FN11.3 iocage jails - Plex, Tautulli, Sonarr, Radarr, Lidarr, Jackett, Transmission, Organizr

[theOneAndOnlyMrT]

One more item that I just found out. The PlexPy scripting no longer works due to their change to the name Tautulli. This worked for me when I had to recreate the jail.

Code:

echo '{"pkgs":["python2","py27-sqlite3","py27-openssl","ca_root_nss","git"]}' > /tmp/pkg.json
iocage create -n "tautulli" -p /tmp/pkg.json -r 11.1-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage fstab -a tautulli /mnt/tank1/apps/tautulli /config nullfs rw 0 0
iocage exec tautulli git clone https://github.com/Tautulli/Tautulli.git /usr/local/share/Tautulli
iocage exec tautulli "pw user add tautulli -c tautulli -u 109 -d /nonexistent -s /usr/bin/nologin"
iocage exec tautulli chown -R tautulli:tautulli /usr/local/share/Tautulli /config
iocage exec tautulli cp /usr/local/share/Tautulli/init-scripts/init.freenas /usr/local/etc/rc.d/tautulli
iocage exec tautulli chmod u+x /usr/local/etc/rc.d/tautulli
iocage exec tautulli sysrc "tautulli_enable=YES"
iocage exec tautulli sysrc "tautulli_flags=--datadir /config"
iocage exec tautulli service tautulli start

 

[Wolfeman0101]

It says I have an update to Sonarr but when I click install latest nothing happens. Any ideas?

I said Sonarr but I meant Radarr. Anyone got any help?

 

[jmcguire525]

I can't update my version of Radarr thru the GUI I get the error:

Code:

v0.2.0.910] System.Net.WebException: Error: SecureChannelFailure (The authentication or decryption has failed.) ---> System.IO.IOException: The authentication or decryption has failed.

I believe it's because I need to upgrade my version of mono currently at 5.2.0. something to do with the version of TLS
pkg update && pkg upgrade -y
doesn't do it. Any thoughts?

Same issue here, and I'm a complete newb but comparing the instructions here to the ones on github, is there any reason for the discrepancy here...

Github:

Code:

#this is needed for updates within Radarr
ln -s /usr/local/bin/mono /bin

Freenas Resource:

Code:

iocage exec radarr ln -s /usr/local/bin/mono /usr/bin/mono

Is it linking to the wrong directory?

 

[Wolfeman0101]

Same issue here, and I'm a complete newb but comparing the instructions here to the ones on github, is there any reason for the discrepancy here...

Github:

Code:

#this is needed for updates within Radarr
ln -s /usr/local/bin/mono /bin

Freenas Resource:

Code:

iocage exec radarr ln -s /usr/local/bin/mono /usr/bin/mono

Is it linking to the wrong directory?

Still nothing. I don't see an error just nothing happens.

 

[afmiller]

Running into issues with installing plexpy
followed

Code:

echo '{"pkgs":["databases/py-sqlite3","security/py-openssl","ca_root_nss","git"]}' > /tmp/pkg.json
iocage create -n "plexpy" -p /tmp/pkg.json -r 11.1-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage fstab -a plexpy /mnt/tank1/apps/plexpy /config nullfs rw 0 0
iocage exec plexpy git clone https://github.com/JonnyWong16/plexpy.git /usr/local/share/plexpy
iocage exec plexpy "pw user add plexpy -c plexpy -u 109 -d /nonexistent -s /usr/bin/nologin"
iocage exec plexpy chown -R plexpy:plexpy /usr/local/share/plexpy /config
iocage exec plexpy cp /usr/local/share/plexpy/init-scripts/init.freenas /usr/local/etc/rc.d/plexpy
iocage exec plexpy chmod u+x /usr/local/etc/rc.d/plexpy
iocage exec plexpy sysrc "plexpy_enable=YES"
iocage exec plexpy sysrc "plexpy_flags=--datadir /config"
iocage exec plexpy service plexpy start

I did change the paths for the fstab as such. So I can have access to the logs for ip purposes.

