├── README.md └── docker ├── configs └── bitmagnet │ └── classifier.yml ├── faq ├── bitmagnet.md ├── code-server.md ├── crafty.md ├── delugevpn.md ├── general.md ├── help.md ├── jellyfin.md ├── minecraftbedrockserver.md ├── minecraftserver.md ├── plex.md ├── preclear.md ├── pycharm.md ├── qbittorrentvpn.md ├── rclone.md ├── rtorrentvpn.md ├── sabnzbdvpn.md ├── sonarr.md ├── unraid.md ├── urbackup.md └── vpn.md └── guides └── vpn.md /README.md: -------------------------------------------------------------------------------- 1 | # **Documentation** 2 | 3 | ## **Description** 4 | 5 | Links to documentation for software located in the binhex repositories. 6 | 7 | ## Docker 8 | 9 | ### Guides 10 | 11 | --- 12 | 13 | #### VPN Docker Guide 14 | 15 | Guide on how to do the initial setup for VPN enabled Docker images. 16 | https://github.com/binhex/documentation/blob/master/docker/guides/vpn.md 17 | 18 | 19 | #### FAQ's 20 | 21 | --- 22 | 23 | ##### General Docker FAQ 24 | 25 | Frequently asked questions regards general Docker usage. 26 | https://github.com/binhex/documentation/blob/master/docker/faq/general.md 27 | 28 | 29 | ##### VPN Docker FAQ 30 | 31 | Frequently asked questions regards VPN specific configuration. 32 | https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md 33 | 34 | 35 | ##### SABnzbdVPN Docker FAQ 36 | 37 | Frequently asked questions regards SABnzbd+ specific configuration. 38 | https://github.com/binhex/documentation/blob/master/docker/faq/sabnzbdvpn.md 39 | 40 | 41 | ##### DelugeVPN Docker FAQ 42 | 43 | Frequently asked questions regards Deluge specific configuration. 44 | https://github.com/binhex/documentation/blob/master/docker/faq/delugevpn.md 45 | 46 | ##### PyCharm Docker FAQ 47 | 48 | Frequently asked questions regards PyCharm specific configuration. 49 | https://github.com/binhex/documentation/blob/master/docker/faq/pycharm.md 50 | 51 | ##### qBittorrentVPN Docker FAQ 52 | 53 | Frequently asked questions regards qBittorrent specific configuration. 54 | https://github.com/binhex/documentation/blob/master/docker/faq/qbittorrentvpn.md 55 | 56 | ##### Sonarr Docker FAQ 57 | 58 | Frequently asked questions regards Sonarr specific configuration. 59 | https://github.com/binhex/documentation/blob/master/docker/faq/sonarr.md 60 | 61 | ##### Plex Docker FAQ 62 | 63 | Frequently asked questions regards Plex specific configuration. 64 | https://github.com/binhex/documentation/blob/master/docker/faq/plex.md 65 | 66 | ##### UrBackup Docker FAQ 67 | 68 | Frequently asked questions regards UrBackup specific configuration. 69 | https://github.com/binhex/documentation/blob/master/docker/faq/urbackup.md 70 | 71 | ##### Preclear Docker FAQ 72 | 73 | Frequently asked questions regards Preclear Docker usage. 74 | https://github.com/binhex/documentation/blob/master/docker/faq/preclear.md 75 | 76 | ##### Minecraft Server Docker FAQ 77 | 78 | Frequently asked questions regards Minecraft Server specific configuration. 79 | https://github.com/binhex/documentation/blob/master/docker/faq/minecraftserver.md 80 | 81 | ##### Minecraft Bedrock Server Docker FAQ 82 | 83 | Frequently asked questions regards Minecraft Bedrock Server specific configuration. 84 | https://github.com/binhex/documentation/blob/master/docker/faq/minecraftbedrockserver.md 85 | 86 | ##### Crafty Controller Docker FAQ 87 | 88 | Frequently asked questions regards Crafty Controller specific configuration. 89 | https://github.com/binhex/documentation/blob/master/docker/faq/crafty.md 90 | 91 | ##### Code-Server Docker FAQ 92 | 93 | Frequently asked questions regards Code-Server specific configuration. 94 | https://github.com/binhex/documentation/blob/master/docker/faq/code-server.md 95 | 96 | ##### Rclone Docker FAQ 97 | 98 | Frequently asked questions regards Rclone specific configuration. 99 | https://github.com/binhex/documentation/blob/master/docker/faq/rclone.md 100 | 101 | ##### Jellyfin Docker FAQ 102 | 103 | Frequently asked questions regards Jellyfin specific configuration. 104 | https://github.com/binhex/documentation/blob/master/docker/faq/jellyfin.md 105 | 106 | ##### bitmagnet Docker FAQ 107 | 108 | Frequently asked questions regards bitmagnet specific configuration. 109 | https://github.com/binhex/documentation/blob/master/docker/faq/bitmagnet.md 110 | 111 | ##### unRAID Docker FAQ 112 | 113 | Frequently asked questions regards unRAID general Docker usage. 114 | https://github.com/binhex/documentation/blob/master/docker/faq/unraid.md 115 | 116 | #### Help 117 | 118 | ##### Further Help 119 | 120 | Instructions for further help if required. 121 | https://github.com/binhex/documentation/blob/master/docker/faq/help.md 122 | 123 | --- 124 | If you appreciate my work, then please consider buying me a beer :D 125 | 126 | [![PayPal donation](https://www.paypal.com/en_US/i/btn/btn_donate_SM.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=MM5E27UX6AUU4) 127 | 128 | [Documentation](https://github.com/binhex/documentation) | [Support Forum](http://forums.unraid.net/index.php?topic=45811.0) 129 | -------------------------------------------------------------------------------- /docker/configs/bitmagnet/classifier.yml: -------------------------------------------------------------------------------- 1 | $schema: "https://bitmagnet.io/schemas/classifier-0.1.json" 2 | 3 | # Example 1. Classifier configuration file demonstrating how to filter out content based on torrent filename and file content 4 | 5 | keywords: 6 | banned: 7 | - "*my-bad-word*" 8 | - "*my-other-bad-word*" 9 | 10 | extensions: 11 | video_movie: 12 | - mkv 13 | - mp4 14 | - avi 15 | - mov 16 | - wmv 17 | - webm 18 | - divx 19 | 20 | # extend the default workflow with a custom workflow: 21 | workflows: 22 | custom: 23 | # first run the default workflow: 24 | - run_workflow: default 25 | # filter specific content 26 | - if_else: 27 | condition: "result.contentType in [contentType.movie, contentType.tv_show, contentType.unknown]" 28 | if_action: 29 | find_match: 30 | - if_else: 31 | condition: 32 | or: 33 | # remove any magnet in content type movies, tv series or unknown that contains a torrent filename or basename that matches any of the defined banned keywords 34 | - "torrent.baseName.matches(keywords.banned)" 35 | - "([torrent.baseName] + torrent.files.map(f, f.basePath)).join(' ').matches(keywords.banned)" 36 | if_action: delete 37 | - if_else: 38 | condition: "result.contentType in [contentType.movie, contentType.tv_show]" 39 | if_action: 40 | find_match: 41 | - if_else: 42 | condition: 43 | or: 44 | # remove any magnet in content type movies or tv series that matches the extensions video_movie and is 200 MB or larger and contains a torrent filename with 2 or more consecutive non ascii characters 45 | - "torrent.files.filter(f, f.extension in extensions.video_movie && f.size > 200*mb).map(f, f.basePath).join(' ').matches('.*[^\x00-\x7F]{2,}.*')" 46 | if_action: delete 47 | # if_action: 48 | # add_tag: foreign-video 49 | - if_else: 50 | condition: "result.contentType in [contentType.unknown]" 51 | if_action: 52 | find_match: 53 | - if_else: 54 | condition: 55 | or: 56 | # remove any magnet in content type unknown that contains a torrent filename with any non ascii characters 57 | - "([torrent.baseName] + torrent.files.map(f, f.basePath)).join(' ').matches('.*[^\x00-\x7F].*')" 58 | if_action: delete 59 | # if_action: 60 | # add_tag: foreign-unknown 61 | 62 | flags: 63 | local_search_enabled: true 64 | apis_enabled: true 65 | tmdb_enabled: true 66 | delete_xxx: true 67 | # belts and braces, also delete content type xxx 68 | delete_content_types: 69 | - xxx 70 | -------------------------------------------------------------------------------- /docker/faq/bitmagnet.md: -------------------------------------------------------------------------------- 1 | # **bitmagnet Docker FAQ** 2 | 3 | **Q1.** I have set category 'xxx' to be deleted by defining it in the config.yml under section 'delete_content_types' but i still see the number of items going up, why is this? 4 | 5 | **A1.** If you 'Order By' 'Published' you will note that the 'Published' time will start to increase as new content is not added, the number of indexed items will increase but no further items will be displayed for the category. 6 | 7 | **Q2.** I have set category 'xxx' to be deleted by defining it in the config.yml under section 'delete_content_types' but the number of items indexed in the category 'xxx' is not going down, why is this?. 8 | 9 | **A2.** Items already indexed will not be retrospecively deleted, what the section name of 'delete_content_types' is referring to is new content added that matches the category specified will be auto deleted. 10 | 11 | **Q3.** I would like to interrogate the PostGres bitmagnet database using [pgAdmin](https://www.pgadmin.org/) how do i do this?. 12 | 13 | **A4.** In order to access the PostGres database you have to perform 4 steps: 14 | 15 | 1. Ensure port 5432 is defined for the container, if you are sing a vpn then ensure its defied in the value for variable (env var) 'VPN_INPUT_PORTS' 16 | 2. Install [pgAdmin](https://www.pgadmin.org/) - tested tooling but you can use others if you wish. 17 | 3. Permit connect to PostGres by editign the file xxxx 18 | 4. Permit connection to PostGres by editing the file xxxxx 19 | 4. -------------------------------------------------------------------------------- /docker/faq/code-server.md: -------------------------------------------------------------------------------- 1 | # **Code-Server Docker FAQ** 2 | 3 | **Q1.** I'm seeing an error in the Web UI that states ```Error loading webview: Error: Could not register service workers: S...```, what is it and how can i stop it appearing? 4 | 5 | **A1.** This error is caused by the use of self-signed certificates, which by default this container uses. The error can be triggered by simply going to an extesion and attempting to view the 'Details' tab. 6 | 7 | To Fix this issue please see **Q2.** or **Q3.** 8 | 9 | **Q2.** I want to switch from using a self-signed cert to a valid certificate from a authorised certificate authority, how do i do this?. 10 | 11 | **A2.** Once you have the certificate issued from your certificate authority then you can use the following procedure to configure code-server to use the cert:- 12 | 13 | 1. Stop the container 14 | 2. Copy the certificate and key to ```/config/code-server/certs/``` 15 | 3. Set the value for variable key ```CERT_PATH``` to the path for the cert e.g. ```/config/code-server/certs/mycert.crt``` and set the value for variable key ```CERT_KEY_PATH``` to the path for the cert key e.g. ```/config/code-server/certs/mycert.key```. 16 | 4. Start container 17 | 18 | **Q3.** I want to use the the certificate generated by the cloud provider (in this case CDR), can you please tell me how to do this?. 19 | 20 | **A3.** To do this simple set variable key ```BIND_CLOUD_NAME``` to have a value of ``````, then check the log file ```/config/supervisord/log``` for URL to authorise CDR (cloud provider) with GitHub. 21 | 22 | **Q4.** I want to use a reverse proxy such as SWAG or NPM with Code-Server so i can access it externally, in order to do this i need to switch over to HTTP, how do i do this?. 23 | 24 | **A4.** To do this simple set variable key ```SELF_SIGNED_CERT``` to have a value of ```no```, also ensure variable keys ```CERT_PATH``` and ```CERT_KEY_PATH``` both have blank values, otherwise they will take presedence over the value set for ```SELF_SIGNED_CERT```. 25 | 26 | **Q5.** I would like to include application/tool/scripting language XXXX in Code-Server, how do i do this?. 27 | 28 | **A5.** You can install applications by specifying the package name from AOR (Arch Official Repository) or from AUR (Arch User Repository), please see example script file located at ```/config/code-server/scripts/example-startup-script.sh``` for how to install packages. 29 | 30 | **Note** You will need to ensure that env var ```ENABLE_STARTUP_SCRIPTS``` is set to ```yes``` otherwise no execution of the script(s) will take place. 31 | 32 | **Q6.** I want to use the GitHub integration with Code-Server but i don't know what the steps are, can you please tell me how to do this?. 33 | 34 | **A6.** TBD. -------------------------------------------------------------------------------- /docker/faq/crafty.md: -------------------------------------------------------------------------------- 1 | # **Crafty Controller Docker FAQ** 2 | 3 | **Q1.** How do i define the version of Java used when running a Minecraft server via Crafty? 4 | 5 | **A1.** In order to specify the version of Java you need to edit an already defined server, you cannot define this at the time of server creation in Crafty (this may change in later versions). The procedure for changing the version of Java after the server is defined is as follows:- 6 | 7 | 1. Open Crafty Web UI and login 8 | 2. Click on the 'Dashboard' 9 | 3. Click on 'Edit' for running server 10 | 4. Scroll down to 'Java Path' and set the path to one of the versions of Java shown below:- 11 | 12 | **Java 8 (default)** 13 | ``` 14 | /usr/lib/jvm/java-8-openjdk/bin/java 15 | ``` 16 |
17 | 18 | **Java 11 (required by papermc)** 19 | ``` 20 | /usr/lib/jvm/java-11-openjdk/bin/java 21 | ``` 22 |
23 | 24 | **Java XX (latest) (required by minecraft 1.17+)**
25 | Due to the rolling nature of Arch Linux and the fact Java versions are changing quickly nowadays i cannot detail the exact path to use, you should be able to identify the latest version included in the image by going to the following link:- https://archlinux.org/packages/extra/x86_64/jdk-openjdk/
26 | 27 | Once you know the major version (e.g. ```18```) then simply replace ```XX``` with the version number to get the path to the latest Java included in the image. 28 | ``` 29 | /usr/lib/jvm/java-XX-openjdk/bin/java 30 | ``` 31 | 5. Click on 'Save' 32 | 6. Restart the server for the change to take affect -------------------------------------------------------------------------------- /docker/faq/delugevpn.md: -------------------------------------------------------------------------------- 1 | # **DelugeVPN Docker FAQ** 2 | 3 | **Q1.** How do i connect CouchPotato to DelugeVPN? 4 | 5 | **A1.** To connect CouchPotato to DelugeVPN perform the following:- 6 | 7 | **IMPORTANT** - If your connecting to DelugeVPN from a traditional (non dockerized) installation of CouchPotato then please ensure you have configured the LAN_NETWORK (see FAQ "I'm struggling to configure LAN_NETWORK correctly, can you give some examples?" for help) environment variable for DelugeVPN (you can left click and "Edit" the configuration if you've already created the container). 8 | 9 | 1. Start DelugeVPN and login to the webui, then enable Preferences->Daemon->Allow Remote Connections 10 | 11 | 2. Restart DelugeVPN Docker container 12 | 13 | 3. Open Deluge authorisation file /config/auth and note the username and password, it should be in the format:- 14 | 15 |    ```::``` 16 | 17 |     The default value is as follows:- 18 | 19 |    ```admin:deluge:10``` 20 | 21 |     If the above doesn't exist then please add to the auth file and restart the container before continuing. 22 | 23 | 4. Go to the CouchPotato webui->Settings>Downloaders>Deluge 24 | 25 | 5. Configure Host as ```:58846``` 26 | 27 | 6. Configure the Username and Password as specified in the auth file 28 | 29 | 7. Click on Test Deluge button, if it all works then you should see success. 30 | 31 | **Q2.** How can i verify that the Torrent client is using the VPN tunnel? 32 | 33 | **A2.** You can verify this by loading a custom torrent that returns the IP address that is used to connect to the tracker, instructions on how to do this shown below:- 34 | 35 | 1. Go to website http://torguard.net/checkmytorrentipaddress.php 36 | 37 | 2. Click on the "Check my torrent IP" button to download the torrent 38 | 39 | 3. Open Deluge webui and add the torrent 40 | 41 | 4. Highlight the added torrent and go to the "Status" tab at the bottom left of the screen 42 | 43 | 5. The "Tracker Status" should return something like this:- 44 | 45 |    ```"checkmytorrentip.net: Error: Success, Your torrent client IP is: 10.156.1.1"``` 46 | 47 | 6. If the tunnel is correctly established then IP address should be different to the IP address from your ISP. 48 | 49 | **Q3.** When i attempt to install a 3rd party Deluge Plugin using the Web UI it doesn't load, what is the correct way to install 3rd party plugins? 50 | 51 | **A3.** Installing .egg files (google 'Python Eggs' for more info) is best done by copying and pasting the file with the .egg extension to the /config/plugins/ folder on the host, once you have done this you will need to restart the container for the plugin to be shown in preferences/plugins in the Web UI. If the plugin does not stay enabled between restarts then see below. 52 | 53 | **Q4.** Whenever i enable a plugin using the Deluge Web UI the enabled plugin seems to disable on a restart, how can i keep the plugin enabled even after a restart? 54 | 55 | **A4.** Deluge developers seemed to of taken the strange decision of writing configuration changes for plugins on shutdown, this causes a problem for people using Deluge in a container, as all processes will be terminated on shutdown of the container, meaning there is no time for Deluge to write out to the configuration file (/config/core.conf). To get around this we need to manually edit the configuration file ourselves, the steps below detail how to do this:- 56 | 57 | 1. Make a note of the plugin names you want to enable through the Web UI (they are case sensitive!) 