time. Link to comment
Dimtar Posted June 22, 2015 Share Posted June 22, 2015 I removed the TV category form SAB so there weren't issues with Sonarr, but here is a screenshot of the user folders: Currently your downloads for SAB are going to /config/Downloads/complete so therefore Sonarr cannot find them becase /config is mapped to a different place for each docker. Inside SAB make a new category and name it Sonarr. Then set the 'Completed Download Folder' in the last screenshot (inside SAB) you sent to this: /data/Downloads/complete Then try again and report back. Link to comment
johnc Posted June 22, 2015 Share Posted June 22, 2015 Thanks, that would be great - no big rush since I know how to fix it. And yes, it caused issues for me because I have an additional user (which then could not access any of the new directories that had been created under the "nogroup" group). Maybe another workaround for me would be to add my user into the "nogroup" group, but I hadn't thought to try that that. In the meantime, if anyone else hits this, here's how to fix it: docker exec -it binhex-sabnzbd usermod -G nobody,users nobody Then restart the docker container. Repeat for any other dockers (for me, that's Couchpotato and Sickrage). ive actually applied the fix this morning, so if you now do a check for updates and then force update for the docker containers your interested in then it should work fine. thanks for reporting this issue, one of the nice side effects of sharing your work is debug by end users Thanks for checking on that so quick. But that didn't fix the issue. And it's my fault. I had tried a couple things to get it to work and didn't realize a change to the PRIMARY group was needed also. I re-tested a couple times (from scratch each time) using your latest dockers. This procedure (and in this order) fixes it every time: usermod -g users nobody usermod -G users,nobody nobody Then restart the docker. Sorry about that. Link to comment
brisimmons105 Posted June 22, 2015 Share Posted June 22, 2015 I removed the TV category form SAB so there weren't issues with Sonarr, but here is a screenshot of the user folders: Currently your downloads for SAB are going to /config/Downloads/complete so therefore Sonarr cannot find them becase /config is mapped to a different place for each docker. Inside SAB make a new category and name it Sonarr. Then set the 'Completed Download Folder' in the last screenshot (inside SAB) you sent to this: /data/Downloads/complete Then try again and report back. Thanks Dimtar, I ended up figuring that out. I actually just created and mapped new download directories for both SAB and Sonarr and got it working. I appreciate the help. Link to comment
Dimtar Posted June 22, 2015 Share Posted June 22, 2015 I removed the TV category form SAB so there weren't issues with Sonarr, but here is a screenshot of the user folders: Currently your downloads for SAB are going to /config/Downloads/complete so therefore Sonarr cannot find them becase /config is mapped to a different place for each docker. Inside SAB make a new category and name it Sonarr. Then set the 'Completed Download Folder' in the last screenshot (inside SAB) you sent to this: /data/Downloads/complete Then try again and report back. Thanks Dimtar, I ended up figuring that out. I actually just created and mapped new download directories for both SAB and Sonarr and got it working. I appreciate the help. Sorry I went to sleep shortly after my last post (timezones) but I am glad you worked it out, thats the best way cause you know why its working now. Link to comment
JustinChase Posted June 23, 2015 Share Posted June 23, 2015 [quote author=binhex link=topic=38055.msg387025#msg387025 date=1434980478 hm very odd!, thanks for letting me know, let me know what they say, maybe there is a tweak to the ovpn file for certain locations?. I just got off a chat with PIA and they suggested I try different ports. I changed 1194 to 9201 and it worked; both with new york and east servers. I only tried those 2 since one worked before and one didn't. Now they both work. However, they only work with port 8112. If I try to use port 58846, that fails to connect. If I try 8118, that also failed, but I assume that's because I dont' have the proxy turned on in the setup yet. Just wanted to let you know my findings. They offered 4 ports to try... try the below ports. 9201, 1194, 8080 and 53 If that does not work, check the box to enable a TCP connection, and use the following ports: 443, 110, 80 Thanks again. Link to comment
dikkiedirk Posted June 23, 2015 Share Posted June 23, 2015 I may have messed things up. I added the sabnzb, using settings in the picture. I then accessed sab quick setup through server-ip:1500. After finishing this I was greeted with a screen like in the other picture. Why does it come back with this address through htttps and port 8090? Now while I still can access sab through http and port 1500 but I can not disable https in sabs general setup. I tried this several times, saving it and restarting sab, bit it always comes back with https enabled. I also can not set any paths like /mnt/user/nzb. Did I do something terrible stupid? Is it still fixable? Or is it better to remove the docker and start all over again? Link to comment