Code:

iocage fstab -a plexpy /mnt/Main/jaildata/Plex /plexlogs nullfs ro 0 0
 iocage fstab -a plexpy /mnt/Main/jaildata/Plexpy /config nullfs rw 0 0

I am getting this error

Code:

Cannot 'start' tautulli. Set tautulli_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.

when I edit the rc.conf and add

Code:

tautulli_enable="YES"

I get

Code:

root@freenas:/mnt/Main/jaildata/Plexpy # iocage exec plexpy service plexpy start
/usr/local/etc/rc.d/plexpy: WARNING: run_rc_command: cannot run /usr/local/share/Tautulli/Tautulli.py
True

 

[theOneAndOnlyMrT]

Running into issues with installing plexpy
followed

Code:

echo '{"pkgs":["databases/py-sqlite3","security/py-openssl","ca_root_nss","git"]}' > /tmp/pkg.json
iocage create -n "plexpy" -p /tmp/pkg.json -r 11.1-RELEASE ip4_addr="vnet0|<IP>/<MASK>" defaultrouter="<GATEWAY>" vnet="on" allow_raw_sockets="1" boot="on"
rm /tmp/pkg.json
iocage fstab -a plexpy /mnt/tank1/apps/plexpy /config nullfs rw 0 0
iocage exec plexpy git clone https://github.com/JonnyWong16/plexpy.git /usr/local/share/plexpy
iocage exec plexpy "pw user add plexpy -c plexpy -u 109 -d /nonexistent -s /usr/bin/nologin"
iocage exec plexpy chown -R plexpy:plexpy /usr/local/share/plexpy /config
iocage exec plexpy cp /usr/local/share/plexpy/init-scripts/init.freenas /usr/local/etc/rc.d/plexpy
iocage exec plexpy chmod u+x /usr/local/etc/rc.d/plexpy
iocage exec plexpy sysrc "plexpy_enable=YES"
iocage exec plexpy sysrc "plexpy_flags=--datadir /config"
iocage exec plexpy service plexpy start

I did change the paths for the fstab as such. So I can have access to the logs for IP purposes.

Code:

iocage fstab -a plexpy /mnt/Main/jaildata/Plex /plexlogs nullfs ro 0 0
 iocage fstab -a plexpy /mnt/Main/jaildata/Plexpy /config nullfs rw 0 0

I am getting this error

Code:

Cannot 'start' tautulli. Set tautulli_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.

when I edit the rc.conf and add

Code:

tautulli_enable="YES"

I get

Code:

root@freenas:/mnt/Main/jaildata/Plexpy # iocage exec plexpy service plexpy start
/usr/local/etc/rc.d/plexpy: WARNING: run_rc_command: cannot run /usr/local/share/Tautulli/Tautulli.py
True

See my post on this page (page 18). PlexPy changed its name. I ran into the same problems.

 

[afmiller]

See my post on this page (page 18). PlexPy changed its name. I ran into the same problems.

Totally missed that somehow, thanks!

 

[NasKar]

One more item that I just found out. The PlexPy scripting no longer works due to their change to the name Tautulli. This worked for me when I had to recreate the jail.

FYI, I updated plexpy from the GUI where it said I was x commits behind. It updated and now I'm on Tautulli and it works.

 

[theOneAndOnlyMrT]

FYI, I updated plexpy from the GUI where it said I was x commits behind. It updated and now I'm on Tautulli and it works.

I did the same thing but when I rebooted FreeNAS, Tautulli would not start back up. Since the config was stored outside the jail...I just deleted the jail and recreated it instead of trying to troubleshoot.

 

[ezra]

So I am just trying to get a base jail created, and I am finding that networking is a challenge. I see all sorts of posts about iocage networking issues, but am not sure the cause. If I create a jail in the gui, it occasionally seems to work. I can go into the jail through jexec and ping out to the outside world or local network. Upon reboot, that connectivity goes away. Other times, the jail will not function correctly from the start.

I have seen posts about adding tunables, but I have not had any success with that. The one question i have with this is with the interface name. My interface to my network is a LAGG interface, named lagg0. I have tried to use "lagg0" in the tunables, and found that upon reboot, the interface is not configured correctly and needs to be reconfigured from the local terminal.

If there are any tricks i should try for this, I'd love to hear them.

If I should just wait for 11.2 before messing with iocage, that may be an option too.

Thanks

Quote from pentaflake
On 11.1-U2 there is a bug causing the interfaces to be named incorrectly when the jail is started. A simple workaround until 11.2 is to run the following for each jail.

Code:

iocage exec <jail> 'sysrc ifconfig_epair0_name="epair0b"'
iocage restart <jail>

@Pentaflake I managed to install them all in single jail (exept for transmission).

I had some issues with the download links, had to do them manually inside the jail console. And Plexpy seems to be renamed to tau... when my jail is finished I'll work out the proper steps to update your guide so it works.
Also setup Nginx reverse proxy for all of the apps to serve https. Will post the guide and config later on...

Now i want to fix the Killswitch, i just cant seem to figure out what <IP of VPN Entrance Node> is, is this remote or locally?

Thanks for the amazing guides and effort. Will be posting my nginx setup to contribute soon.

