Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.
Resource icon

FN11.2 iocage jails - Plex, Tautulli, Sonarr, Radarr, Lidarr, Jackett, Transmission, Organizr

Joined
Jun 26, 2016
Messages
85
Thanks
9
Regarding Transmission and VPN...

It is stated:

If you are going to going to use the vpn, you will need add a preinit task in the webui to run the following command as well as run it once before you setup the jail. This adds a rule to the default devfs_ruleset applied to all iocage jails to allow them to access tun devices.

devfs rule -s 4 add path 'tun*' unhide

If I didn't run this before I setup the Jail, do I have to blow it away and start over, or is there another option?
This solution worked for me. I still wonder if this is intentional by design.
 

TheDubiousDubber

FreeNAS Experienced
Joined
Sep 11, 2014
Messages
189
Thanks
9
I recently did a fresh install of 11.2 U3. I'm creating everything from scratch, so no copying or converting of jails etc. I'm trying to follow this guide to get Sonarr, Radarr, etc installed and it is not working. I'm copy/pasting the commands for the most part. Plex is working fine, but the others are not working. Going through the list of radarr commands, it gets confusing here:
"Create an rc file for radarr using your favorite editor at /mnt/iocage/jails/radarr/root/usr/local/etc/rc.d/radarr"

I'm assuming this means create an rc.conf file in that directory, but it does not say that. It only says rc file (more explicit directions would be greatly appreciated).
Also the example has radarr_enable:="NO" and I'm assuming this needs to be changed to yes, but in either case I still end up with the same error when trying to start the service:
"env: /usr/local/etc/rc.d/radarr: Permission denied"

I've followed this guide thoroughly, changing nothing except the values that relating to my own datasets and IP addresses and yet it does not work...
please help.
 

danb35

FreeNAS Wizard
Joined
Aug 16, 2011
Messages
9,960
Thanks
3,495
"Create an rc file for radarr using your favorite editor at /mnt/iocage/jails/radarr/root/usr/local/etc/rc.d/radarr"

I'm assuming this means create an rc.conf file in that directory,
No, that isn't what it says, and that isn't what it means. It says (and means) to create /mnt/iocage/jails/radarr/root/usr/local/etc/rc.d/radarr using your favorite editor, and assumes that you know enough to have a favorite editor. If you're using nano, for example, you'd run nano /mnt/iocage/jails/radarr/root/usr/local/etc/rc.d/radarr.
 

TheDubiousDubber

FreeNAS Experienced
Joined
Sep 11, 2014
Messages
189
Thanks
9
No, that isn't what it says, and that isn't what it means. It says (and means) to create /mnt/iocage/jails/radarr/root/usr/local/etc/rc.d/radarr using your favorite editor, and assumes that you know enough to have a favorite editor. If you're using nano, for example, you'd run nano /mnt/iocage/jails/radarr/root/usr/local/etc/rc.d/radarr.
I was expecting there to be a file extension and calling it an rc file threw me off. I don't know much when it comes to FreeBSD/Linux stuff like this so thanks for the clarification.

The one other thing I noticed is that running nano /mnt/iocage/jails/radarr/root/usr/local/etc/rc.d/radarr takes me to a non-existent directory. It appears /mnt/iocage does not exist, but /mnt/tank/iocage does exist and seems to work if I add 'tank' (my pool) into the command. Is this an oversight, or is my setup incorrect?
 
Last edited:
Joined
Aug 19, 2015
Messages
29
Thanks
0
Can anyone share their automatic unzip/unrar scripts for Transmission?

That's the only piece of my automation that I've never successfully setup. After months of Googling I've just found tons of dead ends...

Using a combination of this guide and this guide I can confirm that unrar works properly in the Transmission jail using this command:

find /$TR_TORRENT_DIR/$TR_TORRENT_NAME -name "*.rar" -execdir unrar e -o- "{}" \;

As long as I replace /$TR_TORRENT_DIR/$TR_TORRENT_NAME -name "*.rar" with the actual .rar filename.

However I get an undefined variable error if I run the command as is... I'm assuming this is because Transmission would define that variable as the torrent that just finished downloading?

Likewise, I've made my script executable, and owned by the same user as Transmission. I've pointed Transmission to the script in the settings.json. However I'm not sure if Transmission is actually running the script or not.
 
Last edited:
Joined
Feb 8, 2014
Messages
18
Thanks
1
I can't get anything to play that has to transcode. I keep getting "Conversion failed. A required codec could not be found or failed to install."