58 | 59 | 2. Stop the container and then open /config/core.conf with a text editor such as notepad++ (windows), or nano (linux), do NOT use wordpad or notepad on Windows, it will screw up line endings. 60 | 61 | 3. Find the section 'enabled_plugins' and add in the list of plugins you want enabled, for example to enable 3 plugins:- 62 | 63 | ``` 64 | "enabled_plugins": [ 65 | "Label", 66 | "Scheduler", 67 | "Notifications" 68 | ], 69 | ``` 70 | 71 | 4. Start the container again, then check the Web UI preferences/plugins and ensure the plugins are enabled. 72 | 73 | 5. Configure each plugin as desired. -------------------------------------------------------------------------------- /docker/faq/general.md: -------------------------------------------------------------------------------- 1 | # **General Docker FAQ** 2 | 3 | **Q1.** What is the difference between Bridge and Host Network Types? 4 | 5 | **A1.** Setting a Docker Container to Bridge networking (default) allows the user to map a port from the host to the container (see later questions), whereas setting a Docker container to use Host networking means the Docker applications ports cannot be defined and are bound to the Host's adapter 6 | 7 | **Q2.** What are Volume Mappings used for? 8 | 9 | **A2.** Volume Mappings are a way of sharing data from the host to the running Docker Container, without a Volume Mapping it would be very difficult to access data written to the running containers virtual file system. Volume mappings are defined in two halves, the Container volume, which is the  root folder that will appear INSIDE the Docker Container, and the Host path, which is the full path you wish to share with the Docker Container. 10 | 11 | For example a volume mapping of /config /mnt/cache/appdata will create a folder called "config" off the root of the Docker Containers file system, this folder will contain all files and folders that exist in the hosts path "/mnt/cache/appdata". 12 | 13 | **IMPORTANT** - When configuring the Docker application (not container) remember to use the container volume root folder, NOT the Host path, e.g. /data/completed for completed folder or /data/incomplete for incomplete downloads, NOT host path such as /mnt/user/appdata/completed 14 | 15 | **Q3.** What is the /config Container Volume used for? 16 | 17 | **A3.** This is used to store application configuration, such as ini files, db's, cached data, etc. 18 | 19 | **Q4.** What is the /data Container Volume used for? 20 | 21 | **A4.** This is used to store downloaded data generated from the Docker application, such as TV Shows, Movies, Games, etc. 22 | 23 | **Q5.** What is the /media Container Volume used for? 24 | 25 | **A5.** This is used with Docker applications that index data for user consumption, or Docker applications that require access to your media library to perform post processing, example applications are CouchPotato, Plex, Madsonic, Sickbeard, SickRage. 26 | 27 | **Q6.** What are Port Mappings used for? 28 | 29 | **A6.** Port mappings are used to map a hosts ports to a containers ports, this gives you the flexibility to have multiple containers running using the same port but are defined as different ports on the host side. 30 | 31 | **IMPORTANT** - When editing the Docker container please do NOT alter the container port, this is set in the Docker image and should not be changed, this also applies to application configuration, the port number should NOT be changed. 32 | 33 | **Q7.** Why is there more than one Container Port specified? 34 | 35 | **A7.** Multiple Container ports are sometimes required for applications where there is more than one process running, an example of this would be Deluge, where it has a daemon (process that does the downloading), a webui (process serving the http interface), and an additional port for incoming requests. 36 | 37 | **Q8.** I have a problem with a Docker, are there any logs? 38 | 39 | **A8.** All the Docker containers for this repository use a process manager called Supervisor, this will log stdout and stderr to a log file called "supervisord.log" in the root of the defined /config hosts path. When logging an issue on the forum please attach this to help diagnose the issue quicker. 40 | 41 | **Q9.** I have a problem with application X, its hanging/crashing/behaving strangely, who do i contact? 42 | 43 | **A9.** Although i am the developer for the docker image i cannot fix issues related to the application itself, put simply i create an easy to use method to run the application, if the application itself is faulty then you will need to contact the developer(s) of the application, most of the time this involves posting an 'issue' on github, see the application support thread OP for links to the application, or link in the readme.md for the application. 44 | 45 | **Q10.** Since the latest update i am having issues with application MineOS/Minecraft/Libreoffice/PyCharm and it is unable to start, what is the cause of this and how can i fix it?. 46 | 47 | **A10.** Due to an update to the 'glibc' library used in the Arch Linux base OS that all my images are built on, it is necessary to upgrade the version of 'runc' to '1.0-rc93' or later. To do this perform **ONE** of the following actions:- 48 | 49 | 1. Update the version of Docker (**non unRAID users**) - This is by far the simplest way of upgrading runc, as the latest version is included in the latest Docker release, please refer to your distro documentation on how to update to the latest version of Docker. 50 | 51 | 1. Update runc manually (**unRAID users**) - The steps are as follows:- 52 | 53 | Drop to Terminal for the unRAID server (NOT the container) and issue the following command to upgrade runc:- 54 | 55 | ```bash 56 | curl -o '/usr/bin/runc' -L 'https://github.com/binhex/arch-packages/raw/master/static/x86-64/runc/runc' && chmod +x '/usr/bin/runc' 57 | ``` 58 | 59 | **Note** The above step will be necessary on subsequent restarts of the server (NOT the container). 60 | 61 | This is a temporary stopgap whilst we wait for the next release of unRAID (6.9.2), which should include the latest version of Docker (i have contacted Limetech). 62 | 63 | 1. Switch to privileged mode - This is a workaround if you do not want to update runc, but it does elevate permissions for the container and thus increases the potential for a security issue. unRAID users can do this by going to web ui/Docker tab/left click icon and select 'edit' then toggle the ```Privileged``` to ```on``` and click on Apply. For non unRAID users they simply supply the additional flag when creating the container ```--privileged=true``` 64 | 65 | 1. Roll back to previous version - If none of the above options are sutiable then the only option left is to roll back to a previous version before the glibc update by using a specifc tagged image, see Q5. from the following link:- [https://github.com/binhex/documentation/blob/master/docker/faq/unraid.md](https://github.com/binhex/documentation/blob/master/docker/faq/unraid.md) 66 | 67 | **Q11.** I want to use a particular version of an application, how can i do this using Docker containers?. 68 | 69 | **A11.** I have implemented sub version tagging for all images going forward (no retro version tags), this means if you are sensitive to version changes for any application you can now restrict this by specifying the version you want in a more exact manner. The tags generated are as follows:- 70 | 71 | ```text 72 | 73 | . 74 | 75 | 'latest' 76 | ``` 77 | 78 | So for example a version of 'v1.45.0' would generate the following tags:- 79 | 80 | ```text 81 | v1 82 | v1.45 83 | v1.45.0 84 | latest 85 | ``` 86 | 87 | So if you wanted to only use v1, then you could specify `:v1` or if you wanted to use the current major-minor version then `:v1.45` 88 | 89 | **Note** Do keep in mind sub version tags will only be generated for applications that comply to semver, that is 3 (or more) octets in the version, not all application developers do this. 90 | -------------------------------------------------------------------------------- /docker/faq/help.md: -------------------------------------------------------------------------------- 1 | # **Further Help** 2 | 3 | OK so you've read any relevant FAQ's from [here](https://github.com/binhex/documentation) and you're still stuck, in that case you will need to perform the following, please keep in mind without logs i have no detailed visibility of your configuration and thus little chance of identifying the issue. 4 | 5 | ## UNRAID Users 6 | 7 | Please perform both sections below unless instructed otherwise: 8 | 9 | ### Gather Command execution 10 | 11 | 1. Left click the container and select 'Edit', make any change to a value, then switch it back to what it was and click on 'Apply', then copy and paste the 'Command execution' shown to a file, ensuring to **remove all reference to username and password**. 12 | 1. Go to support thread (left click icon and select 'Support') and then attach (do NOT paste) the 'Command execution' output file but do not 'Submit Reply', please move onto the next step below. 13 | 14 | ### Gather Supervisor log 15 | 16 | 1. Delete any existing log file located at `/config/supervisord.log`, where `/config` is the host path for the container. 17 | 1. Left click container and select 'Edit' then set the 'Container Variable' for `DEBUG` to a value of `true` and click 'Apply'. 18 | 1. Wait 5 mins for it to completely finish initialising, then open the log file at `/config/supervisord.log` and **remove all reference to username and password from the file**, then save the log somewhere. 19 | 1. Attach (do NOT paste) the log output file from Step 3 to the post and click on 'Submit Reply'. 20 | 21 | ## Other Users 22 | 23 | 1. Delete any existing log file located at `/config/supervisord.log`, where /config is the host path. 24 | 1. Stop and delete the container (not the image). 25 | 1. Set the env var key `DEBUG` to a value of `true`. 26 | 1. Create the container and wait 5 mins for it to completely finish initialising. 27 | 1. Open the log file at `/config/supervisord.log` and **remove all reference to username and password** and save to another filename. 28 | 1. Append the docker run/create command or docker compose yml file to the saved log file. 29 | 1. Paste the contents of the saved log file to pastebin (or similar) and create Github 'Issue' and link to the log file detailing your issue. 30 | -------------------------------------------------------------------------------- /docker/faq/jellyfin.md: -------------------------------------------------------------------------------- 1 | # **Jellyfin Docker FAQ** 2 | 3 | **Q1.** How do I configure Jellyfin to use hardware transcoding (transcoding using GPU instead of CPU)?. 4 | 5 | **A1.** In order to get hardware transcoding working for your GPU you need to configure the container as follows:- 6 | 7 | **nVidia GPU** 8 | 9 | 1. Install the unRAID Plugin `Nvidia Driver` from CA (Community Applications), please ensure the driver version you select is at **least** `470.57.02`. 10 | 2. Go to unRAID web ui/Docker tab/left click Jellyfin container and select `Edit` 11 | 3. Click on the toggle for `ADVANCED VIEW` (top right) 12 | 4. Go to `Extra Parameters:` and enter in a value of `--gpus all` 13 | 5. Click on `Add another Path, Port, Variable, Label or Device` and select `Config Type` of `Variable` 14 | 6. Set `Key:` to `NVIDIA_VISIBLE_DEVICES` and `Value:` to `all`, or if you want to pass through a specific card then specify the GPU ID e.g. `GPU-02ac791e-6f42-b14f-3c14-8a4db2a01b8d` (can be found in the `Nvidia Driver` plugin - see step 1.) 15 | 7. Click on `Add` 16 | 8. Click on `Add another Path, Port, Variable, Label or Device` and select `Config Type` of `Variable` 17 | 9. Set `Key:` to `NVIDIA_DRIVER_CAPABILITIES` and `Value:` to `all` 18 | 10. Click on `Add` 19 | 11. Click on `Apply` to apply the change 20 | 21 | Once you have done the above it's time to enable hardware transcoding in Jellyfin:- 22 | 23 | 1. Login to Jellyfin Web UI and go to the `Administration/Dashboard` 24 | 2. Go to `Server/Playback` you should then see the `Transcoding` section 25 | 3. On the dropdown for `Hardware acceleration:` select `Nvidia NVENC` 26 | 4. Tick the preferred options for `Enable hardware decoding for:` 27 | 5. Click `Save` at the bottom of the screen to enable. 28 | 6. Test playback and monitor CPU usage 29 | 30 | **Note** To help debug further it is highly recommended to also install the unRAID Plugin `GPU Statistics`, this will then give you stats on your GPU and will enable you to easily see when the GPU is being used for transcoding.** 31 | 32 | **Q2.** I am attempting to setup Jellyfin from scratch but I'm getting prompted for login credentials, what are the default credentials to login? 33 | 34 | **A2.** This is a bug in the Jellyfin Web UI, on initial startup it should be running the wizard to setup credentials for the admin account, if this is not happening and you are instead seeing the login prompt then you need to go to the following URL instead to force the use of the wizard which will walk you through the setup process:- `http://:8096/web/index.html#!/wizardstart.html` 35 | -------------------------------------------------------------------------------- /docker/faq/minecraftbedrockserver.md: -------------------------------------------------------------------------------- 1 | # **Minecraft Bedrock Server Docker FAQ** 2 | 3 | **Q1.** How do i attach to the Minecraft Bedrock Server console when using this Docker container? 4 | 5 | **A1.** Minecraft Bedrock Server uses a program called 'screen' in order to allow you to connect and disconnect from the running console. In order to connect to the console once the container is running you would issue the following command from your hosts shell:- 6 | 7 | ``` 8 | docker exec -u nobody -it screen -r minecraft 9 | ``` 10 | 11 | You will then be able to execute 'help' in order to see available commands. 12 | 13 | In order to disconnect from the running Minecraft console without stopping the server, you press:- 14 | 15 | ``` 16 | CTRL + a then release and press d 17 | ``` 18 | 19 | Use command 'clear' to clear the screen of any previous output, you can then re-connect to the session again if required using the command above. 20 | 21 | **Note** If you do press CTRL + c by accident then you will need to restart the container in order to be able to connect to the console again, as this will kill the running Minecraft Server. 22 | 23 | **Q2.** I'm struggling to work out how you can add a texture pack to the Minecraft Bedrock server, can you please give me a step by step guide on how to do this? 24 | 25 | **A2.** Sure!, the steps below were taken from a forum post by member 'PeteAsking':- 26 | 27 | 1. Stop the Minecraft Bedrock Server container. 28 | 2. Download a texture pack, e.g. https://mcpedl.com/fuserealism-resource-pack/ ensuring the filename does not contain spaces, change the extension to .zip 29 | 3. Copy the downloaded texture pack to ```/config/minecraft/resource_packs/``` 30 | 4. Also copy the texture pack to ```/config/minecraft/worlds//resource_packs/``` - this is so people joining get the texture pack installed on their Minecraft client, otherwise they must have it pre-installed on their device. 31 | 5. Rename file ```/config/valid_known_packs.json``` to a new name. 32 | 6. Start and stop the container to auto regenerate the above file with the correct UUID and version values for the texture pack. 33 | 7. Open the file ```/config/valid_known_packs.json``` and make a note of the 'uuid' value - this will be required in a step below. 34 | 8. Create a file ```/config/minecraft/worlds//world_resource_packs.json``` with the following content, replacing the value of 'pack_id' with the uuid identified in step 7.:- 35 | 36 | ``` 37 | [ 38 | { 39 | "pack_id" : "", 40 | "version" : [ 0, 0, 1 ] 41 | } 42 | ] 43 | ``` 44 | 45 | 9. Open the file ```config/server.properties``` and change ```texturepack-required=true``` if you want to force people to use the pack. otherwise leave it false to make the texture pack optional. 46 | 10. Start the Docker container. 47 | 11. The texture pack should now be visible in your Minecraft world. 48 | 49 | **Note** If you at any stage get the message 'invalid_resource_pack file' then the pack you downloaded is incompatible with the version of Minecraft Bedrock server that you are running, try another texture pack. 50 | 51 | **Q3.** I would like to execute a specific Minecraft Bedrock console command on a scheduled basis, how can i do this? 52 | 53 | **A3.** You can execute arbitrary commands on the Minecraft Bedrock console by re-attaching to the 'screen' session and then 'stuff'ing commands into the input buffer, syntax is as follows:- 54 | 55 | ``` 56 | docker exec -u nobody -i screen -S minecraft -p 0 -X stuff "^M" 57 | ``` 58 | 59 | To verify this worked simply re-attach to the session (as documented above in Q1) and you should see the command has been executed. 60 | 61 | **Notes**
