Jump to content
binhex

[Support] binhex - General

112 posts in this topic Last Reply

Recommended Posts

Important - This thread is NOT for support of Docker images, please use the separate support threads shown in the "Docker Images" section shown further below.

 

Overview: Support of unRAID Docker templates, news and user requests for new Docker images for the binhex Docker repository.

Docker Hub: https://hub.docker.com/u/binhex/

GitHub: https://github.com/binhex

 


If you appreciate my work, then please consider buying me a beer  :D

 

btn_donate_SM.gif

Description
 

All the Docker images contained within this repository are Arch Linux based, the reason i choose Arch is as follows:-

  • Cutting Edge - Packages are latest stable versions, thus you get no issues with old packages causing issues with newer apps.
  • Small Footprint - Arch is built with a minimal approach, including only the required packages for the OS.
  • Arch User Repository (AUR) is vast! - AUR has packages for nearly every popular linux application out there, and using a helper app like packer means simple and quick deployment of virtually any application as a docker.
  • Familiar OS - Working knowledge of Arch, based on past experience running Arch Linux in a VM.

Installation
 

OK, sounds good to me, so how do i install your Docker apps using unRAID?.

Firstly you need to be running unRAID ver 6.0.0 or later, once installed follow the instructions below:-

  1. Navigate to "Docker" tab and then the "Docker Repositories" sub-tab in the unRAID webui
  2. Enter in a URL of https://github.com/binhex/docker-templates in the "Template repositories" field
  3. Click on the "Save" button
  4. Click back to "Docker" tab and then click on the "Add Container" button
  5. Click on the "Template" dropdown menu and select the desired Docker image
  6. Click the "Advanced View" toggle on the top right and fill in required fields e.g. volume data, environment variables etc
  7. Click on the "Create" button at the bottom of the window to begin pulling down the Docker image
  8. Once the image is downloaded you should see it appear in the "Docker Containers" sub-tab

Docker Images
 

[Support] AirSonic

[Support] CouchPotato

[Support] Deluge

[Support] DelugeVPN

[Support] Emby

[Support] get_iplayer

[Support] IntelliJ

[Support] Jackett

[Support] Jenkins

[Support] Koel

[Support] Krusader

[Support] LibreOffice

[Support] Libresonic

[Support] Lidarr

[Support] Madsonic

[Support] Medusa

[Support] MiniDLNA

[Support] MovieGrabber

[Support] NZBGet

[Support] NZBHydra

[Support] NZBHydra2

[Support] Plex

[Support] PlexPass

[Support] PyCharm

[Support] qBittorrentVPN

[Support] Radarr

[Support] rTorrentVPN

[Support] SABnzbd

[Support] SABnzbdVPN

[Support] Sickbeard

[Support] Sickrage

[Support] Sonarr

[Support] Teamspeak

[Support] Tvheadend

 

Key:

Green - application/docker container confirmed working, no known issues

Orange - application/docker container under heavy development

Red - application/docker container broken or not working as expected

 

Changelog https://raw.githubusercontent.com/binhex/docker-templates/master/CHANGELOG.md

 

Newbie VPN Guide
 

Q1. I can't get the Web UI to show for application xVPN when VPN_ENABLED is set to 'yes', if i set it to 'no' then i can view the Web UI, what am i doing wrong?


A1. Firstly in order to create a tunnel to your VPN provider you need to use their OpenVPN configuration file and certificates. These will typically be downloaded from your VPN providers website, and generally are zipped.

PIA users - The URL to download the openvpn configuration files and certs is https://www.privateinternetaccess.com/openvpn/openvpn.zip

Once you have downloaded the zip (normally a zip as they contain multiple ovpn files) then extract it to /config/openvpn/ folder (if that folder doesn't exist then start and stop the docker container to force the creation). If there are multiple ovpn files then please delete the ones you don't want to use (normally filename follows location of the endpoint) leaving just a single ovpn file and the referenced certificates (normally files with a crt and pem extension).

You will now need to move onto configuration of the container...

So all of the Docker images i have produced that include VPN functionality will NOT allow you to access the Web UI of the application until there is a working VPN tunnel. This protects the user from accidentally thinking they have a working tunnel and thus are anonymous, when in actual fact they aren't protected at all.

Whilst a lot of VPN providers are subtly different, i will try to give some examples for each setting exposed via Environment Variables (via 'docker run' or unRAID Web UI):-

VPN_ENABLED - Fairly self explanatory, if you set this to 'yes' then a VPN tunnel connection will be attempted, set to no and you will run the application with no VPN protection.

VPN_USER - This is the username as supplied by your VPN provider, it might be the website login, or it might be a separate username. In some cases it may also not be required, as some providers allow you to create a ovpn config file with your authentication supplied as a inline end user certificate (AirVPN for instance).

