(Support) Aptalca's docker templates

[Squid]

I'm having an issue setting up Zoneminder, Seems to fail everytime it starts & I end up with a partial Child container on my docker page

 

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="Zoneminder" --net="host" --privileged="true" -e TZ="America/Denver" -e HOST_OS="unRAID" -p 8181:80/ -v "/mnt/cache/Apps/zoneminder/":"/config":rw aptalca/docker-zoneminder
docker: Invalid proto: .
See '/usr/bin/docker run --help'.

The command failed.

Hmm. That's strange because someone else is having the same exact issue with the letsencrypt container. It seems like an unraid issue. Which unraid version are you on?

Not at my server to check, but I don't think that the trailing / after the port should be there.

[aptalca]

I'm having an issue setting up Zoneminder, Seems to fail everytime it starts & I end up with a partial Child container on my docker page

 

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="Zoneminder" --net="host" --privileged="true" -e TZ="America/Denver" -e HOST_OS="unRAID" -p 8181:80/ -v "/mnt/cache/Apps/zoneminder/":"/config":rw aptalca/docker-zoneminder
docker: Invalid proto: .
See '/usr/bin/docker run --help'.

The command failed.

Hmm. That's strange because someone else is having the same exact issue with the letsencrypt container. It seems like an unraid issue. Which unraid version are you on?

Not at my server to check, but I don't think that the trailing / after the port should be there.

Good eye, that's the problem. My xmls leave the protocol field blank and the dockerman fills it with tcp. It seems that the new unraid (I'm assuming folks updated to the latest beta) leaves it blank and it causes the issue

[Squid]

I'm having an issue setting up Zoneminder, Seems to fail everytime it starts & I end up with a partial Child container on my docker page

 

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="Zoneminder" --net="host" --privileged="true" -e TZ="America/Denver" -e HOST_OS="unRAID" -p 8181:80/ -v "/mnt/cache/Apps/zoneminder/":"/config":rw aptalca/docker-zoneminder
docker: Invalid proto: .
See '/usr/bin/docker run --help'.

The command failed.

Hmm. That's strange because someone else is having the same exact issue with the letsencrypt container. It seems like an unraid issue. Which unraid version are you on?

Not at my server to check, but I don't think that the trailing / after the port should be there.

Good eye, that's the problem. My xmls leave the protocol field blank and the dockerman fills it with tcp. It seems that the new unraid (I'm assuming folks updated to the latest beta) leaves it blank and it causes the issue

I'm not on 6.2 yet, but I would call that a bug.  dockerMan shouldn't allow you to start installing if a port is present but its type is undefined

[aptalca]

I fixed the xml templates so if you're having the issue, install from scratch from the community applications and it should install fine

[georgetg]

Jdownloader2 specific question. I wanted to download to the cache and then have mover move the files into the download location with the regular mover execution. However, when mover executes it removes the directory and jdownloader will not create directories during download aside from the package specific directory. I'm thinking that un-archiving would be best done on the cache drive. Any thoughts or possible work arounds people have used?

[rix]

Any update on the PHP situation? 

[xthursdayx]

Hi Aptalca, I was wondering if you know how I might run multiple Calibre Content Server instances from you RDP-Calibre docker? The reason that I want to do this is that I have multiple libraries and I would like to serve all of them (since it doesn't seem that there is a way for server clients to switch between libraries). I've read a bit about it and seems like it's possible, but I'm not sure how to implement this via the docker. See the forum post here for more information -> http://www.mobileread.com/forums/showthread.php?t=150814

 

Thanks!

 

 

[aptalca]

Hi Aptalca, I was wondering if you know how I might run multiple Calibre Content Server instances from you RDP-Calibre docker? The reason that I want to do this is that I have multiple libraries and I would like to serve all of them (since it doesn't seem that there is a way for server clients to switch between libraries). I've read a bit about it and seems like it's possible, but I'm not sure how to implement this via the docker. See the forum post here for more information -> http://www.mobileread.com/forums/showthread.php?t=150814

 

Thanks!

