FN11.3 iocage jails - Plex, Tautulli, Sonarr, Radarr, Lidarr, Jackett, Transmission, Organizr

[johnnyP]

Does anyone else have an issue with Plex and getting an indirect connection when using https://app.plex.tv to access the iocage jail instance? I previously had this issue with the old warden jail instance but resolved it by adding a custom option in pfSense for the DNS Resolver (unbound) service: server: private-domain: "plex.direct" to exclude it from DNS rebinding protection. That setting should still work for the new iocage jail but for the life of me I cannot seem to get it working. If I go to the IP directly its secure, using a direct connection and works just like it should. Accessing remotely works as well so the NAT'ing is set correctly. Its just internally using https://app.plex.tv that's having the problem. As another test I created a new fresh install of Plex in a warden jail and added a new port forward rule in pfSense and it works just fine internally and externally. It seems like there might be some difference in the way the iocage jail is set up maybe in the way VNET is being used (though I tried Shared IP and it still wasn't working either). I noticed that one difference is nd6 options though I cannot find a lot of information on exactly what that is. Its set to nd6 options=1 on the new instance and nd6 options=9 on the old one. Any thoughts on what I can look at? Thanks!

iocage jail:

Code:

ifconfig:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
		options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
		inet6 ::1 prefixlen 128
		inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
		inet 127.0.0.1 netmask 0xff000000
		nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
		groups: lo
vnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
		options=8<VLAN_MTU>
		ether 02:ff:60:14:fa:0a
		hwaddr 02:95:e0:00:0f:0b
		inet 172.25.1.51 netmask 0xffffff00 broadcast 172.25.1.255
		nd6 options=1<PERFORMNUD>
		media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
		status: active
		groups: epair

rc.conf:
sshd_enable="YES"
ifconfig_vnet0="DHCP"
host_hostname="plex"
cron_flags="$cron_flags -J 15"

# Disable Sendmail by default
sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

# Run secure syslog
syslogd_flags="-c -ss"

# Enable IPv6
ipv6_activate_all_interfaces="YES"
plexmediaserver_plexpass_enable="YES"
plexmediaserver_plexpass_support_path="/config"

warden jail:

Code:

ifconfig:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
		options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
		inet6 ::1 prefixlen 128
		inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
		inet 127.0.0.1 netmask 0xff000000
		nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair9b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
		options=8<VLAN_MTU>
		ether 02:9a:72:00:0c:0b
		inet 172.25.1.19 netmask 0xffffff00 broadcast 172.25.1.255
		nd6 options=9<PERFORMNUD,IFDISABLED>
		media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
		status: active

rc.conf:
portmap_enable="NO"
sshd_enable="YES"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
hostname="plexmediaserver_1"
devfs_enable="YES"
devfs_system_ruleset="devfsrules_common"
inet6_enable="YES"
ip6addrctl_enable="YES"
plexmediaserver_support_path="/var/db/plexdata"
plexmediaserver_enable="YES"

I thought I was the only one having this problem. I thought it was a PFSense issue but I finally figured it out. Turn of vnet and give it a static IP. Not at all optimal. Any ideas on what the issue is?

Thanks!

 

[johnnyP]

I thought I was the only one having this problem. I thought it was a PFSense issue but I finally figured it out. Turn of vnet and give it a static IP. Not at all optimal. Any ideas on what the issue is?

Thanks!

Sorry to be complete -- it is in a warden jail and I put the custom option in PFSense to prevent it being considered a rebinding attack.

 

[NasKar]

Got Sonarr working. Couldn't get the permissions to work with the default setup. No matter how many times I read the how to permissions in a jail by @Joshua Parker Ruehlig I couldn't get option 3 to work. Tried
iocage exec sonarr pw groupadd -n media -g 8675309
iocage exec sonarr pw groupmod media -m media

Would fail to process the downloaded episode because it didn't have permission to write to my /media/video/tvshows/ directory. So I took the easy way out and made sonarr's user media to match my storage directory. Below are the adjustments I made for my system, I hope it helps someone like me that is struggling with this.

