Jump to content
MarkusMcNugen

[Support] MarkusMcNugens Docker Repository

61 posts in this topic Last Reply

Recommended Posts

Hey, So I am running into an odd issue. I have the docker setup and I have changed the WEBUI ports to 6010 and changed it in the config file and the lan network to 192.168.0.0/24. When I try to connect to the webui it fails, if I turn the vpn off and try it works fine. Any thoughts?

 

2018-12-30 19:54:15.085103 [info] VPN_ENABLED defined as 'yes'
2018-12-30 19:54:15.108729 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/US_Las_Vegas.ovpn
dos2unix: converting file /config/openvpn/US_Las_Vegas.ovpn to Unix format...
2018-12-30 19:54:15.139019 [info] VPN remote line defined as 'us-lasvegas.privateinternetaccess.com 1198'
2018-12-30 19:54:15.159417 [info] VPN_REMOTE defined as 'us-lasvegas.privateinternetaccess.com'
2018-12-30 19:54:15.179087 [info] VPN_PORT defined as '1198'
2018-12-30 19:54:15.199322 [info] VPN_PROTOCOL defined as 'udp'
2018-12-30 19:54:15.218725 [info] VPN_DEVICE_TYPE defined as 'tun0'
2018-12-30 19:54:15.237422 [info] LAN_NETWORK defined as '192.168.0.0/24'
2018-12-30 19:54:15.257325 [info] NAME_SERVERS defined as '8.8.8.8,8.8.4.4'
2018-12-30 19:54:15.276949 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2018-12-30 19:54:15.298100 [info] Adding 8.8.8.8 to resolv.conf
2018-12-30 19:54:15.316610 [info] Adding 8.8.4.4 to resolv.conf
2018-12-30 19:54:15.334796 [info] Starting OpenVPN...
Sun Dec 30 19:54:15 2018 WARNING: file 'credentials.conf' is group or others accessible
Sun Dec 30 19:54:15 2018 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018
Sun Dec 30 19:54:15 2018 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08
Sun Dec 30 19:54:15 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]199.127.56.115:1198
Sun Dec 30 19:54:15 2018 UDP link local: (not bound)
Sun Dec 30 19:54:15 2018 UDP link remote: [AF_INET]199.127.56.115:1198
Sun Dec 30 19:54:15 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Dec 30 19:54:18 2018 [d2c3cc3a096826d7413d1c3a2cf62c6f] Peer Connection Initiated with [AF_INET]199.127.56.115:1198
Sun Dec 30 19:54:19 2018 TUN/TAP device tun0 opened
Sun Dec 30 19:54:19 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Dec 30 19:54:19 2018 /sbin/ip link set dev tun0 up mtu 1500
Sun Dec 30 19:54:19 2018 /sbin/ip addr add dev tun0 local 10.6.10.6 peer 10.6.10.5
Sun Dec 30 19:54:19 2018 Initialization Sequence Completed
2018-12-30 19:54:19.366890 [info] WebUI port defined as 6010
2018-12-30 19:54:19.387864 [info] Adding 192.168.0.0/24 as route via docker eth0
RTNETLINK answers: File exists
2018-12-30 19:54:19.407133 [info] ip route defined as follows...
--------------------
0.0.0.0/1 via 10.6.10.5 dev tun0
default via 192.168.0.1 dev eth0
10.6.10.1 via 10.6.10.5 dev tun0
10.6.10.5 dev tun0 proto kernel scope link src 10.6.10.6
128.0.0.0/1 via 10.6.10.5 dev tun0
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.152
199.127.56.115 via 192.168.0.1 dev eth0
--------------------
iptable_mangle 16384 2
ip_tables 24576 5 iptable_filter,iptable_nat,iptable_mangle
2018-12-30 19:54:19.429013 [info] iptable_mangle support detected, adding fwmark for tables
2018-12-30 19:54:19.460735 [info] Docker network defined as 192.168.0.0/24
2018-12-30 19:54:19.500971 [info] Incoming connections port defined as 8999
2018-12-30 19:54:19.522651 [info] iptables defined as follows...
--------------------
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1198 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 6010 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 6010 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -i eth0 -p tcp -m tcp --dport 8999 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1198 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 6010 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 6010 -j ACCEPT
-A OUTPUT -d 192.168.0.0/24 -o eth0 -p tcp -m tcp --sport 8999 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
--------------------
Adding 100 group
groupadd: GID '100' already exists
Adding 99 user
useradd: UID 99 is not unique
2018-12-30 19:54:19.560569 [info] UMASK defined as '002'
2018-12-30 19:54:19.583026 [info] Starting qBittorrent daemon...
Logging to /config/qBittorrent/data/logs/qbittorrent-daemon.log.
2018-12-30 19:54:20.609145 [info] qBittorrent PID: 209
2018-12-30 19:54:20.610596 [info] Started qBittorrent daemon successfully...

