Lynxphp

Thanks for your answers and sorry for my late response. Yes. Could this be causing the issue? I have to keep my ISP router on as it provides the TV connection. My pfsense box is in the DMZ of the ISP router. With this setting, I don't need to forward the ports from the ISP to the pfsense box. Yes Thanks for the tip. I tried it. Still no luck getting local access... My Custom options in the DNS Resolver (which is enabled) now look like this: server: private-domain: "unraid.net" local-zone: "nextcloud.XXX.duckdns.org" redirect local-data: "nextcloud.XXX.duckdns.org 3600 IN A 19.16.17.101" Are there any other troubleshooting steps I could take? Or steps to provide you guys with more accurate information regarding my issue ? oh. I guess I'll have to change that :(. Thanks for the heads up.

I already posted a few days ago regarding setting up letsencrypt for nextcloud and got from no access at all to remote access only, which i am very happy about. Remote access works perfectly with duckdns but i still can't get local access and that is what i am trying to fix. I will try to summarize the relevant information here. I run a pfsense router which is in the DMZ behind my ISP router. Both have NAT enabled. I have port forwarding rules setup and as remote access works, i tend to think that they are not the problem. I have a host override setup in pfsense: Here are the results of nslookup and tracert from a computer within the same network (behind pfsense) as the unraid server on which letsencrypt and nextcloud are running: My interpretation is that the dns override works as it is correctly resolved with the external (internet) ip. Is that correct? Or should a local dns lookup response be the local ip adress? The fact that the dns seems to work leads me to believe that the problem lies with my configuration of letsencrypt (possibly nextcloud?). Here is the result of a tracert showing the connection timing out: My current configuration of LE and nextcloud: appdata/letsencrypt/nginx/site-confs/nextcloud server { listen 443 ssl; listen [::]:443 ssl; server_name nextcloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nextcloud nextcloud; proxy_max_temp_file_size 2048m; proxy_pass https://$upstream_nextcloud:443; } } appdata/nextcloud/www/nextcloud/config/config.php <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'XXX', 'passwordsalt' => 'XXX', 'secret' => 'XXX', 'trusted_domains' => array ( 0 => '19.16.17.101:444', 1 => 'nextcloud.XXX.duckdns.org', ), 'dbtype' => 'mysql', 'version' => '16.0.1.1', 'overwrite.cli.url' => 'https://nextcloud.XXX.duckdns.org', 'overwritehost' => 'nextcloud.XXX.duckdns.org', 'overwriteprotocol' => 'https', 'dbname' => 'nextcloud', 'dbhost' => '19.16.17.101:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'XXX', 'dbpassword' => 'XXX', 'installed' => true, ); I am quite a networking newbie. I have tried to read and inform myself as much as i could, but i can't seem to figure this out. Any help would be greatly appreciated.

Im starting to think that my port 80 is blocked by my ISP. I'm not sure how bad this is, as i can still reach nextcloud externally on 443. I tried all the NAT reflection options with rebooting after each change, but still no succes..

Thanks for the tip @blaine07. I have no problems reaching nextcloud externally, which leads to me to think that my port forwarding rules are okay. It's only internally that the connection times out. Heres a screen of my rules:

Thanks for your correction. I previously used mydomain.duckdns.org to reach nextcloud directly. I now made the change in the nextcloud and letsencrypt config to have nextcloud at nextcloud.mydomain.duckdns.org. I can reach nextcloud remotely, but still not locally (timeout) :(. Here is my Host override in the DNS resolver:

Thanks for the suggestion. I still can't get local acces...

Thanks! I got remote access! However, still no access from the local network. I only setup my pfsense router after moving (with my new ISP router that doesnt support NAT loopback). I never got local access working with this ISP router. I tried unchecking "block private networks and loopback addresses" (both on WAN and LAN) but no change. canyouseeme.org reports that port 443 is open, 80 is not. I tried setting up a NAT forward rule to be able to gain local access, but no succes: Any suggestion?