62 | If you do re-attach to verify the command executed and then try to run another arbitrary command from another exec'd session then you will see a 'permission denied' message and the command will NOT execute, you need to detach from the running session for the command to execute correctly. 63 | 64 | If you want to run this on a scheduled basis either from a bash script or via cron job then you will need to ensure you do not specify the '-t' flag for the command, otherwise it will attempt to create a terminal which will not be available when run via cron/bash (non interactive). 65 | 66 | **Q4.** I can see in the log file ```/config/supervisord.log``` that the Minecraft server has started but when i attempt to connect to the console via the web ui i see the message ```There is no screen to be resumed matching Minecraft```, what is the cause and how can i fix it?. 67 | 68 | **A4.** This issue can be related to the browser used to connect to the web ui, switching browser normally allows a user to authenticate and view the console. 69 | 70 | **Q5.** I have not hard set the 'seed' value for my World in Minecraft Bedrock, how do i now know what the auto generated seed value is?. 71 | 72 | **A5.** One way to identify the 'seed' is by using Minecraft Pocket Edition (PE), this can be installed from the 'Google Play' Store, once installed connect to your world then click on the icon at the top that looks like a pause symbol, click on Settings, then click on World, then click on Game and scroll down and the seed value should be shown (its greyed out as you cannot change this from in-game). 73 | 74 | **Tutorials**
75 | Reddit post 'Bedrock Dedicated Server Tutorial':- 76 | https://www.reddit.com/user/ProfessorValko/comments/9f438p/bedrock_dedicated_server_tutorial/?utm_source=share&utm_medium=web2x -------------------------------------------------------------------------------- /docker/faq/minecraftserver.md: -------------------------------------------------------------------------------- 1 | # **Minecraft Server Docker FAQ** 2 | 3 | **Q1.** How do i attach to the Minecraft Server console when using this Docker container? 4 | 5 | **A1.** Minecraft Server (Java edition) uses a program called 'screen' in order to allow you to connect and disconnect from the running console. In order to connect to the console once the container is running you would issue the following command from your hosts shell:- 6 | 7 | ``` 8 | docker exec -u nobody -it /usr/bin/minecraftd console 9 | ``` 10 | 11 | You will then be able to execute 'help' in order to see available commands. 12 | 13 | In order to disconnect from the running Minecraft console without stopping the server, you press:- 14 | 15 | ``` 16 | CTRL + a then release and press d 17 | ``` 18 | 19 | Use command 'clear' to clear the screen of any previous output, you can then re-connect to the session again if required using the command above. 20 | 21 | **Note** If you do press CTRL + c by accident then you will need to restart the container in order to be able to connect to the console again, as this will kill the running Minecraft Server. 22 | 23 | **Q2.** How do i define the version of Java used when running a Minecraft server? 24 | 25 | **A2.** This is done by changing the value for env var ```JAVA_VERSION```, valid values are ```8```,```12```, or ```16```, the procedure for this is as follows:- 26 | 27 | 1. Launch unRAID Web UI and go to 'Docker' tab. 28 | 2. Left click the Minecraft Sever icon and select 'Edit' 29 | 3. Scroll down until you see ```Container Variable: JAVA_VERSION``` then click on ```Edit``` 30 | 4. Set the value to the version of Java you want. e.g:- 31 | 32 | Value set to ```8``` = Java 8 (Default Java version)
33 | Value set to ```11``` = Java 11 (Required by papermc)
34 | Value set to ```16``` = Java 16 (Required by Minecraft 1.17+)
35 | 36 | 5. Click on ```SAVE``` 37 | 6. Click on ```Apply``` -------------------------------------------------------------------------------- /docker/faq/plex.md: -------------------------------------------------------------------------------- 1 | # **Plex Docker FAQ** 2 | 3 | **Q1.** How do I configure Plex to transcode to RAM/Array/Cache? 4 | 5 | **A1.** Below are the different options for setting transcoding for Plex and Plex Pass:- 6 | 7 | **Transcode to RAM** 8 | 9 | 1. Go to unRAID web ui/Docker tab/left click Plex container and select 'edit' 10 | 2. Click on the toggle for 'advanced view' 11 | 3. Go to variable named 'TRANS_DIR' and set the value to ```/transcode``` 12 | 4. Click on 'Add another Path, Port, Variable, Label or Device' and select 'Config Type' of 'Path' 13 | 5. Set 'Container Path' to ```/transcode``` and 'Host Path' to ```/tmp``` 14 | 6. Click on 'Add' 15 | 7. Click on 'Apply' to apply the change 16 | 17 | **Transcode to the array**  18 | 19 | 1. Go to unRAID web ui/Docker tab/left click Plex container and select 'edit' 20 | 2. Click on the toggle for 'advanced view' 21 | 3. Go to variable named 'TRANS_DIR' and set the value to ```/transcode``` 22 | 4. Click on 'Add another Path, Port, Variable, Label or Device' and select 'Config Type' of 'Path' 23 | 5. Set 'Container Path' to ```/transcode``` and 'Host Path' to ```/mnt/user/``` 24 | 6. Click on 'Add' 25 | 7. Click on 'Apply' to apply the change 26 | 27 | **Transcode to cache** (recommended) 28 | 29 | 1. Go to unRAID web ui/Docker tab/left click Plex container and select 'edit' 30 | 2. Click on the toggle for 'advanced view' 31 | 3. Go to variable named 'TRANS_DIR' and set the value to ```/transcode``` 32 | 4. Click on 'Add another Path, Port, Variable, Label or Device' and select 'Config Type' of 'Path' 33 | 5. Set 'Container Path' to ```/transcode``` and 'Host Path' to ```/mnt/cache/appdata/binhex-plex/tmp``` 34 | 6. Click on 'Add' 35 | 7. Click on 'Apply' to apply the change 36 | 37 | **Q2.** I would like to control the size of the RAM used when transcoding to RAM, is this possible and if so how do i do this?. 38 | 39 | **A2.** This can be achieved by creating a RAM Disk and using this as the area to transcode to, the procedure is as follows:- 40 | 41 | 1. Go to the unRAID 'Terminal' (NOT container console) and issue the following command to create a 5GB RAM Disk:- 42 | ```mkdir -p /tmp/plex-ramdisk && mount -t tmpfs -o size=5g tmpfs /tmp/plex-ramdisk``` 43 | 2. Follow the procedure for **A1.** 'Transcode to RAM', substituting 'Host Path' ```/tmp``` for ```/tmp/plex-ramdisk``` 44 | 45 | **Notes**
46 | - If you want the RAM Disk to be larger then change the ```size=``` parameter for the command. 47 | - Location of the RAM Disk can be anywhere and does not have to be located under '/tmp'. 48 | - The command shown above will not be persistent and therefor will need to be re-run on subsequent reboots, a way of automating this is to include the command in the unRAID boot script named 'go', you can do this by running the command below from the unRAID 'Terminal':- 49 | ```echo 'mkdir -p /tmp/plex-ramdisk && mount -t tmpfs -o size=5g tmpfs /tmp/plex-ramdisk' >> '/boot/config/go'``` 50 | 51 | **Q3.** How do I configure Plex to use my GPU for encoding/decoding (sometimes referred to as hardware transcoding)? 52 | 53 | **A3.** To enable GPU encoding/decoding within Plex you need to install the 'Nvidia Driver' Plugin and then configure the Plex container as follows:- 54 | 55 | 1. Go to Community Applications in the unRAID web ui and search for Plugin 'Nvidia Driver' and install it, then reboot host. 56 | 2. Go to unRAID web ui/Plugins/Nvidia Driver and make a note of the GPU device, it should look something like this:- ```GPU-02ff3633-4f22-c4d6-2c15-654ff33a321e``` 57 | 3. Go to unRAID web ui/Docker tab/left click Plex container and select 'edit'. 58 | 4. Click on the toggle for 'advanced view'. 59 | 5. Go to 'Extra Parameters:' and set it to ```--runtime=nvidia``` 60 | 6. Go to variable named 'NVIDIA_DRIVER_CAPABILITIES' and set the value to ```all``` 61 | 7. Go to variable named 'NVIDIA_VISIBLE_DEVICES' and set the value to the GPU device found in step 2. 62 | 8. Start Plex container. 63 | 64 | **Notes**
65 | It is possible that the variables mentioned above do not exist in your template, if this is the case then please create them by doing the following:- 66 | 67 | 1. Go to unRAID web ui/Docker tab/left click Plex container and select 'edit' 68 | 2. Click on the toggle for 'advanced view' 69 | 3. Click on 'Add another Path, Port, Variable, Label or Device' and select 'Config Type' of 'Variable' 70 | 4. Set 'Key' to the name of the variable mentioned above, and the 'Value' to the value mentioned above, repeat for both variables. 71 | 72 | **Q4.** Plex has suddenly stopped working and displays the message below in ```/config/supervisord.log```, what is the best way to diagnose what the issue is? 73 | ``` 74 | INFO gave up: plexmediaserver entered FATAL state, too many start retries too quickly 75 | ``` 76 | 77 | **A4.** There are multiple reasons this could happen, the best way to diagnose the issue is to look at the Plex Media Server log, this file is located here:- 78 | ``` 79 | /config/Plex Media Server/Logs/Plex Media Server.log 80 | ``` 81 | Open the log file with something like Notepad++/Atom/VSCode and search the log for the keywords 'error' or 'corruption' or 'fatal', if the issue is corruption (common issue) then see Q5 below. 82 | 83 | **Q5.** So i see from Q4 that i do have Plex daatabase corruption, how can i attempt to fix this?. 84 | 85 | **A5.** There are three methods for recovering from database corruption, these are listed below in preferred order: 86 | 87 | 1. Restore from backup using the UNRAID Plugin 'APPDATA.BACKUP' (recommended) - See support thread [here](https://forums.unraid.net/topic/137710-plugin-appdatabackup/) 88 | 2. Attempt rollback to built in database backup - See 'Rollback database' below. 89 | 3. Attempt database repair using the built in script - See 'Repair database' below. 90 | 91 | **Rollbck databaase** 92 | 1. Stop the Plex container. 93 | 2. Rename the current database file ```/config/Plex Media Server/Plug-in Support/Databases/com.plexapp.plugins.library.db``` to ```/config/Plex Media Server/Plug-in Support/Databases/com.plexapp.plugins.library.db.orig``` 94 | 3. Rename the current database file ```/config/Plex Media Server/Plug-in Support/Databases/com.plexapp.plugins.library.blobs.db``` to ```/config/Plex Media Server/Plug-in Support/Databases/com.plexapp.plugins.library.blobs.db.orig``` 95 | 4. Rename the newest backup database file (example) ```/config/Plex Media Server/Plug-in Support/Databases/com.plexapp.plugins.library.db-2021-04-03``` to ```/config/Plex Media Server/Plug-in Support/Databases/com.plexapp.plugins.library.db``` 96 | 5. Rename the newest backup database file (example) ```/config/Plex Media Server/Plug-in Support/Databases/com.plexapp.plugins.library.blobs.db-2021-04-03``` to ```/config/Plex Media Server/Plug-in Support/Databases/com.plexapp.plugins.library.blobs.db``` 97 | 6. Start the Plex container and scrape any missing metadata. 98 | 99 | **Notes**
100 | The above procedures MAY cause loss of metadata (NOT media), as you will be rolling back to a point in time (typically 3 days prior) but it maybe necessary to go back further if the database corruption happens some time ago, so further metadata scraping maybe required for your library after the restore. 101 | 102 | **Repair database** 103 | 1. Start the Plex container. 104 | 2. Left click the icon in the UNRAID WebUI and select 'Console'. 105 | 3. Type `/home/nobody/dbrepair.sh` 106 | 4. Select option `Check integrity`, once this has completed exit the console and restart the container, if this still has not fixed it move onto the next step. 107 | 5. Select option `Repair structure (basic repair)` once this has completed exit the console and restart the container, if this still has not fixed it move onto the next step. 108 | 6. Select option `Rebuild indexes` once this has completed exit the console and restart the container, if this still has not fixed it move onto the next step. 109 | 7. Select option `Low-level recovery` once this has completed exit the console and restart the container, if this still has not fixed it move onto the next step. 110 | 8. If none of the steps above have fixed the database then the only course of action is to reconfigure Plex from scratch. 111 | 112 | **Notes**
113 | The above procedures MAY cause loss of metadata (NOT media) and other unforseen issues (configuration), repairing the database will result in deletion of the corrupt data so further metadata scraping and/or configuration maybe required after the repair. 114 | -------------------------------------------------------------------------------- /docker/faq/preclear.md: -------------------------------------------------------------------------------- 1 | # **Preclear Docker FAQ** 2 | 3 | Firstly if you are **not** comfortable with the command line then i would encourage you to use the excellent 'Preclear Plugin' instead of this, link here:- 4 | https://forums.unraid.net/topic/54648-preclear-plugin/ 5 | 6 | The Preclear script was created by [Joe L.](https://forums.unraid.net/topic/2732-preclear_disksh-a-new-utility-to-burn-in-and-pre-clear-disks-for-quick-add/) and later modified by [bjp999](https://forums.unraid.net/topic/30921-unofficial-faster-preclear/), all credit goes to both of these authors for the script. 7 | ___ 8 | **IMPORTANT**:- Please do **NOT** perform a backup of the running container (using something like 'CA Appdata Backup/Restore v2'), as this could 'pause' (or stop) the container during the backup process which can/may cause issues for the preclear script on 'resume' or restart (not tested). 9 | 10 | **IMPORTANT**:- If you have 'CA Auto Update' plugin installed then please ensure that the Preclear Docker container is **NOT** set to automatically update, as an update to the docker container will cause the preclear script to terminate. In order to exclude this container from auto updates you need to go to unRAID Web UI/Plugins/CA Auto Update Applications/Docker Auto Update Settings tab, select 'No' from the dropdown for 'Update All Docker Applications' then re-select all the containers you want to auto update **EXCLUDING** the Preclear docker container, then click on 'Apply' to save. 11 | 12 | **IMPORTANT**:- Please also ensure that you haven't set the server to go into a sleep/hibernate state whilst a preclear is running, as this also can/may cause the preclear script to abort abnormally and require a re-start from the beginning. 13 | ___ 14 | **Q1.** What is the purpose of the preclear script, and is it still required? 15 | 16 | **A1.** Originally the preclear script was designed to do one thing, preclear drives in readiness to be added to the array, the reason we wanted to preclear the drives up front is because doing this using unraid used to cause the entire array to be inaccessible until the preclear had finished, which can take many hours. 17 | 18 | The script then got enhanced to do other stuff as well, such as stress testing of the drive using various linux utils, rolling forward in time and preclearing a drive via unraid is now done in the background, allowing the array to carry on working and thus no down time, meaning no requirement to preclear up front. 19 | 20 | However the need to stress test a drive is still present due to the bathtub curve (https://www.backblaze.com/blog/how-long-do-disk-drives-last/) and thus the preclear script lives on as a stress test tool. 21 | 22 | **Q2.** Why has this docker image been created, as we already have a unraid preclear plugin?. 23 | 24 | **A2.** Due to the fact that plugins rely on the underlying OS (Slackware) in order to run, any changes made by Limetech can potentially lead to a breakage with the preclear plugin, this has historically happened a number of times and is unfortunately a fact of life. So how do we try and mitigate this from happening?, by using Docker, this then gives us a known platform from which to run the preclear script, and should reduce the chances of this happening. 25 | 26 | **Q3.** How do i preclear a disk? 27 | 28 | **A3.** Left click the preclear icon in the Docker tab in the unraid web ui and then choose 'WebUI', then if a terminal window is not showing then right click the desktop and select 'Xfce terminal', then run the following command in the window to list drives that can be precleared:- 29 | 30 | ```preclear_binhex.sh -l``` 31 | 32 | This will then list drives which are candidates for preclearing, make a note of the 'sdX' name of the drive you want to preclear and then issue the following command, where XXX is the name of the drive from the previous command:- 33 | 34 | ```preclear_binhex.sh -f /dev/XXX``` 35 | 36 | **Note**:- The -f flag performs the 'faster' preclear, as enhanced by forum member 'bjp999' and is optional. 37 | 38 | Another example, this time adding email notification during the preclear process:- 39 | 40 | ```preclear_binhex.sh -f -M 4 /dev/XXX``` 41 | 42 | **IMPORTANT**:- Please double check the serial number of the drive shown in the confirmation screen **BEFORE** you type 'Yes', if you preclear a drive with data on it accidentally it will be impossible to recover the data off the drive. 43 | 44 | **Q4.** Can i perform other partial wipes or test to ensure the drive is precleared with this script? 45 | 46 | **A4.** Yes there are multiple options with the preclear script, please execute the following to view all options:- 47 | 48 | ```preclear_binhex.sh -h``` 49 | 50 | **Q5.** Can i preclear multiple disks at the same time?. 51 | 52 | **A5.** Yes this is possible, you simply create an additional 'tab' in the 'Xfce terminal' and then run the script again against the additional named drive. 53 | 54 | **Q6.** Can i preclear a drive connected via USB?. 55 | 56 | **A6.