I don’t use unraid by my advice for everyone is that you can’t have too many backups of data that you really care about, use the 3-2-1 rule at a minimum.

Also, welcome to your new hobby you will love and hate at the same time sometimes :D

hmm the last line in the log above there says:

“[Fatal ConsoleApp: The requested address is not valid in this context. This can happen if another instance of Sonarr is already running another application is using the same port (default: 8989) or the user has insufficient permissions Press enter to exit.“

So that sounds like that the container might be running but sonarr is not. Did you ever get it working?

Your netstat command shows a process named docker-proxy using that port, which confirms what the log says. If your container isn’t running you can try to find the process using it with netstat or lsof, it might be a stale container process or something but a reboot is often faster than figuring out what it is to see if that clears up whatever is using the port.

In addition to all of the suggestions here you can easily do this with almost all major DNS providers today like Cloudflare and AWS Route 53, there are many community containers and scripts to keep the record in sync depending on what else you are using on your network.

the purpose of using nginx is to not have to use the port number in this scenario, the reason it works is because your DNS for that hostname still points to that machine that both containers are running on. Normal DNS A and cname records do not contain port information.

The 502 bad gateway error means that nginx is not able to connect to the upstream host for that hostname, this is where you need to use the port for the other container (5870). Do know that using localhost in docker will not have the results you are expecting, if these are on the same host you can use the name you have configured for the container as the hostname in nginx otherwise use the host IP, in your case it would be http://listmonk_app:5870.

Hope that helps!

Oh yeah for sure, every time I’m like “it can’t be spanning tree” it is spanning tree. Do you mean copper vs fiber? LC connectors can carry a variety of speeds but generally yeah I try to use fiber or DAC cables which are shielded wherever I can.

So then it doesn’t work across the ubiquity switch just to double check? If so, you will need to enable jumbo frames on that for sure and it is not enabled by default and that could also explain the throughput as it is having to fragment then defragment the frames to cross the switch or iperf is using MSS to determine that it can only send 1500 byte frames, your slower speed is about line rate for 1500 byte frames no matter the speed of the actual link.

ETA: you can verify this by pinging with a large size and setting the “do not fragment” flag, so something like ‘ping -s 2000 -M do ip.addr ’ on Linux, windows uses different flags.

Can you draw a picture of how you have all 3 switches connected with all of the wires? I am suspicious that you are creating a switching loop or spanning tree isn’t picking the optimal link on accident so I’m curious.

Cloudflare does post their IP ranges so I would probably start with looking at traffic involved with those IPs to see what kind of information was going there, you could also block those ranges and see what breaks.

That’s awesome, I’ll have to give it another look. Maybe I’ll have to set up one of each and do some performance testing then :D

The way I would solve this is by putting nginx or other reverse proxy directly on your instance in the cloud. You can use this to set one of the well known proxy headers and proxies as others have mentioned and have this then proxy to your backend instances over the VPN (even if it’s pointing to an internal nginx instance). Then the access logs on your cloud instance will also contain the actual IP address of the client, setting headers will obviously only work for HTTP traffic, there really isn’t a similar mechanism for TCP/UDP traffic as those are layer 3 and HTTP is layer 4. If you are concerned about it you can always ship the logs to somewhere on prem as well.

So, anecdotally, I used pihole first more than 5 years ago and switched to AdGuard as pihole did not have the ability to do conditional forwarding of requests for various zones or the ability to add static records via the UI. Conditional forwarding means that I can send the requests for let’s say example.com to an internal server hosting that zone responding with private records for internal services as well as other similar scenarios.

I also like that I can identify clients or networks in adguard by various factors and apply different rules (blocking and forwarding) and collect statistics on those clients or groups of clients, I don’t think pihole has either feature yet.

I also like that adguard is a static binary which is likely what people mean when they say it’s easier to install and maintain.

As to why I keep it and don’t switch back, I like the interface AdGuard has and it doesn’t break so I often forget about it anymore. I’ll update if I remember anything else but those are the larger things for me. If pihole is working then stick with it but curiosity is a definite reason to try adguard, I bet you could just stop pihole on your machine and run adguard to check it out without too much work (yay static binary) but I haven’t tested that myself.

Hope that helps!

It depends on what you mean by struggling but you can get pretty far with an 8th or 9th gen i5 and 16gb of RAM, would be a pretty cheap upgrade these days. The huge jump in quality for QuisckSync was between the 7th and 8th gen from what I remember so it doesn’t have to be new. If you are worried about power I think that it’s 65 or 70w for the 8th gen ones.

For what it’s worth, my current Plex machine is an 8500k with 32 gb of memory and a 250w power supply since it doesn’t have local storage and it has been running 24x7 for about 4 or so years now. I once load tested it for fun and I was able to do 7 or 8 4k transcodes and it wasn’t really its limit, I have no complaints haha.

Hey which rack is that, I don’t see them wide enough for vertical cable management like that very often so I am real curious.

Great work, one of these days I need to post a picture of my home setup on here, thanks for the inspiration!

Are you using VLANs on your switch? Are you using the LAN or WAN port on the google device? As others have said, those two subnets do not overlap using /24 (255.255.255.0) so you would either need to use something like 192.168.0.0/17 that would cover both 192.168.1.0/24 and 192.168.86.0/24 but that is way overkill for most networks (192.168.0.0 - 192.168.127.255, 32766 hosts).

If you are having trouble understanding subnetting (or are like me and have a brain that refuses to learn any tricks to do it in your head) I highly recommend this really simple subnet calculator as it is very easy to see how you can divide subnets down from the RFC 1918 supernet (192.168.0.0/16) by clicking on “Divide” on the right side. In fact, that’s pretty much the only subnet tool I use anymore, super quick and easy.

It might be easier to just disable DHCP on the google side (or configure it as a DHCP relay if you can) and just use one subnet from OPNSense.

If you are not able to disable DHCP on the google side then I would set up a VLAN for the google wifi device and then create a VLAN interface in the 192.168.86.0/24 subnet that DHCP won’t use (like 192.168.86.2) and configure DHCP to use that for the gateway. This will then allow you to route between your two networks internally and to the internet (firewall permitting, obviously). If your switch does not allow VLANs then you could use another physical interface on the firewall and connect that to the LAN port on the google wifi device and do the same thing for the same result.

I hope all of that makes sense, please do ask for clarification if not, I do this kind of stuff every day and love teaching it so fire away.

I know someone else said this but I would just get an i5 with a iGPU, I also have an 8000 series i5 and when it was new I did some load testing and it could do 5-10 transcodes at a time no problem.

ETA: Even a NUC with an iGPU is great, I have several friends doing that.