Hi I previously had a working nextcloud instance with reverse proxy, but i kept having problems after i moved and got a new ISP router. I have made several unsuccesful attempts in the past months to get it working so tonight i'm finally posting here and hope someone can help. Nextcloud is setup and works just fine on the local network. Let's encrypt is able to get new certs and to renew old ones. My issues lies with setting up the reverse proxy to access nextcloud with my duckdns URL. It times out whenever i try to reach the site from behind the pfsense router, the internet or behind the isp router. I would very much appreciate any help or suggestion. Below i posted my config. My network: The Pfsense Router is in the DMZ of the ISP router Here are my port forwards in both routers (first ISP router then pfsense) NAT loopback is enabled in the pfsense port forwards. Here is my letsencrypt template: appdata/letsencrypt/nginx/site-confs/nextcloud server { listen 443 ssl; server_name XXX.duckdns.org; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ###Extra Settings### ssl_prefer_server_ciphers on; ###ssl_session_cache shared:SSL:10m; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; client_max_body_size 0; location / { proxy_pass https://19.16.17.101:444/; proxy_max_temp_file_size 2048m; include /config/nginx/proxy.conf; } } appdata/nextcloud/www/nextcloud/config/config.php <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'XXX', 'passwordsalt' => 'XXX', 'secret' => 'XXX', 'trusted_domains' => array ( 0 => '19.16.17.101:444', 1 => 'XXX.duckdns.org', ), 'dbtype' => 'mysql', 'version' => '16.0.1.1', 'overwrite.cli.url' => 'https://XXX.duckdns.org', 'overwritehost' => 'XXX.duckdns.org', 'overwriteprotocol' => 'https', 'dbname' => 'nextcloud', 'dbhost' => '19.16.17.101:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'XXX', 'dbpassword' => 'XXX', 'installed' => true, );

I have also been trying to get synpase to work on my unraid box (still running 6.6.7). I installed Postres without a problem. I'm having a similar issues as you relink with the synpase docker. I downloaded a clean homeserver.yaml from https://raw.githubusercontent.com/matrix-org/synapse/master/docker/conf/homeserver.yaml When i start Synpase, it immediately crashes. I joined a screenshot of my container template and here is the console log for the synapse container: Traceback (most recent call last): File "/usr/local/lib/python3.6/runpy.py", line 193, in _run_module_as_main "__main__", mod_spec) File "/usr/local/lib/python3.6/runpy.py", line 85, in _run_code exec(code, run_globals) File "/usr/local/lib/python3.6/site-packages/synapse/app/homeserver.py", line 661, in <module> main() File "/usr/local/lib/python3.6/site-packages/synapse/app/homeserver.py", line 656, in main hs = setup(sys.argv[1:]) File "/usr/local/lib/python3.6/site-packages/synapse/app/homeserver.py", line 329, in setup config_options, File "/usr/local/lib/python3.6/site-packages/synapse/config/_base.py", line 362, in load_or_generate_config generate_keys=generate_keys, File "/usr/local/lib/python3.6/site-packages/synapse/config/_base.py", line 380, in read_config_files yaml_config = self.read_config_file(config_file) File "/usr/local/lib/python3.6/site-packages/synapse/config/_base.py", line 140, in read_config_file return yaml.safe_load(file_stream) File "/usr/local/lib/python3.6/site-packages/yaml/__init__.py", line 162, in safe_load return load(stream, SafeLoader) File "/usr/local/lib/python3.6/site-packages/yaml/__init__.py", line 114, in load return loader.get_single_data() File "/usr/local/lib/python3.6/site-packages/yaml/constructor.py", line 41, in get_single_data node = self.get_single_node() File "/usr/local/lib/python3.6/site-packages/yaml/composer.py", line 35, in get_single_node if not self.check_event(StreamEndEvent): File "/usr/local/lib/python3.6/site-packages/yaml/parser.py", line 98, in check_event self.current_event = self.state() File "/usr/local/lib/python3.6/site-packages/yaml/parser.py", line 143, in parse_implicit_document_start StreamEndToken): File "/usr/local/lib/python3.6/site-packages/yaml/scanner.py", line 116, in check_token self.fetch_more_tokens() File "/usr/local/lib/python3.6/site-packages/yaml/scanner.py", line 260, in fetch_more_tokens self.get_mark()) yaml.scanner.ScannerError: while scanning for the next token found character '%' that cannot start any token in "/config/homeserver.yaml", line 5, column 2 Traceback (most recent call last): File "/start.py", line 76, in <module> subprocess.check_output(args + ["--generate-keys"]) File "/usr/local/lib/python3.6/subprocess.py", line 356, in check_output **kwargs).stdout File "/usr/local/lib/python3.6/subprocess.py", line 438, in run output=stdout, stderr=stderr) subprocess.CalledProcessError: Command '['python', '-m', 'synapse.app.homeserver', '--config-path', '/config/', '--keys-directory', '/data', '--generate-keys']' returned non-zero exit status 1. Would really appreciate any tip as to how to setup synapse. One part of it is setting up my let's encrypt reverse proxy to work with it. To answer your question, afaik you just paste your command in the "Post Arguments" section of the container template (in advanced view).