** Yes this is possible, you simply connect the drive to the USB port and once the drive is detected by the OS then you should be able to preclear as per normal. 57 | 58 | **Note**:- You do **NOT** need to install the 'unassigned devices' plugin for the above to work. 59 | 60 | **Q7.** Can i safely close the noVNC Web UI window whilst a preclear is running?. 61 | 62 | **A7.** Yes this is perfectly safe to do, as long as the terminal window running preclear is **NOT** closed then the preclear script will continue as a background process of the running container. If you then later on wish to check on progress of the preclear script then you simply left click the preclear icon and select 'WebUI' to get back to the terminal window. 63 | 64 | **Q8.** The preclear script has identified a drive as a candidate for clearing, but when i attempt to run a preclear i am seeing the following message, what is the cause of this? 65 | 66 | ```Sorry: /dev/sdX does not exist as a block device``` 67 | 68 | **A8.** This is due to the fact that the preclear docker container was started before you plugged in your drive. In order to fix this simply restart the container and try the command again. 69 | 70 | **Q9.** I have a Seagate hard drive and i am seeing unusually high SMART Raw Values for 'Raw_Read_Error_Rate', 'Seek_Error_Rate' and 'Hardware_ECC_Recovered', is this something to be concerned about?. 71 | 72 | **A9.** High 'Raw Values' for those Attributes with Seagate drives is perfectly normal and not usually something to be concerned about. The Raw Values are in fact a count of the actual sectors read, the errors are in the upper 16bits of the 48bit word. 73 | 74 | **Q10.** I have an enhancement to the preclear script, can i get it included in the next Docker image build? 75 | 76 | **A10.** The function of this Docker image is to produce an easy, repeatable way of running the preclear script with minimal hassle, additional features will not be considered at this time, bug fixes only. 77 | ___ 78 | **Notes** 79 | 80 | **Alignment Options (-a and -A flags)** 81 | 82 | Below is the logic built into the preclear script when determining the starting sector for the partition:- 83 | - if preclear -a option chosen and drive < 2.2TB then will set to 63. 84 | - if preclear -a option chosen and drive > 2.2TB then will set to 64. 85 | - if preclear -A option chosen and drive < 2.2TB then will set to 64. 86 | - if preclear -A option chosen and drive > 2.2TB then will set to 64. 87 | - if preclear -a or -A not defined then 63 or 64 will be chosen based on unraid config, **UNLESS** the drive is > 2.2TB, in which case it will always be 64. -------------------------------------------------------------------------------- /docker/faq/pycharm.md: -------------------------------------------------------------------------------- 1 | # **PyCharm Docker FAQ** 2 | 3 | **Q1.** I want to use a different version of python compared to the included version, how can i do this? 4 | 5 | **A1.** This can be achieved by using the included tool `pyenv`, this utility allows you to install multiple different versions of python to a set path. 6 | 7 | An example of installing python v3.11.0 would be:- 8 | 9 | `pyenv install 3.11.0` 10 | 11 | If you want to install to a specific location then you can set this via env var `PYENV_ROOT` e.g. to install python v3.11.0 to '/tmp':- 12 | 13 | ``` bash 14 | export PYENV_ROOT='/tmp' 15 | pyenv install 3.11.0 16 | ``` 17 | -------------------------------------------------------------------------------- /docker/faq/qbittorrentvpn.md: -------------------------------------------------------------------------------- 1 | # **qBittorrentVPN Docker FAQ** 2 | 3 | **Q1.** The default username and password to access qBittorrent Web UI doesn't work, what could be the cause of this? 4 | 5 | **A1.** If you are attempting to access the qBittorrent Web UI from a Windows host then the issue maybe caused by BitDefender, this has a 'Online Threat Protection' function that can block access to the UI. In order to fix this you need to add in an exception for the qBittorrent Web UI, once done retry accessing the UI. 6 | 7 | **Q2.** In qBittorrent Web UI i cannot get the 'Automatically add torrents from:' option to save the 'monitored Folder' path, whenever i enter the path and click 'Save' button at the bottom it reverts the change, why is this happening and how can i fix it?. 8 | 9 | **A2.** So qBittorrent seems to be a bug in the Web UI where certain paths are not saved, its still an open bug on Github (https://github.com/qbittorrent/qBittorrent/issues/7200) but there is a workaround for this, although the fix is a little odd!. 10 | 11 | 1. Open qBittorrent Web UI and click on the cog (options) and select the 'Downloads' tab 12 | 2. Type in **PART** of the path for your watched folder, for instance if you want your monitored folder to be ```/data/qbittorrent/watched```, then enter in ```/data``` then click on the tiny file icon to the right of the 'Override Save Location' field, then click on 'Save' at the bottom of the window. 13 | 3. Repeat step 1. modifying the monitored path by expanding the path one folder at a time and saving until the entire path is populated. 14 | 4. Test monitored folder by dropping in a .torrent file and watching the qBitorrent Web UI to ensure its picked up and loaded. 15 | 16 | **Q3.** I am seeing fluctuating download and upload speeds with qBittorrent, what can i do to make the speeds more stable?. 17 | 18 | **A3.** One setting that does seem to make a difference is to change the 'Peer connection protocol' from 'TCP and uTP' to 'TCP', this setting can be found in qBittorrent web ui/Options/Connection tab/Peer Connection protocol. 19 | 20 | **Q4.** I need to run qBittorrent Web UI on a different port as port 8080 is conflicting with an existing container/service, i have changed the host side of the port but this does not seem to of worked and i cannot now access the qBittorrent Web UI, why is this and how can i fix it?. 21 | 22 | **A4.** qBittorrent has built in security measures (CSRF protection) to ensure that the port you are requesting from (host port) and the port qBittorrent is listening on (container port) are the same thing, however due to this running in a Docker container this may not always be the case, especially when you want to change the port as it conflicts with an existing application, which leads onto how to fix this issue:- 23 | 24 | 1. Open unRAID Web UI/Docker left click qBittorrent and select `Edit` 25 | 2. Go to `Container Variable: WEBUI_PORT` and click on `Edit` and set the `Value` to the port number you want to run the Web UI on and click `Save` 26 | 3. Find `Container Port: 8080` and click on `Remove` 27 | 4. Click on blue link `Add another Path, Port, Variable, Label or Device` and select `config type` of `port` 28 | 5. Set the `Container Port:` and `Host Port:` to the same value as the `Container Variable: WEBUI_PORT` then click on `Add` 29 | 6. Click on `Apply` at the bottom and wait for the container to be recreated. 30 | 7. Attempt access to the qBittorrent Web UI using the new port. -------------------------------------------------------------------------------- /docker/faq/rclone.md: -------------------------------------------------------------------------------- 1 | # **Rclone Docker FAQ** 2 | 3 | **Q1.** I am seeing the following message in ```/config/supervisord.log```, what does it mean and how can i fix it?:- 4 | 5 | ```[warn] RCLONE_CONFIG_PATH '' does not exist, please run 'rclone config --config /config/rclone/config/rclone.conf' from within the container``` 6 | 7 | **A1.** The message above means that you have not run through the initial configuration wizard built into Rclone. This has to be done through the CLI and may require a Web Browser to authenticate (depends on Cloud Provider selected). 8 | 9 | To run the Rclone wizard open unRAID Web UI and go to Docker tab, then left click the Rclone icon and select 'Console'. Once at the console of the container please issue the following command to start the Rclone wizard:- 10 | 11 | ```rclone config --config /config/rclone/config/rclone.conf``` 12 | 13 | Depending on the Cloud provider you want to use you will now follow different procedures, a few of the popular ones are linked below:- 14 | 15 | OneDrive https://rclone.org/onedrive/
16 | Google Drive https://rclone.org/drive/
17 | Amazon Drive https://rclone.org/amazonclouddrive/
18 | 19 | *Note* Certain Cloud Providers will require a Web Browser to be present to be able to complete the Rclone configuration, there is an alternative to this via the Rclone auth configuration option - see here:- https://rclone.org/remote_setup/ 20 | 21 | **Q2.** I have post checking turned on (via env var ```RCLONE_POST_CHECK```) and when looking at the report (located in ```/config/rclone/reports/```) i see the following message, why can Rclone not check the hashes for the remote files? 22 | 23 | ```xxxxxx hashes could not be checked``` 24 | 25 | **A2.** This is due to the fact that a cipher is being used to encrypt the data being uploaded to the Cloud provider, however this does **NOT** mean no checks are done, from the Rclone documentation this is explained:- 26 | 27 | ```Hashes are not stored for crypt. However the data integrity is protected by an extremely strong crypto authenticator.``` 28 | 29 | **Q3.** I am seeing the following message in ```/config/supervisord.log```, what does it mean and how can i fix it?:- 30 | 31 | ```[crit] RCLONE_MEDIA_SHARES not defined (via -e RCLONE_MEDIA_SHARES), exiting script...``` 32 | 33 | **A3.** The message above means that you have not defined via the env var ```RCLONE_MEDIA_SHARES``` what you want to copy/sync to your cloud provider. In order to resolve this you need to edit the ```Value``` for env var ```RCLONE_MEDIA_SHARES``` and put in thh you want to copy/sync. 34 | 35 | For example, so assuming you set container path ```/media``` to host path ```/mnt/user``` and you have a share name of ```Movies```, you would set the ```value``` for ```RCLONE_MEDIA_SHARE``` to ```/media/Movies```, that would then do a recursive copy/sync of all files and folders in the share ```Movies```. 36 | 37 | If you want only part of the share copied/sync'd then specify ```Value``` for ```RCLONE_MEDIA_SHARE``` as a sub directory of the share, e.g. ```/media/Movies/SD```. If you want to specify multiple paths then please separate the paths with a comma, e.g.:- ```/media/Movies/SD,/media/Movies/HD``` 38 | 39 | **Note** When specifying media paths please ensure you take care to match the case of the path, remember Linux IS case sensitive. -------------------------------------------------------------------------------- /docker/faq/rtorrentvpn.md: -------------------------------------------------------------------------------- 1 | # **rTorrentVPN Docker FAQ** 2 | 3 | **Q1.** Why are some of my settings reverting when i restart rutorrent? 4 | 5 | **A1.** So rutorrent is purely a web frontend to rtorrent, and as such does NOT modify any settings for rtorrent, the only settings you can save using rutorrent are settings for rutorrent itself, i.e. things like enabling/disabling plugins, settings for plugins etc. 6 | 7 | If you want to modify things like incoming port, enabling/disabling dht, and folders for incomplete/complete downloads then you will have to modify the rtorrent config file, this is located in ```/config/rtorrent/config/rtorrent.rc``` please make sure you use something like notepad++ (not windows notepad) to prevent the line endings being modified. 8 | 9 | **Q2.** I'm seeing the following error in /config/supervisord.log, what does it mean and how can i fix the issue? 10 | ``` 11 | [emerg] xxxxxx: open() "/etc/nginx/nginx.conf" failed (13: Permission denied) 12 | ``` 13 | 14 | **A2.** Synology appliances make use of something called 'AppArmor', this is a Linux kernel security model that restricts program capabilities. Unfortunately AppArmor is a little too overly restrictive and causes issues with NginX, thus the 'Permission denied' error message, at present the only way to fix this is to turn off AppArmor on the Synology device. 15 | 16 | **Q3.** I have just updated and now i cannot authenticate using the default credentials for the web ui or access rtorrent via 3rd party applications such as Sonarr, Radarr, etc, what has changed and how do i fix it? 17 | 18 | **A3.** Historically the rtorrentvpn docker image has used hard coded credentials (admin/rutorrent) for the web ui and rpc2 (used to allow applications to connect to rtorrent), and whilst this means a easy way of logging in for the user it does also mean potential exposure of this docker container with weak credentials if left unchanged. 19 | 20 | The decision has therefore been made to improve out of the box security by setting a randomised password for the web ui and/or rpc2 if none are defined, this can be identified by one or both of the following messages in the '/config/supervisord.log' file:- 21 | 22 | ``` 23 | [warn] RPC2_PASS not defined (via -e RPC2_PASS), using randomised password (password stored in '/config/nginx/security/rpc2_pass') 24 | [warn] WEBUI_PASS not defined (via -e WEBUI_PASS), using randomised password (password stored in '/config/nginx/security/webui_pass') 25 | ``` 26 | 27 | If you see the above in your log then you will need to open the files specified in order to retrieve your newly defined passwords, you would then use these passwords to login to the web ui and/or reconfigure 3rd party apps to use the new rpc2 credentials. 28 | 29 | If you want to specify your own passwords then please read Q4 below. 30 | 31 | **Q4.** OK i have identified (via Q3) i need to define my credentials for the web ui and/or rpc2, how do i do this so that i dont have to use the randomly generated passwords? 32 | 33 | **A4.** In order to set your own passwords for the web ui and/or rpc2 you need to create additional environment variables (if not already present), 34 | 35 | The 'key' names will be:- 36 | 37 | ``` 38 | WEBUI_PASS 39 | ``` 40 | 41 | and 42 | 43 | ``` 44 | RPC2_PASS 45 | ``` 46 | 47 | The 'value' for each of the above will be the password you want to set. 48 | 49 | **NOTE** unRAID users - Creating environment variables is done by left clicking the icon shown in the Docker tab in the unRAID web ui, select 'Edit', click on 'Add another Path, Port, Variable, Label or Device' then select 'Config Type' of 'Variable' and define the key and value as shown above. -------------------------------------------------------------------------------- /docker/faq/sabnzbdvpn.md: -------------------------------------------------------------------------------- 1 | # **PyCharm Docker FAQ** 2 | 3 | **Q1.** I am having issues using a post processing script which connects to CouchPotato/Sick Beard, how do i fix this? 4 | 5 | **A1.** In order to allow SABnzbdVPN to initiate a connection to an application you need to define the additional ports required by configuring the "ADDITIONAL_PORTS" environment variable with the port(s) you need to open, if you need more than one port opening then please use a comma to seperate the values. To be clear this parameter is NOT required for normal use, this is only required when specifying scripts which connect FROM SABnzbd to another container/application. 6 | 7 | -------------------------------------------------------------------------------- /docker/faq/sonarr.md: -------------------------------------------------------------------------------- 1 | # **Sonarr Docker FAQ** 2 | 3 | **Q1.** I see that there is a v3 of Sonarr available, how do i switch over to this?. 4 | 5 | ​**A1.** OK, as Sonarr dev's are stubbornly still marking Sonarr v3 as beta (and have been for years!) and to all accounts its stable enough to be used, i am going to break my golden rule of 'no beta's if at all possible', and release this as a tagged version (tag is 'v3'). 6 | 7 | So if you want to migrate from Sonarr v2 to Sonarr v3 you can now achieve this by doing the following:- 8 | 9 | 1. Go to uRAID web ui/Docker tab, left click Sonarr and select 'Stop' then left click again and select 'Edit' and change the 'Repository' from ```binhex/arch-sonarr``` to ```binhex/arch-sonarr:v3``` then click on 'Show more settings...' and note the host path for /config. Copy ALL files and folders from the host path to another host path, noting the new host path you've chosen, for example (run from unraid Terminal NOT container console!):- 10 | ``` 11 | mkdir -p /mnt/cache/appdata/binhex-sonarr-v3 && cp -R /mnt/cache/appdata/binhex-sonarr/* /mnt/cache/appdata/binhex-sonarr-v3/ 12 | ``` 13 | 2. Now change the path for /config to the new path (in this example ```/mnt/cache/appdata/binhex-sonarr-v3```) and finally click on 'Apply' at the bottom. 14 | 15 | 3. Start Sonarr (if its not started) and attempt access of the web ui, you should see all your existing TV Series. 16 | 17 | 4. If you are satisfied that v3 is working as intended and you do not need to roll back to v2 then feel free to delete the old host path for Sonarr (in this example ```/mnt/cache/appdata/binhex-sonarr```). 18 | 19 | **Note** 20 | 21 | If you are using a self generated certificates for your downloaders then you may need to relax the new default restriction in Sonarr by going to Sonarr's web ui/Settings/General and then 'Security' heading and setting the dropdown for 'Certificate Validation' to either 'Disabled for Local Addresses' or 'Disabled' and click on 'Save Changes' (top left).