Share this post


Link to post

Hi @MarkusMcNugen

 

I don't suppose you'd be able to help with this issue I'm facing with your OpenConnect/ocserv image?

 

Any and every connection I have disconnects after 240 seconds (which, coincidentally, is the auth-timeout period). I've tried connecting to my VPN server via OpenConnect on Android and via CLI on a Ubuntu machine but they both disconnect after 240 seconds and then reconnect all over again.

 

To rule out any errant config issues on my part, I tried setting up a "clean/default config" version of your image without any changes to the ocserv.conf file (i.e literally just running this:)

docker run --privileged  -d -p 4443:4443 -p 4443:4443/udp markusmcnugen/openconnect

And yet despite this, my client devices will still disconnect after 240 seconds only to reconnect all over again.

 

On my Ubuntu box, this is the output when the 240 seconds lapse:

.....stuff beforehand elided for brevity
DTLS option X-DTLS-Content-Encoding : oc-lz4
DTLS initialised. DPD 90, Keepalive 32400
Connected as 192.168.1.182, using SSL + lz4
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(PSK)-(AES-256-GCM).
DTLS connection compression using LZ4.
Initiating IPv4 MTU detection (min=717, max=1434)
No change in MTU after detection (was 1434)
Connect Banner:
| Welcome to {{$SERVER_NAME}}

Error: Invalid prefix for given prefix length.
SSL read error: The TLS connection was non-properly terminated.; reconnecting.
SSL negotiation with mydomain.tld
Server certificate verify failed: signer not found
Connected to HTTPS on mydomain.tld
TCP_INFO rcv mss 1428, snd mss 1448, adv mss 1448, pmtu 1500
Got CONNECT response: HTTP/1.1 200 CONNECTED

 

In particular, it's the line that says "SSL read error: The TLS connection was non-properly terminated.; reconnecting." which seems to be causing all of this I think?

 

Any thoughts would be appreciated.

 

And of course, happy new year :)

Share this post


Link to post
Posted (edited)

Trying to get the SFTP docker working but I'm having some trouble. I've read the github page but it isn't exactly clear.

 

So far I have created the users.conf file and added a single user as mentioned on the github page. The container now starts, but I am unsure whether or not I am supposed to run it in 'host' or 'bridge' or something else. It's just running on port 22. As follows:

 

kha6twBM.png

 

 

I haven't set a directory yet to share, but I want to share the main storage directory. In this case it's "/tank"

 

The problem is, that I cannot even log in yet with Filezilla on my Windows PC. The connection just keeps timing out. I don't understand why.

 

Can I get some help?

Edited by plantsandbinary

Share this post


Link to post

Hi MarkusMcNugens,

 

I've installed the sftp docker, configured users with users.conf, and added user keys. I can see that the docker created the users appropriately and copied the user keys to their respective authorized_keys files as well as copied the userkey files to their respective folders correctly. The problem I'm having is that when I connect to the SFTP server, I'm able to log in without using my userkey in my client (only the password is required). I've restarted the docker, but the issue persists. 

Share this post


Link to post
On 1/5/2019 at 5:18 PM, plantsandbinary said:

Trying to get the SFTP docker working but I'm having some trouble. I've read the github page but it isn't exactly clear.

 

So far I have created the users.conf file and added a single user as mentioned on the github page. The container now starts, but I am unsure whether or not I am supposed to run it in 'host' or 'bridge' or something else. It's just running on port 22. As follows:

 

kha6twBM.png

 

 

I haven't set a directory yet to share, but I want to share the main storage directory. In this case it's "/tank"

 

The problem is, that I cannot even log in yet with Filezilla on my Windows PC. The connection just keeps timing out. I don't understand why.

 

Can I get some help?

I'm having the same problem.

 

1242560935_ScreenShot2019-01-28at3_45_19PM.thumb.png.178a423f049555b45e5616a58ce22a62.png

 

I think I've created the home directory.

 

 

This is my users.conf:

#user:pass:1001:100
hdhr:hdhr:1002:100

Here is my output:

MacBook-Pro:~ dga$ sftp hdhr@192.168.10.198:2222
hdhr@192.168.10.198: Permission denied (publickey,keyboard-interactive).
Connection closed
MacBook-Pro:~ dga$ 

The unRAID ssh server is configured to only use a key and no passwords. Could those settings be affecting the docker? What additional configuration is needed?