Just tried with RDP instead of VNC server and viewer and i got acces to my vm!! Everything works just fine!

Hi I just bought a Gigabyte GTX 1660 OC 6G for my VM. I have been watching SI1's videos about how to passthroug a vm. I had already previously setup my windows vm which works fine with VNC. I had to turn acs override mode on (both) to get my VM to start. My mobo is mini-itx so no second pcie slot here. I got the vbios from techpowerup. I also dumped the actual bios of my card just to make sure, and it is the same as techpowerup's. I edited the vbios following SI1's video guide. I noticed that the bios contains twice the "Utm ek7400....." line. I tried with two edited versions, one where i only deleted the part above the first "Utm ek7400....." line and one where i deleted everything above the second "Utm ek7400....." line. When added to the vm template, both allow me to boot the vm, but with both i end up with a black screen in my vnc viewer (not unraid's). I read in a forum post that the virtio may be the problem. I tried to uninstall it through unraid's VNC, i get a black screen and when i reboot it is back. Should i disable de the display adapter in the device manager? Im afraid that i might loose access to my VM's display if i do that. I would very much appreciate any suggestions! Thanks in advance. I tried to add as much information as possible below. My setup: Case: Node 304 | Mobo: C236 WSI | CPU: E3-1245v6 | PSU: Corsair SF450 | Cache: 2x 850 pro 256Gb | HDDs: WD RED 8Tb (parity) & 2x WD RED 8Tb (data) | RAM 2x 8g 2133Mhz ECC VM drive: 850 evo passedthrough. VM's power mode set to high performance Default IOMMU groups: IOMMU group 0: [8086:5918] 00:00.0 Host bridge: Intel Corporation Xeon E3-1200 v6/7th Gen Core Processor Host Bridge/DRAM Registers (rev 05) IOMMU group 1: [8086:1901] 00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor PCIe Controller (x16) (rev 05) [10de:2184] 01:00.0 VGA compatible controller: NVIDIA Corporation Device 2184 (rev a1) [10de:1aeb] 01:00.1 Audio device: NVIDIA Corporation Device 1aeb (rev a1) [10de:1aec] 01:00.2 USB controller: NVIDIA Corporation Device 1aec (rev a1) [10de:1aed] 01:00.3 Serial bus controller [0c80]: NVIDIA Corporation Device 1aed (rev a1) IOMMU group 2: [8086:a12f] 00:14.0 USB controller: Intel Corporation 100 Series/C230 Series Chipset Family USB 3.0 xHCI Controller (rev 31) [8086:a131] 00:14.2 Signal processing controller: Intel Corporation 100 Series/C230 Series Chipset Family Thermal Subsystem (rev 31) IOMMU group 3: [8086:a13a] 00:16.0 Communication controller: Intel Corporation 100 Series/C230 Series Chipset Family MEI Controller #1 (rev 31) [8086:a13d] 00:16.3 Serial controller: Intel Corporation 100 Series/C230 Series Chipset Family KT Redirection (rev 31) IOMMU group 4: [8086:a102] 00:17.0 SATA controller: Intel Corporation Q170/Q150/B150/H170/H110/Z170/CM236 Chipset SATA Controller [AHCI Mode] (rev 31) IOMMU group 5: [8086:a110] 00:1c.0 PCI bridge: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #1 (rev f1) IOMMU group 6: [8086:a117] 00:1c.7 PCI bridge: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #8 (rev f1) IOMMU group 7: [8086:a149] 00:1f.0 ISA bridge: Intel Corporation C236 Chipset LPC/eSPI Controller (rev 31) [8086:a121] 00:1f.2 Memory controller: Intel Corporation 100 Series/C230 Series Chipset Family Power Management Controller (rev 31) [8086:a170] 00:1f.3 Audio device: Intel Corporation 100 Series/C230 Series Chipset Family HD Audio Controller (rev 31) [8086:a123] 00:1f.4 SMBus: Intel Corporation 100 Series/C230 Series Chipset Family SMBus (rev 31) IOMMU group 8: [8086:15b7] 00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection (2) I219-LM (rev 31) IOMMU group 9: [8086:1533] 03:00.0 Ethernet controller: Intel Corporation I210 Gigabit Network Connection (rev 03) IOMMU groups with acs override to both: IOMMU group 0: [8086:5918] 00:00.0 Host bridge: Intel Corporation Xeon E3-1200 v6/7th Gen Core Processor Host Bridge/DRAM Registers (rev 05) IOMMU group 1: [8086:1901] 00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor PCIe Controller (x16) (rev 05) IOMMU group 2: [8086:a12f] 00:14.0 USB controller: Intel Corporation 100 Series/C230 Series Chipset Family USB 3.0 xHCI Controller (rev 31) [8086:a131] 00:14.2 Signal processing controller: Intel Corporation 100 Series/C230 Series Chipset Family Thermal Subsystem (rev 31) IOMMU group 3: [8086:a13a] 00:16.0 Communication controller: Intel Corporation 100 Series/C230 Series Chipset Family MEI Controller #1 (rev 31) [8086:a13d] 00:16.3 Serial controller: Intel Corporation 100 Series/C230 Series Chipset Family KT Redirection (rev 31) IOMMU group 4: [8086:a102] 00:17.0 SATA controller: Intel Corporation Q170/Q150/B150/H170/H110/Z170/CM236 Chipset SATA Controller [AHCI Mode] (rev 31) IOMMU group 5: [8086:a110] 00:1c.0 PCI bridge: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #1 (rev f1) IOMMU group 6: [8086:a117] 00:1c.7 PCI bridge: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #8 (rev f1) IOMMU group 7: [8086:a149] 00:1f.0 ISA bridge: Intel Corporation C236 Chipset LPC/eSPI Controller (rev 31) [8086:a121] 00:1f.2 Memory controller: Intel Corporation 100 Series/C230 Series Chipset Family Power Management Controller (rev 31) [8086:a170] 00:1f.3 Audio device: Intel Corporation 100 Series/C230 Series Chipset Family HD Audio Controller (rev 31) [8086:a123] 00:1f.4 SMBus: Intel Corporation 100 Series/C230 Series Chipset Family SMBus (rev 31) IOMMU group 8: [8086:15b7] 00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection (2) I219-LM (rev 31) IOMMU group 9: [10de:2184] 01:00.0 VGA compatible controller: NVIDIA Corporation Device 2184 (rev a1) IOMMU group 10: [10de:1aeb] 01:00.1 Audio device: NVIDIA Corporation Device 1aeb (rev a1) IOMMU group 11: [10de:1aec] 01:00.2 USB controller: NVIDIA Corporation Device 1aec (rev a1) IOMMU group 12: [10de:1aed] 01:00.3 Serial bus controller [0c80]: NVIDIA Corporation Device 1aed (rev a1) IOMMU group 13: [8086:1533] 03:00.0 Ethernet controller: Intel Corporation I210 Gigabit Network Connection (rev 03) Here's the log i get when i start the VM with acs_override to both and get the black screen: 2019-04-25 20:16:35.558+0000: starting up libvirt version: 4.7.0, qemu version: 3.0.0, kernel: 4.18.20-unRAID, hostname: Tower LC_ALL=C PATH=/bin:/sbin:/usr/bin:/usr/sbin HOME=/ QEMU_AUDIO_DRV=none /usr/local/sbin/qemu -name 'guest=Windows 10,debug-threads=on' -S -object 'secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-1-Windows 10/master-key.aes' -machine pc-i440fx-3.0,accel=kvm,usb=off,dump-guest-core=off,mem-merge=off -cpu host,hv_time,hv_relaxed,hv_vapic,hv_spinlocks=0x1fff,hv_vendor_id=none -drive file=/usr/share/qemu/ovmf-x64/OVMF_CODE-pure-efi.fd,if=pflash,format=raw,unit=0,readonly=on -drive file=/etc/libvirt/qemu/nvram/b503c30d-ee23-37c2-aa85-b30b04595f33_VARS-pure-efi.fd,if=pflash,format=raw,unit=1 -m 8704 -realtime mlock=off -smp 6,sockets=1,cores=3,threads=2 -uuid b503c30d-ee23-37c2-aa85-b30b04595f33 -display none -no-user-config -nodefaults -chardev socket,id=charmonitor,fd=24,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime -no-hpet -no-shutdown -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x7.0x7 -device ich9-usb-4:00:10:d3:bd,bus=pci.0,addr=0x2 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev socket,id=charchannel0,fd=28,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 -device usb-tablet,id=input0,bus=usb.0,port=1 -device vfio-pci,host=01:00.0,id=hostdev0,bus=pci.0,addr=0x3,romfile=/mnt/user/isos/Gigabyte.GTX1660.edited.rom -device vfio-pci,host=01:00.1,id=hostdev1,bus=pci.0,addr=0x6 -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny -msg timestamp=on 2019-04-25 20:16:35.558+0000: Domain id=1 is tainted: high-privileges 2019-04-25 20:16:35.558+0000: Domain id=1 is tainted: host-cpu 2019-04-25T20:16:35.596913Z qemu-system-x86_64: -chardev pty,id=charserial0: char device redirected to /dev/pts/0 (label charserial0) 2019-04-25T20:16:54.621995Z qemu-system-x86_64: vfio: Cannot reset device 0000:01:00.1, depends on group 11 which is not owned. IOMMU groups with acs override to downstream and the returned error when i try to start the vm: IOMMU group 0: [8086:5918] 00:00.0 Host bridge: Intel Corporation Xeon E3-1200 v6/7th Gen Core Processor Host Bridge/DRAM Registers (rev 05) IOMMU group 1: [8086:1901] 00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor PCIe Controller (x16) (rev 05) IOMMU group 2: [8086:a12f] 00:14.0 USB controller: Intel Corporation 100 Series/C230 Series Chipset Family USB 3.0 xHCI Controller (rev 31) [8086:a131] 00:14.2 Signal processing controller: Intel Corporation 100 Series/C230 Series Chipset Family Thermal Subsystem (rev 31) IOMMU group 3: [8086:a13a] 00:16.0 Communication controller: Intel Corporation 100 Series/C230 Series Chipset Family MEI Controller #1 (rev 31) [8086:a13d] 00:16.3 Serial controller: Intel Corporation 100 Series/C230 Series Chipset Family KT Redirection (rev 31) IOMMU group 4: [8086:a102] 00:17.0 SATA controller: Intel Corporation Q170/Q150/B150/H170/H110/Z170/CM236 Chipset SATA Controller [AHCI Mode] (rev 31) IOMMU group 5: [8086:a110] 00:1c.0 PCI bridge: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #1 (rev f1) IOMMU group 6: [8086:a117] 00:1c.7 PCI bridge: Intel Corporation 100 Series/C230 Series Chipset Family PCI Express Root Port #8 (rev f1) IOMMU group 7: [8086:a149] 00:1f.0 ISA bridge: Intel Corporation C236 Chipset LPC/eSPI Controller (rev 31) [8086:a121] 00:1f.2 Memory controller: Intel Corporation 100 Series/C230 Series Chipset Family Power Management Controller (rev 31) [8086:a170] 00:1f.3 Audio device: Intel Corporation 100 Series/C230 Series Chipset Family HD Audio Controller (rev 31) [8086:a123] 00:1f.4 SMBus: Intel Corporation 100 Series/C230 Series Chipset Family SMBus (rev 31) IOMMU group 8: [8086:15b7] 00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection (2) I219-LM (rev 31) IOMMU group 9: [10de:2184] 01:00.0 VGA compatible controller: NVIDIA Corporation Device 2184 (rev a1) [10de:1aeb] 01:00.1 Audio device: NVIDIA Corporation Device 1aeb (rev a1) [10de:1aec] 01:00.2 USB controller: NVIDIA Corporation Device 1aec (rev a1) [10de:1aed] 01:00.3 Serial bus controller [0c80]: NVIDIA Corporation Device 1aed (rev a1) IOMMU group 10: [8086:1533] 03:00.0 Ethernet controller: Intel Corporation I210 Gigabit Network Connection (rev 03) The VM XML's <?xml version='1.0' encoding='UTF-8'?