Posts by dildano

    I've been using Hotmail/Outlook for my e-mail notifications in OMV for years, and they recently stopped working on my NAS. I'm fairly certain that it's because Microsoft has disabled basic authentication which means that even "app passwords" no longer work (yes, I tried a new app password). The log entry looks like this:


    postfix/smtp[571250]: 270E81C40798: to=<intentionallyremoved@hotmail.com>, orig_to=<root>, relay=smtp-mail.outlook.com[40.97.212.6]:587, delay=243829, delays=243818/0.1/11/0, dsn=4.7.139, status=deferred (SASL authentication failed; server smtp-mail.outlook.com[40.97.212.6] said: 535 5.7.139 Authentication unsuccessful, basic authentication is disabled.


    I believe that Google has also disabled basic authentication for Gmail accounts. Is there any way to get the OMV notifications to work with OAuth? Is there some other solution other than using an e-mail provider with weak security?


    Thanks.

    if xrdp is running on the guest, you should be connecting to the guest's IP address UNLESS you are using NAT.

    OK, I understood it correctly, and there's just something on my LAN preventing access. I'm clearly not a networking expert. :) Time to try out a bridge. Thanks for the help.

    When you use spice, you only need to connect to the host. The spice service is connecting directly to the spice component of the VM without involving networking.

    Just to be clear, for xrdp, I should be connecting to the IP of the host, correct? So let's say the host is 192.168.1.10 and the VM is 192.168.122.100. I'm connecting to 192.168.1.10:3389, right? Neither one works for me. Obviously, the host is accessible on my LAN because it's my NAS, and my Windows PC is on the same subnet (192.168.1.9). I feel like I'm just missing something really obvious.

    You really should convert to a bridge. There are instructions on how to do that in the kvm guide.

    Thanks. I'll try this. I don't think the KVM guide existed when I set all this up initially. Took me forever to figure it out. Spice works fine, but I just can't get xrdp working.

    Can you telnet from another machine to port 3389?

    No, I get "connect failed" when I try to telnet to 3389 on my host. And other than your bridge interface, I don't see any significant differences in our configs. I don't have any firewall rules on my host, so I don't know what would be blocking 3389.


    Edit: Definitely something weird going on. I can't ping my Windows PC from the Debian VM either. It's like NAT isn't working at all.

    Yep. I have an Ubuntu 22.04 VM that I use xrdp on every day. I also have a Windows 10 Pro VM that I use every once in a while. I'm using a bridge on them but pretty sure I used to use NAT and was able to connect from a machine other than the host.

    Did you have to do anything special on the host or in the KVM setup for the VM? This is driving me crazy.

    kvm does not care what you install on the VM. I run xrdp on many VMs.

    Ryecoaaron, are you running xrdp on VMs using KVM? I've never been able to get it to work. I just loaded a fresh Debian 11 VM using the default network (NAT). The xrdp service is running on the default port (3389), and there's no firewall (ufw) loaded on the VM. When I try to connect from a Windows machine (to the host IP), it fails. Is there some configuration change I need to make to allow traffic through to the VM?


    Thanks.

    I ran into the same issue when trying to set up a mergerfs pool of eight disks. I got the "file name too long" error. After digging into the mergerfs documentation a bit, I decided to try "globbing". Try this as the path in the plugin:


    Code
    /srv/dev-disk-by-uuid-*


    It's working for me, and created the mount point under /srv/mergerfs/<name of pool>. Of course, this may not work for you if you have disks that you don't want to include in the pool since it uses a wildcard. I can only guess that there is an issue with the plugin with a character limitation or something since this worked fine in OMV5.

    I got it to work with the --no-auth command. Here's my Docker compose section:

    This is nice because I can use http auth via my LetsEncrypt container, and I don't get hit with another authentication prompt.

    Well, the new Portainer container is working fine, but the --no-auth command did not work at all. At least I can control the config now, and I'll do some more research. Thanks for the help.

    That's a really good suggestion. I don't know why I didn't think of something so obvious. I'll remove the Portainer container via OMV-Extras, and add a new one to my Docker compose file. Trying it out now...

    Does anyone know if there's a way to modify the configuration of the Portainer container that is installed with Docker under OMV-Extras? I've tried Duplicate/Edit from within Portainer, but the container doesn't start back up, and the changes don't stick. I'm trying to add the "--no-auth" command to the configuration to disable authentication because I intend to use http auth instead.


    Thanks.