VPN_PASS - Same deal as the VPN_USER, this is the VPN provider supplied password, again this may not be necessary for certain providers due to auth via embeded cert in the ovpn file.

IMPORTANT - usernames/passwords that contain characters which are NOT in the range (0-9, a-z, A-Z) MAY cause issues, check the /config/supervisord.log for this

VPN_PROV - This is the VPN provider you're using, the reason i differentiate between providers is because i have built in support for port forwarding for propvider PIA, thus its important to specify this correctly, if you aren't using VPN provider PIA then set it to either AirVPN or custom.

VPN_OPTIONS - This allows you to define advanced OpenVPN options, in most cases this is NOT required unless you know what you're doing.

STRICT_PORT_FORWARD - If this is set to yes then you will be enforcing port forwarding when connected to an VPN remote endpoinly for provider PIA. Again i would like to stress this only takes effect for PIA users only, if you're using another provider then you will need to setup the port forward yourself (speeds will be VERY slow without a working incoming port).

ENABLE_PRIVOXY - Allows you to define whether you want to run Privoxy inside the container as well - for more details about Privoxy see below Q4.

https://forums.lime-technology.com/topic/44108-support-binhex-general/?do=findComment&comment=433613


LAN_NETWORK - This is used to define your home LAN network, do NOT confuse this with the IP address of your router or your server, the value for this key defines your network NOT a single host - for more details about how to configure this see below Q5.
https://forums.lime-technology.com/topic/44108-support-binhex-general/?do=findComment&comment=433613


NAME_SERVERS - This allows you to define the name servers you want to use when the VPN tunnel is established, keep in mind you probably will NOT be able to use your ISP's name servers when the tunnel is running, as your IP address will then not be in your ISP's range and thus will normally be blocked, thus the recommendation to use an open DNS, the defaults are normally fine.

DEBUG - Set this to true to enable debug, extremely useful to debug issues when you can't connect to the VPN tunnel - for further help see below

https://forums.lime-technology.com/topic/44108-support-binhex-general/?do=findComment&comment=435831

 

UMASK - This sets the permissions for newly created files/folders, the defaults are normally fine.

PUID/PGID - The user ID and group ID to run as, the default value of 99 is for user 'nobody' group 'users', if you want to run the container as another user then find out the UID by issuing the following command:-

id <username you want to run as>

Example command run on the docker host:-

# id nobody
# uid=99(nobody) gid=100(users) groups=100(users),98(nobody)

So you can see the UID is 99 and the GID is 100, so set PUID to be 99 and PGID to be 100.

IMPORTANT - If you do decide to change the PUID and PGID values and you have previously started the container then please ensure you delete the file /config/perms.txt to force a reset of permissions for the new user/group.

 

Edited by binhex
  • Like 2

Share this post


Link to post

General Docker FAQ

 

Q1. What is the difference between Bridge and Host Network Types?

 

A1. Setting a Docker Container to Bridge networking (default) allows the user to map a port from the host to the container (see later questions), whereas setting a Docker container to use Host networking means the Docker applications ports cannot be defined and are bound to the Host's adapter

 

Q2. What does the Privileged check-box do?

 

A2. The Privileged checkbox allows the Docker Container to perform certain privileged activities, these are typically required for additional netwworking functions, such as creating/editing virtual adapters.

 

Q3. I can't see how to configure the settings for the VPN Docker images

 

A3. The current default action in the unRAID webui for Docker is to hide the Advanced options, for some applications you need to view these advanced options to configure the application using Environment Variables. To view these additional fields simply click on the "Advanced View" toggle button and then fill in the values.

 

Q4. What are Volume Mappings used for?

 

A4. Volume Mappings are a way of sharing data from the host to the running Docker Container, without a Volume Mapping it would be very difficult to access data written to the running containers virtual file system. Volume mappings are defined in two halves, the Container volume, which is the  root folder that will appear INSIDE the Docker Container, and the Host path, which is the full path you wish to share with the Docker Container.

 

For example a volume mapping of /config /mnt/cache/appdata will create a folder called "config" off the root of the Docker Containers file system, this folder will contain all files and folders that exist in the hosts path "/mnt/cache/appdata".

 

IMPORTANT - When configuring the Docker application (not container) remember to use the container volume root folder, NOT the Host path, e.g. /data/completed for completed folder or /data/incomplete for incomplete downloads, NOT /mnt/user/appdata/completed

 

Q5. What is the /config Container Volume used for?

 

A5. This is used to store application configuration, such as ini files, db's, cached data, etc.

 

Q6. What is the /data Container Volume used for?

 

A6. This is used to store downloaded data generated from the Docker application, such as TV Shows, Movies, Games, etc.

 

Q7. What is the /media Container Volume used for?