I think you can run multiple containers at the same time. You just have to give the second one a different container name during install and pick different ports.

[aptalca]

Any update on the PHP situation?

Not yet, I tried a few things but couldn't isolate the issue yet. Didn't have to much time lately

[sugarat]

Aptalca,

 

I am attempting to install your DuckDNS docker, when I click the create button nothing happens.  I have the config folder defined.  I am not having any issues installing other dockers.

 

Any help would be greatly appreciated. 

 

Thanks,

Dan

 

Hit the advanced view button at the top right and it will reveal new settings and likely an error message. It won't let you install without entering that info under advanced view.

 

And make sure you read the description at the top 

 

Aptalca,  you may want to update the instructions given at https://hub.docker.com/r/aptalca/docker-duckdns/ - I had to resort to searching this forum for 'duckdns' to discover that I needed to click the greyed out 'Advanced' button in the top right of the container setup page.

 

[DanDee]

Nginx-letsencrypt questions... and forgive my noobness.

 

1.  I noticed in its setup config page it chooses port 80.  im a little bit concerned it will take over the default unraid config running on port 80... it won't, will it?    will it work if i just choose another port like 81 instead?

 

2.  do i need to use a domain i own , or can i use a duckdns subdomain for letsencrypt?

 

Thanks!

 

I hope im in the right place, the support page brought me here, tho in the 36 pages i can't seem to find any mention of the letsencrypt app.

I admit Im a fan of a couple of Aptala's other docker apps, specifically duckdns and zoneminder... huge thanks!

[aptalca]

 

 

Nginx-letsencrypt questions... and forgive my noobness.

 

1.  I noticed in its setup config page it chooses port 80.  im a little bit concerned it will take over the default unraid config running on port 80... it won't, will it?    will it work if i just choose another port like 81 instead?

 

2.  do i need to use a domain i own , or can i use a duckdns subdomain for letsencrypt?

 

Thanks!

 

I hope im in the right place, the support page brought me here, tho in the 36 pages i can't seem to find any mention of the letsencrypt app.

I admit Im a fan of a couple of Aptala's other docker apps, specifically duckdns and zoneminder... huge thanks!

 

No problem. I'm glad you like the containers.

 

Port 80 for that container is optional. The letsencrypt validation occurs through 443 and you're supposed to connect to www through 443 as well in order to use ssl by default. Plus, you have to map 80 to a different port anyway because it's already being used by the unraid gui.

 

You can use duckdns,  just make sure to put yoursubdomain.duckdns.org in the url field and leave the subdomain as www

[aptalca]

Aptalca,

 

I am attempting to install your DuckDNS docker, when I click the create button nothing happens.  I have the config folder defined.  I am not having any issues installing other dockers.

 

Any help would be greatly appreciated. 

 

Thanks,

Dan

 

Hit the advanced view button at the top right and it will reveal new settings and likely an error message. It won't let you install without entering that info under advanced view.

 

And make sure you read the description at the top

 

Aptalca,  you may want to update the instructions given at https://hub.docker.com/r/aptalca/docker-duckdns/ - I had to resort to searching this forum for 'duckdns' to discover that I needed to click the greyed out 'Advanced' button in the top right of the container setup page.

You should always read the description on the container install page in the unraid gui

 

The docker hub description is really for non unraid users but I leave the unraid info just to promote it.

[DanDee]

 

Nginx-letsencrypt questions... and forgive my noobness.

 

1.  I noticed in its setup config page it chooses port 80.  im a little bit concerned it will take over the default unraid config running on port 80... it won't, will it?    will it work if i just choose another port like 81 instead?

 

2.  do i need to use a domain i own , or can i use a duckdns subdomain for letsencrypt?

 

Thanks!

 

I hope im in the right place, the support page brought me here, tho in the 36 pages i can't seem to find any mention of the letsencrypt app.

I admit Im a fan of a couple of Aptala's other docker apps, specifically duckdns and zoneminder... huge thanks!