22 | 23 | The 'latest' tagged version will still be v2 until v3 is officially released. 24 | -------------------------------------------------------------------------------- /docker/faq/unraid.md: -------------------------------------------------------------------------------- 1 | # **unRAID Docker FAQ** 2 | 3 | **Q1.** What does the Privileged check-box do? 4 | 5 | **A1.** The Privileged checkbox allows the Docker Container to perform certain privileged activities, these are typically required for additional networking functions, such as creating/editing virtual adapters. 6 | 7 | **Q2.** I can't see how to configure the settings for the VPN Docker images 8 | 9 | **A2.** The current default action in the unRAID webui for Docker is to hide the Advanced options, for some applications you need to view these advanced options to configure the application using Environment Variables. To view these additional fields simply click on the "Advanced View" toggle button and then fill in the values. 10 | 11 | **Q3.** I can see there is a newer version of the Docker application im running, can i update the application using the applications built-in update system?. 12 | 13 | **A3.** In place upgrades are not supported and could possibly break the Docker container, instead to check and apply any pending updates open the unRAID webui and click on the 'Docker' tab and then press the 'Check for Updates' button (bottom of the screen), this should then change the 'Version' for the Docker container to 'update ready' then simply click on 'Apply Update' and click the "Yes Update it!" button to begin the download of the newer image. If you wish to update all Docker images at the same time then press the 'Check for Updates' button, wait for it to finish and then click the 'Update All' button (bottom of the screen). 14 | 15 | **Q4.** Why can't my metadata application e.g. Sonarr/Radarr/Lidarr/SickRage/Medusa post process my downloads from download client e.g. NZBGet/SABnzbd/Deluge/qBittorrent/rTorrent, it seems be reporting that the file just downloaded cannot be found, what is going on here and how can i fix it?. 16 | 17 | **A4.** The location you set for downloads MUST be consistent for the metadata container(s) and the download container(s), so for instance assuming two containers (there could and probably will be more than two in reality), a downloader (sabnzbdvpn) and a metadata downloader (sonarr), here are some scenarios:- 18 | 19 | **BROKEN EXAMPLE 1.** 20 | 21 | **sabnzbdvpn** 22 | 23 | Host path is set to:- 24 | ```/mnt/cache/appdata/data/completed``` 25 | 26 | Container path is set to:- 27 | ```/data``` 28 | 29 | **sonarr** 30 | 31 | Host path is set to:- 32 | ```/mnt/cache/appdata/data``` 33 | 34 | Container path is set to:- 35 | ```/data``` 36 | 37 | Why is this broken? because although the container path (/data) is the same for both containers, the host path does NOT match. 38 | 39 | **BROKEN EXAMPLE 2.** 40 | 41 | **sabnzbdvpn** 42 | 43 | Host path is set to:- 44 | ```/mnt/cache/appdata/data/Completed``` 45 | 46 | Container path is set to:- 47 | ```/data``` 48 | 49 | **sonarr** 50 | 51 | Host path is set to:- 52 | ```/mnt/cache/appdata/data/completed``` 53 | 54 | Container path is set to:- 55 | ```/data``` 56 | 57 | Why is this broken? because although the container path (/data) is the same for both containers, the host path does NOT match (linux is CaSe sensitive). 58 | 59 | **BROKEN EXAMPLE 3.** 60 | 61 | **sabnzbdvpn** 62 | 63 | Host path is set to:- 64 | ```/mnt/cache/appdata/data/completed``` 65 | 66 | Container path is set to:- 67 | ```/data``` 68 | 69 | **sonarr** 70 | 71 | Host path is set to:- 72 | ```/mnt/cache/appdata/data/completed``` 73 | 74 | Container path is set to:- 75 | ```/downloads``` 76 | 77 | Why is this broken? because although the host path is now ok, the container paths do NOT match. 78 | 79 | **WORKING EXAMPLE** 80 | 81 | **sabnzbdvpn** 82 | 83 | Host path is set to:- 84 | ```/mnt/cache/appdata/data/completed``` 85 | 86 | Container path is set to:- 87 | ```/data``` 88 | 89 | **sonarr** 90 | 91 | Host path is set to:- 92 | ```/mnt/cache/appdata/data/completed``` 93 | 94 | Container path is set to:- 95 | ```/data``` 96 | 97 | Why is this working? because BOTH the container path (/data) and the host path (/mnt/cache/appdata/data/completed) EXACTLY match. 98 | 99 | **IMPORTANT** - Application configuration 100 | 101 | Lastly keep in mind that when you configure sabnzbdvpn and sonarr (in this example) the paths again must match, so if you configure sabnzbdvpn to download to /data/usenet/ then you MUST also configure sonarr to use the same path, you CANNOT configure sonarr to use /data, this again would cause a mismatch of path, even if you have set the container path and the host path to be the same (as in the working example above). 102 | 103 | **Q5.** There is an issue with the latest version of an application, how do i roll back to a specific version? 104 | 105 | **A5.** In order to pull down a specific version of an application you need to specify the tag with the version you want. To find out what tags are available for the docker image you need to go to the first post in the applications support thread, then copy the URL shown after the text "Docker Hub:" and append "tags/" to the end of the url and paste into your preferred browser. 106 | 107 | This will return a list of available tag names, make a note of the tag you want (tag name denotes the version of the application) and then go the unRAID web interface, left clicking the specific Docker container and selecting "edit", then click on the advanced view option (top right) and edit the repository string, adding in ":" to the end of the name, e.g. to specify a version of 1.0.0.0 for couchpotato. the repository would be changed from:- 108 | 109 | ```binhex/arch-couchpotato``` 110 | 111 | to 112 | 113 | ```binhex/arch-couchpotato:1.0.0.0``` 114 | 115 | **Q6.** I know Needo's Docker images automatically update on restart, can any of your Docker Images do this also? 116 | 117 | **A6.** No, i have not gone down the route of having automatic upgrading of applications on reboot/start, two main reasons are around keeping the dockerfile code as clean and easy to maintain as possible, and secondly to do with the ease of support, if i know everybody is running the same version then its a LOT easier to offer support. I do keep a very close eye on versions of applications coming out and constantly monitor for changes, so the gap between release and the latest version being available for download via Docker webui is minimal (typically a couple of days). 118 | 119 | **Q7.** I am seeing corruption with the applications database or issues when attempting to run Lidarr/Radarr/Sonarr/Plex/PlexPass, what could be the cause? 120 | 121 | **A7.** Certain applications are not compatible with FUSE, which is part of unRAID, FUSE is used to join or fuse (thus the name) multiple disks together to create a logical view of your media.  122 | The FUSE system is seen when you browse any share with /mnt/user/ in the path, such as /mnt/user/appdata. Due to this limitation certain apps need to have their configuration files defined on a non FUSE share, to do this follow the procedure below:- 123 | 124 | 1. Stop the docker container that has the issues 125 | 2. Left click the icon in the unRAID Web UI and select 'edit' 126 | 3. Click on the toggle to switch to 'Advanced View' (top right) 127 | 4. Scroll down to the path defined for /config and change it:- 128 | 129 | from 130 | 131 | ```/mnt/user/appdata/``` 132 | 133 | to (if you have a cache drive):- 134 | 135 | ```/mnt/cache/appdata/``` 136 | 137 | or (if you do NOT have a cache drive):- 138 | 139 | ```/mnt/disk/appdata/``` 140 | 141 | 5. Click on 'apply' to save the change 142 | 6. Check the application is running. 143 | 144 | **Note**:- If you do NOT have a cache drive and you switch to a specific disk then you may need to reconfigure the application from scratch. 145 | 146 | **Q8.** I have seen on the support thread on the forum that an additional feature has been added that requires me to add in values for a named variable XXXXX (e.g. VPN_INPUT_PORTS) but when i go to 'Edit' for the container and look for this i cannot see it, how can i fix this?. 147 | 148 | **A8.** unRAID does not automatically push out new 'Variables' when they are added the the Template by the Docker image developer, you will instead need to add any additional 'Variables' in yourself, the procedure for doing this is as follows:- 149 | 150 | 1. Left click on the container you want to add in the new feature and select ```Edit``` 151 | 2. Click on the ```Advanced view``` toggle at the top right of the screen. 152 | 3. Click on the link ```Add another Path, Port, Variable, Label or Device``` at the bottom 153 | 4. On the ```Config Type``` dropdown and select ```Variable``` 154 | 5. Set the ```Key:``` to the name of the feature to add, e.g. ```VPN_INPUT_PORTS``` (ask on the support thread on the forum if you are unsure of the name). 155 | 6. Set the ```Value:``` to be the value for the variable, for the above example that would be something like ```1234``` (ask on the support thread on the forum if you are unsure of the value). 156 | 7. Click on ```ADD``` to add the variable and then click on ```Apply``` to apply the change. 157 | 158 | The alternative to the above is to delete the existing template and re-download from Community Applications (CA) and then reconfigure from scratch, but this is obviously not the ideal approach and should only be done as a last resort. 159 | 160 | **Note**:- Some variables allow you to define more than one value, this is generally done by use a comma to separate the ```Value:```, in the example above that would be something like ```1234,5678``` - if you are unsure whether the variable supports multiple values then please ask on the support thread on the forum. 161 | 162 | Still stuck?, take a look at the unRAID FAQ:- https://forums.unraid.nets/topic/57181-real-docker-faq/ -------------------------------------------------------------------------------- /docker/faq/urbackup.md: -------------------------------------------------------------------------------- 1 | # **UrBackup Docker FAQ** 2 | 3 | **Q1.** I am seeing the message 'error GPT restore' when attempting to restore a system image using UrBackup, what could be the cause of this? 4 | 5 | **A1.** if you attempt to restore a system image then the machine you are restoring to (whether vm or physical) must have a disk/vdisk equal to or larger than the machine the backup was taken from, this includes used space AND importantly also free disk space, otherwise you wll receive a 'error GPT restore' when you attempted to restore. 6 | -------------------------------------------------------------------------------- /docker/faq/vpn.md: -------------------------------------------------------------------------------- 1 | # **VPN Docker FAQ** 2 | 3 | **Q1.** Do you implement a kill switch to prevent IP leakage when the VPN tunnel goes down? 4 | 5 | **A1.** No I do not implement a kill switch, what I do implement is better, let me explain... 6 | 7 | The VPN Docker images I produce use iptables (firewall) to prevent IP leakage at ALL times by using blocking rules, thus ensuring whatever state the VPN tunnel is in (up, down or otherwise) IP leakage cannot occur. 8 | 9 | Kill switches on the other hand only block AFTER the VPN tunnel has gone down, thus potentially leaving a time gap between tunnel being down and the kill switch kicking in and blocking the connection, during this time window it is potentially possible for ip leakage to occur. 10 | 11 | If the tunnel does happen to go down then openvpn will automatically reconnect, if the openvpn process dies (crashes) then the process will be automatically started thus ensuring at all times a constant connection and zero leakage. 12 | 13 | **Q2.** I can't seem to access the webui from outside my LAN, why is this? 14 | 15 | **A2.** The Docker VPN images use iptables in order to secure against ip leakage of your ISP assigned ip address, this requires all modules loading at the kernel level for iptables, including the iptable_mangle module. If the iptable_mangle module is not loaded/available on your hosts kernel then you will not be able to access the webui outside of your LAN. Until recently unRAID DID include iptable_mangle support by default, but the latest release (6.1.8 or later) has removed this. 16 | 17 | In order to force the loading of iptable_mangle you need to add the following to your unRAID "go" file, this can be done by issuing the following:- 18 | 19 | 1. SSH into the unRAID host and issue the following commands:- 20 | 21 | ```bash 22 | echo "# force iptable mangle module to load (required for *vpn dockers)" >> /boot/config/go 23 | echo "/sbin/modprobe iptable_mangle" >> /boot/config/go 24 | ``` 25 | 26 | 1. Reboot the host for the change to take effect 27 | 28 | Note - If you want to apply the fix straight away issue the following:- 29 | 30 | ```/sbin/modprobe iptable_mangle``` 31 | 32 | **Q3.** What is the purpose of Privoxy? 33 | 34 | **A3.** Privoxy is a non-caching web proxy with filtering capabilities for enhancing privacy, manipulating cookies and modifying web page data and HTTP headers before the page is rendered by the browser. In practise what this gives you by including it in the same container as the VPN tunnel is that you can bypass any filtering that maybe present by your ISP by simply configuring your browser to use the proxy server. 35 | 36 | This is achieved by sending and receiving all data via the VPN tunnel, think of Privoxy as a middle man who will route traffic for you from your LAN over the VPN tunnel and back again. 37 | 38 | The other uses as well as simple web browsing is certain applications can also be told to use the proxy when downloading metadata, such as nzb or torrent files from index sites (sickchill, medusa, sonarr, radarr etc all have proxy support), as some ISP's may block certain index sites, this is an extremely useful feature. 39 | 40 | The other common use is bypassing Geo-blocking, again normally done through the browser, allowing you to potentially access sites as if you were coming from another country (useful for BBC iPlayer, Netflix etc). 41 | 42 | Note:- Privoxy is NOT intended to be used by the application running inside the container (deluge, rutorrent, qbittorrent etc), this is not required and can cause slowdown and/or connection issues. 43 | 44 | **Q4.** I'm struggling to configure LAN_NETWORK correctly, can you give some examples? 45 | 46 | **A4.** Sure!, a common misconception when defining this is to set the IP address to the value of your router or host (server), this is NOT correct. What you need to do is set the value to encapsulate all host IP addresses for your home network, NOT for a particular host on the network. Below is an examples of how to identify the correct IP address and CIDR notation (digit(s) after the /) 47 | 48 | If you type "ipconfig /all" on Windows host on your LAN you will get something similar to this:- 49 | 50 | ```text 51 | Ethernet adapter Ethernet: 52 | 53 |   Connection-specific DNS Suffix  . : home.gateway 54 |   Description . . . . . . . . . . . : Red Hat VirtIO Ethernet Adapter 55 |   Physical Address. . . . . . . . . : 11-22-33-44-55-66 56 |   DHCP Enabled. . . . . . . . . . . : Yes 57 |   Autoconfiguration Enabled . . . . : Yes 58 |   Link-local IPv6 Address . . . . . : fe00::1111:2222:3333:4444%4(Preferred) 59 |   IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred) 60 |   Subnet Mask . . . . . . . . . . . : 255.255.255.0 61 |   Lease Obtained. . . . . . . . . . : 17 February 2016 21:10:32 62 |   Lease Expires . . . . . . . . . . : 27 February 2016 11:10:13 63 |   Default Gateway . . . . . . . . . : 192.168.1.1 64 |   DHCP Server . . . . . . . . . . . : 192.168.1.1 65 |   DHCPv6 IAID . . . . . . . . . . . : 55727104 66 |   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-4A-97-73-52-54-00-32-3F-43 67 |   DNS Servers . . . . . . . . . . . : 193.1.2.3 68 |   NetBIOS over Tcpip. . . . . . . . : Enabled 69 | ``` 70 | 71 | or "ifconfig" on Linux/Mac:- 72 | 73 | ```text 74 | eth0: flags=4163  mtu 1500 75 |         inet 192.168.1.10  netmask 255.255.255.0  broadcast 192.168.1.255 76 |         ether 68:05:ca:0b:fe:25  txqueuelen 0  (Ethernet) 77 |         RX packets 28203743  bytes 36171326044 (33.6 GiB) 78 |         RX errors 0  dropped 19925  overruns 0  frame 0 79 |         TX packets 26710466  bytes 165269242671 (153.9 GiB) 80 |         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0 81 | ``` 82 | 83 | From the above you can see the IP address is ```192.168.1.10``` and the Subnet Mask (or netmask) is ```255.255.255.0```, so armed with the IP Address and Subnet Mask, the easiest way to work out the correct values is to use a online calculator, go to:- 84 | 85 | 1. Enter the host IP address into the 'IP Address' field, in this example '192.168.1.10' 86 | 2. On the dropdown 'CIDR Netmask' select your subnet mask, in this example 255.255.255.0 87 | 3. Copy the value from 'Net: CIDR Notation', which in this example would be 192.168.1.0/24 88 | 4. Paste it into the value for env var 'LAN_NETWORK' 89 | 90 | If you need to be able to access the Web UI from multiple networks then please use a comma to separate values, e.g.:- 91 | 92 | ```bash 93 | LAN_NETWORK=192.168.1.0/24,192.168.2.0/24 94 | ``` 95 | 96 | **Q5.** I've just updated and now the container won't start. If I look in the /config/supervisord.log file I see the message below, what does it mean and how do I fix it?. 97 | 98 | ```VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak:``` 99 | 100 | **A5.** The above message is informing you that the cipher used for the VPN providers certificate is too weak and thus susceptible to decryption by a third party. In order to fix this you need to contact your VPN provider and inform them that the certificate available is using a weak cipher and has been flagged as such by OpenSSL 1.1.x and kindly ask them to re-generate a new certificate with a stronger cipher. 101 | 102 | Keep in mind the purpose of a VPN is to provider secure, anonymous connectivity to the internet, using a weak cipher means you are potentially exposing the connection to snooping. 