Posts by AbrahamLincoln

Thanks! That was enough of a clue for me to sniff it out! Somehow the nginx and proxy-host folders had root permissions. Fixed it and it seems to be humming along.

Thanks for having a look!

➜  data> cd logs
➜  logs> la
total 16K
-rw-r--r-- 1 OMVUser users 1.1K Jan  8 10:01 fallback_access.log
-rw-r--r-- 1 OMVUser users  476 Jan  8 09:56 fallback_error.log
drwxr-sr-x 2 root    root  4.0K Jan  8 10:20 nginx/
drwxr-sr-x 2 root    root  4.0K Jan  8 10:20 proxy-host/
➜  logs> chown OMVUser:users nginx
➜  logs> chown OMVUser:users proxy-host

Ah, I had added those because I was having the problems I was having and found something online...

So I ran it without and still can't keep the container running.

Here's the log:

fail2ban  | 2025-01-09 16:27:32,337 fail2ban.jailreader     [1]: NOTICE  No file(s) found for glob /var/log/proxy-host*.log
fail2ban  | 2025-01-09 16:27:32,337 fail2ban                [1]: ERROR   Failed during configuration: Have not found any log file for npm-docker jail
fail2ban  | 2025-01-09 16:27:32,337 fail2ban                [1]: ERROR   Async configuration of server failed
fail2ban  | Traceback (most recent call last):
fail2ban  |   File "/usr/lib/python3.12/site-packages/fail2ban/client/fail2banserver.py", line 193, in start
fail2ban  |     cli.configureServer(phase=phase)
fail2ban  |   File "/usr/lib/python3.12/site-packages/fail2ban/client/fail2banclient.py", line 243, in configureServer
fail2ban  |     raise ServerExecutionException('Async configuration of server failed')
fail2ban  | fail2ban.client.fail2bancmdline.ServerExecutionException: Async configuration of server failed

And here's the cleaned up compose file:

services:


fail2ban:
image: crazymax/fail2ban:latest
container_name: fail2ban
cap_add:
- NET_ADMIN
- NET_RAW
network_mode: host
#labels:
#  - com.centurylinklabs.watchtower.enable=false  #exclude from watchtower auto-update
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
- F2B_LOG_TARGET=STDOUT
- F2B_LOG_LEVEL=INFO
- F2B_DB_PURGE_AGE=180d
#   These lines can be used for email notifications if required
#      - SSMTP_HOST=smtp.example.com
#      - SSMTP_PORT=587
#      - SSMTP_HOSTNAME=example.com
#      - SSMTP_USER=smtp@example.com
#      - SSMTP_PASSWORD=
#      - SSMTP_TLS=YES
volumes:
- ${DATA}/appdata/fail2ban:/data
- ${DATA}/appdata/jc21-npm/data/logs:/var/log:ro  # This line allows fail2ban access to read the NPM logs
#- /var/log/auth.log:/var/log/auth.log:ro  #example entry for allowing access to any other system logs, adjust as required.
restart: unless-stopped

This is helpful, thanks.

I did a bit more poking around, but still no luck.

If you don't mind, here's the NPM compose file. I'm using the same global variables I use for all my containers:

services:


jc21-npm:
container_name: jc21-npm
image: jc21/nginx-proxy-manager:latest
environment:
- DISABLE_IPV6=true
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
#labels:
#  - com.centurylinklabs.watchtower.enable=false  #exclude from watchtower auto-update if required
ports:
- 443:443/tcp
- 80:80/tcp
- 8181:81/tcp
restart: unless-stopped
volumes:   #edit these paths to match your system
- ${DATA}/appdata/jc21-npm/letsencrypt:/etc/letsencrypt
- ${DATA}/appdata/jc21-npm/data:/data
healthcheck:
test: ["CMD", "/bin/check-health"]
interval: 10s
timeout: 3s