 

No problem. I'm glad you like the containers.

 

Port 80 for that container is optional. The letsencrypt validation occurs through 443 and you're supposed to connect to www through 443 as well in order to use ssl by default. Plus, you have to map 80 to a different port anyway because it's already being used by the unraid gui.

 

You can use duckdns,  just make sure to put yoursubdomain.duckdns.org in the url field and leave the subdomain as www

 

thanks for the tips, it worked like a charm.  I just needed patience as it took a minute or so to apply the ssl keys.

now all i need is to figure out how to setup nginx as a reverse proxy so i can hit some of my other containers from outside using https and i'm golden. 

[dAigo]

As always, first things first. Thanks for the LetsEncrypt container, its almost to easy now

 

I started using it ~28 days ago, and from what I remember, renewal should be due with around 30 days left.

So I started the container and saw in the logs, that the current certs were only 10 days old and not up to renewal...

 

The container was mostly offline, but I startet it while updating to 6.2 beta. (10 days ago...)

Port 443 was redirected to another server that is not set up for the validation process, so a new cert could not have been succsessfully requested/validated.

And the cert was only 18 days old, so it should not have been renewed by your cronjob.

 

I'm not sure what or why that happend (maybe some date/time issues while upgrading) and its not really important.

 

But it got me curios, so I looked through your code, because the container description is reduced to the necessary stuff.

The code is easy to read, learned a lot about letsencrypt and that earned some bonus points

 

Some things I would like to request/suggest, if its not to much work. (to make great things even greater )

1) could you add DH and RSA Key length as a variable? 2048 is good and definitly enough, but greedy people like me may want 4096+... should be quite easy from what I see.. I changed DH in firstrun.sh and added --rsa-key-size in letsencrypt.sh and got my 4096-keys. Any container update would probably revert those changes, but the renewal.conf contains the rsa-key option and dh won't be renewed anyway

 

2) In my case, I did not notice the "accidental" but successfull renewal. Is there a easy way to add some form of notification on successfull/failed creations or renewals?

 

3) I saw, that you are using --renew-by-default. That does mean, the cert will be renewed even if the 60 days are not over, which is probably what happened 10 days ago. You could add a variable for that as well, for those who would like to test the renewal process more frequently, its still beta after all

 

4) while its great to generate certs and learn about letsencrypt, some sort of reverseproxy-support out-of-the-box would be a perfect addition. While its definetly more work, a simple proxy-conf could be generated through some variables in the container template (source url, destination url) I guess?

 

5) maybe a NTP option to make sure date/time is correct for renewal?

 

Maybe you could add some info about the renewal to your readme/description?

- Default Renewal after 60 days

- Renewal does not re-validate the domain, as long as the correct cert is found on port 443 (correct me if I am wrong). So after cert creation, you could move the containter to another port if you want? For example, if another server needs to run on 443 and reverse proxy is not working/wanted.

 

But as I said, its already a really usefull container, even without any additional features, so thanks again

[aptalca]

As always, first things first. Thanks for the LetsEncrypt container, its almost to easy now

 

I started using it ~28 days ago, and from what I remember, renewal should be due with around 30 days left.

So I started the container and saw in the logs, that the current certs were only 10 days old and not up to renewal...

 

The container was mostly offline, but I startet it while updating to 6.2 beta. (10 days ago...)

Port 443 was redirected to another server that is not set up for the validation process, so a new cert could not have been succsessfully requested/validated.

And the cert was only 18 days old, so it should not have been renewed by your cronjob.

 

I'm not sure what or why that happend (maybe some date/time issues while upgrading) and its not really important.

 

 

If 443 was not forwarded to the container, it should not have been able to validate. Plus, the script does not run the letsencrypt command unless the existing certs are at least 60 days old.

 

Not sure what happened in your case. Maybe the certs weren't successfully created the first time you ran it. Again, without seeing the logs from before, I can't tell. An older version of this container used to calculate the cert age by the file's mtime, which wasn't the best method. Latest version actually checks the cert creation date so it's more reliable.

