Jump to content
jbrodriguez

[Plugin] ControlR

427 posts in this topic Last Reply

Recommended Posts

Posted (edited)

@mikeydk I've only skimmed the last posts, but I see you mention that nginx takes care of the login and you also mention other users than root. I assume by nginx you mean reverse proxy? Can you explain what you think the reverse proxy part of nginx is doing in your setup? How exactly do you tell nginx what user to log into unraid with? You say that nginx runs as root,  and it will always log into unraid with root no matter what user you use. how do you do that? Do you change the PUID,PGID of the container? And do you expect it to then log into other services with the user you run the container as?

 

Either I'm missing something or maybe you have misinterpreted on how "nginx" (reverse proxy) works. What the reverse proxy does is serves you your local services through the internet via a domain. So what happens when you go to your domain/IP it serves the unraid webui as you were sitting locally.

 

And since the only user that can log into the webui is root how do you expect to log into "nginx" with another user than root and except "nginx" to magically put in the root user and password? I'm no nginx expert, so I'd like to know how you do this.

 

I see you mention .htpasswd file all this does is serve up a simple login to get access to the service behind the reverse proxy, once logged in it will still serve the local login to the service if it has one. So essentially you have to log in twice, once with whatever user you set up in the htpasswd file, and once with the REAL username and password to the service. 

 

So if you understand all this I'm still at a loss on how you expect this app (or any app really) to log into the webui (which ONLY accepts the root username and password) with another user. I don't care what magic the app (nginx) does, if it doesn't put the root username and password into the unraid webui login box it isn't going to work, as simple as that.

 

Edited by strike

Share this post


Link to post
9 minutes ago, strike said:

You say that nginx runs as root

I dont think I ever said that.

 

2 minutes ago, strike said:

How exactly do you tell nginx what user to log into unraid with?

proxy_set_header Authorization

 

With this you can make nginx do the basic auth unraid is using, while having another login when accessing nginx. And it actually seems to work pretty well. When trying to access unaid, you go to a link, and the basic auth is popping up, but instead of getting the one from unraid, it is the one from nginx. This allow me to block brute force attacks, along with a bunch of other things.

 

7 minutes ago, strike said:

So essentially you have to log in twice, once with whatever user you set up in the htpasswd file, and once with the REAL username and password to the service. 

No, I only log in once, nginx is then applying the header for logging into unraid.

 

Clearly I don't know how to use this app, since the only way I can get it to work, is a way it is not supposed to work.

Share this post


Link to post
12 minutes ago, mikeydk said:

proxy_set_header Authorization

Then I understand, as I said I'm no nginx expert and never had the usecase to try this.

 

But I still I can't see how this app would know that you're using nginx reverse proxy and that header. I'm also not a programmer but I don't think this app supports what you're trying to do. 

Share this post


Link to post
Just now, strike said:

I don't think this app supports what you're trying to do. 

I dont think so either, now. But it is actually the only thing I can get to work.

If I put unraid's ip and port 443 in, I get the dash and access to start and stop all dockers, which work just fine. But to do that, I need to create a root user the app can log in with (because the username field is for the plugin, but the password field isnt?).

 

I have also tried to put the ip of unraid in, but then start the server from the plugin and put the port in it it is showing, but when I press ADD in the app, I am just send back to the server list, without getting anything added, and then I can go back and try to put everything in again, and just have it all erased and send back to the empty server list.

 

Trying to access the UI in the plugin shows this too

Quote

Unable to connect to serverx

(1001) - Unable to get unRAID state (dockers): Get https://127.0.0.1/plugins/dynamix.docker.manager/include/DockerContainers.php: dial tcp 127.0.0.1:443: connect: connection refused

 

So the only way I can get it to work, is the way it isn't supposed to work. But it is actually working pretty well that way, except the username field is being used for something else.

Share this post


Link to post

I don't have too much more to say, to be honest.

 

For remote access, the app supports an OpenVPN(/WireGuard) setup, not a reverse proxy such as nginx.

 

The port to use is the Unraid webGUI port, not the plugin's.

 

This is stated in the FAQ (https://www.apertoire.com/faq/controlr/)

 

I'm currently unable to provide support for any other scenarios (even if they may or may not somewhat work).

Share this post


Link to post
30 minutes ago, mikeydk said:

So the only way I can get it to work, is the way it isn't supposed to work.

I may have missed something as I only skimmed through your post. Or I misunderstood something. But to me, it seemed like the only way you got it to work was when you used the root user (which is the way it's supposed to work) and when you tried to put in another user it didn't work because it still used root (?). That's the way I read it anyway. So to me, your statement is wrong. You can only get it to work the way it's supposed to, but not the way you want to would be more correct imo. :P

 

Share this post


Link to post
Posted (edited)

Seems to be something up with the pluginUdklip.thumb.PNG.c6860033dc98f8b53d813a1ae5565fbf.PNG

 

46 minutes ago, strike said:

But to me, it seemed like the only way you got it to work was when you used the root user (which is the way it's supposed to work) and when you tried to put in another user it didn't work because it still used root (?).

