Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.
Resource icon

FN11.2 iocage jails - Plex, Tautulli, Sonarr, Radarr, Lidarr, Jackett, Transmission, Organizr

excellent resource that continues to be updated, bravo!
There are a few issues when I tried this last night, for instance Radarr (not tried sonarr) has a fetch issue pulling the ssl certs:
iocage exec radarr "fetch https://github.com/Radarr/Radarr/releases/download/v0.2.0.995/Radarr.develop.0.2.0.995.linux.tar.gz -o /usr/local/share"
Returns: Certificate verification failed

I got around this by adding: fetch --no-verify-peer

Lastly, can we use media:media credentials on all iocages so they all match and all have the same permissions to write/read to the same folders?
If so would I just have to change:
iocage exec radarr chown -R media:media /usr/local/share/Radarr /config
Because I tried this and just got an error :(

Lastly iocage exec radarr rm /usr/local/share/Radarr.*.linux.tar.gz
Didnt work, I had to go into the jail and do it manually, no biggie just thought I'd mention it.
Great guide, plex works great. I got a little lost with the openvpn and firewall bit. I couldn't get it to work myself but I use torguard vpn so that may be why.
EPIC guide, thank you!

Just curious... have any of you tried following the guide for Organizr? I get to the point where I navigate to http://JailIP and nginx throws an error. I'm guessing it has something to do with nginx.conf. When I change the line "root /usr/local/www/Organizr;" to "root /usr/local/www/nginx;", I do not get an error. Any suggestions?
Great guide
amazing guide
Amazing guide, thank you
great guide for moving from warden to iocage
This is a fantastic resource. Thank you very much.
Fantastic documentation! Thank you! I have been hesitant to upgrade from 9.10 due to the switch to iocage but this resource has been very informative and I now have everything working as before. It would be great to see Nzbget and Nzbhydra2 added.
Thank you very much, looking forward to the sabnzbd update.
Great Guide! This greatly helped and also set good practices on mounted the configs. In a future update could you add a build for NZBget and maybe qbittorrent as an alternative to transmission?
Very comprehensive and helpful. A few issues with transmission settings and ipfw rules though.

Transmission: If you don't set transmission_chown="NO", then transmission resets the mounted dataset ownership to root:wheel on start of service, which you don't want.

IPFW: When the openvpn is up, can't access transmission web from LAN. Transmission web is only accessible when openvpn is down. No solution updated for this yet so far.
I've been using this ipfw script which seems to work as a killswitch for openvpn.

#!/bin/bash
# Flush out the list before we begin
ipfw -q -f flush

# Set rules command prefix
cmd="ipfw -q add"
vpn="tun0"

# allow all local traffic on the loopback interface
$cmd 00001 allow all from any to any via lo0

# allow any connection to/from VPN interface
$cmd 00010 allow all from any to any via $vpn

# allow connection to/from LAN by Transmission
$cmd 00101 allow all from me to 10.11.102.0/24 uid transmission
$cmd 00102 allow all from 10.11.102.0/24 to me uid transmission

# deny any Transmission connection outside LAN that does not use VPN
$cmd 00103 deny all from any to any uid transmission
Great guide and thanks for keeping it up to date!
no nonsense to the point
ipfw rules do not work, see output here:

root@freenas:~ # iocage exec transmission service ipfw start
Flushed all rules.
00100 allow IP from any to any via lo0
00200 deny IP from any to 127.0.0.0/8
00300 deny IP from 127.0.0.0/8 to any
00400 deny IP from any to ::1
00500 deny IP from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
03000 allow IP from 192.168.1.100 to 192.168.1.0/24 keep-state :default
03000 allow IP from 192.168.1.0/24 to 192.168.1.0 keep-state :default
04000 allow IP from 192.168.1.100 to 104.254.90.194 keep-state :default
05000 allow IP from any to any via tun*
65534 deny IP from any to any
Firewall rules loaded.
Thank you for this proper guide for all of the popular jails. Also for keeping it updated
The best resource for making IOCAGE jails work with popular packages.
Thanks for this. You should maybe consider putting these on Github instead of maintaining a post here.
really good guide for those who use iocage or can work out from these commands how to do this in a jail.
Top