103 | 104 | **Q6.** My download/upload speeds are low when connected to the VPN tunnel, what could be the cause of this?. 105 | 106 | **A6.** There are multiple potential causes for low speeds, here is a list of the common ones:- 107 | 108 | * Incoming port not defined correctly - This is the main cause of low speeds, if you want to maintain high upload/download rates then you MUST have a working incoming port. If you are using PIA as your VPN provider then this will be done for you automatically, as long as you are connected to a endpoint that supports port forwarding (see list below) AND STRICT_PORT_FORWARD is set to "yes". If you are using another VPN provider then you will need to find out if your VPN provider supports port forwarding and what mechanism they use to allocate the port, and finally configure the application to use the port. 109 | 110 | PIA endpoints that support port forwarding (incoming port) can be seen in the log file ```/config/supervisord.log``` 111 | 112 | * Upload rate set too high/unlimited - failure to correctly define your upload speed will mean your connection will be choked, resulting in low download speeds, the solution to this is to define your upload rate as about 3/4 of your theoretical maximum upload rate (keeping in mind this is defined in Bytes (big B) NOT bits (small b). 113 | 114 | * (VPN provider specific) Use GCM cipher instead of CBC - If the VPN provider you are using supports AES-128-GCM/AES-256-GCM (PIA does support this) then by switching to GCM you can improve security (stronger cipher), reduce CPU load and potentially improve dl/ul speeds when compared to using traditional ciphers such as CBC. To achieve this you simply edit the ovpn configuration file located in /config/openvpn/ and include the following lines, once saved restart the container:- 115 | 116 | ```text 117 | cipher aes-128-gcm 118 | auth sh**A256 119 | ncp-disable 120 | ``` 121 | 122 | **Note** - Please ensure you remove any other existing lines that may clash with the lines above. 123 | 124 | * (Deluge specific) Disable in/out utp - There have been reports of significant speed increases by disabling utp, this can be achieved by installing the Deluge plugin 'itconfig', once installed make sure to disabled both 'enable_incoming_utp' and 'enable_outgoing_utp', then restart the container. 125 | 126 | * (Deluge specific) Rate limit overhead enabled - If the option in the Deluge Web UI in the "Bandwidth" section labelled "Rate limit IP overhead" is ticked this can result in low speeds, please untick this option. 127 | 128 | * VPN endpoint has low bandwidth - Not all VPN endpoints are equal, some will have larger allocations of bandwidth than others, you will need to check with your VPN provider to identify which are the faster endpoints and connect to one of these. 129 | 130 | * Highly fragmented disk - If your disk has a lot of fragmentation then speeds can be low due to the significantly reduced I/O that a fragmented disk can cause. This can be fixed by performing a disk defrag to optimise the disk. 131 | 132 | * Name Resolution not working - When specifying the NAME_SERVER value you must keep in mind that your ISP's Name Servers will most probably block name resolution for everything that doesn't have a source IP address owned by them, thus when the VPN tunnel is established Name Resolution will most likely fail if you're using your ISP's Name Servers (as your source IP will be different) and this will result in low speeds. The fix for this is to use Name Servers which permit usage from ANY source IP, such as Google or FreeDNS, both of which are set by default. 133 | 134 | * Writing incomplete/partial downloads directly to the unRAID array - unRAID writes to the array are normally slow, typically being in the range 20MB/s to 50MB/s depending on hardware. Due to this low write speed you may see issues when a torrent client attempts to write incomplete/partial downloads directly to the array, especially when multiple writes from different downloads are in progress. The fix is to write to a cache drive (preferably SSD) or use the 'Unassigned Devices' plugin to connect to a single drive (again preferably SSD)  - see below for details on this. 135 | 136 | * There have been reports from users that using a unRAID mirrored cache pool (has to be BTRFS currently) causes yo-yo download speeds and/or timeouts to the download daemon (seen with rTorrentVPN), there is currently no fix to this other than to break the mirror and use a single cache drive. The alternative method is to use the unRAID plugin 'unassigned devices' and mount an external drive and use this to store incomplete/completed downloads on. The other point to mention is that XFS seems to be a more efficient and stable filesystem in comparison to BTRFS (at this time), so if you do split your cache pool it maybe worth taking the opportunity to switch to XFS, as you will need to format in any case after the mirror split. 137 | 138 | * Consumer grade routers are notoriously underpowered with slow processors and very little RAM, this can result in low or fluctuating download/upload speeds. This is particular true when torrenting, as this causes a heavy burden on the router due to multiple (sometimes hundreds) connections from peers. The solution to this is either simply swap out the router with something more powerful (such a pfSense box) or reduce the number of connections, either globally or per torrent in the torrent client. 139 | 140 | * Realtek NIC's - If you have a Realtek NIC in your custom built router (e.g. pfsense) then this can cause intermittent yo-yo dl/ul speeds, or even cause a complete internet outage when torrenting. This is due to poor driver support my Realtek, the advise in this case is to replace the NIC with a Intel card. 141 | 142 | **Q7.** Since the update I can't now start the container when VPN_ENABLED is set to 'yes' and I see the following message in /config/supervisord.log 143 | 144 | "[crit] No OpenVPN config file located in /config/openvpn/ (ovpn extension), please download from your VPN provider and then restart this container, exiting..." what does this mean and how can I fix this? 145 | 146 | **A7.** Recently I have stpped baking in the OpenVPN configuration file and certs for PIA users (there are multiple reasons for this which I won't go into here), so in order to create a tunnel to your VPN provider you now need to download their OpenVPN configuration file and certificates. These will typically be downloaded from your VPN providers website, and generally are zipped. 147 | 148 | PIA users - The URL to download the openvpn configuration files and certs is  149 | 150 | Once you have downloaded the zip (normally a zip as they contain multiple ovpn files) then extract it to /config/openvpn/ folder (if that folder doesn't exist then start and stop the docker container to force the creation). If there are multiple ovpn files then please delete the ones you don't want to use (normally filename follows location of the endpoint) leaving just a single ovpn file and the referenced certificates (normally files with a crt and pem extension). 151 | 152 | **Q8.** I'm unable to see the Web UI and I'm seeing the following in the /config/supervisord.log file, what does this mean and how can I fix this? 153 | 154 | ```text 155 | Linux ip -6 addr add failed: external program exited with error status: 2 156 | ``` 157 | 158 | **A8.** This is due to the VPN provider pushing an OpenVPN option to use IPv6 to the client (your end), due to the fact that unRAID 6.3.x or earlier doesn't support IPv6 you will then see the above error message. To prevent this we can filter out the pushed options by adding the following lines to your ovpn file (located in `/config/openvpn/.ovpn`) 159 | 160 | ```text 161 | pull-filter ignore "route-ipv6" 162 | pull-filter ignore "ifconfig-ipv6" 163 | ``` 164 | 165 | Save the file and restart the container for the change to take effect. 166 | 167 | **Q9.** How can I confirm that my incoming port is working when the VPN tunnel is established? 168 | 169 | **A9.** To do this you can use the website [you get signal](https://www.yougetsignal.com/tools/open-ports/) this allows you to put in your public IP address for your VPN connection (can be found in the /config/supervisord.log) and the incoming port that you have manually configured (or in the case of PIA auto configured) for the application. Once you have entered in these details hit the "check" button to confirm the port is open. 170 | 171 | **Q10.** I can't connect to the Web UI and I see the following repeated over and over in the logs, what does mean and how do I fix it? 172 | 173 | ```text 174 | 2018-04-02 21:13:42,659 DEBG 'start-script' stdout output: 175 | [warn] Response code 000 from curl != 2xx 176 | [warn] Exit code 7 from curl != 0 177 | [info] 4 retries left 178 | [info] Retrying in 10 secs... 179 | ``` 180 | 181 | **A10.** The above message means that you have env var 'STRICT_PORT_FORWARD' set to a value of 'yes' but the endpoint you are connecting to does NOT support port forwarding (PIA users only). Please keep in mind PIA may remove or add endpoints that support port forwarding at **ANY** time, this is out of my control. 182 | 183 | For a dynamically generated up to date list of port forward enabled endpoints for PIA, see your log located at /config/supervisord.log. 184 | 185 | The below is an example snippet from the log, please do **NOT** use this as the current list:- 186 | 187 | ```text 188 | 2020-03-25 17:05:32,603 DEBG 'start-script' stdout output: 189 | [info] PIA endpoint 'austria.privacy.network' is in the list of endpoints that support port forwarding 190 | 191 | 2020-03-25 17:05:32,603 DEBG 'start-script' stdout output: 192 | [info] List of PIA endpoints that support port forwarding:- 193 | [info] al.privacy.network 194 | [info] ad.privacy.network 195 | [info] austria.privacy.network 196 | [info] brussels.privacy.network 197 | [info] ba.privacy.network 198 | [info] sofia.privacy.network 199 | [info] czech.privacy.network 200 | [info] denmark.privacy.network 201 | [info] ee.privacy.network 202 | [info] fi.privacy.network 203 | [info] france.privacy.network 204 | [info] de-berlin.privacy.network 205 | [info] de-frankfurt.privacy.network 206 | [info] gr.privacy.network 207 | [info] hungary.privacy.network 208 | [info] is.privacy.network 209 | [info] ireland.privacy.network 210 | [info] man.privacy.network 211 | [info] italy.privacy.network 212 | [info] lv.privacy.network 213 | [info] liechtenstein.privacy.network 214 | [info] lt.privacy.network 215 | [info] lu.privacy.network 216 | [info] mk.privacy.network 217 | [info] malta.privacy.network 218 | ``` 219 | 220 | The alternative to this is to set env var 'STRICT_PORT_FORWARD' value to 'no', this will then skip any port forwarding and allow you to connect to ANY PIA endpoint independent of whether it supports port forwarding or not (not recommended as speeds will be slow). 221 | 222 | Note:- The above is ONLY true for PIA users, the env var 'STRICT_PORT_FORWARD' does nothing for any other VPN providers. 223 | 224 | **Q11.** I see from Q10 that I need to change the PIA endpoint I connect to due to the endpoint im currently connected to be being disabled for port forwarding, so how do I do this? 225 | 226 | **A11.** There are two ways of switching the endpoint you connect to:- 227 | 228 | **Method 1. (recommended)** 229 | Download the latest ovpn zip pack from PIA, link below:- 230 | 231 | 232 | Extract the zip to /config/openvpn/ and then delete all .ovpn files that you do NOT want to connect to, leaving the ovpn file you want to use and the required certificates, then restart the container for the change to take effect. 233 | 234 | **Method 2.** 235 | Download a text editor that honors line endings, such as notepad++ or atom, then open the file /config/openvpn/`` 236 | 237 | Look for the line that starts with 'remote' and modify this line to one of the port forward enabled endpoints shown in your log (see Q10 for details on how to find this). 238 | 239 | Example, switching from 'italy' to 'malta':- 240 | 241 | ```text 242 | remote italy.privacy.network 1198 udp 243 | ``` 244 | 245 | to 246 | 247 | ```text 248 | remote malta.privacy.network 1198 udp 249 | ``` 250 | 251 | Save the file and restart the container for the change to take effect. 252 | 253 | **Q12.** I have an application that does not seem to support the use of a proxy (privoxy), how do I configure the application to use Privoxy? 254 | 255 | **A12.** You can configure ANY application to use Privoxy by adding in the following environment variable to the "Extra Parameters" field (please switch to "Advanced view" to view this) in the unRaid Web UI/Docker tab. 256 | 257 | ```-e RUN_OPTS="--ProxyConnection=:"``` 258 | 259 | **Q13.** I can see from the '/config/supervisord.log' file that the openvpn process keeps getting killed every 30 seconds on my QNAP appliance, what could be the cause of this? 260 | 261 | **A13.** For some reason (unknown at this time) QNAP decided to kill any openvpn process running on the host by adding in a line to the 'daemon_mgr.conf' file. In order to prevent this you need to delete the following line from the 'daemon_mgr.conf':- 262 | 263 | ```DAEMONxx = openvpn, stop, /usr/sbin/openvpn``` 264 | 265 | Where xx will be 2 random digits. 266 | 267 | **Q14.** I am a Synology DS-1817+ user and am seeing very bad download/upload speeds whilst using DelugeVPN/SABnzbdVPN/qBittorrentVPN, what could be the cause?. 268 | 269 | **A14.** The Synology DS-1817+ can have performance issues when running dockers that include openvpn client, this can manifest itself as slow download/upload rates. There are two solutions to this problem, either reduce the load on the system by shutting down other containers/vm's or alternatively by running the vpn enabled docker container on a more powerful system. 270 | 271 | **Q15.** I have setup port forwarding on my router/firewall but still cannot seem to seed any torrents and my incoming port is showing as closed, how can I fix this? 272 | 273 | **A15.** A common misconception is that port forwarding for a torrent client when using a VPN connection is still done on the users router/firewall, this is NOT the case, port forwarding MUST be done on the VPN provider side only. In order to have a working incoming port you need to have all of the following in place:- 274 | 275 | * The VPN provider you have signed up to provides port forwarding - For PIA users this is the case, there are other providers too which allow port forwarding, but be aware most do NOT, check with the provider BEFORE signing up. 276 | 277 | * You have an assigned incoming port from your VPN provider - For PIA users this is done automatically for you, so as long as you are connected to an endpoint that supports port forwarding (see here for details) AND you have STRICT_PORT_FORWARD  set to yes. For other providers they may manually assign a port for you on request, or may use other mechanisms. 278 | 279 | * You have configured the application to use the assigned port - For PIA users this is done automatically for you, for other providers you will need to manually set the application to use the port assigned to you. 280 | 281 | **Q16.** I am seeing the following in the log file '/config/supervisord.log' and cannot access the web ui, what does it mean and how can I fix it?. 282 | 283 | ```AUTH: Received control message: AUTH_FAILED'``` 284 | 285 | **A16.** AUTH_FAILED means you are having issues authenticating with your VPN provider, there can be many causes for this, here are some of the common ones:- 286 | 287 | * **Cause:** Your subscription has run out
288 | **Solution:** Double check this on the vpn providers website. 289 | 290 | * **Cause:** You have not typed in your username (VPN_USER value) and/or password (VPN_PASS value) correctly
291 | **Solution:** Do not copy and paste, type it in manually to prevent whitespace issues. 292 | 293 | * **Cause:** You are using the wrong credentials
294 | **Solution:** ensure the credentials are for openvpn/wireguard, NOT proxy servers etc. [**PIA users**] Do **NOT** use the generated PPTP/L2TP/Socks Username and Password, this is not the correct credentials, you need to specify the web login credentials (username will be of the format Pxxxxxx) for VPN_USER and VPN_PASS. 295 | 296 | * **Cause:** Your password contains a character which may cause issues
297 | **Solution:** Please ensure it only contains letters a-z (upper case or lower case) and numbers 0-9. 298 | 299 | * **Cause:** Your password is too long
300 | **Solution:** Certain VPN providers (such as PIA) may limit the password length, please try shortening the password for your account. [**PIA users**] The maximum length for account passwords has changed with next-gen network, please ensure your password is 99 characters or less. 301 | 302 | * **Cause:** Out of date openvpn config file (ovpn extension)
303 | **Solution:** Ensure you download the latest ovpn file from your vpn provider. 304 | 305 | * **Cause:** The vpn provider you have signed up with is having authentication issues
306 | **Solution:** Try another endpoint, failing that contact the vpn provider and explain you are having authentication issues when using native openvpn/wireguard clients with AUTH_FAILED shown. 307 | 308 | **Q17.** I'm unable to connect to the web ui and I'm seeing the following repeated over and over in the /config/supervisord.log file, what does it mean and how can I fix it? 309 | 310 | ```text 311 | 2020-02-04 07:21:26,213 DEBG 'start-script' stdout output: 312 | Tue Feb 4 07:21:26 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting 313 | 314 | 2020-02-04 07:21:26,213 DEBG 'start-script' stdout output: 315 | Tue Feb 4 07:21:26 2020 SIGHUP[soft,ping-restart] received, process restarting 316 | ``` 317 | 318 | **A17.** This means the OpenVPN Client is unable to connect to the VPN providers server on the specified IP address and port (as defined in the ovpn file 'remote' line), this can have many causes, some of the more common causes (and solutions) are as follows, in descending order of most common:- 319 | 320 | * **Cause:** Out of date ovpn config file containing reference to retired VPN remote server(s).