Squid Posted June 23, 2015 Share Posted June 23, 2015 I may have messed things up. I added the sabnzb, using settings in the picture. I then accessed sab quick setup through server-ip:1500. After finishing this I was greeted with a screen like in the other picture. Why does it come back with this address through htttps and port 8090? Now while I still can access sab through http and port 1500 but I can not disable https in sabs general setup. I tried this several times, saving it and restarting sab, bit it always comes back with https enabled. I also can not set any paths like /mnt/user/nzb. Did I do something terrible stupid? Is it still fixable? Or is it better to remove the docker and start all over again? The ports that Sab shows you is always going to be 8090. You have to remember that within the container it is using ports 8090. External to the container you access it through 1510 which docker "translates" to be 8090 Link to comment
dikkiedirk Posted June 23, 2015 Share Posted June 23, 2015 I may have messed things up. I added the sabnzb, using settings in the picture. I then accessed sab quick setup through server-ip:1500. After finishing this I was greeted with a screen like in the other picture. Why does it come back with this address through htttps and port 8090? Now while I still can access sab through http and port 1500 but I can not disable https in sabs general setup. I tried this several times, saving it and restarting sab, bit it always comes back with https enabled. I also can not set any paths like /mnt/user/nzb. Did I do something terrible stupid? Is it still fixable? Or is it better to remove the docker and start all over again? The ports that Sab shows you is always going to be 8090. You have to remember that within the container it is using ports 8090. External to the container you access it through 1510 which docker "translates" to be 8090 I initially accessed and configured sab through port 1500/8080. And it came back with port 8090 as shown in the picture. Link to comment
binhex Posted June 23, 2015 Author Share Posted June 23, 2015 Thanks, that would be great - no big rush since I know how to fix it. And yes, it caused issues for me because I have an additional user (which then could not access any of the new directories that had been created under the "nogroup" group). Maybe another workaround for me would be to add my user into the "nogroup" group, but I hadn't thought to try that that. In the meantime, if anyone else hits this, here's how to fix it: docker exec -it binhex-sabnzbd usermod -G nobody,users nobody Then restart the docker container. Repeat for any other dockers (for me, that's Couchpotato and Sickrage). ive actually applied the fix this morning, so if you now do a check for updates and then force update for the docker containers your interested in then it should work fine. thanks for reporting this issue, one of the nice side effects of sharing your work is debug by end users Thanks for checking on that so quick. But that didn't fix the issue. And it's my fault. I had tried a couple things to get it to work and didn't realize a change to the PRIMARY group was needed also. I re-tested a couple times (from scratch each time) using your latest dockers. This procedure (and in this order) fixes it every time: usermod -g users nobody usermod -G users,nobody nobody Then restart the docker. Sorry about that. hi johnc, thanks for that, no harm done, i should of tested it, this is my tested and confirmed change i will be putting in the base image, notice the slight difference to your code, basically im using the -a flag to append group membership, as opposed to redefining the groups again, same result in the end though :-). # add user "nobody" to primary group "users" (will remove any other group membership) usermod -g users nobody # add user "nobody" to secondary group "nobody" (will retain primary membership) usermod -a -G nobody nobody Link to comment
binhex Posted June 23, 2015 Author Share Posted June 23, 2015 I may have messed things up. I added the sabnzb, using settings in the picture. I then accessed sab quick setup through server-ip:1500. After finishing this I was greeted with a screen like in the other picture. Why does it come back with this address through htttps and port 8090? Now while I still can access sab through http and port 1500 but I can not disable https in sabs general setup. I tried this several times, saving it and restarting sab, bit it always comes back with https enabled. I also can not set any paths like /mnt/user/nzb. Did I do something terrible stupid? Is it still fixable? Or is it better to remove the docker and start all over again? The ports that Sab shows you is always going to be 8090. You have to remember that within the container it is using ports 8090. External to the container you access it through 1510 which docker "translates" to be 8090 it will do, sabnzbd does not know your running docker, and is not aware of the port mapping from port 1510 to 8090, so when you restart sabnzbd it will always restart on the port IT thinks you want to talk to it on, which is by default 8090, in reality though the port YOU want to talk to sab on is port 1510, clear?. I initially accessed and configured sab through port 1500/8080. And it came back with port 8090 as shown in the picture. Link to comment
binhex Posted June 23, 2015 Author Share Posted June 23, 2015 [quote author=binhex link=topic=38055.msg387025#msg387025 date=1434980478 hm very odd!, thanks for letting me know, let me know what they say, maybe there is a tweak to the ovpn file for certain locations?. I just got off a chat with PIA and they suggested I try different ports. I changed 1194 to 9201 and it worked; both with new york and east servers. I only tried those 2 since one worked before and one didn't. Now they both work. However, they only work with port 8112. If I try to use port 58846, that fails to connect. If I try 8118, that also failed, but I assume that's because I dont' have the proxy turned on in the setup yet. Just wanted to let you know my findings. They offered 4 ports to try... try the below ports. 9201, 1194, 8080 and 53 If that does not work, check the box to enable a TCP connection, and use the following ports: 443, 110, 80 Thanks again. hmm very odd, i just tried east coast and new york without changing the port and both worked straight away, confirmed i had a different ip and that i can connect to peers/seeds, so not sure why your seeing issues, perhaps your isp is blocking certain ports and preventing connection to the vpn? Link to comment