#  This section creates a custom docker bridge network called web.
#  The driver line makes sure it is a bridge that can be used by other containers
networks:
default:
name: web
driver: bridge

And this is the fail2ban container:

services:


fail2ban:
image: crazymax/fail2ban:latest
container_name: fail2ban
cap_add:
- NET_ADMIN
- NET_RAW
network_mode: host
#labels:
#  - com.centurylinklabs.watchtower.enable=false  #exclude from watchtower auto-update
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
- F2B_LOG_TARGET=STDOUT
- F2B_LOG_LEVEL=INFO
- F2B_DB_PURGE_AGE=180d
#   These lines can be used for email notifications if required
#      - SSMTP_HOST=smtp.example.com
#      - SSMTP_PORT=587
#      - SSMTP_HOSTNAME=example.com
#      - SSMTP_USER=smtp@example.com
#      - SSMTP_PASSWORD=
#      - SSMTP_TLS=YES
volumes:
- ${DATA}/appdata/fail2ban:/data
- ${DATA}/appdata/jc21-npm/data/logs:/var/log:ro  # This line allows fail2ban access to read the NPM logs
#- /var/log/auth.log:/var/log/auth.log:ro  #example entry for allowing access to any other system logs, adjust as required.
- ${DATA}/appdata/jc21-npm/data/logs/proxy-host:/var/log/proxy-host:ro # added
- ${DATA}/appdata/jc21-npm/data/logs/nginx:/var/log/nginx:ro # added
restart: unless-stopped

and global environment file, just in case:

PUID=1000
PGID=100
TZ=America/New_York
DATA=/srv/dev-disk-by-uuid-a0ce297e-9f49-4168-8f3c-454009c46288

I've followed the NGINX Proxy Manager with fail2ban guide (thanks BernH!) but fail2ban repeatedly goes down.

The problem seems to happen in Step 4 with setting up the logpaths.

I added code from step 4 to the npm-docker.local file in the jail.d directory.

When I ran the fail2ban docker, it would go down. Here's the log:

fail2ban  | 2025-01-08 14:34:01,482 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/action.d/iptables-nft.local']
fail2ban  | 2025-01-08 14:34:01,482 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/action.d/iptables-nft.local']
fail2ban  | 2025-01-08 14:34:01,483 fail2ban.jailreader     [1]: NOTICE  No file(s) found for glob /var/log/default-host*.log
fail2ban  | 2025-01-08 14:34:01,483 fail2ban.jailreader     [1]: NOTICE  No file(s) found for glob /var/log/proxy-host*.log
fail2ban  | 2025-01-08 14:34:01,483 fail2ban                [1]: ERROR   Failed during configuration: Have not found any log file for npm-docker jail
fail2ban  | 2025-01-08 14:34:01,483 fail2ban                [1]: ERROR   Async configuration of server failed
fail2ban  | Traceback (most recent call last):
fail2ban  |   File "/usr/lib/python3.12/site-packages/fail2ban/client/fail2banserver.py", line 193, in start
fail2ban  |     cli.configureServer(phase=phase)
fail2ban  |   File "/usr/lib/python3.12/site-packages/fail2ban/client/fail2banclient.py", line 243, in configureServer
fail2ban  |     raise ServerExecutionException('Async configuration of server failed')
fail2ban  | fail2ban.client.fail2bancmdline.ServerExecutionException: Async configuration of server failed

I commented out the logpath and it runs:

logpath = /var/log/default-host_*.log

/var/log/proxy-host-*.log

I'm at the boundary of my knowledge here. Maybe these log paths are different depending on your configuration, but I didn't see anything in the guide about that. I've tried some troubleshooting but didn't have any luck.

Any ideas? (thanks in advance)

Quote from chente

That is telling you that it will depend on each case. Specifically, if your ISP is behind CGNAT you will have no choice but to send ALL your data through their servers.