 

A7. This is used with Docker applications that index data for user consumption, or Docker applications that require access to your media library to perform post processing, example applications are CouchPotato, Plex, Madsonic, Sickbeard, SickRage.

 

Q8. What are Port Mappings used for?

 

A8. Port mappings are used to map a hosts ports to a containers ports, this gives you the flexibility to have multiple containers running using the same port but are defined as different ports on the host side.

 

IMPORTANT - When editing the Docker container please do NOT alter the container port, this is set in the Docker image and should not be changed, this also applies to application configuration, the port number should NOT be changed.

 

Q9. Why can't Sonarr/Radarr/Lidarr/SickRage/Medusa post process my downloads from SABnzbd/Deluge/rTorrent?

 

A9. The location you set for downloads for your download client(s) MUST be consistent for ALL docker containers, so for instance assuming two containers (there could and probably will be more than two in reality), a downloader (sabnzbdvpn) and a metadata downloader (sonarr), here are some scenarios:-

 

BROKEN EXAMPLE 1.

sabnzbdvpn

/mnt/cache/appdata/data/completed is mapped to /data

 

sonarr

/mnt/cache/appdata/data is mapped to /data

 

Why is this broken? because although the container path (/data) is the same for both containers, the host path does NOT match

 

BROKEN EXAMPLE 2.

sabnzbdvpn

/mnt/cache/appdata/data/Completed is mapped to /data

 

sonarr

/mnt/cache/appdata/data/completed is mapped to /data

 

Why is this broken? because although the container path (/data) is the same for both containers, the host path does NOT match (linux is CaSe sensitive).

 

BROKEN EXAMPLE 3.

sabnzbdvpn

/mnt/cache/appdata/data/completed is mapped to /data

 

sonarr

/mnt/cache/appdata/data/completed is mapped to /downloads

 

Why is this broken? because although the host path is now ok, the container paths do NOT match.

 

WORKING EXAMPLE

sabnzbdvpn

/mnt/cache/appdata/data/completed is mapped to /data

 

sonarr

/mnt/cache/appdata/data/completed is mapped to /data

 

Why is this working? because BOTH the container path (/data) and the host path (/mnt/cache/appdata/data/completed) EXACTLY match.

 

IMPORTANT - Application configuration
 

Lastly keep in mind that when you configure sabnzbdvpn and sonarr (in this example) the paths again must match, so if you configure sabnzbdvpn to download to /data/usenet/ then you MUST also configure sonarr to use the same path, you CANNOT configure sonarr to use /data, this again would cause a mismatch of path, even if you have set the container path and the host path to be the same (as in the working example above).

 

Q10. Why is there more than one Container Port specified?

 

A10. Multiple Container ports are sometimes required for applications where there is more than one process running, an example of this would be Deluge, where it has a daemon (process that does the downloading), a webui (process serving the http interface), and an additional port for incoming requests.

 

Q11. I can see there is a newer version of the Docker application im running, can i update the application using the applications built-in update system?.

 

A11. In place upgrades are not recommended when using Docker applications, instead wait for the developer to trigger a new build. Once the new image has been built, then open the unRAID webui and click on the "Docker" tab and then press the "Check for Updates" button, this should then change the "Version" for the Docker container to "update ready" then simply click on this and click the "Just do it!" button to begin the download of the newer image.

 

Q12. There is an issue with the latest version of an application, how do i roll back to a specific version?

 

A12. In order to pull down a specific version of an application you need to specify the tag with the version you want. To find out what tags are available for the docker image you need to go to the first post in the applications support thread, then copy the URL shown for "Docker Hub:" and append "builds/" to the end of the url and paste into your preferred browser.

 

This will return a list of available tag names, make a note of the tag you want (tag name denotes the version of the application) and then go the unRAID web interface, left clicking the specific Docker container and selecting "edit", then click on the advanced view option (top right) and edit the repository string, adding in ":<the tag you want>" to the end of the name, e.g. to specify a version of 1.0.0.0 for couchpotato. the repository would be changed from:-

 

binhex/arch-couchpotato

to

binhex/arch-couchpotato:1.0.0.0

 

Q13. I know Needo's Docker images automatically update on restart, can any of your Docker Images do this also?

 

A13. No, i have not gone down the route of having automatic upgrading of applications on reboot/start, two main reasons are around keeping the dockerfile code as clean and easy to maintain as possible, and secondly to do with the ease of support, if i know everybody is running the same version then its a LOT easier to offer support. I do keep a very close eye on versions of applications coming out and constantly monitor for changes, so the gap between release and the latest version being available for download via Docker webui is minimal (typically a couple of days).

 

Q14. I have a problem with a Docker, are there any logs?

 

A14. All the Docker containers for this repository use a process manager called Supervisor, this will log stdout and stderr to a log file called "supervisord.log" in the root of the defined /config hosts path. When logging an issue on the forum please attach this to help diagnose the issue quicker.

