Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[SOLVED] 6.4 Won't boot - think pfsense VM the problem

Featured Replies

On the topic of certs, you'll need the FQDN of the server as a SAN if you're using a wildcard cert for https. Newer builds of chrome will throw a security error if they aren't. 

  • Replies 74
  • Views 8.8k
  • Created
  • Last Reply
11 hours ago, bonienl said:

I rather don't see this as option through the GUI, but more as something working transparantly for the user. I actually prefer an automatic redirection of http to https, which is quite common for web sites

 

Further hijacking this thread....

 

Inside the 'go' file we normally have:

 

emhttp &

 

Which in -rc2 has nginx listening at both 80 (http) and 443 (https).  But for -rc3 it will be changed back to listening at port 80 (http) only.  There are 4 cases:

  1. emhttp &  # listens only at port 80 for http
  2. emhttp -p <m> &  # listens only at port <m> for http
  3. emhttp -p <m>,<n> &  # listens at both port <m> for http, port <n> for https
  4. emhttp -p ,<n> &  # listens only at port <n> for https

Here's a question: For case 3 is there any point to having access through both http and https at the same time?  That is, for case 3 wouldn't it be better to add a redirect on the http port to the https port?  I'd put this in nginx.conf for this case:

       return         301 https://$server_name$request_uri;

I believe case 3 is still valid, but use it for redirection of http to https.

 

It might be that port 80 is already in use and redirection is not possible, in that case open the GUI on the specified http port and redirect to the specified https port.

 

These 4 cases look great, particularly once there is a gui front-end to manage them. Case 1 makes sense as the default.

 

I definitely think auto-redirecting in case 3 is what people will want long term (i.e. if you take the time to setup certs, why wouldn't you use them?) 

 

But I wonder if it needs to be an option. Reverse proxy configs will need to be updated (and this will be particularly hard if people are using self-signed certs or a local CA).  Tools like ControlR or Margarita probably don't support SSL yet, and who knows what other scripts or automation people have setup around their servers over the years.

 

I think for getting started we need something between an all-or-nothing approach to SSL.

8 minutes ago, ljm42 said:

I think for getting started we need something between an all-or-nothing approach to SSL

 

Are you saying, you think there is a use case where both http and https are active and accessible at the same time?

Just now, limetech said:

 

Are you saying, you think there is a use case where both http and https are active and accessible at the same time?

 

Yes, sorry for not being clear :)

Could add another option, "-r" which would mean "redirect":

 

emhttp -p <m>,<n>  # listen at <m> (http) and <n> (https)

emhttp -p <m>,<n> -r  # redirect any http access on port <m> to https on port <n>

1 minute ago, limetech said:

Could add another option, "-r" which would mean "redirect"

 

That looks awesome. 

On 6/6/2017 at 10:19 PM, ljm42 said:

The good news is that replacing the certs was easy and it works great

 

@ljm42 I'm curious.

 

I understand that if you generate a self-signed cert (which means you are the CA authority), the browser will show the ugly warning, since the cert doesn't come from a "well-known" CA.

 

Did you manage to work around that (ugly warning) ?

On 6/8/2017 at 11:30 AM, jbrodriguez said:

 

@ljm42 I'm curious.

 

I understand that if you generate a self-signed cert (which means you are the CA authority), the browser will show the ugly warning, since the cert doesn't come from a "well-known" CA.

 

Did you manage to work around that (ugly warning) ?

 

Yes, this is how I got valid (not self-signed) certs from Let's Encrypt:

  • I previously had the LSIO Let's Encrypt docker setup and working
  • I added a DNS record for unraid.mydomain.com that points to my external DDNS ip
  • I configured Lets Encrypt to include unraid.mydomain.com as a subdomain for mydomain.com, which generated new certs
  • I updated the DNS record for unraid.mydomain.com to point to my internal ip
  • I then copied and renamed the Lets Encrypt certs to the flash drive per LT's instructions: 

So now I'm setup with free, perfectly valid certs that all browsers recognize. Works great.

 

The problem is that the certs will expire in 90 days and I'll have to change the DNS back to my public IP in order for Lets Encrypt to regenerate them. Not ideal, still thinking about how to solve.

 

The best in terms of the Let's Encrypt automation would be to keep the DNS record pointing at my external IP and do something (either use my router for DNS, or else distribute hosts files) so my computers use the internal ip instead of the external one.

Edited by ljm42

@ljm42 On my setup at home I have my FQDN & Subdomains as required resolving to my public IP and override them internally on pfsense to the private addresses.

 

I may need to look into some certs.

 

EDIT -- Ok so I read your post and missed the last two lines..

Edited by Tuftuf

16 hours ago, ljm42 said:

I added a DNS record for unraid.mydomain.com that points to my external DDNS ip

Nice stuff.

I'll look into it.

  • Author

I just had another go at installing RC2 now I've turned off auto-start on my dockers.  I've tried twice and left it alone for around 30 mins, but it doesn't get past the 

 

Starting Nginx server daemon...