 

[theOneAndOnlyMrT]

Could you share your /usr/local/etc/rc.d/deluge file? I'll try it out. Does needs a ton of dependancies, but.. nice :) Thanks

I did not modify any of those files (there's two: "deluged" and "deluge_web"). Both of them just contain the exact ones that were installed with the pkg install. Are you having issues?

 

[ezra]

[/QUOTE]

I did not modify any of those files (there's two: "deluged" and "deluge_web"). Both of them just contain the exact ones that were installed with the pkg install. Are you having issues?

Nah, halfway posting i realized it was a pkg install and not a git install so it ships with stock rc.d files... everything is working as expected thanks! Just figuring out how to set the base url for deluge to be persistent for the reverse proxy...

=========================================================================================================
Reverse proxy guide

I've setup all the mentioned apps (just not transmission) in 1 jail. Where they all get /config i've created /config/app for each other app. (these need to be created on a dataset)

For reference how i've setup my nginx reverse proxy:
From FreeNAS console/ssh ->

Code:

iocage console JAILNAME
pkg install nano nginx openssl

mkdir /usr/local/etc/nginx/sites-enabled
mkdir /usr/local/etc/nginx/sites-available
mkdir /usr/local/etc/nginx/ssl
mkdir /usr/local/etc/nginx/conf.d
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /usr/local/etc/nginx/ssl/nginx.key -out /usr/local/etc/nginx/ssl/nginx.crt
cp /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/nginx.conf.backup
cat /dev/null > /usr/local/etc/nginx/nginx.conf
nano /usr/local/etc/nginx/nginx.conf

paste this:

Code:

worker_processes auto;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections  1024;
}

http {
	include	   mime.types;
	default_type  application/octet-stream;

	sendfile on;
	 tcp_nopush on;
	 tcp_nodelay on;
	 keepalive_timeout 65;
	 types_hash_max_size 2048;

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	gzip on;
	gzip_disable "msie6";

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;

server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
	return 301 https://$host$request_uri;
}

server {
	listen 443 ssl http2;
	server_name 192.168.3.25;

	# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
	ssl_certificate /usr/local/etc/nginx/ssl/nginx.crt;
	ssl_certificate_key /usr/local/etc/nginx/ssl/nginx.key;
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;

	# modern configuration. tweak to your needs.
	ssl_protocols TLSv1.2;
	ssl_ciphers
'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
	ssl_prefer_server_ciphers on;

	# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
	add_header Strict-Transport-Security max-age=15768000;

	resolver 192.168.3.5;

location /sabnzbd {
	 proxy_pass http://127.0.0.1:8080;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }

	 location /sonarr {
	 proxy_pass http://127.0.0.1:8989;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }

	 location /headphones {
	 proxy_pass http://127.0.0.1:8183;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }

	 location /lazylibrarian {
	 proxy_pass http://127.0.0.1:5299;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }

	 location /jackett {
	 proxy_pass http://127.0.0.1:9117;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }

	 location /ombi {
	 proxy_pass http://127.0.0.1:3579;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }

	 location /plexpy {
	 proxy_pass http://127.0.0.1:8181;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }

	 location /radarr {
	 proxy_pass http://127.0.0.1:7878;
	 proxy_redirect off;
	 proxy_set_header Host $host;
	 proxy_set_header X-Real-IP $remote_addr;
	 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 }

   location /deluge {
	proxy_pass http://127.0.0.1:8112/;
	proxy_set_header  X-Deluge-Base "/deluge/";
   }

}

}

Note that i've changed the port of headphones to 8183 to not interfere with plexpy.
Also change

Code:

server_name 192.168.3.25;

to your Jail IP.

And change the line below to match your Local DNS server ( You can remove this line if your not working with domain names locally, i have some other vhosts in ./sites-enabled/)

Code:

resolver 192.168.3.5;

hit Control+X -> hit y -> enter

Code:

service nginx restart

For each app change the Base url, for most you can do this in the webgui settings, some need to be done by config file:

Code:

sed -i '' -e 's?http_root = /?http_root = /headphones?g' /config/HEADPHONESDIR./config.ini
service headphones restart

The above app will now be accessable via HTTPS, change the base url via HTTP on the others, restart and there you go.

 

[pintu1228]

Hi, trying to install radarr but face an issue with the following step:

iocage exec radarr "wget https://github.com/Radarr/Radarr/releases/download/v0.2.0.995/Radarr.develop.0.2.0.995.linux.tar.gz -o /usr/local/share";

I get message saying:
Non-recoverable resolver failure

True


How do I fix this issue, I tried to destroy and do it again but doesn't fix the issue.