You can close your eyes if you want, but from the moment you depend on a third party you depend on their security and speed. If you use Tailscale you depend on Tailscale and Wireguard. If you use Wireguard you only depend on Wireguard. It is quite simple to understand.

Thanks, this is exactly the kind of thing I was looking for when I said "Is that a fair summary? Am I miscalculating the risk somehow?" above.

What I'm gathering is that for you, encrypted data on a machine you don't own, isn't worth it. For me, I trust encryption so I don't have to trust the machines that encrypted data travels through. Which means for me, it's worth it. Sounds like we're different in that way.

Quote from chente

That is not right. Traffic passes through Tailscale servers.

I said "data" deliberately. Yes, your public keys and metadata go through tailscale servers, but your data does not. And then there are other advantages (magicDNS, setting up other machines, ease of use for friends who are less technical, etc) that again, for me, today, tip the scales.

But if you don't agree, don't want to read their docs, or won't believe them if you do: 👍

For anyone else reading this thread, the metadata tailscale has access to is:

Quote

limited metadata regarding your device used to access the Tailscale Solution, such as: the device name; relevant operating system type; host name; IP address; cryptographic public key; user agent (where applicable); language settings; date and time of access to the Tailscale Solution; logs describing connections and containing statistics about data sent to an from other devices (“Inter-Node Traffic Logs”); and version of Tailscale Solution installed. This information is needed to provide the Tailscale Solution to you. However, please note that Tailscale does not process, or have the ability to access, the content of User traffic data transmitted through the Tailscale Solution, which is fully end-to-end encrypted.

Quote from chente

But if there is no Tailscale there is no documentation to read.

Well, there would be wireguard documentation to read.

Quote from chente

What does that mean? If you do not need to go through a third-party server, I would not do it in any case.

For me, the simplicity of setting up tailscale on multiple machines with different operating systems vs. using tailscale's service instead of 100% my own is a risk I'm willing to take.

From reading their docs, the data itself actually doesn't go through their servers and everything is encrypted.

via their site:

Quote

Tailscale sees your metadata, not your data

Tailscale does not (and cannot) inspect your traffic. Privacy is a fundamental human right, and we designed Tailscale accordingly. We don’t want your data.

Your data is end-to-end encrypted and transmitted point-to-point. Your devices’ private encryption keys never leave their respective nodes, and our coordination server only collects and exchanges public keys. DERP relay servers do not log your data — you can confirm this yourself as the code is open-source. Even when your connection uses a DERP relay server, the only data Tailscale could see and capture is encrypted.

We never see information about your public Internet traffic. If you use an exit node, they’re your exit nodes, not ours, so we still can’t see your public Internet traffic. If you use MagicDNS or Split DNS, your public DNS queries may end up passing through your device’s local Tailscale DNS proxy, but they are not logged. Again, you can verify this yourself because the code is open-source.

We do receive metadata about which of your private nodes connect to which other private nodes, including public IP addresses. This is required to provide the service, as the purpose of Tailscale’s coordination server is to help your nodes find each other.

Display More

If what you're saying is running your stuff 100% pure through everything you own is always better – I get the spirit of that as a principle and if that works for you, great! I admire it. But I'm, personally, willing to take some calculated risks and this seems like a pretty safe bet. Is that a fair summary? Am I miscalculating the risk somehow?

I got paperless-ngx running in docker. If it's helpful, here's the docker file I used:

services:
  broker:
    image: docker.io/library/redis:7
    restart: unless-stopped
    volumes:
      - ${DATA}/appdata/paperless-redis-data:/data

  db:
    image: docker.io/library/mariadb:10
    restart: unless-stopped
    volumes:
      - ${DATA}/appdata/paperless-mariadb:/var/lib/mysql
    environment:
      MARIADB_HOST: paperless
      MARIADB_DATABASE: paperless
      MARIADB_USER: paperless
      MARIADB_PASSWORD: paperless
      MARIADB_ROOT_PASSWORD: paperless