 

Q15. I have a problem with application X, its hanging/crashing/behaving strangely, who do i contact?

 

A15. Although i am the developer for the docker image i cannot fix issues related to the application itself, put simply i create an easy to use method to run the application, if the application itself is faulty then you will need to contact the developer(s) of the application, most of the time this involves posting an 'issue' on github, see the application support thread OP for links to the application.

 

Plex FAQ

 

Q1. How do i configure Plex to transcode to RAM/Array/Cache?

 

A1. Below are the different options for setting transcoding for Plex and Plex Pass:-
 

Transcode to RAM - create a new volume mapping, host path /tmp and container path /transcode then define TRANS_DIR so that it points at ram drive e.g.:-

TRANS_DIR=/transcode

/transcode maps to host path /tmp

 

 Transcode to the array - create a new unRAID user share named 'Transcode' (or whatever you want) and then define TRANS_DIR so that it points at your array e.g.:-

TRANS_DIR=/transcode

/transcode maps to host path /mnt/user/Transcode

 

Transcode to cache (preferably cache is SSD not spinner) - define TRANS_DIR so that it points at your cache drive e.g.:-


TRANS_DIR=/transcode

/transcode maps to host path /config/tmpTRANS_DIR=/transcode  /transcode maps to host path /config/tmp

 

Note:- Recommended transcode method is to use the cache drive.

 

Still stuck?, take a look at the unRAID FAQ:- https://lime-technology.com/forums/topic/57181-real-docker-faq/

 

Edited by binhex

Share this post


Link to post

VPN Docker FAQ

 

Q1. I can't seem to access the webui from outside my LAN, why is this?

 

A1. The Docker VPN images use iptables in order to secure against ip leakage of your ISP assigned ip address, this requires all modules loading at the kernel level for iptables, including the iptable_mangle module. If the iptable_mangle module is not loaded/available on your hosts kernel then you will not be able to access the webui outside of your LAN. Until recently unRAID DID include iptable_mangle support by default, but the latest release (6.1.8 or later) has removed this.

 

In order to force the loading of iptable_mangle you need to add the following to your unRAID "go" file, this can be done by issuing the following:-

 

1. SSH into the unRAID host and issue the following commands:-

 

echo "# force iptable mangle module to load (required for *vpn dockers)" >> /boot/config/go
echo "/sbin/modprobe iptable_mangle" >> /boot/config/go
 

2. Reboot the host for the change to take effect

 

Note -  if you want to apply the fix straight away issue the following:-

 

/sbin/modprobe iptable_mangle
Q2. What is the purpose of Privoxy?

 

A2. Privoxy is a non-caching web proxy with filtering capabilities for enhancing privacy, manipulating cookies and modifying web page data and HTTP headers before the page is rendered by the browser. In practise what this gives you by including it in the same container as the VPN tunnel is that you can bypass any filtering that maybe present by your ISP by simply configuring your browser to use the proxy server.

 

This is achieved by sending and receiving all data via the VPN tunnel, think of Privoxy as a middle man who will route traffic for you from your LAN over the VPN tunnel and back again. The other uses as well as simple web browsing is certain applications can also be told to use the proxy when downloading metadata, such as nzb or torrent files from index sites, as some ISP's may block certain index sites this is an extremely useful feature.

 

Q3. I'm struggling to configure LAN_NETWORK correctly, can you give some examples?

 

A3. Sure!, here is a list of examples and how to identify the correct CIDR notation (digit(s) after the /)

 

If you type "ipconfig /all" on windows host on your LAN you will get something similar to this:-

 

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : home.gateway
   Description . . . . . . . . . . . : Red Hat VirtIO Ethernet Adapter
   Physical Address. . . . . . . . . : 11-22-33-44-55-66
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe00::1111:2222:3333:4444%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 17 February 2016 21:10:32
   Lease Expires . . . . . . . . . . : 27 February 2016 11:10:13
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 55727104
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-4A-97-73-52-54-00-32-3F-43
   DNS Servers . . . . . . . . . . . : 193.1.2.3
   NetBIOS over Tcpip. . . . . . . . : Enabled
 

or "ifconfig" on linux:-

 

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.10  netmask 255.255.255.0  broadcast 192.168.1.255
        ether 68:05:ca:0b:fe:25  txqueuelen 0  (Ethernet)
        RX packets 28203743  bytes 36171326044 (33.6 GiB)
        RX errors 0  dropped 19925  overruns 0  frame 0
        TX packets 26710466  bytes 165269242671 (153.9 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 

So you can see the ip address of this host 192.168.1.10 and the netmask 255.255.255.0, so the internal network is defined as:-

 

192.168.1.0
 

and the netmask in CIDR format is:-

 

/24
 

Some common netmask to CIDR notation examples:-

 

255.255.255.0 = /24
255.255.0.0 = /16
255.0.0.0 = /8


Q4. I've just updated and now the container won't start. If i look in the /config/supervisord.log file i see the message below, what does it mean and how do i fix it?.

VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak:

A4. The above message is informing you that the cipher used for the VPN providers certificate is too weak and thus susceptible to decryption by a third party. In order to fix this you need to contact your VPN provider and inform them that the certificate available is using a weak cipher and has been flagged as such by OpenSSL 1.1.x and kindly ask them to re-generate a new certificate with a stronger cipher.

Keep in mind the purpose of a VPN is to provider secure, anonymous connectivity to the internet, using a weak cipher means you are potentially exposing the connection to snooping.

 

Q5. My download/upload speeds are low when connected to the VPN tunnel, what could be the cause of this?.

 

A5. There are multiple potential causes for low speeds, here is a list of the common ones:-

 

  • Incoming port not defined correctly - This is the main cause of low speeds, if you want to maintain high upload/download rates then you MUST have a working incoming port. If you are using PIA as your VPN provider then this will be done for you automatically, as long as you are connected to a endpoint that supports port forwarding (see list below) AND STRICT_PORT_FORWARD is set to "yes". If you are using another VPN provider then you will need to find out if your VPN provider supports port forwarding and what mechanism they use to allocate the port, and finally configure the application to use the port.

       PIA endpoints that support port forwarding (incoming port) can be seen here:-

       https://www.privateinternetaccess.com/helpdesk/kb/articles/how-do-i-enable-port-forwarding-on-my-vpn

  • Upload rate set too high/unlimited - failure to correctly define your upload speed will mean your connection will be choked, resulting in low download speeds, the solution to this is to define your upload rate as about 3/4 of your theoretical maximum upload rate (keeping in mind this is defined in Bytes (big B) NOT bits (small b).
  • Rate limit overhead enabled (deluge specific) - If the option in the Deluge Web UI in the "Bandwidth" section labelled "Rate limit IP overhead" is ticked this can result in low speeds, please untick this option.
  • VPN endpoint has low bandwidth - Not all VPN endpoints are equal, some will have large allocations of bandwidth than others, you will need to check with your VPN provider to identify which are the faster endpoints and connect to these.
  • Highly fragmented disk - If your disk has a lot of fragmentation then speeds can be low due to the significantly reduced I/O that a fragmented disk can cause. This can be fixed by performing a disk defragmentation to optimise the disk.
  • Name Resolution not working - When specifying the NAME_SERVER value you must keep in mind that your ISP's Name Servers will most probably block name resolution for everything that doesn't have a source IP address owned by them, thus when the VPN tunnel is established Name Resolution will most likely fail if you're using your ISP's Name Servers (as your source IP will be different) and this will result in low speeds. The fix for this is to use Name Servers which permit usage from ANY source IP, such as Google or FreeDNS, both of which are set by default.
  • Writing incomplete/partial downloads directly to the unRAID array - unRAID writes to the array are normally slow, typically being in the range 20MB/s to 50MB/s depending on hardware. Due to this low write speed you may see issues when a torrent client attempts to write incomplete/partial downloads directly to the array, especially when multiple writes from different downloads are in progress. The fix is to write to a cache drive (preferably SSD) or use the 'Unassigned Devices' plugin to connect to a single drive (again preferably SSD)  - see below for details on this.
  • There have been reports from users that using a unRAID mirrored cache pool (has to be BTRFS currently) causes yo-yo download speeds and/or timeouts to the download daemon (seen with rTorrentVPN), there is currently no fix to this other than to break the mirror and use a single cache drive. The alternative method is to use the unRAID plugin 'unassigned devices' and mount an external drive and use this to store incomplete/completed downloads on. The other point to mention is that XFS seems to be a more efficient and stable filesystem in comparison to BTRFS (at this time), so if you do split your cache pool it maybe worth taking the opportunity to switch to XFS, as you will need to format in any case after the mirror split.
     

Q6. The hardware specification of my host is low, how can i reduce the CPU load caused by OpenVPN whilst still maintaining security?

 

A6. If the VPN provider you are using supports AES-128/256-GCM (PIA does support this) then you can improve security (stronger cipher) and also reduce your CPU load when compared to using traditional ciphers such as CBC. To achieve this you simply edit the ovpn configuration file located in /config/openvpn/ and include the following lines:-

cipher aes-128-gcm
auth sha256
ncp-disable

Note - Please ensure you remove any other existing lines that may clash with the lines above, 

 

Once done simply restart the container for the change to be picked up.

 

Q7. Since the update i can't now start the container when VPN_ENABLED is set to 'yes' and i see the following message in /config/supervisord.log

"[crit] No OpenVPN config file located in /config/openvpn/ (ovpn extension), please download from your VPN provider and then restart this container, exiting..." what does this mean and how can i fix this?
 