Code:
Mar 12, 2019 23:09:37.315 [0x80c5d4600] DEBUG - HTTP requesting GET https://downloads.plex.tv/codecs/eae-69c1de6-23/freebsd-x86_64-standard/EasyAudioEncoder-freebsd-x86_64-standard.zip
Mar 12, 2019 23:09:37.599 [0x80c5d4600] DEBUG - HTTP 200 response from GET https://downloads.plex.tv/codecs/eae-69c1de6-23/freebsd-x86_64-standard/EasyAudioEncoder-freebsd-x86_64-standard.zip
Mar 12, 2019 23:09:37.667 [0x80c5d4600] ERROR - Unzip: could not set executable bit on output file
Mar 12, 2019 23:09:37.667 [0x80c5d4600] ERROR - CodecManager: failed to extract zip
Mar 12, 2019 23:09:37.667 [0x80c5d4600] ERROR - Error configuring transcoder: Decoder install failed: eac3_eae
Mar 12, 2019 23:09:37.667 [0x80c5d4600] DEBUG - Streaming Resource: Terminating session 0x80ce24e20:gk74r1kj0jlf0k3pm01fgohr which is using transcoder slot.  Used slots is now 0
Mar 12, 2019 23:09:37.667 [0x80c5d4600] DEBUG - Streaming Resource: Terminated session 0x80ce24e20:gk74r1kj0jlf0k3pm01fgohr with reason Conversion failed. A required codec could not be found or failed to install.
Mar 12, 2019 23:09:37.667 [0x80c9e7b00] DEBUG - Killing job.


Someone on the Plex told me "That is a very clear error. The codecs directory needs to have execute permissions and if on mounted volume then it must have exec in \etc\fstab and must not have noexec" but I don't know how to fix that.

After following this guide, I've run into this issue every time I update Plex. The resolution has been to rename the tmp folder located in \config\Plex\Plex MediaServer\Codecs to remove the ".tmp" at the end of the folder name (EX: EasyAudioEncoder-eae-69c1de6-31-freebsd-x86_64.tmp -> EasyAudioEncoder-eae-69c1de6-31-freebsd-x86_64). Based on what you've uncovered, this issue appears to be due to mounting the \config share (which this guide recommends to do), and is almost certainly permissions related.

Does anyone know how to fix this so I don't have to manually rename the folder every time?
 
Joined
Oct 9, 2017
Messages
1
Thanks
0
Needed to add chromaprint (package) to lidarr due to an error message "fpcalc could not be found". See: https://github.com/Lidarr/Lidarr/wiki/Health-checks#fpcalc-missing

I just did a pkg install chromalib and then restarted lidarr, and the error message went away. I did not try adding that package to the iocage command when building the jail, but I am guessing that it should work. Please excuse my lack of follow through, as I am a dangerous newby to FreeNas/FreeBSD/Debian/Linux. I did want to let you know about this. Below is some more info on lidarr:

Version - 0.6.2.883
Mono Version - 5.10.1.57
DB Migration - 29

Finally, thanks for having this resource!
 
Joined
Jun 20, 2014
Messages
38
Thanks
2
I have reverse proxy setup and working but now I am wanting to add Transmission to the mix as a fallback in case Usenet results on Sonarr are failing due to "reasons" and are only a week old. I can figure out how to add Transmission to NGINX but I want to use the Transmission section in this tutorial. I have access to Windscribe VPN but I don't know where to find the IP of VPN Entrance Node. I am wanting to avoid any problems with my ISP due to Sonarr/Radarr using torrents... which is why I use Usenet to begin with. Any help would be appreciated. I built my FreeNAS server using the rest of this tutorial.

Code:
# Allow access to Entrace IP for VPN
add 04000 allow IP from 172.16.0.14/32 to <IP of VPN Entrance Node> keep-state
 
Joined
Mar 11, 2015
Messages
13
Thanks
0
I have gotten through the majority of this guide with few problems but upon reaching the Transmission portion I have no idea how to fill out the network values. The two problems I'm running into is first I don't know how to figure out what values to substitute for my ipfw_rules file regarding my own network and my VPN entrance point. I don't understand networking enough to even know what to google to figure it out.

Second, I'm trying to use Buffered VPN and all the VPN files are downloading as [Server Location].ovpn files where the guide calls for openvpn.conf files. Can I just rename the end of my file to .conf and be fine?
 