JustinChase Posted June 23, 2015 Share Posted June 23, 2015 hmm very odd, i just tried east coast and new york without changing the port and both worked straight away, confirmed i had a different ip and that i can connect to peers/seeds, so not sure why your seeing issues, perhaps your isp is blocking certain ports and preventing connection to the vpn? Yeah, the ISP might (must?) be blocking port 1194, but it's weird that it worked for 2 servers, and failed for 2 others. very weird indeed. However, 9201 allowed me to connect to east, which is the closest to me (and fastest) of their US servers, so I'll just be happy about that. I did turn on the proxy, but still couldn't connect to 8118. I'm not quite sure what the the proxy is supposed to do for me, so I'm not worried about it. just wanted to let you know for completeness sake. thanks again for everything you do to support us! Link to comment
binhex Posted June 23, 2015 Author Share Posted June 23, 2015 VPN_USER=<vpn username> VPN_PASS=<vpn password> VPN_REMOTE=<vpn remote gateway> VPN_PORT=<vpn remote port> VPN_PROV=<pia|custom> ENABLE_PRIVOXY=<yes|no> Mind if I ask what ENABLE_PRIVOXY does? Using PIA myself and with the update all is working well, just not sure what that setting does. Once again, thanks for all the work. sure!, that setting enables a proxy server within the docker, this can be used for situations where your isp blocks access to certain websites, you simply enable this and then point your application/web browser at <host ip>:8118 (or the port of your choice), this then sends the request down the vpn tunnel and safely circumvents your isp's filtering, neat hu?. if you want to test it then enable it, configure proxy in your web browser and to confirm its working, go to http://whatismyip.com and you should see the ip you have is not originating from your isp but is the ip allocated from your vpn provider. Justinchase read the above re what does privoxy do for me? Link to comment
dikkiedirk Posted June 23, 2015 Share Posted June 23, 2015 I may have messed things up. I added the sabnzb, using settings in the picture. I then accessed sab quick setup through server-ip:1500. After finishing this I was greeted with a screen like in the other picture. Why does it come back with this address through htttps and port 8090? Now while I still can access sab through http and port 1500 but I can not disable https in sabs general setup. I tried this several times, saving it and restarting sab, bit it always comes back with https enabled. I also can not set any paths like /mnt/user/nzb. Did I do something terrible stupid? Is it still fixable? Or is it better to remove the docker and start all over again? The ports that Sab shows you is always going to be 8090. You have to remember that within the container it is using ports 8090. External to the container you access it through 1510 which docker "translates" to be 8090 it will do, sabnzbd does not know your running docker, and is not aware of the port mapping from port 1510 to 8090, so when you restart sabnzbd it will always restart on the port IT thinks you want to talk to it on, which is by default 8090, in reality though the port YOU want to talk to sab on is port 1510, clear?. I initially accessed and configured sab through port 1500/8080. And it came back with port 8090 as shown in the picture. But I don't want to use port 1510/8090 because this uses https. I also can't disable https in sabs configuration, whet I try to disable it, save it and restart it comes back with https enabled. I never used https in the plugin version, why should I now? Link to comment
binhex Posted June 23, 2015 Author Share Posted June 23, 2015 I may have messed things up. I added the sabnzb, using settings in the picture. I then accessed sab quick setup through server-ip:1500. After finishing this I was greeted with a screen like in the other picture. Why does it come back with this address through htttps and port 8090? Now while I still can access sab through http and port 1500 but I can not disable https in sabs general setup. I tried this several times, saving it and restarting sab, bit it always comes back with https enabled. I also can not set any paths like /mnt/user/nzb. Did I do something terrible stupid? Is it still fixable? Or is it better to remove the docker and start all over again? The ports that Sab shows you is always going to be 8090. You have to remember that within the container it is using ports 8090. External to the container you access it through 1510 which docker "translates" to be 8090 it will do, sabnzbd does not know your running docker, and is not aware of the port mapping from port 1510 to 8090, so when you restart sabnzbd it will always restart on the port IT thinks you want to talk to it on, which is by default 8090, in reality though the port YOU want to talk to sab on is port 1510, clear?. I initially accessed and configured sab through port 1500/8080. And it came back with port 8090 as shown in the picture. But I don't want to use port 1510/8090 because this uses https. I also can't disable https in sabs configuration, whet I try to disable it, save it and restart it comes back with https enabled. I never used https in the plugin version, why should I now? nobody is saying you HAVE to use SSL, this is just an option which is available to people who wish to use it, if you want to connect over straight http then in the unraid docker ui specify under port mappings the host port you want to use that maps to container port 8080 and then connect to sabnzbd ui using that host port instead, in your case thats port 1500, forget about 1510, its of no consequence that's its accessible on that port also, it most def isnt a security concern as SSL is, as im sure your aware, infinitely more secure than unencrypted http. the reason you cant switch ssl off is because this is turned on via command line flag at startup. edit - option if you NEVER want to use SSL is to delete the port in unraid docker webui, so just have the single port mapping left that maps container port 8080 to your host port, that way there is no chance of connecting via SSL Link to comment