 

Thanks,

David

 

 

docker log:


Mon Jan 28 23:25:04 America 2019 [info] Existing jail.conf found. Copying to container filesystem!
Mon Jan 28 23:25:04 America 2019 [info] Existing sshd_config found. Copying to container filesystem!
Creating users...
[entrypoint] Parsing user data: "hdhr:hdhr:1002:100"
* Starting system logging syslog-ng
...done.
[entrypoint] Executing sshd
* Starting OpenBSD Secure Shell server sshd
...done.
[entrypoint] Executing fail2ban
* Starting authentication failure monitor fail2ban
...done.
Jan 28 23:25:05 c682e4b023fa sshd[71]: Server listening on 0.0.0.0 port 22.

Jan 28 23:25:05 c682e4b023fa sshd[71]: Server listening on :: port 22.

Mon Jan 28 23:29:44 America 2019 [info] Existing jail.conf found. Copying to container filesystem!
Mon Jan 28 23:29:44 America 2019 [info] Existing sshd_config found. Copying to container filesystem!
* Starting system logging syslog-ng
...done.
[entrypoint] Executing sshd
* Starting OpenBSD Secure Shell server sshd
...done.
[entrypoint] Executing fail2ban
* Starting authentication failure monitor fail2ban
...done.
Jan 28 23:29:44 c682e4b023fa sshd[51]: Server listening on 0.0.0.0 port 22.

Jan 28 23:29:44 c682e4b023fa sshd[51]: Server listening on :: port 22.

 

Share this post


Link to post

Hi Markus!

 

SFTP is creating the users in the container from the users.conf file on the first run, but it does not appear to handle when users are added to the file and the docker is restarted. Is it possible to have the container add additional users that may be added to the users.conf file after the first run? It would also be pretty sweet if the startup script could also update the user passwords using the users.conf file on startup, making it possible to manage users without using the containers shell.

  • Upvote 1

Share this post


Link to post

I get the following error with SFTP:

Feb 5 21:10:04 b449918f5a15 sshd[53]: Server listening on 0.0.0.0 port 22.
Feb 5 21:10:04 b449918f5a15 sshd[53]: Server listening on :: port 22.
Feb 5 21:16:13 b449918f5a15 sshd[85]: Invalid user user from 10.24.0.30
Feb 5 21:16:13 b449918f5a15 sshd[85]: input_userauth_request: invalid user user [preauth]
Feb 5 21:16:13 b449918f5a15 sshd[85]: error: Could not get shadow information for NOUSER
Feb 5 21:16:13 b449918f5a15 sshd[85]: Failed password for invalid user user from 10.24.0.30 port 55055 ssh2
Feb 5 21:16:13 b449918f5a15 sshd[85]: error: Received disconnect from 10.24.0.30 port 55055:13: Unable to authenticate [preauth]
Feb 5 21:16:13 b449918f5a15 sshd[85]: Disconnected from 10.24.0.30 port 55055 [preauth]

 

I have created the users.conf with users as:

user1:password:1001:100

 

I just want to be able to login with username and password where I have jailed the user to a folder. 
How can I fix it?

Share this post


Link to post

To answer many of the latest SFTP questions:

Edit your users.conf file as you want it.

 

Then run: 

docker exec -it sftp rm /var/run/sftp/users.conf

substitute sftp if you gave your docker another name.

Restart docker afterwards and it will pick up the new users.conf file and create users as needed.

Share this post


Link to post

As of today I'm suddenly unable to use this. I keep getting an error  "No OpenVPN config file located in /config/openvpn/ (ovpn extension), please download from your VPN provider and then restart this container, exiting..." however, nothing has changed, just overnight it has stopped working. I double checked and the config files are still there, and if I edit the docker to add a path to /config/openvpn/ directly to the files it still shows they aren't there. I'm wondering if there was an update that may have broken a link somehow?

Share this post


Link to post

hi i am trying the qbittorrent image and? I am getting following error as its using IPv6 for some reason which I dont use:

Tue Feb 26 19:13:01 2019 TUN/TAP device tun0 opened
Tue Feb 26 19:13:01 2019 TUN/TAP TX queue length set to 100
Tue Feb 26 19:13:01 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Tue Feb 26 19:13:01 2019 /sbin/ip link set dev tun0 up mtu 1500
Tue Feb 26 19:13:01 2019 /sbin/ip addr add dev tun0 10.x.x.x/16 broadcast xx.xx.255.255
Tue Feb 26 19:13:01 2019 /sbin/ip -6 addr add fdda:d0d0:cafe:1301::1006/64 dev tun0
RTNETLINK answers: Permission denied
Tue Feb 26 19:13:01 2019 Linux ip -6 addr add failed: external program exited with error status: 2

Tue Feb 26 19:13:01 2019 Exiting due to fatal error

How do I stop the container using IPv6?