Thanks for the great guide.

 

[ezra]

Hi, trying to install radarr but face an issue with the following step:

iocage exec radarr "wget https://github.com/Radarr/Radarr/releases/download/v0.2.0.995/Radarr.develop.0.2.0.995.linux.tar.gz -o /usr/local/share";

I get message saying:
Non-recoverable resolver failure

True


How do I fix this issue, I tried to destroy and do it again but doesn't fix the issue.

Thanks for the great guide.

Perform all the steps until this line:

Code:

iocage exec radarr "wget https://github.com/Radarr/Radarr/releases/download/v0.2.0.995/Radarr.develop.0.2.0.995.linux.tar.gz -o /usr/local/share";

Instead do:

Code:

iocage console radarr

Wait until you are in the jail console then:

Code:

pkg install wget
wget https://github.com/Radarr/Radarr/releases/download/v0.2.0.995/Radarr.develop.0.2.0.995.linux.tar.gz -o /usr/local/share
exit

Then continue with the line after this one:

Code:

iocage exec radarr "wget https://github.com/Radarr/Radarr/releases/download/v0.2.0.995/Radarr.develop.0.2.0.995.linux.tar.gz -o /usr/local/share";

 

[pintu1228]

Thanks, when I go into jail and run the wget command I get the following error:


root@radarr:~ # pkg install wget

The package management tool is not yet installed on your system.

Do you want to fetch and install it now? [y/N]: y

Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly, please wait...

pkg: Error fetching http://pkg.FreeBSD.org/FreeBSD:11:amd64/quarterly/Latest/pkg.txz: Non-recoverable resolver failure

A pre-built version of pkg could not be found for your system.

Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'.


Running portsnap fetch:

root@radarr:~ # portsnap fetch

Looking up portsnap.FreeBSD.org mirrors... none found.

Fetching public key from portsnap.FreeBSD.org... failed.

No mirrors remaining, giving up.

 

[ezra]

Try this when in the radarr console:

Code:

cd /usr/local/share

fetch https://github.com/Radarr/Radarr/releases/download/v0.2.0.995/Radarr.develop.0.2.0.995.linux.tar.gz

then continue with the tar xzf

else,

Please provide the first iocage create command, and list what your router IP is.
Also go into the new FreeNAS ui and under the jail settings check if your resolver is set to /etc/resolv.conf

 

[ezra]

Also, to add PHP 7.2 to organizr:

Code:

iocage console organizr
pkg update
pkg install php72 php72-curl php72-hash php72-json php72-openssl php72-pdo php72-pdo_sqlite php72-session php72-simplexml php72-sqlite3 php72-zip

Awnser yes to all the questions.
Then:

Code:

sed -i '' -e 's?listen = 127.0.0.1:9000?listen = /var/run/php-fpm.sock?g' /usr/local/etc/php-fpm.conf
sed -i '' -e 's/;listen.owner = www/listen.owner = www/g' /usr/local/etc/php-fpm.conf
sed -i '' -e 's/;listen.group = www/listen.group = www/g' /usr/local/etc/php-fpm.conf
sed -i '' -e 's/;listen.mode = 0660/listen.mode = 0600/g' /usr/local/etc/php-fpm.conf
cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
sed -i '' -e 's?;date.timezone =?date.timezone = "Universal"?g' /usr/local/etc/php.ini
sed -i '' -e 's?;cgi.fix_pathinfo=1?cgi.fix_pathinfo=0?g' /usr/local/etc/php.ini
exit

in the FreeNAS console:

Code:

iocage restart organizr

This greatly improves the speed of Organizr

 

[Benc]

I installed transmission (only local, without openvpn etc) following instructions, but when I wanted to change whitelist in settings.json, config folder was empty and file was in jail /usr/local/etc/transmission. Why config folder was not used, where it went wrong?

 

[ezra]

I installed transmission (only local, without openvpn etc) following instructions, but when I wanted to change whitelist in settings.json, config folder was empty and file was in jail /usr/local/etc/transmission. Why config folder was not used, where it went wrong?

Delete the jail, start over again. First make all the needed changes to the commands in a file. Execute the commands, post the commands and output here... then we can troubleshoot.

 

[bigzaj]

I am having issues with Sonarr permissions. In FN I have created a user and grour sonarr with ID 351 and added to mymedia group ID 1001. I added the user mymedia and group mymedia 1001 to the Sonarr jail in addition to creating the sonarr user. I added (or I think I added) Sonnar to the mymedia group in the jail. Still having write issues... folder permissions are 775. Any tips for getting sonarr permissions working in iocage? The above process worked fine for Radarr.