A7. Recently i have stpped baking in the OpenVPN configuration file and certs for PIA users (there are multiple reasons for this which i won't go into here), so in order to create a tunnel to your VPN provider you now need to download their OpenVPN configuration file and certificates. These will typically be downloaded from your VPN providers website, and generally are zipped.

PIA users - The URL to download the openvpn configuration files and certs is https://www.privateinternetaccess.com/openvpn/openvpn.zip

Once you have downloaded the zip (normally a zip as they contain multiple ovpn files) then extract it to /config/openvpn/ folder (if that folder doesn't exist then start and stop the docker container to force the creation). If there are multiple ovpn files then please delete the ones you don't want to use (normally filename follows location of the endpoint) leaving just a single ovpn file and the referenced certificates (normally files with a crt and pem extension).

 

Q8. I'm unable to see the Web UI and i'm seeing the following in the /config/supervisord.log file, what does this mean and how can i fix this?

Linux ip -6 addr add failed: external program exited with error status: 2

A8. This is due to the VPN provider pushing an OpenVPN option to use IPv6 to the client (your end), due to the fact that unRAID 6.3.x or earlier doesn't support IPv6 you will then see the above error message. To prevent this we can filter out the pushed options by adding the following lines to your ovpn file (located in /config/openvpn/<your filename>.ovpn)

pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"

Save the file and restart the container for the change to take effect.
 

Q9. How can i confirm that my incoming port is working when the VPN tunnel is established?

 

A9. To do this you can use the website https://www.yougetsignal.com/tools/open-ports/ this allows you to put in your public IP address for your VPN connection (can be found in the /config/supervisord.log) and the incoming port that you have manually configured (or in the case of PIA auto configured) for the application. Once you have entered in these details hit the "check" button to confirm the port is open.

 

Q10. Does DelugeVPN/SABnzbdVPN/rTorrentVPN prevnet ip leakage when the tunnel goes down (aka include a 'kill switch') ?

 

A10. IP leakage is prevented by the use of iptables rules, this is significantly better than a kill switch, as it guarantee's at all times that ip leakage cannot and will not happen by blocking the ability for the application to communicate externally (web ui is allowed). 

 

SABnzbdVPN Docker FAQ

 

Q1. I am having issues using a post processing script which connects to CouchPotato/Sick Beard, how do i fix this?

 

A2. In order to allow SABnzbdVPN to initiate a connection to an application you need to define the additional ports required by configuring the "ADDITIONAL_PORTS" environment variable with the port(s) you need to open, if you need more than one port opening then please use a comma to seperate the values. To be clear this parameter is NOT required for normal use, this is only required when specifying scripts which connect FROM SABnzbd to another container/application.

 

WARNING misconfiguration of this COULD lead to ip leakage, do NOT configure this with the port for your usenet provider!.

 

Please note, this is a new environment variable that has been added later on, thus existing users may not have this present for the docker configuration screen, if this is the case you will need to manually add in the environment variable.

 

Q2. How can i verify that the Usenet client is using the VPN tunnel?

 

A2. You can verify this by downloading a public webpage inside the running Docker container which returns your public ip address, instructions on how to do this shown below:-

 

1. SSH into your host

2. Run the following command:-

 

docker exec -it <name of container> curl -L https://jsonip.com
 

3. The returned IP value should be different to your ISP assigned IP address

 

Q3. I've just updated to the latest SABnzbd image and now i can't access the web ui, if i look in the /config/supervisord.log file i see the following, how can i fix it?

Traceback (most recent call last):
  File "/opt/sabnzbd/cherrypy/wsgiserver/__init__.py", line 2024, in start
    self.tick()
  File "/opt/sabnzbd/cherrypy/wsgiserver/__init__.py", line 2091, in tick
    s, ssl_env = self.ssl_adapter.wrap(s)
  File "/opt/sabnzbd/cherrypy/wsgiserver/ssl_builtin.py", line 67, in wrap
    server_side=True)
  File "/usr/lib/python2.7/ssl.py", line 363, in wrap_socket
    _context=self)
  File "/usr/lib/python2.7/ssl.py", line 611, in __init__
    self.do_handshake()
  File "/usr/lib/python2.7/ssl.py", line 840, in do_handshake
    self._sslobj.do_handshake()
error: [Errno 0] Error

A3. The above error indicates that the currently used certificate and key are too weak and thus must be replaced with a stronger cert/key. If your using the self-signed certificate that comes with SABnzbd then you can simply stop the Docker container, and then delete the files /config/admin/server.key and /config/admin/server.cert then start the container again to force the regeneration of compliant certs.