brisimmons105 Posted June 23, 2015 Share Posted June 23, 2015 Just updated SAB via the docker and I'm getting the following error in SAB after downloading Processing was aborted (Cannot create final folder /MediaDL/Movies/filename....). It was fine yesterday, I'm assuming this is an owners issue? Should I try resetting the owner of my SAB directory to nobody:users? EDIT: That didn't do the trick. Any suggestions? 2nd EDIT: I ran the 'New Permissions' script from the webgui/utility page and it fixed it. Still seems weird that this happened...hopefully this is the last of it. Link to comment
dikkiedirk Posted June 23, 2015 Share Posted June 23, 2015 I may have messed things up. I added the sabnzb, using settings in the picture. I then accessed sab quick setup through server-ip:1500. After finishing this I was greeted with a screen like in the other picture. Why does it come back with this address through htttps and port 8090? Now while I still can access sab through http and port 1500 but I can not disable https in sabs general setup. I tried this several times, saving it and restarting sab, bit it always comes back with https enabled. I also can not set any paths like /mnt/user/nzb. Did I do something terrible stupid? Is it still fixable? Or is it better to remove the docker and start all over again? The ports that Sab shows you is always going to be 8090. You have to remember that within the container it is using ports 8090. External to the container you access it through 1510 which docker "translates" to be 8090 it will do, sabnzbd does not know your running docker, and is not aware of the port mapping from port 1510 to 8090, so when you restart sabnzbd it will always restart on the port IT thinks you want to talk to it on, which is by default 8090, in reality though the port YOU want to talk to sab on is port 1510, clear?. I initially accessed and configured sab through port 1500/8080. And it came back with port 8090 as shown in the picture. But I don't want to use port 1510/8090 because this uses https. I also can't disable https in sabs configuration, whet I try to disable it, save it and restart it comes back with https enabled. I never used https in the plugin version, why should I now? nobody is saying you HAVE to use SSL, this is just an option which is available to people who wish to use it, if you want to connect over straight http then in the unraid docker ui specify under port mappings the host port you want to use that maps to container port 8080 and then connect to sabnzbd ui using that host port instead, in your case thats port 1500, forget about 1510, its of no consequence that's its accessible on that port also, it most def isnt a security concern as SSL is, as im sure your aware, infinitely more secure than unencrypted http. the reason you cant switch ssl off is because this is turned on via command line flag at startup. edit - option if you NEVER want to use SSL is to delete the port in unraid docker webui, so just have the single port mapping left that maps container port 8080 to your host port, that way there is no chance of connecting via SSL Still not working. I have removed the port 8090 and have only mapped 1500/8080. Still after sabs quick setup it comes back with https and port 8090. I also can not disable https in sabs general sonfiguration. It also can't create the incomplete folder under Downloads or other folders on the array. Link to comment
binhex Posted June 23, 2015 Author Share Posted June 23, 2015 Still not working. I have removed the port 8090 and have only mapped 1500/8080. Still after sabs quick setup it comes back with https and port 8090. I also can not disable https in sabs general sonfiguration. It also can't create the incomplete folder under Downloads or other folders on the array. So after the wizard has finished if you go to http://unraidip:1500 you can access the webui, yes? If so then your set. Regards can't disable SSL, "The reason you cant switch ssl off is because this is turned on via command line flag at startup." Link to comment
binhex Posted June 23, 2015 Author Share Posted June 23, 2015 It also can't create the incomplete folder under Downloads or other folders on the array. What folder are you specifying in sab for incomplete? It should be something like /data/incomplete Link to comment
Ice_Black Posted June 23, 2015 Share Posted June 23, 2015 @binhex Is there a way for NZBGet to connect to VPN? Link to comment
binhex Posted June 23, 2015 Author Share Posted June 23, 2015 @binhex Is there a way for NZBGet to connect to VPN? Right now, no as it would require some work to get nzbget to be correctly secured via the VPN tunnel. Link to comment
Ice_Black Posted June 23, 2015 Share Posted June 23, 2015 @binhex Is there a way for NZBGet to connect to VPN? Right now, no as it would require some work to get nzbget to be correctly secured via the VPN tunnel. Ah I see, I think I will stick with NZBGet + VPN on a VM Link to comment
Recommended Posts