321 | **Solution:** Download the latest ovpn config file from your VPN provider, place in /config/openvpn/ and restart container. 322 | 323 | * **Cause:** Your subscription has run out
324 | **Solution:** Double check this on the vpn providers website. 325 | 326 | * **Cause:** VPN provider has a major outage.
327 | **Solution:** Contact VPN provider to confirm outage and wait for the outage to be resolved. 328 | 329 | * **Cause:** Hardware firewall/router is blocking outbound connections to the vpn providers servers.
330 | **Solution:** Allow outbound connections for the port defined in the VPN providers ovpn file on your firewall/router. 331 | 332 | * **Cause:** Host machine firewall blocking the docker container from connecting to the vpn providers servers.
333 | **Solution:** Allow outbound connections for the port defined in the VPN providers ovpn file on the hosts firewall. 334 | 335 | * **Cause:** VLAN blocking the connection for the host to the VPN providers servers.
336 | **Solution:** Allow outbound connections for the port defined in the VPN providers ovpn file on your switch. 337 | 338 | * **Cause:** ISP is hijacking DNS lookup and redirecting you to their (spammy) landing page.
339 | **Solution:** Contact ISP and disable DNS redirection, Virgin UK and SKY ISP's have a website where you can disable it. 340 | 341 | * **Cause:** ISP is blocking outbound connections to the VPN providers servers.
342 | **Solution:** Use an IP based ovpn config file instead, this wil circumvent the requirement to do a name lookup. 343 | 344 | Once you have ruled out any potential Home LAN issues and if none of the above resolve the issue then you may have to switch VPN provider or even ISP to get around the blocking restriction. 345 | 346 | **Q18.** When I set my application (such as Sonarr, Radarr, web browser, etc) to use Privoxy and do a curl/wget from within the applications container, or on my PC running the web browser I see that my IP address is my ISP's assigned IP address and NOT the expected VPN provider IP address for the endpoint im connected to, why is this, is the VPN not working correctly?. 347 | 348 | **A18.** A proxy server works at a application level NOT a system level, therefore when using command line tools like curl or wget these applications would need to be configured to use the proxy in order to correctly route through and show the VPN provider allocated IP address. 349 | 350 | This is in contrast to a VPN client which works at the system level, thus all traffic is routed over the VPN tunnel, so using command line utilities such as curl or wget inside the VPN docker container (e.g. DelugeVPN, PrivoxyVPN, etc) WOULD correctly show the VPN allocated IP address. 351 | 352 | If you wish to verify that the application is correctly using the proxy server then point your application at Privoxy and then stop the PrivoxyVPN container, then from the application (such as Sonarr, Radarr, web browser, etc) you should start seeing connection errors when attempting to connect to index sites/web sites. 353 | 354 | **Q19.** I see that PIA has a new network called 'Next-Gen', does *VPN Docker Images that you produce support this, and if so how do I switch over to it? 355 | 356 | **A19.** Yes, it's now fully supported including port forwarding, if you want to switch from PIA's current network to the 'next-gen' network then please generate a new ovpn file using the following procedure:- 357 | 358 | 1. Please make sure you have the latest Docker Image by issuing a docker pull. 359 | 2. Download next-gen ovpn config file from the following link:- 360 | 3. Extract the zip and copy **ONE** of the ovpn files and any other certs etc to /config/openvpn/, ensuring you either rename the extension or delete the old current-gen network ovpn file. 361 | 4. Restart the container and monitor /config/supervisord.log file for any issues. 362 | 363 | **Q20.** I would like to specify multiple endpoints to attempt to connect to in case one or more of them have transient issues, can your *VPN Docker images do this, and if so, how? 364 | 365 | **A20** Yes, all the Docker Images I produce do support multiple endpoints, this is achieved by editing the OpenVPN configuration file located in /config/openvpn/ and adding in additional 'remote' lines, an example is shown below:- 366 | 367 | ```text 368 | remote al.privacy.network 1198 369 | remote ad.privacy.network 1198 370 | remote austria.privacy.network 1198 371 | remote brussels.privacy.network 1198 372 | remote ba.privacy.network 1198 373 | remote sofia.privacy.network 1198 374 | ``` 375 | 376 | The order shown above will be the order tried, if an endpoint fails to connect then it will try the next, and so on, if it gets to the end of the list then it will start from the top again in a round robin fashion. 377 | 378 | **Note** Multiple OpenVPN configuration files is **NOT** supported, only multi remote lines as shown above. 379 | 380 | **Q21.** I now see that you support WireGuard, how do I switch from OpenVPN to WireGuard client? 381 | 382 | **A21.** Yes you are correct, all binhex VPN created images now support OpenVPN and WireGuard, for PIA and other VPN providers. 383 | 384 | If you're a PIA user then please follow this procedure:- 385 | 386 | 1. Change Docker parameter from ```--cap-add=NET_ADMIN``` to ```--privileged=true``` (WireGuard requires privileged permissions). 387 | 2. Add environment variable and set the ```Key:``` (**NOT** the name) to ```VPN_CLIENT``` and set the ```Value:``` to ```wireguard```. 388 | 3. Start the container with the new parameters. 389 | 4. Once the container has started you should then be able to see the dynamically generated WireGuard config file ```/config/wireguard/wg0.conf```. 390 | 5. If you wish to change the endpoint (default is ```nl-amsterdam.privacy.network```) then open the file ```/config/wireguard/wg0.conf``` and change the ```Endpoint``` line to the endpoint you want to connect to (the list of all port forward enabled endpoints is shown in the log ```/config/supervisord.log```) 391 | 392 | If you're a 'custom or airvpn' VPN user (non PIA) then please follow this procedure:- 393 | 394 | 1. Change Docker parameter from ```--cap-add=NET_ADMIN``` to ```--privileged=true``` (WireGuard requires privileged permissions). 395 | 2. Add environment variable and set the ```Key:``` (**NOT** the name) to ```VPN_CLIENT``` and set the ```Value:``` to ```wireguard```. 396 | 3. Start and stop the container to force the creation of ```/config/wireguard/```. 397 | 4. Copy and paste in the WireGuard configuration file for your VPN provider to ```/config/wireguard/``` 398 | 5. Start the container and monitor the log ```/config/supervisord.log``` to ensure the connection is established. 399 | 400 | **Q22.** I see the following in the log /config/supervisord.log, what does it mean and how can I fix it? 401 | 402 | ```text 403 | OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:AES-256-CBC') if you want to connect to this server. 404 | ``` 405 | 406 | **A22.** This error is caused by a misconfiguration of the OpenVPN servers at the VPN providers end (currently affecting PIA customers). The VPN server does not push the supported ciphers via the '--cipher' option and so the client has to assume that the server does not do any cipher negotiation. The client then tries to use the same cipher as the server, but PIA's servers are set incorrectly and report support of cipher ```BF-CBC```, the client tries to switch to that cipher and it fails generating the error. 407 | 408 | The fix for this is to specify a fallback cipher on the client side to a cipher that PIA does support, this is done by editing the file ```/config/openvpn/``` and adding/replacing the following lines (use notepad++ **NOT** notepad):- 409 | 410 | ```text 411 | cipher aes-256-gcm 412 | ncp-disable 413 | ``` 414 | 415 | Remove this line (if present):- 416 | 417 | ```text 418 | data-ciphers-fallback aes-256-gcm 419 | ``` 420 | 421 | Save and restart the container for the change to take effect. 422 | 423 | **Q23.** I see the following in the log /config/supervisord.log, what does it mean and how can I fix it? 424 | 425 | ```text 426 | RTNETLINK answers: Operation not permitted 427 | Unable to access interface: Operation not permitted 428 | [#] ip link delete dev wg0 429 | Cannot find device "wg0" 430 | [warn] WireGuard interface failed to come 'up', exit code is '1' 431 | ``` 432 | 433 | **A23.** This indicates that you are not running the container with 'Privileged' mode enabled and/or sysctl for src_valid_mark (both of which are requirements for wireguard). 434 | 435 | For unRAID users this can be done by toggling 'Privileged:' to 'on' for the container, and adding the following line to 'Extra Parameters:' 436 | 437 | ```text 438 | --sysctl="net.ipv4.conf.all.src_valid_mark=1" 439 | ``` 440 | 441 | for people using a Docker run command you would add the following lines:- 442 | 443 | ```text 444 | --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ 445 | --privileged=true \ 446 | ``` 447 | 448 | **Q24.** I would like to be able to route other docker containers through one of my existing VPN containers, how do I do this? 449 | 450 | **A24.** In order to route an application(s) through an existing VPN container you would do the following steps:- 451 | 452 | **Container to route through VPN** 453 | 454 | 1. Left click icon and 'Edit' container and toggle advanced view (top right). 455 | 2. In 'Extra Parameters' enter ```--net=container:```. 456 | 3. Go to 'Network Type' and select 'none'. 457 | 4. Write down the ports defined and then remove all ports (no ports required as we will be accessing it via the vpn container). 458 | 5. Click on 'Apply'. 459 | 460 | **Container running VPN** 461 | 462 | 1. Left click icon and 'Edit' container and toggle advanced view (top right). 463 | 2. Click on 'Add another Path, Port, Variable, Label or Device' and add in a 'config type' of 'port'. 464 | 3. Enter in the applications Web UI port for 'Container port' from your list taken earlier in step 4. above and any non conflicting port number for 'Host Port' (host port must not be used by another container). 465 | 4. Edit 'VPN_INPUT_PORTS' env var and put applications Web UI port numbers for the 'Container Port' in the 'value', if multiple ports required then use a comma to separate. 466 | 5. Click on 'Apply'. 467 | 468 | **Notes** 469 | 470 | 1. Please keep in mind that when defining connections from an application to another application in the same VPN container network that **you will need to set the host to 'localhost' and NOT the LAN IP address**, this is because the applications are now bound to the same network and thus should communicate over 'localhost' and NOT the unRAID host IP address. 471 | 472 | 2. The order of containers starting is now important, the VPN container **must start first** in order for the other container(s) to route through it, ordering can be changed in the unRAID Web UI by dragging the containers up and down, the unRAID Web UI shows the start order in descending order. 473 | 474 | 3. Still can't access the Web UI of the application?, check Q4. this is a common trip up for most people. 475 | 476 | **Q25.** I have recently updated my Docker image for DelugeVPN/PrivoxyVPN/SABnzbdVPN/qBittorrentVPN and can not view the Web UI for the application I am routing through the VPN container, why is this and how can I fix it?. 477 | 478 | **A25.** Due to iptables tightening it is now a requirement that you add the Web UI/API ports for the application you want to access whilst routed through the VPN to the env var key 'VPN_INPUT_PORTS' with the ports being the value, if you have multiple ports then please separate the values with a comma, e.g. 'VPN_INPUT_PORTS' = 1234,5678 479 | 480 | The other change you will need to do is when defining connections from an application to another application in the same VPN container network then you will need to set the host to 'localhost' and NOT the LAN IP address, this is because the applications are now bound to the same network and thus should communicate over 'localhost'. 481 | 482 | Please also review **A24.** above, and ensure you have completed ALL steps to route a container through another one correctly. 483 | 484 | **Q26.** I have recently updated my Docker image for DelugeVPN/PrivoxyVPN/SABnzbdVPN/qBittorrentVPN and have setup Sonarr/Radarr/Lidarr...etc to use Privoxy (proxy server), but this is now no longer able to connect to the 'Download Client' (e.g. Deluge, rTorrent, qBittorrent, SABnzbd), why is this and how can I fix it?. 485 | 486 | **A26.** Due to iptables tightening you need to now bypass local addresses for proxy connection in index applications, for Sonarr/Radarr/Lidarr this can be achieved by editing the value for 'Ignored Addresses' under the Settings/General/Proxy and entering in the IP address of the unRAID server running the VPN container. This will then bypass using Privoxy (proxy server) for connections to the local server, and thus allow a direct connection to the download client. 487 | 488 | An alternative method to this is to setup Jackett, then configure Jackett to use Privoxy. You then simply point Sonarr/Radarr/Lidarr...etc at Jackett as an 'Indexer' and you are done, there is NO need to configure a proxy for Sonarr/Radarr/Lidarr...etc in this configuration, as Jackett is already doing the proxying for you. 489 | 490 | **Q27.** I have recently updated my Docker image for DelugeVPN/PrivoxyVPN/SABnzbdVPN/qBittorrentVPN which I route several containers through, and thanks to A25. I can now access the Web UI, however I cannot get applications routed through the VPN network to communicate with applications on the LAN, why is this and how can I fix it? 491 | 492 | **A27.** Due to iptables tightening it is now a requirement that you add the Web UI/API ports for applications on the LAN to the env var key 'VPN_OUTPUT_PORTS', with the ports being the value, this will then permit applications running in the VPN network to access applications on the LAN, if you have multiple ports then please separate the values with a comma, e.g. 'VPN_OUTPUT_PORTS' = 1234,5678 493 | 494 | An example of this requirement is when having Sonarr/Radarr/Lidarr routed through a VPN container and these apps requiring access to nzbget running on the LAN, in this case you would define VPN_OUTPUT_PORTS = 6789 (default port for nzbget), this would then allow the index app (Sonarr/Radarr/Lidarr) to connect to the download client (nzbget). 495 | 496 | **Q28.** If I am using Wireguard how do I change the endpoint that I am connecting to? 497 | 498 | **A28.** Wireguard is configured via the file ```/config/wireguard/wg.conf```, this file is either programmatically generated for PIA users or is downloaded from the VPN providers website. This file contains the endpoint you connect to, which can either be a hostname or an IP address, example config file shown below:- 499 | 500 | ```text 501 | [Interface] 502 | Address = 10.1.2.3 503 | PrivateKey = DFGDFDF234234$$£$DSGDSFGDFG= 504 | PostUp = '/root/wireguardup.sh' 505 | PostDown = '/root/wireguarddown.sh' 506 | 507 | [Peer] 508 | PublicKey = DFGDFDF234234$$£$DSGDSFGDFG= 509 | AllowedIPs = 0.0.0.0/0 510 | Endpoint = nl-amsterdam.privacy.network:1337 511 | ``` 512 | 513 | The 'Endpoint' line from the above example defines the endpoint you connect to, this can be changed to the endpoint you want to connect to, for PIA users a list of endpoints that support port forwarding is shown in the log ```/config/supervisord.log```. 514 | 515 | **PIA users** - Please keep in mind not all endpoints support port forwarding, I would highly recommend sticking to port forward enabled endpoints only. 516 | 517 | **Q29.** I'm seeing the following warning in the /config/supervisord.log ```[warn] Unable to successfully download PIA json to generate token for wireguard from URL```, what does it mean and how can I fix it?. 518 | 519 | **A29.** This warning is telling you that the docker container is unable to connect to the PIA API in order to generate a valid token for Wireguard, this is normally due to issues with a particular PIA endpoint (VPN provider server), try connecting to another endpoint by changing the ```Endpoint =``` entry in the wireguard config file located at ```/config/wireguard/wg0.conf``` - a full listing of PIA endpoints can normally be seen in the log file located at ```/config/supervisord.log```. 