I actually think it all started with a bad ui design. There is a field for ip, port, username and password. But as it seems, username and password are not related to each other. You can change the username to whatever you want, but the password must be for the root user on the server. But nothing is explaining how that is, and nothing is put in to indicate they are not connected. What has been confusing on top, is that I have apparently tried to use it as intended, but since I am not sharing passwords across multiple users, I could not get it to add the server to the list, because it was the wrong root password. The app isn't showing any error messages, it just silently goes back to the server list, where nothing is added, no matter what the problem is.

I only just now found a place in the faq where it mention the need of root password, and that is only because I was looking specifictly for that. I have even been on it before, but there were two topics about connecting, then it continued to the plugin. It turns out, after that, it goes back to explain about connecting.

 

So I probably misunderstood how to use this. And failed to find the documentation needed, but I got some suggestions to make this easier to find and use.

 

FAQ

Move the "I’m having issues accessing the app with any user other than root" section up to the other relating connecting.

Move "Can you add x, y, z feature ?" down to "I’m having x, y, z issue with the app", as they are both related to something else not covered.

 

Mobile app

Split it up, so it is clear to see what part is related to the connection to the server, and what part is related to the user to use.

In the server part there could be, as there is now, a field for ip, port, username where it is set to root and disabled so it cant be changed, followed by password, server name, and the secure toggle.

After that a wider line or something to split the interface up, and then have a field for the user.

Also adding some error messages to the mobile app would be very helpful, then users wouldn't have to guess why nothing happened.

Edited by mikeydk

Share this post


Link to post
43 minutes ago, mikeydk said:

but I got some suggestions to make this easier to find and use.

Thanks for the feedback. I'll take it under consideration.

Share this post


Link to post
On 6/10/2019 at 1:33 PM, mikeydk said:

Seems to be something up with the pluginUdklip.thumb.PNG.c6860033dc98f8b53d813a1ae5565fbf.PNG

 

I actually think it all started with a bad ui design. There is a field for ip, port, username and password. But as it seems, username and password are not related to each other. You can change the username to whatever you want, but the password must be for the root user on the server. But nothing is explaining how that is, and nothing is put in to indicate they are not connected. What has been confusing on top, is that I have apparently tried to use it as intended, but since I am not sharing passwords across multiple users, I could not get it to add the server to the list, because it was the wrong root password. The app isn't showing any error messages, it just silently goes back to the server list, where nothing is added, no matter what the problem is.

I only just now found a place in the faq where it mention the need of root password, and that is only because I was looking specifictly for that. I have even been on it before, but there were two topics about connecting, then it continued to the plugin. It turns out, after that, it goes back to explain about connecting.

 

So I probably misunderstood how to use this. And failed to find the documentation needed, but I got some suggestions to make this easier to find and use.

 

FAQ

Move the "I’m having issues accessing the app with any user other than root" section up to the other relating connecting.

Move "Can you add x, y, z feature ?" down to "I’m having x, y, z issue with the app", as they are both related to something else not covered.

 

Mobile app

Split it up, so it is clear to see what part is related to the connection to the server, and what part is related to the user to use.

In the server part there could be, as there is now, a field for ip, port, username where it is set to root and disabled so it cant be changed, followed by password, server name, and the secure toggle.

After that a wider line or something to split the interface up, and then have a field for the user.

Also adding some error messages to the mobile app would be very helpful, then users wouldn't have to guess why nothing happened.

I login in as root and I get the same error. It worked on my old server. 

 

 

image.thumb.png.42805c934d47854f574b44ab6cee5ec3.png

Share this post


Link to post

Good ! Well, sort of good :)

 

Yes, that message has been a thorn in the ControlR plugin shoes :)

 

It seems to manifest itself when a reverse proxy is present on the server.

 

Could that be your case ?

 

I have tried to replicate it without success, thus the no-solution at the moment.

Share this post


Link to post

No reverse proxy. I use plugin in my home with my phone. So no vpn etc. Was going to try uninstalling and reinstalling if I knew how

Sent from my Pixel 2 XL using Tapatalk

Share this post


Link to post

Uninstall and reinstall no luck. I have three users on server including root. Log into the program using root. Still nothing. My other server has controlr and works fine. I think that one is 6.7.1

 

Edit my other server is 6.7.2

 

Issue with dynamixm?

 

Sent from my Pixel 2 XL using Tapatalk

 

 

 

 

 

 

Share this post


Link to post

The bottom line of the issue is that from the command line, something/someone (😮) other than Unraid is answering on port 443, thus the connection refused error.

 

Can you try

lsof -i :443

from the command line and report back ?

 

I've tried that with other users reporting this issue in the past, without much success, but maybe it prints something useful in your case.

 

Share this post


Link to post

Shut down plexdocker. Restart controlr and still same error

Sent from my Pixel 2 XL using Tapatalk

Share this post


Link to post

Yes, if it shows Plex using 443, it looks like Unraid is listening on some port other than 443.

 

Can you check that in the Unraid settings ?

Share this post


Link to post

I shut down plex. I ran command. It came back with no results. I then shut down controlr and started back up. still same error.

Not sure if possible issue. I am NOT using https to login into my unraid. I am NOT using SSL either. Could this be the issue?