echo '{"pkgs":["mono","mediainfo","sqlite3","ca_root_nss"]}' > /tmp/pkg.json
iocage create -n "sonarr" -p /tmp/pkg.json -r 11.1-RELEASE ip4_addr="vnet0|192.168.5.71/24" defaultrouter="192.168.5.1" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage fstab -a sonarr /mnt/v1/apps/sonarr /config nullfs rw 0 0
iocage fstab -a sonarr /mnt/v1/torrents /mnt/torrents nullfs rw 0 0
iocage fstab -a sonarr /mnt/v1/media /mnt/media nullfs rw 0 0
iocage exec sonarr ln -s /usr/local/bin/mono /usr/bin/mono
iocage exec sonarr "fetch http://download.sonarr.tv/v2/master/mono/NzbDrone.master.tar.gz -o /usr/local/share"
iocage exec sonarr "tar -xzvf /usr/local/share/NzbDrone.master.tar.gz -C /usr/local/share"
iocage exec sonarr rm /usr/local/share/NzbDrone.master.tar.gz
iocage exec sonarr "pw user add media -c media -u 8675309 -d /nonexistent -s /usr/bin/nologin"
iocage exec sonarr chown -R media:media /usr/local/share/NzbDrone /config
iocage exec sonarr mkdir /usr/local/etc/rc.d

Create an rc file for radarr using your favorite editor at
nano /mnt/iocage/jails/sonarr/root/usr/local/etc/rc.d/sonarr
Show : rcfile

Code:

#!/bin/sh

# $FreeBSD$
#
# PROVIDE: sonarr
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# sonarr_enable: Set to YES to enable sonarr
# Default: NO
# sonarr_user: The user account used to run the sonarr daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run as root.
# Default: media
# sonarr_group: The group account used to run the sonarr daemon.
# This is optional, however do not specifically set this to an
# empty string as this will cause the daemon to run with group wheel.
# Default: media
# sonarr_data_dir: Directory where sonarr configuration
# data is stored.
# Default: /var/db/sonarr

. /etc/rc.subr
name=sonarr
rcvar=${name}_enable
load_rc_config $name

: ${sonarr_enable:="NO"}
: ${sonarr_user:="media"}
: ${sonarr_group:="media"}
: ${sonarr_data_dir:="/config"}

pidfile="${sonarr_data_dir}/nzbdrone.pid"
command="/usr/sbin/daemon"
procname="/usr/local/bin/mono"
command_args="-f ${procname} /usr/local/share/NzbDrone/NzbDrone.exe --data=${sonarr_data_dir} --nobrowser"

start_precmd=sonarr_precmd
sonarr_precmd() {
if [ ! -d ${sonarr_data_dir} ]; then
install -d -o ${sonarr_user} -g ${sonarr_group} ${sonarr_data_dir}
fi

export XDG_CONFIG_HOME=${sonarr_data_dir}
}

run_rc_command "$1"

iocage exec sonarr chmod u+x /usr/local/etc/rc.d/sonarr
iocage exec sonarr sysrc "sonarr_enable=YES"
iocage exec sonarr service sonarr start

Sonarr should be available at http://192.168.5.71:8989

 

[Prasanth]

Thanks for this...very helpful
I think you forgot 1 line
iocage exec sabnzbd chmod u+x /usr/local/etc/rc.d/sabnzbd
To be done before starting the service

Ok i thought that last step would fix starting my sabnzbd but i keep getting the error:

iocage exec sabnzbd service sabnzbd start
Starting sabnzbd.
Error:
Can't write to logfile
/usr/local/etc/rc.d/sabnzbd: WARNING: failed to start sabnzbd
True


Any other permission changes I should have made?

 

[ere109]

I'm trying to install Plex on a newly 11.1 U1 machine, and want to perform the iocage create for future compatibility. I successfully ran echo and created the pkg.json file. However, I get a boatload of errors when I run the create command (I also don't know how to embed, and "code" isn't doing it):

iocage create -n "plex" -p /tmp/pkg.json -r 11.1-RELEASE ip4_addr="vnet0|192.168.1.210/24" defaultrouter="192.168.1.1" vnet="on" allow_raw_sockets="1" boot="on"

Code:

