[Support] ich777 - Application Dockers

[ich777]

3 minutes ago, gny said:

It is a Synology DS1621+ using x86_64.

This is really strange.

The library was added recently and I don't get that warning, just one about libpci but that is minor...

 

Maybe try to delete the container and also delete dangling docker images, you have to look into how that is working since I don't know how that works on Synology, maybe there is a re-pull image option or run something like the Watchtower container which is checking on a schedule if updates are available.

[gny]

1 minute ago, ich777 said:

This is really strange.

The library was added recently and I don't get that warning, just one about libpci but that is minor...

 

Maybe try to delete the container and also delete dangling docker images, you have to look into how that is working since I don't know how that works on Synology, maybe there is a re-pull image option or run something like the Watchtower container which is checking on a schedule if updates are available.

I fixed it!! 😄

 

Instead of pulling thunderbird:latest, I pulled thunderbird:amd64 and that seems to have fixed the problem! I guess the "latest" tag does not factor in which processor you're using - my bad!

 

Thanks a ton for your help and also for your hard work on this project.

[ich777]

2 minutes ago, gny said:

Instead of pulling thunderbird:latest, I pulled thunderbird:amd64 and that seems to have fixed the problem! I guess the "latest" tag does not factor in which processor you're using - my bad!

No, that is definitely not the case. I think in your case you have dangling images and nothing that checks if newer versions from a container are available.

 

This issue was fixed a few weeks ago, here you can see that the amd64 tag points to the latest (look at the Digest numbers).

 

I would recommend that you enable updated checking, if that exists on Synology or install the Watchtower container.

[gny]

5 minutes ago, ich777 said:

No, that is definitely not the case. I think in your case you have dangling images and nothing that checks if newer versions from a container are available.

 

This issue was fixed a few weeks ago, here you can see that the amd64 tag points to the latest (look at the Digest numbers).

 

I would recommend that you enable updated checking, if that exists on Synology or install the Watchtower container.

Okay, I'll go ahead and install Watchtower and see if I can't get the thunderbird:latest version to work. Thank you!

[Bulletoverload]

On 7/17/2022 at 6:28 PM, Bulletoverload said:

@ich777Hi. I am having trouble swapping from the deprecated OpenVPN dperson version to yours. I didn't change anything at all, appdata folders lined up but for some reason I am getting

 

"2022-07-17 18:17:14 sitnl_send: rtnl: generic error (-101): Network is unreachable"

 

while trying to connect to PIA. I downloaded new ovpn files and confirmed my credentials in auth.vpn were correct. I even wiped the appdata folder and image and completely fresh installed. No luck. Any idea what is going on here? It looks like it is talking to and logging into the vpn server I have selected but something is failing. Appreciate any insight. Thanks!

 

Edit: I'd like to add that PIA includes (requires?) a .crt and a .pem file. Not sure what either of them do and/or if they are necessary for this setup, but I didn't see how to handle these extra files within the documentation. I have them both in /vpn/ but no change.

 

I've since figured out they are just separate files that contain what is already in the .ovpn. I did not do anything special within the dperson package so it must not have been using those files, as far as I can tell. I attempted to call these files in both the .ovpn and a .config file based on the instructions in the documentation but I still couldn't get anything to happen. This is way more than I did with the dperson package so I am assuming it is unecssary and I am just missing something rudimentary.

 

2022-07-17 18:07:16 Initialization Sequence Completed
---Checking for optional scripts---
---No optional script found, continuing---
---Taking ownership of data...---
---Starting...---
Error: ipv4: FIB table does not exist.

Dump terminated
+ exec sg vpn -c 'openvpn --cd /vpn --config /vpn/vpn.ovpn --script-security 2 --redirect-gateway def1 --auth-user-pass /vpn/vpn.auth '
2022-07-17 18:17:14 DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-128-cbc' to --data-ciphers or change --cipher 'aes-128-cbc' to --data-ciphers-fallback 'aes-128-cbc' to silence this warning.

2022-07-17 18:17:14 WARNING: file '/vpn/vpn.auth' is group or others accessible

2022-07-17 18:17:14 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
2022-07-17 18:17:14 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
2022-07-17 18:17:14 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
REDACTED
-----END X509 CRL-----

2022-07-17 18:17:14 TCP/UDP: Preserving recently used remote address: [AF_INET]140.228.24.198:1198
2022-07-17 18:17:14 UDP link local: (not bound)
2022-07-17 18:17:14 UDP link remote: [AF_INET]140.228.24.198:1198
2022-07-17 18:17:14 [montreal430] Peer Connection Initiated with [AF_INET]140.228.24.198:1198
2022-07-17 18:17:14 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results

2022-07-17 18:17:14 sitnl_send: rtnl: generic error (-101): Network is unreachable

2022-07-17 18:17:14 TUN/TAP device tun0 opened
2022-07-17 18:17:14 net_iface_mtu_set: mtu 1500 for tun0
2022-07-17 18:17:14 net_iface_up: set tun0 up
2022-07-17 18:17:14 net_addr_v4_add: 10.9.112.64/24 dev tun0
2022-07-17 18:17:14 WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected.