Edited by nekromantik

Share this post


Link to post

hello i am having a issue accessing the web ui from LAN using default settings/port this is the logs:

2019-03-05 15:53:19.151069 [info] VPN_ENABLED defined as 'yes'
2019-03-05 15:53:19.194490 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/gw3.ewr1.slickvpn.com.ovpn
dos2unix: converting file /config/openvpn/gw3.ewr1.slickvpn.com.ovpn to Unix format...
2019-03-05 15:53:19.226323 [info] VPN remote line defined as 'gw3.ewr1.slickvpn.com 443 udp'
2019-03-05 15:53:19.253372 [info] VPN_REMOTE defined as 'gw3.ewr1.slickvpn.com'
2019-03-05 15:53:19.281987 [info] VPN_PORT defined as '443'
2019-03-05 15:53:19.321838 [info] VPN_PROTOCOL defined as 'udp'
2019-03-05 15:53:19.349631 [info] VPN_DEVICE_TYPE defined as 'tun0'
2019-03-05 15:53:19.376320 [info] LAN_NETWORK defined as '192.168.0.0/24'
2019-03-05 15:53:19.402173 [info] NAME_SERVERS defined as '8.8.8.8,8.8.4.4'
2019-03-05 15:53:19.428185 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2019-03-05 15:53:19.455175 [info] Adding 8.8.8.8 to resolv.conf
2019-03-05 15:53:19.483401 [info] Adding 8.8.4.4 to resolv.conf
2019-03-05 15:53:19.507962 [info] Starting OpenVPN...
Tue Mar 5 15:53:19 2019 WARNING: file 'credentials.conf' is group or others accessible

Tue Mar 5 15:53:19 2019 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018
Tue Mar 5 15:53:19 2019 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08
Tue Mar 5 15:53:19 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]50.116.54.120:443
Tue Mar 5 15:53:19 2019 UDP link local: (not bound)
Tue Mar 5 15:53:19 2019 UDP link remote: [AF_INET]50.116.54.120:443
Tue Mar 5 15:53:19 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Tue Mar 5 15:53:20 2019 [VPN] Peer Connection Initiated with [AF_INET]50.116.54.120:443
Tue Mar 5 15:53:21 2019 TUN/TAP device tun0 opened
Tue Mar 5 15:53:21 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Mar 5 15:53:21 2019 /sbin/ip link set dev tun0 up mtu 1500
Tue Mar 5 15:53:21 2019 /sbin/ip addr add dev tun0 local 10.10.8.10 peer 10.10.8.9
Tue Mar 5 15:53:21 2019 Initialization Sequence Completed
2019-03-05 15:53:24.542961 [info] WebUI port defined as 8080
2019-03-05 15:53:24.570092 [info] LAN Network defined as 192.168.0.0/24
2019-03-05 15:53:24.597878 [info] Default gateway defined as 10.10.8.9
Error: Nexthop has invalid gateway.

2019-03-05 15:53:24.624012 [info] ip route defined as follows...
--------------------
default via 10.10.8.9 dev tun0
10.10.8.1 via 10.10.8.9 dev tun0
10.10.8.9 dev tun0 proto kernel scope link src 10.10.8.10
50.116.54.120 via 192.168.0.254 dev eth0
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.1
--------------------
iptable_mangle 16384 1
ip_tables 24576 3 iptable_filter,iptable_nat,iptable_mangle
2019-03-05 15:53:24.653135 [info] iptable_mangle support detected, adding fwmark for tables
2019-03-05 15:53:24.706753 [info] Docker network defined as 192.168.0.0/24
2019-03-05 15:53:24.764238 [info] Incoming connections port defined as 8999
2019-03-05 15:53:24.793615 [info] iptables defined as follows...
--------------------
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 443 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -i eth0 -p tcp -m tcp --dport 8999 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 443 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -d 192.168.0.0/24 -o eth0 -p tcp -m tcp --sport 8999 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
--------------------
Adding 100 group
groupadd: GID '100' already exists
Adding 99 user
useradd: UID 99 is not unique
2019-03-05 15:53:24.835057 [info] UMASK defined as '002'
2019-03-05 15:53:24.869162 [info] Starting qBittorrent daemon...
Logging to /config/qBittorrent/data/logs/qbittorrent-daemon.log.
2019-03-05 15:53:25.899837 [info] qBittorrent PID: 189
2019-03-05 15:53:25.903727 [info] Started qBittorrent daemon successfully...

any ideas as to what might be going on?

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now