 

Also, just so you know, there are two logs, the docker log will tell you what happened when the letsencrypt.sh ran at container start. And then there is the letsencrypt.log file in the config folder under log/nginx/ and that one stores the latest cron output. Make sure you check both.

 

 

But it got me curios, so I looked through your code, because the container description is reduced to the necessary stuff.

The code is easy to read, learned a lot about letsencrypt and that earned some bonus points

 

Some things I would like to request/suggest, if its not to much work. (to make great things even greater )

1) could you add DH and RSA Key length as a variable? 2048 is good and definitly enough, but greedy people like me may want 4096+... should be quite easy from what I see.. I changed DH in firstrun.sh and added --rsa-key-size in letsencrypt.sh and got my 4096-keys. Any container update would probably revert those changes, but the renewal.conf contains the rsa-key option and dh won't be renewed anyway

 

I'll give it some thought. Although the 4096 dh might take forever to generate.

 

 

2) In my case, I did not notice the "accidental" but successfull renewal. Is there a easy way to add some form of notification on successfull/failed creations or renewals?

 

letsencrypt.log file in the config folder should tell you what happened during the last attempt. I might change it to append so you can see the history as well.

 

 

3) I saw, that you are using --renew-by-default. That does mean, the cert will be renewed even if the 60 days are not over, which is probably what happened 10 days ago. You could add a variable for that as well, for those who would like to test the renewal process more frequently, its still beta after all

 

 

There are two checkpoints. The first is, letsencrypt.sh that I created will only attempt a renewal if the existing certs are over 60 days old. That's done by comparing the cert creation time and the current time on the server. The other checkpoint is administered by letsencrypt servers. I don't remember their timeline but by default, if the certs aren't close to expiring, the headless command skips the renewal. This parameter bypasses that behavior so only my letsencrypt.sh script controls when the certs are renewed rather than the letsencrypt servers. The reason is that if letsencrypt sets that to 5 days before expiration and the cron script doesn't run during that time, the certs expire. And I don't want to schedule the cron script too frequently because the update method requires that the nginx webserver is taken down during cert renewal.

 

And I certainly don't want to let the user decide on the frequency, because letsencrypt has a bunch of restrictions on that and they'll block you from further cert creations per domain or per user (this made the testing of this container fairly difficult early on as I kept hitting the limits and now I am getting a ton of e-mails daily about expiring certs that are not being used, and are all duplicates, but were created in the process).

 

 

4) while its great to generate certs and learn about letsencrypt, some sort of reverseproxy-support out-of-the-box would be a perfect addition. While its definetly more work, a simple proxy-conf could be generated through some variables in the container template (source url, destination url) I guess?

 

 

I considered that but then realized that it would never be a turn key solution. The user will always have to figure out how to set it up on their systems. I'd rather have them go and research it so they know what they are doing before attempting it, rather than me providing a partial solution and end up with a ton of support requests because they don't know what they are doing and it is just not working.

 

I did post copies of my conf files in the letsencrypt thread, though: https://lime-technology.com/forum/index.php?topic=43696.msg437353#msg437353

 

 

5) maybe a NTP option to make sure date/time is correct for renewal?

 

Maybe you could add some info about the renewal to your readme/description?

- Default Renewal after 60 days

- Renewal does not re-validate the domain, as long as the correct cert is found on port 443 (correct me if I am wrong). So after cert creation, you could move the containter to another port if you want? For example, if another server needs to run on 443 and reverse proxy is not working/wanted.

 

But as I said, its already a really usefull container, even without any additional features, so thanks again

 

The container fixes the time so that it matches the host system's local time (even for cron, which is by default UTC)

 

I don't advertise the 60 day thing because honestly, the user does not even need to know that. The container will take care of it all. As long as it's running, the certs will be kept up-to-date. If it was down for a while, it will renew upon container start.

 

Renewal does require revalidation. That's part of their core mission: provide short term certs that are often validated, automatically.