 

image.png.b3b851cf445095aaa8d914b5fc20dbc6.pngimage.thumb.png.df0ac5893a30b4ad45ee3ab0105a82a7.png

 

 

 

Quote

I: 2019/10/15 07:21:26 api.go:46: Starting service Api ...
I: 2019/10/15 07:21:26 api.go:94: Api started listening https on :2382
I: 2019/10/15 07:21:26 app.go:85: Press Ctrl+C to stop ...
W: 2019/10/15 07:21:34 server.go:257: shadowHash != actualHash
W: 2019/10/15 07:21:39 server.go:257: shadowHash != actualHash
W: 2019/10/15 07:21:48 core.go:153: Unable to get unRAID state (dockers): Get https://127.0.0.1/plugins/dynamix.docker.manager/include/DockerContainers.php: dial tcp 127.0.0.1:443: connect: connection refused
I: 2019/10/15 07:22:03 app.go:89: Received signal: (terminated) ... shutting down the app now ...
I: 2019/10/15 07:22:03 api.go:99: stopped service Api ...
I: 2019/10/15 07:22:03 server.go:195: stopped service Server ...
I: 2019/10/15 07:22:03 core.go:141: stopped service Core ...
I: 2019/10/15 07:24:25 app.go:57: controlr v2019.03.28|2.16.0 starting ...
I: 2019/10/15 07:24:25 app.go:65: No config file specified. Using app defaults ...
I: 2019/10/15 07:24:25 app.go:214: cert: found Jewel_unraid_bundle.pem
I: 2019/10/15 07:24:25 core.go:73: starting service Core ...
I: 2019/10/15 07:24:25 core.go:268: Created system sensor ...
I: 2019/10/15 07:24:25 core.go:289: Created apc ups ...
I: 2019/10/15 07:24:25 server.go:94: Starting service Server ...
I: 2019/10/15 07:24:25 server.go:113: Serving files from /usr/local/emhttp/plugins/controlr
I: 2019/10/15 07:24:25 server.go:175: Server started listening http on :2378
I: 2019/10/15 07:24:25 server.go:187: Server started listening https on :2379
I: 2019/10/15 07:24:25 api.go:46: Starting service Api ...
I: 2019/10/15 07:24:25 api.go:94: Api started listening https on :2382
I: 2019/10/15 07:24:25 app.go:85: Press Ctrl+C to stop ...
W: 2019/10/15 07:24:33 server.go:257: shadowHash != actualHash
W: 2019/10/15 07:24:37 core.go:153: Unable to get unRAID state (dockers): Get https://127.0.0.1/plugins/dynamix.docker.manager/include/DockerContainers.php: dial tcp 127.0.0.1:443: connect: connection refused
 

 

Edited by scubieman

Share this post


Link to post

Just curious if there are known issues with ControlR and 6.8.0-RC1?  I cant access my server through ControlR since updating to the RC. This is true on both the local LAN and via VPN

Edited by Hoopster

Share this post


Link to post
9 hours ago, scubieman said:

I shut down plex. I ran command. It came back with no results. I then shut down controlr and started back up. still same error.

Not sure if possible issue. I am NOT using https to login into my unraid. I am NOT using SSL either. Could this be the issue?

 

image.png.b3b851cf445095aaa8d914b5fc20dbc6.pngimage.thumb.png.df0ac5893a30b4ad45ee3ab0105a82a7.png

 

 

 

 

Hey, you actually have a password issue .. the line

W: 2019/10/15 07:24:33 server.go:257: shadowHash != actualHash

means the root password you're entering is not correct.

 

Can you double check that ?

 

What I think may be happening is you have SSL set to auto, so the plugin thinks your https is working, when actually it's being used by Plex. Just thinking out loud.

Edited by jbrodriguez

Share this post


Link to post
4 hours ago, Hoopster said:

Just curious if there are known issues with ControlR and 6.8.0-RC1?  I cant access my server through ControlR since updating to the RC. This is true on both the local LAN and via VPN

I'm pretty sure it won't work.

 

The authentication flow changed, so the app needs to be adjusted for that.

 

I'm thinking of looking into it by this weekend, although as stated before, I don't really support release candidates.

Share this post


Link to post

JB. I shut down Plex during the time.

Also password should be ok. If I type in wrong it won't let me in

Sent from my Pixel 2 XL using Tapatalk

Share this post


Link to post
4 minutes ago, jbrodriguez said:

I'm pretty sure it won't work.

 

The authentication flow changed, so the app needs to be adjusted for that.

 

I'm thinking of looking into it by this weekend, although as stated before, I don't really support release candidates.

No big deal. I was just seeking confirmation that was the case so I did not start troubleshooting something needlessly.

Share this post


Link to post
On 10/15/2019 at 4:59 PM, scubieman said:

JB. I shut down Plex during the time.

Also password should be ok. If I type in wrong it won't let me in

Sent from my Pixel 2 XL using Tapatalk
 

You're right, probaby the log for the incorrect pwd was when plex was running.

 

I think I'll add a config option to set which port is listening on, to override whatever the plugin thinks it's on ..

 

I'll look into it for the next release

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.