Joined
Jun 26, 2016
Messages
85
Thanks
9
I have gotten through the majority of this guide with few problems but upon reaching the Transmission portion I have no idea how to fill out the network values. The two problems I'm running into is first I don't know how to figure out what values to substitute for my ipfw_rules file regarding my own network and my VPN entrance point. I don't understand networking enough to even know what to google to figure it out.

Second, I'm trying to use Buffered VPN and all the VPN files are downloading as [Server Location].ovpn files where the guide calls for openvpn.conf files. Can I just rename the end of my file to .conf and be fine?
I use AirVPN and when I open the .ovpn file in a text editor, I copy and paste it into /openvpn.conf. So the .opvn becomes the contents of /openvpn.conf.

The network addresses you need are the IP of your transmission jail and the IP of your router LAN network.
The IP of your jail is shown in the jail section of the Free as web interface.

Additionally you need the IP address of the VPN server that is shown within your .ovpn file.

These are the values you need to add to your ipfw rules.
 
Joined
Mar 11, 2015
Messages
13
Thanks
0
I use AirVPN and when I open the .ovpn file in a text editor, I copy and paste it into /openvpn.conf. So the .opvn becomes the contents of /openvpn.conf.

The network addresses you need are the IP of your transmission jail and the IP of your router LAN network.
The IP of your jail is shown in the jail section of the Free as web interface.

Additionally you need the IP address of the VPN server that is shown within your .ovpn file.

These are the values you need to add to your ipfw rules.
Thanks for the quick reply. I have the jail IP addresses and I believe my LAN network. All my IP addresses at my location are 192.168.0.XXX with my router specifically 192.168.0.1, so that would make my network 192.168.0.0 correct? How do I figure out the netmask? Would they both be /24?

In the Buffered VPN ovpn file it doesn't list an IP address. It has the server hostname and netmask I believe.

This is what my ipfw_rules looks like but I'm not sure on the /24 or us-east-coast.servers.buffered.com/443

Code:
# Allow internal traffic
add 03000 allow IP from 192.168.0.143/24 to 192.168.0.0/24 keep-state
add 03000 allow IP from 192.168.0.0/24 to 192.168.0.143/24 keep-state

# Allow access to Entrace IP for VPN
add 04000 allow IP from 192.168.0.143/24 to us-east-coast.servers.buffered.com/443 keep-state

# Allow any traffic over the VPN interface
add 05000 allow IP from any to any via tun*

# Deny any other traffic
add 65534 deny IP from any to any


And here's the readout from the jail when I update the firewall rules.

Code:
root@freenas:~ # iocage exec transmission service ipfw start
Flushed all rules.
00100 allow IP from any to any via lo0
00200 deny IP from any to 127.0.0.0/8
00300 deny IP from 127.0.0.0/8 to any
00400 deny IP from any to ::1
00500 deny IP from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
03000 allow IP from 192.168.0.0/24 to 192.168.0.0/24 keep-state :default
03000 allow IP from 192.168.0.0/24 to 192.168.0.0/24 keep-state :default
Line 6: bad width ``443''
Firewall rules loaded.


So it seems like it isn't taking my LAN network settings and definitely doesn't look like my VPN "IP" is working.

The top of my ovpn file is below with the rest of the file being certificate and key info.
Code:
client
remote-cert-tls server
dev tun
proto udp
ping 5
ping-restart 30
sndbuf 640000
rcvbuf 640000
resolv-retry infinite
nobind
explicit-exit-notify 3
comp-lzo yes
verb 2
route-gateway dhcp
redirect-gateway def1
remote us-east-coast.servers.buffered.com 443
 
Joined
Jun 26, 2016
Messages
85
Thanks
9
Thanks for the quick reply. I have the jail IP addresses and I believe my LAN network. All my IP addresses at my location are 192.168.0.XXX with my router specifically 192.168.0.1, so that would make my network 192.168.0.0 correct? How do I figure out the netmask? Would they both be /24?

In the Buffered VPN ovpn file it doesn't list an IP address. It has the server hostname and netmask I believe.

This is what my ipfw_rules looks like but I'm not sure on the /24 or us-east-coast.servers.buffered.com/443

Code:
# Allow internal traffic
add 03000 allow IP from 192.168.0.143/24 to 192.168.0.0/24 keep-state
add 03000 allow IP from 192.168.0.0/24 to 192.168.0.143/24 keep-state

# Allow access to Entrace IP for VPN
add 04000 allow IP from 192.168.0.143/24 to us-east-coast.servers.buffered.com/443 keep-state

# Allow any traffic over the VPN interface
add 05000 allow IP from any to any via tun*

# Deny any other traffic
add 65534 deny IP from any to any


And here's the readout from the jail when I update the firewall rules.