 

Note:- There is currently a bug in SABnzbd where it still shows an error message on the web ui, this is completely harmless and can be dismissed, if you wish to help get this bug removed then please post about it here:- https://github.com/sabnzbd/sabnzbd/issues/853

 

DelugeVPN Docker FAQ

 

Q1. How do i connect CouchPotato to DelugeVPN?

 

A1. To connect CouchPotato to DelugeVPN perform the following:-

 

IMPORTANT - If your connecting to DelugeVPN from a traditional (non dockerized) installation of CouchPotato then please ensure you have configured the LAN_NETWORK (see FAQ "I'm struggling to configure LAN_NETWORK correctly, can you give some examples?" for help) environment variable for DelugeVPN (you can left click and "Edit" the configuration if you've already created the container).

 

1. Start DelugeVPN and login to the webui, then enable Preferences->Daemon->Allow Remote Connections

2. Restart DelugeVPN Docker container

3. Open Deluge authorisation file /config/auth and note the username and password, it should be in the format:-

 

<admin username>:<admin password>:<level>
 

The default value is as follows:-

 

admin:deluge:10
 

If the above doesn't exist then please add to the auth file and restart the container before continuing.

 

4. Go to the CouchPotato webui->Settings>Downloaders>Deluge

5. Configure Host as <host ip address>:58846

6. Configure the Username and Password as specified in the auth file

7. Click on Test Deluge button, if it all works then you should see success.

 

Q2. How can i verify that the Torrent client is using the VPN tunnel?

 

A2. You can verify this by loading a custom torrent that returns the IP address that is used to connect to the tracker, instructions on how to do this shown below:-

 

1. Go to website http://torguard.net/checkmytorrentipaddress.php

2. Click on the "Check my torrent IP" button to download the torrent

3. Open Deluge webui and add the torrent

4. Highlight the added torrent and go to the "Status" tab at the bottom left of the screen

5. The "Tracker Status" should return something like this:-

 

"checkmytorrentip.net: Error: Success, Your torrent client IP is: 10.156.1.1"

 

6. If the tunnel is correctly established then IP address should be different to the IP address from your ISP.

 

rTorrentVPN FAQ

 

Q1. Why are some of my settings reverting when i restart rutorrent?

 

A1. So rutorrent is purely a web frontend to rtorrent, and as such does NOT modify any settings for rtorrent, the only settings you can save using rutorrent are settings for rutorrent itself, i.e. things like enabling/disabling plugins, settings for plugins etc.

 

If you want to modify things like incoming port, enabling/disabling dht, and folders for incomplete/complete downloads then you will have to modify the rtorrent config file, this is located in /config/rtorrent/config/rtorrent.rc please make sure you use something like notepad++ (not windows notepad) to prevent the line endings being modified.

Edited by binhex

Share this post


Link to post

Further help

 

OK so you've read all the FAQ's above right and you're still stuck, in that case you will need to perform the following, remember without logs there is little chance of resolving your issue:-

 

1. Delete any existing supervisord.log file located in /config/

2. Stop the container and delete it (or if you're an unraid user skip this step).

3. Set the env var key "DEBUG" to a value of "true".

4. Start the container and wait 5 mins for it to completely finish initialising.

5. Post the ENTIRE /config/supervisord.log file in the correct support thread for the container you're running.

 

IMPORTANT - Make sure to remove any reference to your username and password from the supervisord.log BEFORE posting it.

Edited by binhex
  • Like 1

Share this post


Link to post

Hi binhex, I was going to ask for a (very low importance) favor of you.  I've been using the gfjardim docker for owncloud and needos docker for mariadb, but he's gone AWOL, as you know, and OwnCloud is telling me there is a new version to update to, but I suspect he won't be back to update his docker for the new version any time soon, so...

 

...in all your abundance of free time (hehe), can you either take over, or create dockers for this (or both of these?)

 

I'm in no hurry, it's working fine, I just thought it'd be nice to have it updated, and even better to have them based on your docker base, like pretty much all my other dockers.

 

PLEASE no not feel compelled to do it, I completely understand that you may not want to take on any more work for yourself, but you've always been so generous with your time, I thought it worth at least asking.

 

Thanks again, and take it easy.

Share this post


Link to post

Hi binhex, I was going to ask for a (very low importance) favor of you.  I've been using the gfjardim docker for owncloud and needos docker for mariadb, but he's gone AWOL, as you know, and OwnCloud is telling me there is a new version to update to, but I suspect he won't be back to update his docker for the new version any time soon, so...

 

...in all your abundance of free time (hehe), can you either take over, or create dockers for this (or both of these?)

 

I'm in no hurry, it's working fine, I just thought it'd be nice to have it updated, and even better to have them based on your docker base, like pretty much all my other dockers.

 

PLEASE no not feel compelled to do it, I completely understand that you may not want to take on any more work for yourself, but you've always been so generous with your time, I thought it worth at least asking.