  webserver:
    image: ghcr.io/paperless-ngx/paperless-ngx:latest
    restart: unless-stopped
    depends_on:
      - db
      - broker
      - gotenberg
      - tika
    ports:
      - "8010:8000"
    volumes:
      - ${DATA}/paperless/paperless-data:/usr/src/paperless/data
      - ${DATA}/paperless/paperless-media:/usr/src/paperless/media
      - ${DATA}/sync/paperless-export:/usr/src/paperless/export
      - ${DATA}/sync/paperless-consume:/usr/src/paperless/consume
#    env_file: docker-compose.env
    environment:
      PAPERLESS_REDIS: redis://broker:6379
      PAPERLESS_DBENGINE: mariadb
      PAPERLESS_DBHOST: db
      PAPERLESS_DBUSER: paperless # only needed if non-default username
      PAPERLESS_DBPASS: paperless # only needed if non-default password
      PAPERLESS_DBPORT: 3306
      PAPERLESS_TIKA_ENABLED: 1
      PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
      PAPERLESS_TIKA_ENDPOINT: http://tika:9998

  gotenberg:
    image: docker.io/gotenberg/gotenberg:7.10
    restart: unless-stopped
    # The gotenberg chromium route is used to convert .eml files. We do not
    # want to allow external content like tracking pixels or even javascript.
    command:
      - "gotenberg"
      - "--chromium-disable-javascript=true"
      - "--chromium-allow-list=file:///tmp/.*"

  tika:
    image: ghcr.io/paperless-ngx/tika:latest
    restart: unless-stopped

volumes:
  data:
  media:
  dbdata:
  redisdata:

And the environment file

# The UID and GID of the user used to run paperless in the container. Set this
# to your UID and GID on the host so that you have write access to the
# consumption directory.
USERMAP_UID=${PUID}
USERMAP_GID=${PGID}

# Additional languages to install for text recognition, separated by a
# whitespace. Note that this is
# different from PAPERLESS_OCR_LANGUAGE (default=eng), which defines the
# language used for OCR.
# The container installs English, German, Italian, Spanish and French by
# default.
# See https://packages.debian.org/search?keywords=tesseract-ocr-&searchon=names&suite=buster
# for available languages.
#PAPERLESS_OCR_LANGUAGES=tur ces

###############################################################################
# Paperless-specific settings                                                 #
###############################################################################

# All settings defined in the paperless.conf.example can be used here. The
# Docker setup does not use the configuration file.
# A few commonly adjusted settings are provided below.

# This is required if you will be exposing Paperless-ngx on a public domain
# (if doing so please consider security measures such as reverse proxy)
#PAPERLESS_URL=https://paperless.example.com

# Adjust this key if you plan to make paperless available publicly. It should
# be a very long sequence of random characters. You don't need to remember it.
#PAPERLESS_SECRET_KEY=change-me

# Use this variable to set a timezone for the Paperless Docker containers. If not specified, defaults to UTC.
PAPERLESS_TIME_ZONE=America/New_York

# The default language to use for OCR. Set this to the language most of your
# documents are written in.
PAPERLESS_OCR_LANGUAGE=eng

# Set if accessing paperless via a domain subpath e.g. https://domain.com/PATHPREFIX and using a reverse-proxy like traefik or nginx
#PAPERLESS_FORCE_SCRIPT_NAME=/PATHPREFIX
#PAPERLESS_STATIC_URL=/PATHPREFIX/static/ # trailing slash required

Please correct me if I'm wrong, but I saw that tailscale's connections are end-to-end encrypted over wireguard. So yes, they go through tailscale's servers but the trade off seems minimal.

I didn't use docker to install tailscale, I did it through the commandline. Instructions are here:

https://tailscale.com/download/linux/debian-bookworm

I'm trying to get Quick Sync Video working by following this guide:

How to activate Intel Quick Sync in docker (Jellyfin, Handbrake,...)