 

phase.  I'm assuming the lack of network connection is messing up the boot sequence

3 hours ago, DZMM said:

I just had another go at installing RC2 now I've turned off auto-start on my dockers.  I've tried twice and left it alone for around 30 mins, but it doesn't get past the 

 


Starting Nginx server daemon...

 

phase.  I'm assuming the lack of network connection is messing up the boot sequence

 

Seeing that means mine has booted.  Tried hitting the IP address?

 

hU5WiDi.png

2 minutes ago, CHBMB said:

Seeing that means mine has booted.

 

That's what I'm thinking too. If you hit enter on the console you should get a login prompt.

  • Author
9 minutes ago, ljm42 said:

 

That's what I'm thinking too. If you hit enter on the console you should get a login prompt.

I'll try that next time, but I need my VMs to auto-start, particularly the pfsense VM otherwise nothing works in my house - Unifi docker for Wifi for all my devices (only wired devices are unRAID and my Hive Hub), TVheadend for TV, SmartThings - we can't even turn the lights ons!

 

Somehow starting my VM via the console (not too sure how to do this) isn't a great solution

Somehow starting my VM via the console (not too sure how to do this) isn't a great solution


No argument there!

So far I have always talked myself out of pfsense, but it is tempting :) Hopefully there will be a good solution for this problem.

You might want to wait for rc3 since it sounds like the boot order has changed. But if you do try again, see if you can press enter to get a login prompt and then run 'diagnostics'.


Sent from my ONEPLUS A3000 using Tapatalk

  • Author
3 minutes ago, ljm42 said:

 


No argument there!

So far I have always talked myself out of pfsense, but it is tempting :) Hopefully there will be a good solution for this problem.

You might want to wait for rc3 since it sounds like the boot order has changed. But if you do try again, see if you can press enter to get a login prompt and then run 'diagnostics'.


Sent from my ONEPLUS A3000 using Tapatalk
 

 

I will wait for rc3 I think.

 

PfSense is worth the hassle for me - the ability to traffic shape my terrible 16/1 connection to make it actually usable without anyone complaining about 'who's downloading?' is priceless

1 hour ago, DZMM said:

Unifi docker for Wifi for all my devices

Wait, so your wifi goes down if the docker isn't running? Are you using some advanced features? My unifi stuff trucks right along without any software controller communication, in fact one of the sites I use unifi ap's to bridge ethernet to a different building doesn't have a controller on site, I bring my laptop when I need to change something.

10 minutes ago, jonathanm said:

Wait, so your wifi goes down if the docker isn't running? Are you using some advanced features? My unifi stuff trucks right along without any software controller communication, in fact one of the sites I use unifi ap's to bridge ethernet to a different building doesn't have a controller on site, I bring my laptop when I need to change something.

They are using a PFSense VM which is a router replacement software. No router = no network.

5 hours ago, DZMM said:

I just had another go at installing RC2 now I've turned off auto-start on my dockers.  I've tried twice and left it alone for around 30 mins, but it doesn't get past the 

 


Starting Nginx server daemon...

 

phase.  I'm assuming the lack of network connection is messing up the boot sequence

I also had some trouble after updating. For me the first problem was that my NVME cache drive became unassigned. I also could not access the webUI. UnRaid GUI would load with a Server Not Found webpage. Eventually after waiting awhile I was able to access the webUI by changing the address to https from http. Also sometimes randomly changing the address to server name instead of IP would work. Once I got to webUI I was able to reassign my cache drive which auto booted my PFSense VM after reboot. From there everything has been fine. I don't know if this has anything to do with your issue but thought I would share my experience.  

4 hours ago, captain134 said:

They are using a PFSense VM which is a router replacement software. No router = no network.

Obviously.  But that has nothing to do with my comment.

 

He stated his wifi quit working, which has nothing to do with the internet. No gateway = no access to internet, but you can still use wifi to access local resources. My wifi stays up just fine without the unifi docker, I wondered why his went down.

  • Author
3 hours ago, jonathanm said:

Obviously.  But that has nothing to do with my comment.

 

He stated his wifi quit working, which has nothing to do with the internet. No gateway = no access to internet, but you can still use wifi to access local resources. My wifi stays up just fine without the unifi docker, I wondered why his went down.

The wifi network is 'up' ie the APs are still broadcasting, but without an internet connection or a dhcp server / router it is useless.  The only local resource I have that isn't powered by unraid is my printer!

Edited by DZMM

15 hours ago, ljm42 said:

So far I have always talked myself out of pfsense, but it is tempting :)

I've got a separate mini PC for my Pfsense box, it is amazing, only been running it for a few months but don't know how I managed without it.  Treat yourself.  

 

We have a couple of reviews on our website of pfsense boxes.  Here and here.

 

I myself use a different box again, but never got around to writing a review article... o.O

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.