[Support] ich777 - Application Dockers


ich777

Recommended Posts

Hey Guys,

Finally i found a docker wich i really need.

the debian bullseye ... installed running and fine

BUT: i tried to proxy the port 10000 (where the webui is) out to debian.mydomain.com

the vnc page appears but i cant connect.

 

Internal works fine but when i try to access from outside  it looks like the attached picture.

any idea where to check whats the problem ?

Capture.PNG

Link to comment
1 hour ago, Curtis777 said:

BUT: i tried to proxy the port 10000 (where the webui is) out to debian.mydomain.com

You also have to websocket, you can find a example for nginx here: Click

 

Please also make sure that you've have at least httpwd or something in front of it because only the VNC password is from my perspective not enough in terms of securing it.

The above linked example has also a basic-auth file in it that you have to configure first in your reverse proxy application (SWAG, Nginx Proxy Manager,...).

Link to comment
1 hour ago, ich777 said:

You also have to websocket, you can find a example for nginx here: Click

 

Please also make sure that you've have at least httpwd or something in front of it because only the VNC password is from my perspective not enough in terms of securing it.

The above linked example has also a basic-auth file in it that you have to configure first in your reverse proxy application (SWAG, Nginx Proxy Manager,...).

Thank you it was indeed the websocket.

I will take a look onto the httpwd ... good point thanks.

And thank you for your Docker Container .... ILOVEIT

  • Like 1
Link to comment
17 hours ago, ich777 said:

You should be able to create a variable in the template with the key: "RSYNC_PASSWORD" and as value enter your password or you create a rsync password file and take this as the authentication method.

 

No, that's not possible in luckyBackup.

With the password file it does work!  (Assigning the module name as destination)

I looked through the rsync manual for a few more options:
 

Quote

Rsync can also be run as a daemon, in which case the following options are accepted:

--daemon run as an rsync daemon
--address=ADDRESS bind to the specified address
--bwlimit=KBPS limit I/O bandwidth; KBytes per second

Is there any other way I can limit the bandwith ? (In this case I can limit up and down for rsync on the synology)
 

Link to comment

First off, I wanted to thank you for the OpenVpn-Client docker.

 

I'm using it to route traffic from other docker containers, which is working fine, accessing the webui for these containers is working fine with added Port commands etc.  The only issue I'm having is with docker to docker communication, as soon as I route a docker through OpenVPN, other dockers aren't able to communicate with that docker anymore.  If this question was already asked, I apologize, I looked through the thread and didn't see anything.  For instance if NZBHydra2 is being routed through OpenVPN docker, Sonarr can't access NZBHydra2 for searches.  

 

Maybe I'm missing something.  Much appreciated.

 

UPDATE: I figured it out, 172.17.0.4:5076 (App IP Address, and NOT the host IP address).  Rather than delete the post.

Edited by jbear
Link to comment
16 hours ago, ich777 said:

So this is solved?

What did you do exactly? Maybe it will help others.

Not sure this is the best solution, as the app IP address seems to change when restarting the server.  My docker app IP addresses are in the 172.17.0.1/24 range.  My host IP is 192.168.10.10/24.  I'm unable to access with other dockers using the host IP address and docker port #.   Maybe a better way to do this?

 

Any thoughts are appreciated.

Link to comment
On 2/5/2022 at 11:07 PM, jbear said:

For instance if NZBHydra2 is being routed through OpenVPN docker, Sonarr can't access NZBHydra2 for searches. 

8 hours ago, jbear said:

Maybe a better way to do this?

Wait, now that I've read it again this should be totally possible and no issue whatsoever because that's the main use case.

 

In Sonarr you have to enter it like this:

grafik.png.99d4d1578b5504d6b45cf0668cf08a89.png

but only if your OpenVPN-Client instance is running in bridge mode and the IP from unRAID is 192.168.10.10 as you've wrote above and you've created a port mapping in the OpenVPN-Client container from 5076 to 5076 like:

grafik.png.db15ed6a19ec0c84585fcbdee2eb6735.png

 

This should work totally fine. ;)

Link to comment
44 minutes ago, ich777 said:

Wait, now that I've read it again this should be totally possible and no issue whatsoever because that's the main use case.