2022-07-17 18:17:14 add_route_ipv6(2000::/3 -> :: metric -1) dev tun0
2022-07-17 18:17:14 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

2022-07-17 18:17:14 Initialization Sequence Completed

 

 

@ich777 Sorry to spam you. When you get a chance, do you have any idea what is going on here? Thanks!

[ich777]

2 hours ago, Bulletoverload said:

@ich777 Sorry to spam you. When you get a chance, do you have any idea what is going on here? Thanks!

Oh sorry, wanted to answer your question but something come in my way I think...

Can you send me over the files via PM, of course without your credentials so that I can take a look at them?

I don't use PIA...

[robocat]

I have an issue with ichi777/thunderbird running on synology docker.

 

Until recently this ran fine with a VNC password set and a TURBOVNC_PARAMS variable set to empty.

 

Unfortunately the latest version of docker on Synology doesn't allow for empty variables any more. I can supply "-securitytypes none" but then there's no password required. I tried supplying different security types but everything I tried crashed fluxbox and the container.

 

How can I get past this issue and have password security?

 

[ich777]

38 minutes ago, robocat said:

Unfortunately the latest version of docker on Synology doesn't allow for empty variables any more. I can supply "-securitytypes none" but then there's no password required. I tried supplying different security types but everything I tried crashed fluxbox and the container.

That's really unfortunate...

 

Try this:

-securitytypes VNC

 

[robocat]

I get:

 

Fluxbox crashed with exit code 1

---Starting Thunderbird---

Unable to init server: Could not connect: Connection refused

Error: cannot open display: :99

 

 

[ich777]

3 minutes ago, robocat said:

I get:

Oh sorry, I think I gave you the wrong one, this should be correct:

-securitytypes VNC Password

 

[robocat]

Still crashes with the same error.

[ich777]

2 minutes ago, robocat said:

Still crashes with the same error.

Hmmmm, I have to investigate further. Don't know if I have time today but I will report back.

[thompw]

newb here needing help i have just tryed setting up openvpn with a custom file from surfshark i followed a youtube vidioe  from short tech vids i used ich777/vpn-client ste the network to briged and added --net=container:OpenVPN-Client to extra parameters section 

them installed chromium set network to none / noVNC webgui to 8080

then back to vpn container and added a port  for chrome with port 8080 both containers finished successfully but when i open chrome to test i get a blank screen saying about blocked

the logs say 

text  error  warn  system  array  login  

WebSocket server settings:
  - Listen on :8080
  - Web server. Web root: /usr/share/novnc
  - No SSL/TLS support (no cert file)
  - Backgrounding (daemon)
---Ensuring UID: 99 matches user---
---Ensuring GID: 100 matches user---
---Setting umask to 000---
---Checking for optional scripts---
---No optional script found, continuing---
---Checking configuration for noVNC---
Nothing to do, noVNC resizing set to default
Nothing to do, noVNC qaulity set to default
Nothing to do, noVNC compression set to default
---Taking ownership of data...---
---Starting...---
---Resolution check---
---Checking for old logfiles---
---Checking for old display lock files---
---Starting TurboVNC server---
---Starting Fluxbox---
---Starting noVNC server---
---Starting Chrome---
i have no idea where i have gone wrong hope some one can help many thanks 

[ich777]

1 hour ago, thompw said:

blank screen saying about blocked

Can you post a screenshot what is blank or at least what it looks like?

[karldonteljames]

Hello. I’m using machinaris and I won my first two chia coins two days ago.

I can see that they are in my wallet, but they are not in my “Cold Wallet” how do i get them into my nucle wallet so that I have them available for exchange if i wanted to?

 

Thanks in advance.

[ich777]

Just now, karldonteljames said:

Hello. I’m using machinaris and I won my first two chia coins two days ago.

I think you are in the wrong support thread…

[karldonteljames]

4 minutes ago, ich777 said:

I think you are in the wrong support thread…

Oh poo. I opened the page earlier and came back to it. Clearly I closed the wrong one. Sorry all.

 

[ich777]

On 7/21/2022 at 6:13 PM, robocat said:

Still crashes with the same error.