520 | 521 | **Q30.** I can view the applications Web UI from my home LAN, but whenever I connect to my home LAN using a remote connection (such as Tailscale, Cloudflare, OpenVPN or Wireguard) I can no longer view the application Web UI, I can view all other docker container Web UI's but not the **VPN ones, why is this and how can I fix it?. 522 | 523 | **A30.** This is due to strict iptables rules, you need to add the VPN network to the ```LAN_NETWORK``` value using a comma as a separator, e.g. ```LAN_NETWORK=192.168.1.0/24,192.168.2.0/24```, if you are having difficulty calculating the CIDR mask (digits after the forward slash) or finding out the network then see Q4 above. 524 | 525 | **Q31.** I see that you have now added in specific support for VPN provider 'ProtonVPN' which will now result in automatic incoming port assignment, what do I have to do to make use of this new functionality when using one of the *VPN images?. 526 | 527 | **A31.** In order to get a successful incoming port from VPN provider 'ProtonVPN' you would need to do the following:- 528 | 529 | * Login with your registered ProtonVPN account at and then go to the Downloads section. 530 | * If you want to use OpenVPN then download a OpenVPN configuration file from a endpoint with P2P enabled (denoted by two arrows going left and right). Place the OpenVPN configuration file in `/config/openvpn/` ensuring it has a file extension of `ovpn`, please also ensure there are NO other files with a `ovpn` extension in `/config/openvpn/`. 531 | * If you want to use Wireguard then toggle the option `NAT-PMP (Port Forwarding)` to on and then download a Wireguard configuration file from a endpoint with P2P enabled (denoted by two arrows going left and right). Place the Wireguard configuration file in `/config/wireguard/` with the filename `wg0.conf`. 532 | * Go to UNRAID Web UI and left click the VPN container and select `edit` then scroll down to `VPN_USER` and append the string `+pmp` to the end of the username, e.g. `zuqWGtyy7SMGQM8C+pmp`, also ensure you have set the `VPN_PROV` to `protonvpn` (if this doesn't exist then see Note below), then scroll to the bottom and click onply. 533 | * Monitor log at `/config/supervisord.log` to ensure port is assigned and then check Web UI for application to verify the port has been set. 534 | 535 | **Note** Due to UNRAID templates not automatically updating it will be necessary to add `protonvpn` to the list of VPN providers for env var `VPN_PROV` before you can select it, you can do this by editing the container and clicking `edit` for env var `VPN_PROV` and setting the `Default Value` to `pia|airvpn|custom|protonvpn` then click on `Save` and you then should be able to select `protonvpn` from the list. 536 | 537 | **Q32.** I can access the Web UI for the application when connected to my LAN, but when I connect to my LAN via a VPN connection I can no longer access the Web UI, why is this and how do I fix it? 538 | 539 | **A32.** Due to strict ip table rules unless you add the network range configured for your VPN server to LAN_NETWORK then you will be blocked from aceessing the Web UI (and proxy if enabled). To fix this you need to append the VPN network to LAN_NETWORK using a comma to separate values, if you are unsure how to identify the network range then see Q4. 540 | 541 | **Q33.** I have VLAN's defined on my network and for some reason I cannot access the Web UI of the application even though the `/config/supervisord.log` states the application has started, why is this and how do I fix it? 542 | 543 | **A33.** Due to strict ip table rules unless you add the network range configured for your VLAN to LAN_NETWORK then you will be blocked from aceessing the Web UI (and proxy if enabled). To fix this you need to append the VLAN network(s) to LAN_NETWORK using a comma to separate values, if you are unsure how to identify the network range then see Q4. 544 | 545 | **Q34.** I'm running this container on a Docker Swarm or connected to non-standard docker networks and can't access the Web UI of the application. 546 | 547 | **A34.** Due to strict ip table rules and container limitations in docker engine, you must set `ENABLE_STARTUP_SCRIPTS=yes` in your docker run or docker compose and place a custom script similar to the following in your `config/scripts` directory 548 | 549 | ```bash 550 | #!/bin/bash 551 | 552 | # Use WEBUI_PORT environment variable for the table ID and table name 553 | TABLE_ID="${WEBUI_PORT}" 554 | TABLE_NAME="${WEBUI_PORT}_qbittorrent" 555 | echo "Configuring routing table $TABLE_NAME." 556 | 557 | # Ensure /etc/iproute2 directory and rt_tables file exist 558 | if [ ! -d /etc/iproute2 ]; then 559 | mkdir -p /etc/iproute2 560 | fi 561 | 562 | if [ ! -f /etc/iproute2/rt_tables ]; then 563 | touch /etc/iproute2/rt_tables 564 | fi 565 | 566 | # Check if the routing table already exists, add if it doesn't 567 | if ! grep -q "$TABLE_NAME" /etc/iproute2/rt_tables; then 568 | echo "$TABLE_ID $TABLE_NAME" >> /etc/iproute2/rt_tables 569 | echo "Added routing table $TABLE_NAME." 570 | fi 571 | 572 | # Add routing rules for qBittorrent 573 | ip route add 10.0.0.0/24 via 10.0.0.2 table $TABLE_NAME 574 | ip route add 10.0.1.0/24 via 10.0.1.1 table $TABLE_NAME 575 | echo "Routing rules configured for $TABLE_NAME." 576 | ``` 577 | 578 | See also [arch-qbittorrentvpn issue 203](https://github.com/binhex/arch-qbittorrentvpn/issues/203) 579 | 580 | **Q35.** I am seeing the following in /config/supervisord.log after the latest update `Error: error sending query: Could not send or receive, because of network error`, why is this hapening and how can i fix it? 581 | 582 | **A35.** Due to more aggresive `iptables` blocking, name resolution is now strictly permitted only for the defined name servers via env var `NAME_SERVERS`, the above message is due to the defined name servers (port 53) being blocked, common reasons this may happen are as follows:- 583 | 584 | * Firewall/Router is blocking outbound port 53 585 | * PiHole (or similar) is blocking outbound port 53 586 | * Host is blocking outbound port 53 587 | * ISP is blocking outbound port 53 588 | 589 | **Note** Using local name servers is not permitted to prevent IP leakage and DNS failure will occur once the VPN tunnel is established. 590 | 591 | **Q36.** When enabling Tailscale I can no longer access the Web UI of any VPN enabled contains, why is this and how can I fix it?. 592 | 593 | **A36.** Tailscale interferes with DNS and networking causing issues with VPN enabled images, here are the known workarounds:- 594 | 595 | * MagicDNS is enabled - Fix is to disable MagicDNS in Tailscale 596 | * `TAILSCALE_USERSPACE_NETWORKING` is set to `false` - Fix is to set this to `true` 597 | 598 | **Note** If you are attempting to access the VPN enabled applications Web UI remotely over Tailscale then you will also need to ensure the Tailscale IP network is also added to LAN_NETWORK - See `Q30.` above for more details. 599 | -------------------------------------------------------------------------------- /docker/guides/vpn.md: -------------------------------------------------------------------------------- 1 | # **VPN Setup Guide**] 2 | 3 | ## **Prerequisites**
4 | 5 | **Sign up to VPN provider**
6 | The first task to do is to sign up to a VPN provider, not all providers are the same, things to want in a VPN provider: 7 | 8 | 1. Privacy - Ensure the VPN provider does NOT log anything!, if they do then walk away. 9 | 2. Permitted Traffic - Ensure the VPN provider does allow P2P traffic and doesn't block or throttle. 10 | 3. Incoming Ports - Ensure the VPN provider does support the generation of a incoming port for your account (most don't permit this), if they don't then speeds will be low due to restricted access to peers. 11 | 12 | Recommendations are: 13 | 14 | - PIA (pre-configured for you, easiest approach) 15 | - Mullvad (great for privacy, highly recommended) 16 | - AirVPN (good solid VPN provider with incoming port support) 17 | 18 | **Download config and generate incoming port**
19 | Once you have settled on a VPN provider that you like the look of then configure an incoming port (not required for PIA users) and download the OpenVPN and/or Wireguard configuration files, these are typically zipped as they contain multiple configuration files for the multiple servers that you can connect to. 20 | 21 | **PIA users** - The URL to download the openvpn configuration files and certs is 22 | 23 | IMPORTANT: Please do **NOT** configure your home router for the incoming port, see Q15:- 24 | 25 | **Placement of VPN client config**
26 | So once you have the vpn client configuration file then you need to start and then stop the container - it will auto stop as there is no configuration present at that time, then copy a SINGLE OpenVPN config file (normally has extenion .ovpn) or Wireguard config file (normally has extension .wg0) to ```/config/openvpn/``` or ```/config/wireguard/``` respectively, as well as any bundled certificates. 27 | 28 | **Record credentials from VPN provider**
29 | Most VPN providers have a set of credentials that are used to authenticate with OpenVPN and/or Wireguard, if your VPN provider embeds the authentication into the OpenVPN/Wireguard configuration file then leave ```VPN_USER``` and ```VPN_PASS``` credentials blank. 30 | 31 | ## **Configuration options**
32 | 33 | So onto configuration of the container, the following is a description of each env var key and value: 34 | 35 | **Key Name:** ```VPN_ENABLED```
36 | **Description:** Fairly self explanatory, if you set this to 'yes' then a VPN tunnel connection will be attempted, set to no and you will run the application with no VPN protection.
37 | **Values:** ```yes|no```
38 | 39 | **Key Name:** ```VPN_USER```
40 | **Description:** This is the username as supplied by your VPN provider, it might be the website login, or it might be a separate username. In some cases it may also not be required, as some providers allow you to create a ovpn config file with your authentication supplied as a inline end user certificate (AirVPN for instance).
41 | **Values:** ``````
42 | 43 | **Key Name:** ```VPN_PASS```
44 | **Description:** Same deal as the VPN_USER, this is the VPN provider supplied password, again this may not be necessary for certain providers due to auth via embedded cert in the ovpn file.
45 | **Values:** ``````
46 | 47 | **IMPORTANT** - usernames/passwords that contain characters which are NOT in the range (0-9, a-z, A-Z) MAY cause issues, check the ```/config/supervisord.log``` for this. 48 | 49 | **Key Name:** ```VPN_PROV```
50 | **Description:** This is the VPN provider you're using, the reason i differentiate between providers is because i have built in support for port forwarding for provider PIA, thus its important to specify this correctly, if you aren't using VPN provider PIA then set it to either AirVPN or custom.
51 | **Values:** ```pia|airvpn|custom```
52 | 53 | **Key Name:** ```VPN_CLIENT```
54 | **Description:** This defines whether you want to connect to the VPN provider using either the OpenVPN client or the Wireguard client.
55 | **Values:** ```openvpn|wireguard```
56 | 57 | **Key Name:** ```VPN_OPTIONS```
58 | **Description:** This allows you to define advanced OpenVPN options (Wireguard not supported), in most cases this is NOT required and can cause issues if misconfigured, please leave undefined unless you know what you are doing.
59 | **Values:** ``````
60 | 61 | **Key Name:** ```STRICT_PORT_FORWARD```
62 | **Description:** **PIA users only** If this is set to yes then you will only be able to connect to endpoints that support port forwarding. If you set this to no then you will be able to connect to ANY PIA endpoint, irrespective of whether it supports port forwarding or not.
63 | **Values:** ```yes|no```
64 | 65 | **Key Name:** ```ENABLE_PRIVOXY```
66 | **Description:** Allows you to define whether you want to run Privoxy inside the container as well - for more details about Privoxy see Q3.
67 | **Values:** ```yes|no```
68 | 69 | **Key Name:** ```LAN_NETWORK```
70 | **Description:** This is used to define your home LAN network, do NOT confuse this with the IP address of your router or your server, the value for this key defines your network (CIDR format) NOT a single host - for help about how to configure this see Q4.
71 | **Values:** ``````
72 | 73 | **Key Name:** ```NAME_SERVERS```
74 | **Description:** This allows you to define the name servers you want to use when the VPN tunnel is established, keep in mind you probably will NOT be able to use your ISP's name servers when the tunnel is running, as your IP address will then not be in your ISP's range and thus will normally be blocked, thus the recommendation to use an open DNS, the defaults are normally fine.
75 | **Values:** ``````
76 | 77 | **Key Name:** ```DELUGE_DAEMON_LOG_LEVEL```
78 | **Description:** Deluge daemon logging level.
79 | **Values:** ```info|warning|error|none|debug|trace|garbage```
80 | 81 | **Key Name:** ```DELUGE_WEB_LOG_LEVEL```
82 | **Description:** Deluge web logging level.
83 | **Values:** ```info|warning|error|none|debug|trace|garbage```
84 | 85 | **Key Name:** ```VPN_INPUT_PORTS```
86 | **Description:** This will permit access from the LAN to applications running in the VPN network. For example if you had DelugeVPN container running you could bind the network for Sonarr to the DelugeVPN container so that all traffic for Sonarr is then sent down the VPN tunnel encrypted. In order to then access the Sonarr Web UI from the LAN you would need to define the Sonarr Web UI port using this key. See Q24 for more details
87 | **Values:** ``````
88 | 89 | IMPORTANT: Please note 'VPN_INPUT_PORTS' is **NOT** to define the incoming port for the VPN, this environment variable is used to define port(s) you want to allow in to the VPN network when network binding multiple containers together, configuring this incorrectly with the VPN provider assigned incoming port COULD result in IP leakage, you have been warned!. 90 | 91 | **Key Name:** ```VPN_OUTPUT_PORTS```
92 | **Description:** This will permit applications running in the VPN network to access applications on the LAN. An example of this requirement is when having Sonarr/Radarr/Lidarr routed through a VPN container and these apps requiring access to nzbget running on the LAN, in this case you would define VPN_OUTPUT_PORTS = 6789 (default port for nzbget), this would then allow the index app (Sonarr/Radarr/Lidarr) to connect to the download client (nzbget). See Q24 for more details
93 | **Values:** ``````
94 | 95 | **Key Name:** ```DEBUG```
96 | **Description:** Set this to true to enable debug, extremely useful to debug issues when you can't connect to the VPN tunnel - For further help see
97 | **Values:** ```true|false```
98 | 99 | **Key Name:** ```ENABLE_STARTUP_SCRIPTS```
100 | **Description:** Set this to yes to enable startup scripts to run from the /config/scripts directory.
101 | **Values:** ```yes|no```
102 | 103 | **Key Name:** ```UMASK```
104 | **Description:** This sets the permissions for newly created files/folders, the default of ```000``` is normally fine.
105 | **Values:** ```<3 digit integer>```
106 | 107 | **Key Name:** ```PUID```
108 | **Description:** The user ID to run as, the default value of 99 is for user 'nobody', if you want to run the container as another user then find out the UID by issuing the following command:- ```id ```
109 | **Values:** ``````
110 | 111 | **Key Name:** ```PGID```
112 | **Description:** TThe group ID to run as, the default value of 100 is for group 'users', if you want to run the container as another group then find out the GID by issuing the following command:- ```id ```
113 | **Values:** ``````
114 | 115 | IMPORTANT: - If you do decide to change the PUID and/or PGID values and you have previously started the container then please ensure you delete the file ```/config/perms.txt``` to force a reset of permissions for the new user/group. 116 | 117 | ------- 118 | And lastly please take a look at the extensive FAQ's i have written up:
119 | 120 | 121 | If you are still stuck then please do the following:
122 | 123 | --------------------------------------------------------------------------------