 

In Sonarr you have to enter it like this:

grafik.png.99d4d1578b5504d6b45cf0668cf08a89.png

but only if your OpenVPN-Client instance is running in bridge mode and the IP from unRAID is 192.168.10.10 as you've wrote above and you've created a port mapping in the OpenVPN-Client container from 5076 to 5076 like:

grafik.png.db15ed6a19ec0c84585fcbdee2eb6735.png

 

This should work totally fine. ;)

 

Interesting, I must have a configuration issue, prior to routing Sonarr, Radarr, NZBGet, NZBHydra2 etc. through the OpenVPN-Client docker I had no issues with docker containers being able to access each other with Unraid Host IP and corresponding docker IP port #.  What would I be looking for?  After routing all of the above through the VPN and adding the port variables for each one, I can still access the Webgui for all the above.  Running ->Curl ifconfig.io tells me all these dockers are using the OpenVPN client properly based on the returned IP, but for some reason they can no longer talk to each other with HOST IP (192.168.10.10) and only with the APP IP (172.x.x.x).  

 

Some kind of weird routing issue, opening a console for NZBGet (which is now going through the VPN), I get no response when pining my Unraid Host (192.168.10.10).

 

Much appreciated.

 

  

Link to comment
2 hours ago, jbear said:

prior to routing Sonarr, Radarr, NZBGet, NZBHydra2 etc. through the OpenVPN-Client docker

Why are you routing every container through the OpenVPN container, I think NZBGet and NZBHydra2 is enough or am I wrong?

 

2 hours ago, jbear said:

Some kind of weird routing issue, opening a console for NZBGet (which is now going through the VPN), I get no response when pining my Unraid Host (192.168.10.10).

That is really weird, on my system I can ping the Host from the OpenVPN-Client and the Hydra container just fine (you first have to run "apt-get update && apt-get install iputils-ping" to actually use ping).

Can you tell me which repo is in your Docker template for the container?

 

Also on what unRAID version are you?

 

Do you run the OpenVPN container in the default bridge or do you have it assigned it's own IP in a Custom: br0?

Link to comment
11 hours ago, ich777 said:

Why are you routing every container through the OpenVPN container, I think NZBGet and NZBHydra2 is enough or am I wrong?

 

That is really weird, on my system I can ping the Host from the OpenVPN-Client and the Hydra container just fine (you first have to run "apt-get update && apt-get install iputils-ping" to actually use ping).

Can you tell me which repo is in your Docker template for the container?

 

Also on what unRAID version are you?

 

Do you run the OpenVPN container in the default bridge or do you have it assigned it's own IP in a Custom: br0?

 

ich777/openvpn-client

Version: 6.10.0-rc2

bridge

 

Could this have anything to do with my VPN provider (NordVPN) and related .ovpn?

 

I can console into other docker containers (not using the OpenVPN redirect), and can ping my host @ 192.168.10.10 and other hosts on the subnet /24)

 

I'm definetely stumped.

 

Do appreciated you taking the time to assist.

 

 

 

Link to comment
20 minutes ago, jbear said:

Could this have anything to do with my VPN provider (NordVPN) and related .ovpn?

I don't think so since the container listens on all interfaces for incoming connections (outgoing are all routet through the VPN of course).

 

20 minutes ago, jbear said:

I can console into other docker containers (not using the OpenVPN redirect), and can ping my host @ 192.168.10.10 and other hosts on the subnet /24)

Then I think something is wrong with the settings in Sonarr, that's my best guess, how have you put in the IP address and the port? Do you use the same port in the OpenVPN-Client container as it was in the original template from Hydra2?

 

Keep in mind you could try to create a custom network like in the @SpaceInvaderOne video from here (don't forget to turn on "Preserve user defined networks" in the Docker settings, otherwise the networks are deleted after a reboot), put all the containers in this new custom, let's say "opevpnnet" and then you can work with the container names instead of the IP addresses like: http://NZBHydra2:5076 in Sonarr for example (the name must be the exact same as how the Docker container is named).

This will only work if you create a custom network like in the video above, in the default bridge there is no name resolution of the containers.

 

Hope this makes sense to you...

Link to comment
1 hour ago, ich777 said:

I don't think so since the container listens on all interfaces for incoming connections (outgoing are all routet through the VPN of course).

 

Then I think something is wrong with the settings in Sonarr, that's my best guess, how have you put in the IP address and the port? Do you use the same port in the OpenVPN-Client container as it was in the original template from Hydra2?

 

Keep in mind you could try to create a custom network like in the @SpaceInvaderOne video from here (don't forget to turn on "Preserve user defined networks" in the Docker settings, otherwise the networks are deleted after a reboot), put all the containers in this new custom, let's say "opevpnnet" and then you can work with the container names instead of the IP addresses like: http://NZBHydra2:5076 in Sonarr for example (the name must be the exact same as how the Docker container is named).

This will only work if you create a custom network like in the video above, in the default bridge there is no name resolution of the containers.

 

Hope this makes sense to you...