Have no issue with it when creating a environment variable 'TURBOVNC_PARAMS' and set it to:

-securitytypes VNC

 

 

 

 

Here is the log output:

---Ensuring UID: 99 matches user---
---Ensuring GID: 100 matches user---
---Setting umask to 000---
---Checking for optional scripts---
---No optional script found, continuing---
---Checking configuration for noVNC---
Setting noVNC resizing to: remote
Nothing to do, noVNC qaulity set to default
Nothing to do, noVNC compression set to default
---Taking ownership of data...---
---Starting...---
---Version Check---
---Thunderbird v102.0.3 up-to-date---
---Preparing Server---
---Resolution check---
---Checking for old logfiles---
---Checking for old display lock files---
---Starting TurboVNC server---
---Starting Fluxbox---
---Starting noVNC server---
WebSocket server settings:
  - Listen on :8080
  - Web server. Web root: /usr/share/novnc
  - No SSL/TLS support (no cert file)
  - Backgrounding (daemon)
---Starting Thunderbird---
[GFX1-]: glxtest: libpci missing
[Parent 107, Main Thread] WARNING: Failed to execute child process “update-desktop-database” (No such file or directory): 'glib warning', file /builds/worker/checkouts/gecko/toolkit/xre/nsSigHandlers.cpp:167

(thunderbird:107): GLib-GIO-WARNING **: 22:49:54.017: Failed to execute child process “update-desktop-database” (No such file or directory)

 

 

Are you sure that you've set the password first before creating the variable? Also please make sure that you are enter the commands like in this post: Click

 

Maybe something else has changed on the Synology side in terms of Docker.

[thompw]

22 hours ago, ich777 said:

Can you post a screenshot what is blank or at least what it looks like?

Yes sorry it is a chrome browser that does not load anything and in the address bar it say about blank in the video I was watching it should have come up with a vnc connect then opened up the Google Home page I cannot post a screen shot as I'm on the road till tomorrow hope this helps many thank ps goal is to setup van then sonarr and keep it encrypted so is are not spying

 

[robocat]

On 7/24/2022 at 10:51 PM, ich777 said:

Have no issue with it when creating a environment variable 'TURBOVNC_PARAMS' and set it to:

 

 

 

---Ensuring UID: 99 matches user---
---Ensuring GID: 100 matches user---
---Setting umask to 000---
---Checking for optional scripts---
---No optional script found, continuing---
---Checking configuration for noVNC---
Setting noVNC resizing to: remote
Nothing to do, noVNC qaulity set to default
Nothing to do, noVNC compression set to default
---Taking ownership of data...---
---Starting...---
---Version Check---
---Thunderbird v102.0.3 up-to-date---
---Preparing Server---
---Resolution check---
---Checking for old logfiles---
---Checking for old display lock files---
---Starting TurboVNC server---
---Starting Fluxbox---
---Starting noVNC server---
WebSocket server settings:
  - Listen on :8080
  - Web server. Web root: /usr/share/novnc
  - No SSL/TLS support (no cert file)
  - Backgrounding (daemon)
---Starting Thunderbird---
[GFX1-]: glxtest: libpci missing
[Parent 107, Main Thread] WARNING: Failed to execute child process “update-desktop-database” (No such file or directory): 'glib warning', file /builds/worker/checkouts/gecko/toolkit/xre/nsSigHandlers.cpp:167

(thunderbird:107): GLib-GIO-WARNING **: 22:49:54.017: Failed to execute child process “update-desktop-database” (No such file or directory)

 

 

Are you sure that you've set the password first before creating the variable? Also please make sure that you are enter the commands like in this post: Click

 

Maybe something else has changed on the Synology side in terms of Docker.

 

I now realise my mistake.

 

I had the password previously set as in the instructions. During all my troubleshooting, at a certain point I threw away everything and started over. So the password was no longer set.

 

So for Synology users, setting -securitytypes VNC is the correct answer.

 

Thanks for the help.  I use this to backup multiple IMAP accounts to my Synology, combined with filesystem snapshots for version control. 

 

 

 

 

[thingie2]

Hi, I'm having issues with the OpenVPN-Client container, and the routing of local traffic between docker containers, through the OVPN container

 

I'm trying to use this container as the VPN gateway for some dockers, one of which is Transmission.

 

My setup is as following:

I have Sonarr/Radarr etc on a subnet 192.168.20.0/24, which is gatewayed through another OpenVPN connection (hosted in a VM if it matters). I also have a transmission container on this subnet.

I have a 2nd transmission container (I'll call transmission2) on the "container:OpenVPN-Client" network. This can connect to the internet through the OVPN connection absolutely fine.

My unraid server sits on the 192.168.10.0/24 subnet (exc a selection of dockers, as mentioned above)

 

I'm trying to have Sonarr & Radarr connect to transmission2, so that I can utilise 2 different VPN connections from my 2 different transmission instances.