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/logging/config.py", line 558, in configure
	handler = self.configure_handler(handlers[name])
  File "/usr/local/lib/python3.6/logging/config.py", line 731, in configure_handler
	result = factory(**kwargs)
  File "/usr/local/lib/python3.6/logging/handlers.py", line 150, in __init__
	BaseRotatingHandler.__init__(self, filename, mode, encoding, delay)
  File "/usr/local/lib/python3.6/logging/handlers.py", line 57, in __init__
	logging.FileHandler.__init__(self, filename, mode, encoding, delay)
  File "/usr/local/lib/python3.6/logging/__init__.py", line 1030, in __init__
	StreamHandler.__init__(self, self._open())
  File "/usr/local/lib/python3.6/logging/__init__.py", line 1059, in _open
	return open(self.baseFilename, self.mode, encoding=self.encoding)
FileNotFoundError: [Errno 2] No such file or directory: '/var/log/iocage.log'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/iocage", line 10, in <module>
	sys.exit(cli())
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 722, in __call__
	return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 697, in main
	rv = self.invoke(ctx)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1063, in invoke
	Command.invoke(self, ctx)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 895, in invoke
	return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 535, in invoke
	return callback(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/iocage/main.py", line 201, in cli
	IOCLogger()
  File "/usr/local/lib/python3.6/site-packages/iocage/main.py", line 138, in __init__
	logging.config.dictConfig(default_logging)
  File "/usr/local/lib/python3.6/logging/config.py", line 795, in dictConfig
	dictConfigClass(config).configure()
  File "/usr/local/lib/python3.6/logging/config.py", line 566, in configure
	'%r: %s' % (name, e))
ValueError: Unable to configure handler 'file': [Errno 2] No such file or directory: '/var/log/iocage.log'

 

[Wolfeman0101]

I'm trying to install Plex on a newly 11.1 U1 machine, and want to perform the iocage create for future compatibility. I successfully ran echo and created the pkg.json file. However, I get a boatload of errors when I run the create command (I also don't know how to embed, and "code" isn't doing it):

iocage create -n "plex" -p /tmp/pkg.json -r 11.1-RELEASE ip4_addr="vnet0|192.168.1.210/24" defaultrouter="192.168.1.1" vnet="on" allow_raw_sockets="1" boot="on"

Code:

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/logging/config.py", line 558, in configure
	handler = self.configure_handler(handlers[name])
  File "/usr/local/lib/python3.6/logging/config.py", line 731, in configure_handler
	result = factory(**kwargs)
  File "/usr/local/lib/python3.6/logging/handlers.py", line 150, in __init__
	BaseRotatingHandler.__init__(self, filename, mode, encoding, delay)
  File "/usr/local/lib/python3.6/logging/handlers.py", line 57, in __init__
	logging.FileHandler.__init__(self, filename, mode, encoding, delay)
  File "/usr/local/lib/python3.6/logging/__init__.py", line 1030, in __init__
	StreamHandler.__init__(self, self._open())
  File "/usr/local/lib/python3.6/logging/__init__.py", line 1059, in _open
	return open(self.baseFilename, self.mode, encoding=self.encoding)
FileNotFoundError: [Errno 2] No such file or directory: '/var/log/iocage.log'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/iocage", line 10, in <module>
	sys.exit(cli())
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 722, in __call__
	return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 697, in main
	rv = self.invoke(ctx)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1063, in invoke
	Command.invoke(self, ctx)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 895, in invoke
	return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 535, in invoke
	return callback(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/iocage/main.py", line 201, in cli
	IOCLogger()
  File "/usr/local/lib/python3.6/site-packages/iocage/main.py", line 138, in __init__
	logging.config.dictConfig(default_logging)
  File "/usr/local/lib/python3.6/logging/config.py", line 795, in dictConfig
	dictConfigClass(config).configure()
  File "/usr/local/lib/python3.6/logging/config.py", line 566, in configure
	'%r: %s' % (name, e))
ValueError: Unable to configure handler 'file': [Errno 2] No such file or directory: '/var/log/iocage.log'

Can you do cat /tmp/pkg.json and post what's in /tmp/pkg.json.

 

[ere109]

Can you do cat /tmp/pkg.json and post what's in /tmp/pkg.json.

I sure can. I believe this is the call that's made in the FN11.1 jails page.

Code:

root@FreeNAS ~]# cat /tmp/pkg.json											
{"pkgs":["plexmediaserver","ca_root_nss"]}

I encountered another guide that suggested packing "compat9x-amd64" instead, but this thread seems to have a lot more traction.