When I run

vainfo

I see these errors:

➜  ~ vainfo
error: XDG_RUNTIME_DIR not set in the environment.
error: can't connect to X server!
libva info: VA-API version 1.10.0
libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so
libva info: Found init function __vaDriverInit_1_10
libva error: /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so init failed
libva info: va_openDriver() returns 1
libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/i965_drv_video.so
libva info: va_openDriver() returns -1
vaInitialize failed with error code -1 (unknown libva error),exit

I'm using a Intel® Pentium® Processor N3700 that supports QSV.

I added the lines into my docker file for plex:

devices:

- /dev/dri/renderD128:/dev/dri/renderD128

- /dev/dri/card0:/dev/dri/card0

When I force a transcode it seems to be working. I see the (hw) note in Plex and when I run intel-gpu-top I'm seeing activity.

But I do see those errors. Should I be concerned??

I was in a similar spot and wanted to access the OMV webGUI running under the Let's Encrypt certificate. However, I couldn't find a solution and ended up getting this working more quickly and easily another way. I consider it good enough.

I generated my own, self-signed certificate, within OMV under System > Certificates > SSL.

I selected that certificate under System > General Settings > Web Administration under Secure connection. Enabled SSL/TLS. Then selected a port - not 443, since that was used by the LetsEncrypt certificate.

You'll get warnings in your browser since it's self-signed, but it works and it's encrypted.

If someone more clever than me has a way to set something up with the nginx proxy-conf stuff, that'd be great to see...

Ah, look at that - I will put that Docker trick into use!

And to clarify the rest, just to make sure I understand...

Reading some of your posts it sounds like you don't recommend any adjustments to the Physical Disk Properties in OMV under Disks > Edit at all. Including the spindown time and write cache. They don't really work.

I did a quick test and disabling the Advanced Power Management and Automatic Acoustic Management in Physical Disk Properties and that was enough for the drive to remount again automatically on reboot – so success there – but I like the idea of spindown and write cache, if they work.

And you recommend updating SATA firmware using the method here:
https://wiki.odroid.com/odroid-xu4/software/jms578_fw_update

And then managing spin down via the commandline as in Example 4 on that page. Just bypass the web gui entirely.

And you underclocked using this as a guide:
https://wiki.odroid.com/odroid…requtils_cpufreq_govornor

I'd read about the CPU gov but dismissed it as kinda unnecessary for me. But now I'm wondering.

All that said, I wonder if spindown and underclocking would even be a factor for me. I've got a 8TB drive that I'll be using as Plex server with Transmission seeding much of what's downloaded, and running Syncthing on a a few gigs of files shared with a handful of people as a dropbox replacement. (By the way, I was using a Banana Pro for all this for a few years and have already been stunned at the improvement.) I also have a pi-hole on an old RPi I may consolidate onto the HC2 as well, figuring it can probably handle it. I suppose the disk may spin down now and again, but wonder if it's worth bothering. ...and now also wondering if the passive cooling is enough or should I get a small, quiet fan?

Anyway, let me know what you think. I appreciate your sharing your experience having already head down this path.

Thanks for taking the time. I will give that a shot and report back.

In the meantime, could you tell me more about this?

Quote from Adoby

Also, you may want to create a shared folder on the HDD for Docker images. Step 13. Base path for docker instead of /var/lib/docker on the SD card. Also a share for the docker configs.

Following TechnoDadLife's videos, in sharedfolders on the HDD I've created an "appdata" folder and set all the /config directories in my docker containers to that appdata folder, creating a subdirectory for sonarr, transmission, etc. as I go.

But it sounds like you're describing that and something else? Can you lead me to some more into on how to set that /var/lib/docker path to the HDD?

Thanks so much!

Short version: After creating a ext4 filesystem on an 8TB drive, I reboot, am notified there are errors, and then the drive does not mount automatically.