 

Thanks again, and take it easy.

Added to the list above, no promises but at least now i have it documented rather than trying to trawl back through the posts :-).

Share this post


Link to post

Can I add Onedrive docker as a request?  ;)

 

Would be perfect to use onedrive to backup my data since I got 1TB with office 365.

Share this post


Link to post

Can I add Onedrive docker as a request?  ;)

 

Would be perfect to use onedrive to backup my data since I got 1TB with office 365.

 

added.

Share this post


Link to post

I can't find a Binhex PayPal Donate button........ it's payday so i can spare some change... ;)

Share this post


Link to post

I can't find a Binhex PayPal Donate button........ it's payday so i can spare some change... ;)

 

Would you believe I've been so busy as of late that I haven't had chance, will see if I can get something added to OP, it's very nice to see any appreciation of my work either via donation or a simple thanks :-)

Share this post


Link to post

I can't find a Binhex PayPal Donate button........ it's payday so i can spare some change... ;)

 

Done, its now near the top of the OP

Share this post


Link to post

Hi! Great job with the docker!

Whenever i reboot the unraid server the couchpotato and nzbget-docker reverts back to "defaults"

my /config points at: /mnt/cache/dockerc/couchpotato on my unraid system and is read/write-able... Is there something in the startup script that erases the config.ini and replaces it with a default one?

 

Share this post


Link to post

Hi! Great job with the docker!

Whenever i reboot the unraid server the couchpotato and nzbget-docker reverts back to "defaults"

my /config points at: /mnt/cache/dockerc/couchpotato on my unraid system and is read/write-able... Is there something in the startup script that erases the config.ini and replaces it with a default one?

No, but the mover will do exactly what you are seeing if the dockerc share isn't set to cache only.

Share this post


Link to post

Hi! Great job with the docker!

Whenever i reboot the unraid server the couchpotato and nzbget-docker reverts back to "defaults"

my /config points at: /mnt/cache/dockerc/couchpotato on my unraid system and is read/write-able... Is there something in the startup script that erases the config.ini and replaces it with a default one?

No, but the mover will do exactly what you are seeing if the dockerc share isn't set to cache only.

 

Hi!

Thanks for the feedback!

I checked, and it seems that the share is cache only: (attached picture)

 

dockerc.JPG.148042725dc601e60a990b67206ffeb3.JPG

dockerc.JPG.48d3958b6704b86166cb77b663912cac.JPG

Share this post


Link to post

Any chance for a Google Drive docker? I notice there are a lot of one drives not 0 Google Drive, is that because it is hard to integrate or just the Microsoft bandwagon?

Share this post


Link to post

Any chance for a Google Drive docker? I notice there are a lot of one drives not 0 Google Drive, is that because it is hard to integrate or just the Microsoft bandwagon?

 

i have no idea how hard/easy this is as ive never used google drive, for now i will add it to the list of requests and take a look at some point to see if its doable.

Share this post


Link to post

I'm trying to get any YaRSS2 version to work with my deluge 1.3.12 binhex docker container i just installed but unlike every other plugin YaRSS refuses to stay ticked and activate.

 

Can anybody help me with this? It's driving me up the wall

 

Share this post


Link to post

I'm trying to get any YaRSS2 version to work with my deluge 1.3.12 binhex docker container i just installed but unlike every other plugin YaRSS refuses to stay ticked and activate.

 

Can anybody help me with this? It's driving me up the wall

 

Any ideas guys?

Share this post


Link to post

Hey binhex got another issue. I stopped my dockers for the night while i waited for a response to my couchpotato mover issues. I went in to start up my dockers again this morning and all the info was empty and the couchpotato and sonarr acted like it was its first install. My first guess was that this was due to the data files being placed in cache/appdata or user/appdata and the files getting moved as I forgot to make the share cache only. I have since done this and I just have to test it to make sure.

 

Pics of all the settings

 

 

Files too large to upload all directly.

sonarr_settings.jpg.f68f5797320562c22842e39a1a1ae6ce.jpg

Share this post


Link to post

My first guess was that this was due to the data files being placed in cache/appdata or user/appdata and the files getting moved as I forgot to make the share cache only.

 

i would say im 99.99999% sure thats your issue, basically the unraid "mover" script will move anything on your cache drive that isnt on a cache-only share, if you were creating config files/folders on a share that wasnt marked as cache-only then it will DEF get moved, unless of course you disable the mover script. if i were you i would have a quick look on your array, chances are you will see your files/folders on one or more of your disks.

 

Share this post


Link to post

quick poll for interest, im looking at creating a rtorrentvpn docker image (including rutorrent webui) , is this of interest to anybody?, im going to do it mainly for myself at this point as im interested in possibly switching from deluge to rtorrent/rutorrent.

Edited by binhex

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now