 

[xvzacrw]

Could someone please confirm something for me:

In the example
Host Jail
/mnt/tank1/torrents /mnt/torrents
/mnt/tank1/apps/nzbget /config

Is /mnt/tank1/apps/nzbget the dataset that holds the files for the actual nzbget jail, or is it a separate dataset made just for the config? Meaning the actual jail is located somewhere else like /mnt/tank1/jails/nzbget

Thanks!

 

[Wolfeman0101]

I sure can. I believe this is the call that's made in the FN11.1 jails page.

Code:

root@FreeNAS ~]# cat /tmp/pkg.json											
{"pkgs":["plexmediaserver","ca_root_nss"]}

I encountered another guide that suggested packing "compat9x-amd64" instead, but this thread seems to have a lot more traction.

Can you console into the jail? See if you have Internet connectivity.

 

[Pentaflake]

Pentaflake updated FN11.1 Jails for Plex, PlexPy, Sonarr, Radarr, Headphones, Jackett, Ombi, Transmission, Organizr with a new update entry:

Update sabnzbd to iocage, update jackett rc file

Update sabnzbd to iocage, update jackett rc file

Read the rest of this update entry...

 

[ere109]

Can you console into the jail? See if you have Internet connectivity.

There is no jail. Granted, this is my first jail, and I'm new to the concept, but when I run "jls" there are no jails listed. When I check the Jails GUI, nothing is listed. I'm assuming that the iocage create command is failing so early that the jail is never created to begin with. If I'm doing something completely wrong, please let me know.
I did a search for the error I'm getting, and came up with two sites that discussed Docker errors, and talked about deleting the called files, or rebuilding the master container. This goes over my head, at present.

I have checked my directories, and all files and directories being referenced in the error do exist.

 

[ere109]

SOLVED!
After reading a few pages, I went back to the error and re-read. There was a missing log file. I cd'd into that directory and created the file iocage.log. I then re-ran the command, and it worked perfectly. Hopefully the rest is simple... Thank you.

 

[Wolfeman0101]

iocage is there in the beta GUI and you can list your jails by iocage list and console in with iocage console jailname.

 

[Prasanth]

Ok here is my confusion about permissions and I think why I am having issues:

on a directory on the main freenas directory which has an owner and a certain set of permissions... I use fstab to add the directory to one of my iocage jails
I then chown within the jail to a new owner and set of permission levels- does this alter ownership and permissions outside of the jail? - on the main freenas system and in other jails where I previously did a similar fstab and chown?

My new iocage sabnzbd jail is installed and is running great but the instructions state to chown the download directory, but then that breaks my sonarr access to that file and folder

 

[JJT211]

Could someone please confirm something for me:

In the example
Host Jail
/mnt/tank1/torrents /mnt/torrents
/mnt/tank1/apps/nzbget /config

Is /mnt/tank1/apps/nzbget the dataset that holds the files for the actual nzbget jail, or is it a separate dataset made just for the config? Meaning the actual jail is located somewhere else like /mnt/tank1/jails/nzbget

Thanks!

I came here to ask this same exact question. I believe you're correct.

Sucks cuz im half through this guide and was skipping that part thinking it was some weird dataset OP had that I dont, but now im thinking its the jail dataset just like in warden.

If anyone could chime in, that would be great.


EDIT: Here's the answer from guide
"apps dataset that has a dataset under it for each application's configuration files owned by the user that it will run as. "

 

[lukyjay]

The /config folder is just to hold your apps configuration files. This way you can choose, change, delete and move your jail without having to set everything up in sonarr etc

 

[ere109]

I'm still having issues getting Plex initially installed. I couldn't access my inital install, so destroyed and am attempting to reinstall. After running the command:

Code:

iocage create -n "plex" -p /tmp/pkg.json -r 11.1-RELEASE ip4_addr="vnet0|192.168.1.210/24" defaultrouter="192.168.1.1" vnet="on" allow_raw_sockets="1" boot="on"

I get the error message

Code:

Testing SRV response to FreeBSD
Error: error sending query: Error creating socket

Command run: drill _http._tcp.pkg.freebsd.org SRV

I found reference on page 8 to updating tuneables to load bridge0 and attach it to the main network interface. It said to add:

Code:

Variable : cloned_interfaces ; Value : bridge0
Variable : ifconfig_bridge0 ; Value : addm igb0 up

Because my main network is listed as ix0, I changed igb0. That didn't fix the problem. I tried again and got the same error. Further thoughts?

