Your local network will probably work as your router will be intelligent and "hairpin" the external address back to the WAN interface and process accordingly.
My OMV is on port 81 (similar reason to you) but I'm using Traefik to handle the proxying (with SSL) and it works.
External IP:443->Router->Port Forward to Traefik Docker IP:443->SNI->OMV:81
Here is my Wireguard config. As mentioned, it runs in BRIDGE mode (set via Portainer). I access it via Traefik (i.e. my router forwards the WG port to my host, and Traefik handles it from there). I use a common DNS name internally and externally, BOTH resolve (internally and externally) to my public IP, and my router handles the hairpin.Code
My WireGuard config is:Code
I have set my CLIENT (Android) AllowedIPs to be:
And my CLIENT (Android) WireGuard DNS is my LAN DNS IP.
That way Wireguard is (AllowedIP) to see my DNS, the LAN (when DNS resolves internally) and "the internet".
If you remove 0.0.0.0/0 you won't get internet over WG, which is fine if you don't set "Block Connections Without VPN" in Android - i.e. you'll split tunnel.
If you're not clear on Traefik, you might want to read my main guide on OMV/Portainer/Traefik which is here : https://site.gothtech.co.uk/ar…ainer-traefik-letsencrypt
And then read my WireGuard add-on which is here: https://site.gothtech.co.uk/ar…encrypt/wireguard-traefik
I've shoved an OMV specific blog about this over here : https://sites.google.com/view/…authuser=0#h.o4dayltofvee
Portainer 2 also now fixes the issue I reported with not excluding the "shim" IP from the macvlan range - which is nice
I still use it, albeit not often, although I've also got Jellyfin running so I can see two DLNA options - not retired minidlna yet
I did install it at roughly the same time
You need to point a jail at your emby log or reverse proxy log
I use Traefik and just point it at the access.log
This should work if you're using Traefik (and could be adapted for other logs relatively easily)
Your problem is this:
s6-applyuidgid: fatal: unable to exec php7: Permission denied
OMV mounts the data volume with noexec
Docker is probably using a volume off that partition, and OMV won't let anything execute.
You need to remove noexec from the fstab entry (ideally via the OMV config.xml)
Or you can see how to on my blog post here:
Your settings will survive, and as long as you've setup volumes correctly, your data should persist.
If your container takes a while to init, this can get annoying if you miss something (dlandon/zoneminder takes about 10 mins to start...) but overall it's good. I really prefer the Portainer UI to the old docker one - and I've only had problems when I installed Traefik, setup a DNS entry for portainer to use Traefik (with SSL) and then took Traefik down (I forgot what I did, so that was fun).
Portainer 2.0 (CE) is now out - released in the last 48 hours.
Upgrade is easy enough, but it has to be installed manually as OMVExtras currently points to Portainer V1 (and they've changed tags to avoid breakages). Assuming you've installed portainer V1 via OMVExtras then all you need to do (via the CLI) is :
- docker stop portainer
- docker rm portainer
- docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce
Then reload your GUI.
The App Templates change changed format, so if you're using a template list (such as selfhostedpro) it will break the list (but not Portainer)
You can upgrade the list yourself (https://github.com/SelfhostedP…hosted_templates/pull/178) until that's fixed.
It's also now got Kubernetes support and a few other things. Nothing has (as yet) broken for me
So, for the last week I've been using WG on and off LAN with no routing, via a Docker container (in bridge mode) quite happily with no issues.
Playing audio off my SMB server remotely via JetAudio.
Some apps are a bit quick to assume they can't "see" SMB due to lag.
davidh2k - I've been ok with swapping in and out of staging, but have also scrapped acme.json once.
Given Google's (now formal) announcement today of killing Google Play Music and charging you to keep your screen off, I'll be speeding up my writeup of WireGuard under Docker and using JetAudio to have access to your library anywhere
Caddy seems a bit web specific, and I'm using HTTP, TCP and UDP routing in Traefik now, all with no bother
You either need to setup a macvlan to get your image on your local network, or run it in host mode and look at the port forwarding options.
ip route (if you use it) would need to be set up two ways on your host box/router to get stuff from/to both networks.
Have a look at the macvlan option on my blog post here - it might let you move your wireguard host to macvlan which would be on your own LAN
Your WG server is on the 10 network and your DNS is on 192? (Where are the SMB shares?)
I suspect you need to add an ip route, as the networks/subnets won't see eachother
Why don't you put your certs on a volume and expose it to the container, then just restart the container nightly?
I'm using Traefik for my certs and have a script to export them and put them in a shared location which is exposed to my containers that want copies locally (like OpenVPNAS)
As I've mentioned on and off, I've recently migrated off my old HP N54L to an HP Gen8 Microserver - and upgraded to OpenMediaVault 5 (having used 3 & 4) at the same time.
I wanted to leverage Docker a hell of a lot more - and when I found OMV5 came with Portainer, I went down a rabbit hole and pulled together this guide, as some of the other ones I found were missing some bits of useful info (Traefik config etc) or didn't pull it all together.
It's not a short post, but I hope it's of use to some!
I'm migrating my V1 Google Site to V2, so articles will start coming across there shortly
Presume it gets updates and we can switch back?
Can you hold the kernel and still run apt-get to get new ones and then unhold to test?
I suspect this is just a bug in 5.6.