 

If I remove the OpenVPN-Client container/put transmission2 onto my server subnet via a dedicated IP, or via a host connection, Sonarr & Radarr can connect to it fine (this makes me think it's not an issue with my router firewall, as traffic is getting between subnets fine). When I put it through the OpenVPN-Client network, they cannot communicate, therefore I believe I have missed something in regards to port mappings etc within the OpenVPN-Client.

 

the mappings etc for the containers in question are below:

My Sonarr download client config:

 

Any help to resolve would be greatly appreciated. Let me know if there's anything more needed to troubleshoot.

 

 

[ich777]

34 minutes ago, thingie2 said:

Any help to resolve would be greatly appreciated. Let me know if there's anything more needed to troubleshoot.

You are mixing multiple networks I think there is the issue.

 

Why not putting Sonarr and Radarr on bridge network too?

In order to make this work you have either Enable "Host access to custom networks" in the Docker settings:

 

Or not put it on a custom brX network.

 

The default bridge network and other networks can't communicate with each other, that's a Docker safety feature.

[thingie2]

36 minutes ago, ich777 said:

You are mixing multiple networks I think there is the issue.

 

Why not putting Sonarr and Radarr on bridge network too?

In order to make this work you have either Enable "Host access to custom networks" in the Docker settings:

 

Or not put it on a custom brX network.

 

The default bridge network and other networks can't communicate with each other, that's a Docker safety feature.

 

Thanks for the quick reply.

 

It might not be the most elegant way to do it, but probably more that it's appeared out of multiple small changes & additions, and I'd rather not rip everything up & start again. I have Sonarr & Radarr on on br1, as that's my "VPN network". all decides on this subnet go through the OVPN running in my VM (this was created before there was/I found there was an OpvenVPN Client docker (probably been that way for a couple of years min), as a means to get all the traffic through a VPN whilst only utilising a single VPN "Device".

 

I've enabled the "Host access to custom networks", and kept the rest of my settings the same & it seems to have fixed it. Thank you!

 

I didn't realise the default bridge can't communicate with other networks, and that explains why it can't communicate & why I couldn't find what was wrong. - Is this what the above setting changes, or is that something else?

[ich777]

6 hours ago, thingie2 said:

Is this what the above setting changes, or is that something else?

Yes.

[ceyo14]

On 7/18/2022 at 1:12 AM, ich777 said:

I think you are talking about the Checkmk-RAW container.

On what Unraid version are you?

 

This is the output from a fresh pulled container from the CA App:

  Reveal hidden contents

text  error  warn  system  array  login  

### CREATING SITE 'cmk'
Adding /opt/omd/sites/cmk/tmp to /etc/fstab.
Going to set TMPFS to off.
Preparing tmp directory /omd/sites/cmk/tmp...Generating configuration for core (type nagios)...
Precompiling host checks...OK
Updating core configuration...
Executing post-create script "01_create-sample-config.py"...OK
Adding /opt/omd/sites/cmk/tmp to /etc/fstab.
Going to set TMPFS to off.
Created new site cmk with version 2.1.0p6.cre.

  The site can be started with omd start cmk.
  The default web UI is available at http://7e9bd108ff7f/cmk/

  The admin user for the web applications is cmkadmin with password: eibBNKpS
  For command line administration of the site, log in with 'omd su cmk'.
  After logging in, you can change the password for cmkadmin with 'htpasswd etc/htpasswd cmkadmin'.

### STARTING XINETD
Starting internet superserver: xinetd.
### STARTING SITE
Preparing tmp directory /omd/sites/cmk/tmp...Starting agent-receiver...OK
Starting mkeventd...OK
Starting rrdcached...OK
Starting npcd...OK
Starting nagios...OK
Starting apache...OK
Starting redis...OK
Initializing Crontab...OK
### STARTING CRON
### CONTAINER STARTED

 

 

Maybe try the following:

1. Remove the container
2. Remove the directory that was created in your appdata folder for checkmk
3. Pull a fresh copy from the CA App

 

Scratch that, after installing it on my server, I couldn't stop the container and also couln't remove it. I've then restarted my server and Docker and emhttp weren't working properly anymore. After starting the Docker service manually the container auto started but I've never enabled that, I had to remove the image for the container itself manually to get everything back to a working state.

I pulled both the Checkmk-RAW and Checkmk Agen plugin from the CA App because they gave me both a lot of trouble in the past and I really want that this happens to someone which is not that familiar with the command line and how to remove a Docker image manually...

Will you still work on this?, Or do you think that at this point you will not continue supporting CheckMK?

 

I always wanted to get this running but haven't had much time to get it to work. I mean actually using it... it ran if I stayed away from 2.0

 

I understand whatever your decision is, not expecting anything, just wondering...