I've been working on setting up the HC2, done this set up a couple times and kept notes to verify I could reproduce it and I didn't miss something. Here's my whole process from the start, just in case it's relevant.

• Download and Install on SD Card with Etcher
  
  
  • OMV_4_Odroid_XU4_HC1_HC2.img.xz
• Attach drive and SD card, start it up.
• Wait 30+ minutes
• Login to web gui
• General Settings > Change web admin password
• Set Date and Time
• Specify ethernet on network - probably not necessary, but helpful for monitoring
• Monitoring - turn on
• Update Management - ran update. Saw errors in dialog while upgrading. "Bad Gateway"
  
  
  • To check on this I SSH'd in as root. Ran apt-get -f install - saw 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. and decided to move on.
• Reboot
• Check for updates again. Nothing to be updated.
• OMV-Extras - enabled Docker CE
• Installed Docker-gui via commandline (because the past few times I did it the "right" way caused this error "Failed to execute XPath query '/config/services/docker'" and I (right or wrong) learned from this thread just to install via the commandline with apt-get install openmediavault-docker-gui
• Reboot. (Maybe superstitiously)
• Disks > Edit
  
  
  • Set spindown, noise vs. performance level, etc
• File Systems > Create
  
  
  • set up as ext4 with the name "eighttb"
• Mount the filesystem via the gui - everything looks good. The Device is /dev/sda1 the label is eighttb
• Restart - the gui has a popup with "an error occurred" and only an "ok" button - doesn't let me see the error.
• Upon reboot, the filesystem is not mounted.

Looking in OMV under FileSystems, two filesystems appear related to the drive:

/dev/disk/by-label/eighttb
and
/dev/sda1

See here:

IIRC, the "/by-label/" thing is like a shortcut in the fstab? But for some reason I had the following problem in previous attempts to get this done. When I set up share folders, upon reboot the ../by-label/... mount was referenced but missing, while the sda1 listing was not referenced and unmounted.

I tried a few things on previous attempts to fix like

omv-mkconf fstab 
omv-mkconf systemd 
mount -a 

And adding mount -a  to a scheduled job (see more on that below) but wasn't able to solve it. Perhaps I missed something.

I dug through the syslog briefly and pulled a couple excerpts that may be helpful (total guesswork here, so apologies if it's useless):

Mar 17 11:04:14 odroidxu4 systemd[1]: apt-daily.timer: Adding 29min 31.747306s random time.
Mar 17 11:04:15 odroidxu4 kernel: [  229.851883] sd 0:0:0:0: [sda] tag#0 UNKNOWN(0x2003) Result: hostbyte=0x00 driverbyte=0x08
Mar 17 11:04:15 odroidxu4 kernel: [  229.851908] sd 0:0:0:0: [sda] tag#0 Sense Key : 0x2 [current] 
Mar 17 11:04:15 odroidxu4 kernel: [  229.851928] sd 0:0:0:0: [sda] tag#0 ASC=0x4 ASCQ=0x1 
Mar 17 11:04:15 odroidxu4 kernel: [  229.851939] sd 0:0:0:0: [sda] tag#0 CDB: opcode=0x88 88 00 00 00 00 03 a3 81 2a 00 00 00 00 08 00 00
Mar 17 11:04:15 odroidxu4 kernel: [  229.851948] print_req_error: I/O error, dev sda, sector 15628052992
Mar 17 11:04:15 odroidxu4 systemd-udevd[375]: worker [474] terminated by signal 9 (Killed)
Mar 17 11:04:15 odroidxu4 systemd-udevd[375]: worker [474] failed while handling '/devices/platform/soc/soc:usb3-0/12000000.dwc3/xhci-hcd.3.auto/usb4/4-1/4-1:1.0/host0/target0:0:0/0:0:0:0/block/sda/sda1'