 

I originally wanted to make this a separate container just for cert management. The idea was that this container would keep the certs up-to-date and put them somewhere other containers could access. But there are some serious (and annoying) restrictions with how acme is set up. You have to use either port 80 or 443 for validation. No other port works. In other words, you have to run letsencrypt on the same machine/container your webserver is running. Also, if you want to do it through port 443, you have to use letsencrypt's built-in webserver for validation, which means you have to stop your main webserver while you're validating. That's why I had to integrate it into a full nginx container so the script can do automatic renewals.

 

So basically, this isn't really a letsencrypt container. It's actually an nginx container with letsencrypt and fail2ban built-in.

 

On my company webserver that is hosted on a vps, I have a custom letsencrypt solution that is very similar to the one built-in here (almost the same cron script but modified for multiple certs with different domain names).

[jbear]

Is ffmpeg included in 1.29 ?  Is the path the same as 1.28.1 (/usr/bin/avconv) ?

 

PATH_CAMBOZOLA Web path to (optional) cambozola java streaming client (?) Should I just use the default here ?  cambozola.jar ? or /usr/share/zoneminder/www/cambozola.jar ?

 

Can't seem to be able to get my remote IP CAM to display anything in 1.29, basically using the same settings as 1.28.1.

 

Thanks.

 

For all zoneminder fans, version 1.29 is out. But it's a separate container. Due to the extensive changes in the new version, it was near impossible to update a 1.28 version in place. So you'll have to install this separate container and set it up from scratch. Don't try to install it using the same config folder with existing data, it won't work.

 

To be honest, I wasn't even able to update my existing install to 1.29 no matter how hard I tried (without deleting the existing data), so there was no way I could do it for all the existing users with different configs.

 

Let me know if the new one has any issues

[aptalca]

Is ffmpeg included in 1.29 ?  Is the path the same as 1.28.1 (/usr/bin/avconv) ?

 

PATH_CAMBOZOLA Web path to (optional) cambozola java streaming client (?) Should I just use the default here ?  cambozola.jar ? or /usr/share/zoneminder/www/cambozola.jar ?

 

Can't seem to be able to get my remote IP CAM to display anything in 1.29, basically using the same settings as 1.28.1.

 

Thanks.

 

For all zoneminder fans, version 1.29 is out. But it's a separate container. Due to the extensive changes in the new version, it was near impossible to update a 1.28 version in place. So you'll have to install this separate container and set it up from scratch. Don't try to install it using the same config folder with existing data, it won't work.

 

To be honest, I wasn't even able to update my existing install to 1.29 no matter how hard I tried (without deleting the existing data), so there was no way I could do it for all the existing users with different configs.

 

Let me know if the new one has any issues

Instructions are on the docker hub page: https://hub.docker.com/r/aptalca/zoneminder-1.29/

 

You probably need to change the path_zms that is listed under important

[jbear]

Is ffmpeg included in 1.29 ?  Is the path the same as 1.28.1 (/usr/bin/avconv) ?

 

PATH_CAMBOZOLA Web path to (optional) cambozola java streaming client (?) Should I just use the default here ?  cambozola.jar ? or /usr/share/zoneminder/www/cambozola.jar ?

 

Can't seem to be able to get my remote IP CAM to display anything in 1.29, basically using the same settings as 1.28.1.

 

Thanks.

 

For all zoneminder fans, version 1.29 is out. But it's a separate container. Due to the extensive changes in the new version, it was near impossible to update a 1.28 version in place. So you'll have to install this separate container and set it up from scratch. Don't try to install it using the same config folder with existing data, it won't work.

 

To be honest, I wasn't even able to update my existing install to 1.29 no matter how hard I tried (without deleting the existing data), so there was no way I could do it for all the existing users with different configs.

 

Let me know if the new one has any issues

Instructions are on the docker hub page: https://hub.docker.com/r/aptalca/zoneminder-1.29/

 

You probably need to change the path_zms that is listed under important

 

I'm making some progress, in the prior docker 1.28.1, the events were stored in the config path under /appdata/zoneminder/data/zoneminder/events, separate from the container, in this version, I'm not so sure that is the case.  I've recorded several events, but the /appdata/zoneminderv129/data/events folder is empty.