Appreciate the feedback, in the meantime, I'm dialing it down, and I'm only using the OpenVPN-Client redirect for NZBHydra2, NZBGet and qBittorrent.  Everything now working as it should with Unraid Host IP addressing.  I suppose I wanted to encrypt everything, inclduding lookups when adding new content from Sonarr/Radarr etc, but that is overkill.   Appreciate all you do.

 

 

  • Like 1
Link to comment
  • 2 weeks later...

Hey ICH777,

 

Quick Issue maybe you can help me out. So I setup the container and stuff but when I try to open up the app that it is linked to it just doesn't open it and forces the default ports to be added instead of manual for each container. Issue lays between the OpenVPN Container and connecting to the application it is binded to. I added the extra parameters, added vpn.ovpn and vpn.auth and it connects to external vpn service but doesn't connect to app. Can you give me some guidance on this issue?

Link to comment
5 minutes ago, XzMrtrevorzX said:

Quick Issue maybe you can help me out. So I setup the container and stuff but when I try to open up the app that it is linked to it just doesn't open it and forces the default ports to be added instead of manual for each container. Issue lays between the OpenVPN Container and connecting to the application it is binded to. I added the extra parameters, added vpn.ovpn and vpn.auth and it connects to external vpn service but doesn't connect to app. Can you give me some guidance on this issue?

I'm not exactly sure what you mean.

 

You can't open the WebUI for the applications itself or am I wrong? If that's the case then make sure that you've created port mappings for the applications in the OpenVPN-Client container since the containers that you route through the OpenVPN-Client have no network anymore because they are using the OpenVPN-Client network now.

For example if you route NZBHydra2 through to the OpenVPN-Client you have to create a port mapping in the OpenVPN-Client template like:

image.png.2e1f036539dd6af964347eb69de5d066.png

 

After you've did that you can reach the WebUI again with the IP from the OpenVPN-Client container and the port as usual.

 

As said above that's caused because the containers that you've route through the OpenVPN-Client container have strictly speaking no network anymore and they use the network from OpenVPN-Client.

 

Hope that helps.

Link to comment

Been using the firefox container for some time, updated it and now I am getting an odd issue where it can't install firefox?

 

---Checking if UID: 99 matches user---
---Checking if GID: 100 matches user---
---Setting umask to 000---
---Checking for optional scripts---
---No optional script found, continuing---
---Checking configuration for noVNC---
Nothing to do, noVNC resizing set to default
Nothing to do, noVNC qaulity set to default
Nothing to do, noVNC compression set to default
---Starting...---
---Version Check---
---Firefox not installed, installing---
---Something went wrong, can't download Firefox, putting container in sleep mode---

 

How do I figure out what went wrong or install firefox manually?

Link to comment
7 minutes ago, TexasUnraid said:

 

 

Thank you!

 

The description in the container seems wrong replace "en_US" with "en-US" and it should work again, changed the description too.

Before you do this please force a update from the container itself (turn on the Advanced View on the top right on the Docker page and click grafik.png.f7a3c1b344d063ab3e51ab54ffeb34bd.png, don't forget to turn of the Advanced View after the update is done because it produces a little load on your server).

Link to comment

Ok, did a force update and that solved the firefox install issue but now getting a new error:

 

---Checking if UID: 99 matches user---
---Checking if GID: 100 matches user---
---Setting umask to 000---
---Checking for optional scripts---
---No optional script found, continuing---
---Checking configuration for noVNC---
Nothing to do, noVNC resizing set to default
Nothing to do, noVNC qaulity set to default
Nothing to do, noVNC compression set to default
---Starting...---
---Version Check---
---Firefox not installed, installing---
---Sucessfully downloaded Firefox---
---Preparing Server---
---Resolution check---
---Checking for old logfiles---
---Checking for old display lock files---
---Starting TurboVNC server---
---Preparing Server---
---Resolution check---
---Checking for old logfiles---
---Checking for old display lock files---
---Starting TurboVNC server---
---Starting Fluxbox---
---Starting noVNC server---
WebSocket server settings:
- Listen on :8080
- Web server. Web root: /usr/share/novnc
- No SSL/TLS support (no cert file)
- Backgrounding (daemon)
WebSocket server settings:
- Listen on :8080
- Web server. Web root: /usr/share/novnc
- No SSL/TLS support (no cert file)
- Backgrounding (daemon)
---Starting Firefox---
[GFX1-]: glxtest: libpci missing

(firefox:123): GLib-GIO-WARNING **: 07:58:18.494: Failed to execute child process “update-desktop-database” (No such file or directory)

 

Link to comment
Just now, TexasUnraid said:

Ok, did a force update and that solved the firefox install issue but now getting a new error:

Have you actually tested if you can connect to the WebGUI?

This is not an error, this is as the message says a warning... ;)

Nothing to worry about. Firefox is running just fine.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.