> <domain type='kvm'> <name>Windows 10</name> <uuid>b503c30d-ee23-37c2-aa85-b30b04595f33</uuid> <metadata> <vmtemplate xmlns="unraid" name="Windows 10" icon="windows.png" os="windows10"/> </metadata> <memory unit='KiB'>8912896</memory> <currentMemory unit='KiB'>8912896</currentMemory> <memoryBacking> <nosharepages/> </memoryBacking> <vcpu placement='static'>6</vcpu> <cputune> <vcpupin vcpu='0' cpuset='1'/> <vcpupin vcpu='1' cpuset='5'/> <vcpupin vcpu='2' cpuset='2'/> <vcpupin vcpu='3' cpuset='6'/> <vcpupin vcpu='4' cpuset='3'/> <vcpupin vcpu='5' cpuset='7'/> </cputune> <os> <type arch='x86_64' machine='pc-i440fx-3.0'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/qemu/ovmf-x64/OVMF_CODE-pure-efi.fd</loader> <nvram>/etc/libvirt/qemu/nvram/b503c30d-ee23-37c2-aa85-b30b04595f33_VARS-pure-efi.fd</nvram> </os> <features> <acpi/> <apic/> <hyperv> <relaxed state='on'/> <vapic state='on'/> <spinlocks state='on' retries='8191'/> <vendor_id state='on' value='none'/> </hyperv> </features> <cpu mode='host-passthrough' check='none'> <topology sockets='1' cores='3' threads='2'/> </cpu> <clock offset='localtime'> <timer name='hypervclock' present='yes'/> <timer name='hpet' present='no'/> </clock> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <emulator>/usr/local/sbin/qemu</emulator> <disk type='block' device='disk'> <driver name='qemu' type='raw' cache='writeback'/> <source dev='/dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_S3R0NF0J857389E'/> <target dev='hdc' bus='sata'/> <boot order='1'/> <address type='drive' controller='0' bus='0' target='0' unit='2'/> </disk> <disk type='file' device='cdrom'> <driver name='qemu' type='raw'/> <source file='/mnt/user/isos/en_windows_10_multiple_editions_version_1703_updated_march_2017_x64_dvd_10189288.iso'/> <target dev='hda' bus='ide'/> <readonly/> <boot order='2'/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> <disk type='file' device='cdrom'> <driver name='qemu' type='raw'/> <source file='/mnt/user/isos/virtio-win-0.1.160-1.iso'/> <target dev='hdb' bus='ide'/> <readonly/> <address type='drive' controller='0' bus='0' target='0' unit='1'/> </disk> <controller type='usb' index='0' model='ich9-ehci1'> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x7'/> </controller> <controller type='usb' index='0' model='ich9-uhci1'> <master startport='0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0' multifunction='on'/> </controller> <controller type='usb' index='0' model='ich9-uhci2'> <master startport='2'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x1'/> </controller> <controller type='usb' index='0' model='ich9-uhci3'> <master startport='4'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x2'/> </controller> <controller type='pci' index='0' model='pci-root'/> <controller type='ide' index='0'> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> </controller> <controller type='sata' index='0'> <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> </controller> <controller type='virtio-serial' index='0'> <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> </controller> <interface type='bridge'> <mac address='52:54:00:10:d3:bd'/> <source bridge='br0'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> </interface> <serial type='pty'> <target type='isa-serial' port='0'> <model name='isa-serial'/> </target> </serial> <console type='pty'> <target type='serial' port='0'/> </console> <channel type='unix'> <target type='virtio' name='org.qemu.guest_agent.0'/> <address type='virtio-serial' controller='0' bus='0' port='1'/> </channel> <input type='tablet' bus='usb'> <address type='usb' bus='0' port='1'/> </input> <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> </source> <rom file='/mnt/user/isos/Gigabyte.GTX1660.edited.rom'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x01' slot='0x00' function='0x1'/> </source> <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/> </hostdev> <memballoon model='none'/> </devices> </domain> gigabyitegtx1660unedited.rom