 

So it seemed by default, the old version stored events in the config path, but 1.29 does not.  I see that I can change the path for events, I assume /config/data/events may work ?

 

Appreciate your help.

 

 

[aptalca]

Is ffmpeg included in 1.29 ?  Is the path the same as 1.28.1 (/usr/bin/avconv) ?

 

PATH_CAMBOZOLA Web path to (optional) cambozola java streaming client (?) Should I just use the default here ?  cambozola.jar ? or /usr/share/zoneminder/www/cambozola.jar ?

 

Can't seem to be able to get my remote IP CAM to display anything in 1.29, basically using the same settings as 1.28.1.

 

Thanks.

 

For all zoneminder fans, version 1.29 is out. But it's a separate container. Due to the extensive changes in the new version, it was near impossible to update a 1.28 version in place. So you'll have to install this separate container and set it up from scratch. Don't try to install it using the same config folder with existing data, it won't work.

 

To be honest, I wasn't even able to update my existing install to 1.29 no matter how hard I tried (without deleting the existing data), so there was no way I could do it for all the existing users with different configs.

 

Let me know if the new one has any issues

Instructions are on the docker hub page: https://hub.docker.com/r/aptalca/zoneminder-1.29/

 

You probably need to change the path_zms that is listed under important

 

I'm making some progress, in the prior docker 1.28.1, the events were stored in the config path under /appdata/zoneminder/data/zoneminder/events, separate from the container, in this version, I'm not so sure that is the case.  I've recorded several events, but the /appdata/zoneminderv129/data/events folder is empty.

 

So it seemed by default, the old version stored events in the config path, but 1.29 does not.  I see that I can change the path for events, I assume /config/data/events may work ?

 

Appreciate your help.

 

Oops, my bad. They changed all the paths between 1.28 and 1.29 and I must have missed this change. That's why I had to create a separate docker. No way to update the old one in place.

 

Will be fixed in the next update. Thanks for letting me know.

[aptalca]

Zoneminder is now fixed, update pushed

[jbear]

Wanted to thank you for making the changes.  Seems to be working well, will need to mess with it a bit more, but so far so good.

 

Thanks again.

 

 

Zoneminder is now fixed, update pushed

[aptalca]

Wanted to thank you for making the changes.  Seems to be working well, will need to mess with it a bit more, but so far so good.

 

Thanks again.

 

 

Zoneminder is now fixed, update pushed

Great to hear is working. Let me know if you find any other bugs

[dcpdad]

Morning Aptalca-

 

Thank you for your great dockers. They really add tremendous value to all things unRAID!

 

Two questions on your Calibre-Server:

(1)  have you considered adding a simple username and password to access the library?

(2)  have you considered adding a for your docker to look for new downloads in a particular folder and auto-add the new ebooks?

 

Thanks again!

[aptalca]

Morning Aptalca-

 

Thank you for your great dockers. They really add tremendous value to all things unRAID!

 

Two questions on your Calibre-Server:

(1)  have you considered adding a simple username and password to access the library?

(2)  have you considered adding a for your docker to look for new downloads in a particular folder and auto-add the new ebooks?

 

Thanks again!

 

Hi dcpdad,

 

1) If you're asking about password protection for access from the internet, then I would recommend using a reverse proxy like nginx. It allows for authorization through htpasswd, which I trust. Check out the nginx-letsencrypt container I put together, it handles the ssl certs and reverse proxy. I use that for all my container GUIs so I can access them securely

 

2) Not really, I guess I'm a little OCD and prefer to import the books manually so I can check to make sure the info retrieved from the internet is correct. I'm not sure if calibre has that functionality built-in or not. I know it has terminal commands you can use for importing through command line, which could be put into a cron script, but I honestly don't have time to look into that. If someone else figures it out, feel free to send a pr on github