Mar 17 11:04:16 odroidxu4 systemd[1]: Started Beep after system start.
Mar 17 11:04:42 odroidxu4 monit[1826]: 'mountpoint_srv_dev-disk-by-label-eighttb' status failed (1) -- /srv/dev-disk-by-label-eighttb is not a mountpoint
Mar 17 11:05:00 odroidxu4 CRON[2251]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Mar 17 11:05:13 odroidxu4 monit[1826]: 'mountpoint_srv_dev-disk-by-label-eighttb' status failed (1) -- /srv/dev-disk-by-label-eighttb is not a mountpoint
Mar 17 11:05:41 odroidxu4 systemd[1]: dev-disk-by\x2dlabel-eighttb.device: Job dev-disk-by\x2dlabel-eighttb.device/start timed out.
Mar 17 11:05:41 odroidxu4 systemd[1]: Timed out waiting for device dev-disk-by\x2dlabel-eighttb.device.
Mar 17 11:05:41 odroidxu4 systemd[1]: Dependency failed for File System Check on /dev/disk/by-label/eighttb.
Mar 17 11:05:41 odroidxu4 systemd[1]: Dependency failed for /srv/dev-disk-by-label-eighttb.
Mar 17 11:05:41 odroidxu4 systemd[1]: srv-dev\x2ddisk\x2dby\x2dlabel\x2deighttb.mount: Job srv-dev\x2ddisk\x2dby\x2dlabel\x2deighttb.mount/start failed with result 'dependency'.
Mar 17 11:05:41 odroidxu4 systemd[1]: Startup finished in 8.641s (kernel) + 5min 6.645s (userspace) = 5min 15.287s.
Mar 17 11:05:41 odroidxu4 systemd[1]: systemd-fsck@dev-disk-by\x2dlabel-eighttb.service: Job systemd-fsck@dev-disk-by\x2dlabel-eighttb.service/start failed with result 'dependency'.
Mar 17 11:05:41 odroidxu4 systemd[1]: dev-disk-by\x2dlabel-eighttb.device: Job dev-disk-by\x2dlabel-eighttb.device/start failed with result 'timeout'.
Mar 17 11:05:43 odroidxu4 monit[1826]: 'mountpoint_srv_dev-disk-by-label-eighttb' status failed (1) -- /srv/dev-disk-by-label-eighttb is not a mountpoint
Mar 17 11:06:13 odroidxu4 monit[1826]: 'mountpoint_srv_dev-disk-by-label-eighttb' status failed (1) -- /srv/dev-disk-by-label-eighttb is not a mountpoint
Mar 17 11:06:43 odroidxu4 monit[1826]: 'mountpoint_srv_dev-disk-by-label-eighttb' status failed (1) -- /srv/dev-disk-by-label-eighttb is not a mountpoint
Mar 17 11:07:14 odroidxu4 monit[1826]: 'mountpoint_srv_dev-disk-by-label-eighttb' status failed (1) -- /srv/dev-disk-by-label-eighttb is not a mountpoint
Mar 17 11:07:44 odroidxu4 monit[1826]: 'mountpoint_srv_dev-disk-by-label-eighttb' status failed (1) -- /srv/dev-disk-by-label-eighttb is not a mountpoint
Mar 17 11:08:14 odroidxu4 monit[1826]: 'mountpoint_srv_dev-disk-by-label-eighttb' status failed (1) -- /srv/dev-disk-by-label-eighttb is not a mountpoint
Mar 17 11:08:44 odroidxu4 monit[1826]: 'mountpoint_srv_dev-disk-by-label-eighttb' status failed (1) -- /srv/dev-disk-by-label-eighttb is not a mountpoint

Sooooooo...

I've been very close to having the whole NAS set up with 5 docker containers running and configured, then hit this snag. I've learned a lot tracking it down, but... ready to fix it and move on.

I tried what was suggested in this thread, which creating a scheduled job of mount -a on reboot. This did mount the drive, but after my docker containers started, which meant they didn't work. So that solution didn't work for me.

Insights and kind instructions are appreciated!