Works like a charm! Thanks. I don't use my main nextcloud instance (which is hosted on unraid) to store the key, but rather a free provider https://woelkli.com/en where i only keep a duplicati encrypted backup of some stuff. I'm aware it's not an ideal solution, but it will do for my needs.

Thanks for the excellent video! I adapted your idea to a file hosted on a nextcloud service, accessing the file with curl via webdav: curl -u user:pass -o /root/keyfile https://mynextcloud.com/remote.php/webdav/keyfile This works flawlessly. However, it takes a few seconds to complete (usually around 5-7s). The thing is, this seems to be too long for unraid, as it tries to open the encrypted drives before the key is downloaded (that is my understanding at least). The array fails to autostart (see log below), but if i start it manually a few seconds later, it manages to open the key file, open the drives and start the array. May 29 22:21:42 BackupTower emhttpd: shcmd (33): udevadm settle May 29 22:21:43 BackupTower emhttpd: Opening encrypted volumes... May 29 22:21:43 BackupTower emhttpd: shcmd (35): /usr/sbin/cryptsetup luksOpen /dev/md1 md1 --key-file /root/keyfile May 29 22:21:43 BackupTower kernel: device-mapper: ioctl: 4.37.0-ioctl (2017-09-20) initialised: [email protected] May 29 22:21:43 BackupTower root: Failed to open key file. May 29 22:21:43 BackupTower emhttpd: shcmd (35): exit status: 1 May 29 22:21:43 BackupTower emhttpd: shcmd (37): /usr/sbin/cryptsetup luksOpen /dev/md2 md2 --key-file /root/keyfile May 29 22:21:43 BackupTower root: Failed to open key file. May 29 22:21:43 BackupTower emhttpd: shcmd (37): exit status: 1 May 29 22:21:43 BackupTower emhttpd: shcmd (39): /usr/sbin/cryptsetup luksOpen /dev/md3 md3 --key-file /root/keyfile May 29 22:21:43 BackupTower root: Failed to open key file. May 29 22:21:43 BackupTower emhttpd: shcmd (39): exit status: 1 May 29 22:21:43 BackupTower emhttpd: Missing encryption key May 29 22:21:43 BackupTower kernel: mdcmd (40): stop May 29 22:21:43 BackupTower kernel: md1: stopping May 29 22:21:43 BackupTower kernel: md2: stopping May 29 22:21:43 BackupTower kernel: md3: stopping May 29 22:21:43 BackupTower avahi-daemon[9011]: Server startup complete. Host name is BackupTower.local. Local service cookie is ********* Any suggestion as to how i could either set a delay on the autostart or maybe force a new array start a few seconds later? Any help would be much appreciated.

Unfortunately, i never resolved this. I just ended up setting the spin down delay to never for all my drives. I have a new case and mobo with soc coming soon, i might test one of those wd red's on it again. Please do tell if you find a solution.

Resolved! It was just the boot order. For some reason, the motherboard then chose my SSD with win10 on it as boot device... I just had to go into the boot menu of my mobo to chose the flash drive :). Hope this can help someone else.