 

[ZodiacUHD]

I'm still having issues getting Plex initially installed. I couldn't access my inital install, so destroyed and am attempting to reinstall. After running the command:

Code:

iocage create -n "plex" -p /tmp/pkg.json -r 11.1-RELEASE ip4_addr="vnet0|192.168.1.210/24" defaultrouter="192.168.1.1" vnet="on" allow_raw_sockets="1" boot="on"

I get the error message

Code:

Testing SRV response to FreeBSD
Error: error sending query: Error creating socket

Command run: drill _http._tcp.pkg.freebsd.org SRV

I found reference on page 8 to updating tuneables to load bridge0 and attach it to the main network interface. It said to add:

Code:

Variable : cloned_interfaces ; Value : bridge0
Variable : ifconfig_bridge0 ; Value : addm igb0 up

Because my main network is listed as ix0, I changed igb0. That didn't fix the problem. I tried again and got the same error. Further thoughts?

Can you try running the commands with no tunables set up?

 

[nasmart]

I've posted an issue on the iocage github, maybe someone will be able to shed some light there... https://github.com/iocage/iocage/issues/470

I've noticed that with vnet=on (regardless of static IP or dhcp), Plex will not be able to find its local IP address and will always get listed as "remote" or "indirect". I can turn off vnet and it will properly see its local IP address and update https://plex.tv/pms/resources.xml, but now I cannot access Plex interface on <IP>:32400/web.

I experienced the same issue, and it almost drove me crazy! The problem appears to be solved due to some weird behaviour of PLEX, where interface names starting with "v" are ignored . Since iocage jail interfaces start with "vnet" (at least mine do..) many plex clients can´t find local servers.

The solution is to rename the interface:

Add this to the jails rc.conf:

Code:

ifconfig_vnet0_name="eth0"

Then restart the jail

Link to the discussion with the solution:
https://github.com/iocage/iocage/issues/470

I think this should probably be included in the guide to avoid further headache .

 

[ere109]

I experienced the same issue, and it almost drove me crazy! The problem appears to be solved due to some weird behaviour of PLEX, where interface names starting with "v" are ignored ...

If that's the case, should the main script be changed to remove Plex on the front end, create the jail, update the rc.conf, then install plex and proceed with the other steps? Something like this:

Code:

echo '{"pkgs":["ca_root_nss"]}' > /tmp/pkg.json
iocage create -n "plex" -p /tmp/pkg.json -r 11.1-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
#
ifconfig_vnet0_name="eth0"
iocage fetch plexmediaserver
#
iocage fstab -a plex /mnt/tank1/apps/plex /config nullfs rw 0 0
iocage fstab -a plex /mnt/tank1/video /mnt/video nullfs ro 0 0
iocage exec plex chown -R plex:plex /config
iocage exec plex sysrc "plexmediaserver_enable=YES"
iocage exec plex sysrc plexmediaserver_support_path="/config"
iocage exec plex service plexmediaserver start

Nope - at least for me. Creating the jail, even with plex removed, gives the same SRV error. Is there another way to create the jail, then configure outside connections?
This page does it another way, installs portsnap and several other things.
https://forums.freenas.org/index.php?threads/sorta-fresh-plex-in-iocage.60000/

I'm now at least changing my error, which means I'm closer. I've got two tuneables set, at present: cloned_interfaces=bridge0 and ifconfig_bridge0=
This is where my error changes.

ifconfig_bridge0 addm vnet0 up (I read this
Error: error sending query: Could not send or receive, because of network error

ifconfig_bridge0 addm ix0 up (ix0 is my main ethernet interface)
Error: error sending query: Error creating socket

ifconfig_vnet0_name="eth0" produced the same error. In the defaultrouter= field I'm putting my actual router IP, while the iocage man page suggests using "none".

Running ifconfig in the jail yields:

Code:

root@plex:~ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
		options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
		inet6 ::1 prefixlen 128
		inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
		inet 127.0.0.1 netmask 0xff000000
		nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
		groups: lo
vnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
		options=8<VLAN_MTU>
		ether 02:ff:60:14:fa:0a
		hwaddr 02:dd:a0:00:06:0b
		inet 192.168.1.210 netmask 0xffffff00 broadcast 192.168.1.255
		nd6 options=1<PERFORMNUD>
		media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
		status: active
		groups: epair