    Hey guys, I almost have my OMV5 setup where I want it. I'm using the linuxserver.io LetsEncrypt container to serve as a secure reverse proxy for my other containers so that I can access them via my own domain name over the internet using SSL. Now I'd like to access the OMV GUI the same way, but I can't figure out how to set up the nginx proxy in the LetsEncrypt container. If I go to http://insertdomainhere.com/omv, I can see that I'm in nginx in the LetsEncrypt container (HTTP 404 error), but I'm not getting through to the GUI. My openmediavault.subfolder.conf looks like this (IP obscured):

    I don't get any errors in the nginx error log, but I get all of this in the access log (IP and domain obscured):

    A couple of questions:

    1. Have I made this too complicated? Is there an easier way to do this?
    2. If not, does anyone know how to configure the proxy conf file properly for the OMV GUI?

    Thanks!

    Special thanks to Jonatron and gaelic for their work in this thread. I think I finally have this working. I completely gave up on using a proxy, although I'd like to revisit that. Here's how I built my OpenVPN container:



    Rather than store the VPN server info and my account and password in the container config, I stored that info in an ovpn file and auth file for the container to reference. Here's how I built my Transmission container:

    Code
    docker run -d --name=transmission \
        --restart=unless-stopped \
        --net=container:openvpn \
        -v /etc/localtime:/etc/localtime:ro \
        -v /sharedfolders/config/transmission:/config \
        -v /sharedfolders/download:/downloads \
        -v /sharedfolders/watch:/watch \
        -e PGID=100 \
        -e PUID=1000 \
        linuxserver/transmission


    And here's how I built my SABNZBD container:

    PUID 100 is a user that I created called "container" for all of my containers so that I don't have to run them as root. I'm not sure that's an option that I can pass to the OpenVPN container. Also, I was able to avoid using a proxy by using the ROUTE option on the OpenVPN container (thanks to Jonatron for that tip). Really, I just wanted to share this for others who are looking for the complete picture. I'm also hoping that folks who know a lot more than me can help me with a few things:

    • Please critique my design! Help me make it better and more secure.
    • If I wanted to use a proxy, e.g., nginx, how do I get around the fact that OMV is already using port 80?
    • How can I ensure that the OpenVPN container always starts before the other two? I've seen comments about Docker Compose, but don't know anything about it.
    • How can I specify a user and group for the OpenVPN container?
    • If I use Watchtower to keep these containers up to date, won't it break the Transmission and SABNZBD containers every time the OpenVPN container is updated?

    Thanks!

    Slightly modified commands:



    Code
    docker run -d -it --name vpn --cap-add=NET_ADMIN --device /dev/net/tun -v /etc/openvpn/client:/vpn dperson/openvpn-client -f ""
    docker run -d --name=deluge --net=container:vpn -v /sharedfolders/download/deluge/complete:/downloads -v /sharedfolders/download/deluge/config:/config linuxserver/deluge
    docker run -d -it --name web -p 8112:8112 -e SSI=y --link vpn:deluge dperson/nginx -w "http://deluge:8112/;/deluge/"

    The vpn container gets a valid IP from my vpn provider. From within the web container, I can ping "deluge" (returning the IP of the deluge container), and I can curl http://deluge:8112 (returning HTML from the deluge GUI page). But I just can't access the deluge GUI from my PC on my LAN at all.

    Here's my goal: Run sabnzbd and deluge containers through an openvpn container. I know that there are some "bundled" images out there for things like deluge+openvpn, but I'd prefer not to have separate vpn connections for each container since the number of connections are limited by my vpn provider.


    This works to create the openvpn container:

    Code
    docker run -it --cap-add=NET_ADMIN --device /dev/net/tun --name vpn -v /etc/openvpn/client:/vpn -d dperson/openvpn-client -f ""


    This appears to work to create the deluge container:

    Code
    docker run -d --name=deluge --net=container:vpn -e PUID=1000 -e PGID=1000 -v /root/deluge/downloads:/downloads -v /root/deluge/config:/config linuxserver/deluge


    And this is where I'm probably getting hung up:

    Code
    docker run -it --name web -p 8112:8112 -e SSI=y --link vpn:deluge -d dperson/nginx -w "http://deluge:8112/;/deluge/"

    Most of the examples I've seen indicate that I should use -p 80:80, but I can't do that because OMV is already using port 80. So I just figured that I would use port 8112 instead, and hit the page with http://<OMV IP>:8112, but I get nothing at all.


    Any ideas? I've already spent around 12 hours trying to get this working.


    Thanks!

    Thank you for the review. I did decide to make it a little more generic, and it's still working well.


    SUBSYSTEMS=="usb", ATTRS{manufacturer}=="Seagate", ATTRS{product}=="FreeAgent GoFlex", SYMLINK+="usbhdd"


    Problem solved! Woohoo! :D