Code:
root@freenas:~ # iocage exec transmission service ipfw start
Flushed all rules.
00100 allow IP from any to any via lo0
00200 deny IP from any to 127.0.0.0/8
00300 deny IP from 127.0.0.0/8 to any
00400 deny IP from any to ::1
00500 deny IP from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
03000 allow IP from 192.168.0.0/24 to 192.168.0.0/24 keep-state :default
03000 allow IP from 192.168.0.0/24 to 192.168.0.0/24 keep-state :default
Line 6: bad width ``443''
Firewall rules loaded.


So it seems like it isn't taking my LAN network settings and definitely doesn't look like my VPN "IP" is working.

The top of my ovpn file is below with the rest of the file being certificate and key info.
Code:
client
remote-cert-tls server
dev tun
proto udp
ping 5
ping-restart 30
sndbuf 640000
rcvbuf 640000
resolv-retry infinite
nobind
explicit-exit-notify 3
comp-lzo yes
verb 2
route-gateway dhcp
redirect-gateway def1
remote us-east-coast.servers.buffered.com 443

It would also be better if you are able to choose an individual server from Buffervpn so they can give you just one IP address to insert into the ipfw_rules file.
 
Last edited:
Joined
Jun 26, 2016
Messages
85
Thanks
9
Is there a way to verify the VPN is indeed working? When I start openvpn it asks me for my username and password. Just want to make sure that it's actually "on" before I start using it.
I use “curl ifconfig.co” from the jail console. It should show your vpn IP address., not your isp assigned address. Then you can disconnect from your vpn from the user page of your vpn website and verify IPFW has indeed killed your jail internet.
 
Joined
Mar 18, 2018
Messages
2
Thanks
0
Ok, I'll preface this by saying I'm sure I'm missing a simple solution to this.

I'm running 11.2 U4.1

I have created separate iocage jails for Plex, Radarr, Sonarr and Nzbget. The issue I'm having is Sonarr not seeing files to import after download. It communicates fine with Nzbget and tracks the download, but after it completes, it states there's no valid file to import. Manual import shows the directory path, but doesn't show any files. The files are present in the NZBget jail's directory. The files are downloaded into a "download" directory I created in the NZBget jail, with various subdirectories created accordingly.

Now, I fully realize that the NZBget jail has a user(in this case, media:media) that is owns/accesses that folder. So I need to give access to the second jail, and the user running Sonarr(sonarr:sonarr) so it can get to it.

I'm trying to figure out the correct method to do this. Should I create a new dataset for "Downloads" instead, and then just mount it in both jails? I'm assuming I could just create both users locally with the same UID and then give them permission to the dataset and that would probably work? Or should I be mapping my Sonarr jail to the Nzbget jail's "downloads" folder...and then re-create sonarr as a user with the same UID on that jail to provide access?
 
Joined
Jun 20, 2014
Messages
38
Thanks
2
The way I have mine setup is I have v1 Pool which has a dataset for apps, iocage, and a media dataset. Media dataset has media:media 777. In your sonarr add something like this:

Code:
iocage fstab -a sonarr /mnt/v1/media/videos/tv /mnt/media/videos/tv nullfs rw 0 0
iocage fstab -a sonarr /mnt/v1/media/downloads /mnt/media/downloads nullfs rw 0 0 


If your media folder doesn't have proper permissions, Sonarr won't be able to access the download from your downloader. I had this exact same problem until I fixed my permissions.
 
Joined
Mar 18, 2018
Messages
2
Thanks
0
The way I have mine setup is I have v1 Pool which has a dataset for apps, iocage, and a media dataset. Media dataset has media:media 777. In your sonarr add something like this:

Code:
iocage fstab -a sonarr /mnt/v1/media/videos/tv /mnt/media/videos/tv nullfs rw 0 0
iocage fstab -a sonarr /mnt/v1/media/downloads /mnt/media/downloads nullfs rw 0 0


If your media folder doesn't have proper permissions, Sonarr won't be able to access the download from your downloader. I had this exact same problem until I fixed my permissions.
Thank you, that got me one step closer. It still fails to automatically import, but manually, it can see the file. I think Sonarr just doesn't have the proper write permissions to the dataset where I have my media files(separate from the one I just created for the initial downloads). I can track this down and get it working though, as I just need to double check the permissions tomorrow.

I really appreciate it!
 
Top