Skip to content

Instantly share code, notes, and snippets.

@jaimemrjm

jaimemrjm/openMediaVault_tips.md

Last active April 4, 2025 18:22
Show Gist options
  • Save jaimemrjm/b5335c34c064b498a3f6dc4c1b19bcf8 to your computer and use it in GitHub Desktop.
Save jaimemrjm/b5335c34c064b498a3f6dc4c1b19bcf8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
openMediaVault_tips.md

OpenMediaVault tips

Installation

  • recommended to use Debian installer and then the omv debian packages
  • recommended to run omv-firstaid after omv packages installation.

Hardware issues related to Asrock J4105-ITX motherboard

  • Add the non-free string to the first line in /etc/apt/sources.list.

  • Install firmware-realtek and firmware-misc-nonfree packages to avoid dmesg messages like:

    • enp2s0: unable to load firmware patch rtl_nic/rtl8168h-2.fw (-2) or
    • [drm] Failed to load DMC firmware i915/glk_dmc_ver1_04.bin.

  • Install OMV extras.

  • Install backport kernel:

    apt-get -t buster-backports install linux-image-amd64

DNS

Note that OMV is based on Debian 12 (nowdays in 2024) and DNS client configuration is in /etc/systemd/resolved.conf instead of classic /etc/resolv.conf

If apt or any cli command insists to resolve the IPv6 address for a host instead of using the IPv4, you can configure the /etc/gai.conf file and uncomment the line:

#precedence ::ffff:0:0/96  100

Dynamic DNS

I use a free domain from ClouDNS up to now. I have to move away from Duckdns service because it fails.

Host services

fail2ban

Config: https://dev.to/stjernstrom/block-ips-on-all-ports-with-fail2ban-on-a-docker-host-1983

SSH Server

Set AllowTcpForwarding yes in /etc/ssh/sshd_config file to allow ssh -L xxxx port forwarding and Visual Studio Code Remote support.

NOTE: In order to avoid 22 TCP port forwarding in my router I use 2222 or 2200.

Docker services

Portainer

docker run -d -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest

Pi-hole

NOTE: I have replaced by Adguard Home in 2023 because some issues.

docker run way:

docker run -d --name=pi-hole --env=DNS1=80.58.61.250 --env=DNS2=80.58.61.254 --env=ServerIP=192.168.1.5 --env=TZ='Europe/Berlin' --env=WEBPASSWORD=<CHANGEME> --volume=etc-dnsmasq.d:/etc/dnsmasq.d --volume=etc-pihole:/etc/pihole --cap-add=NET_ADMIN --dns=80.58.61.250 --dns=80.58.61.254 --network=ph_network -p 53:53 -p 53:53/udp -p 67:67/udp -p 80:80 --restart=unless-stopped 'pihole/pihole'

docker-compose way:

  pihole:
    container_name: pi-hole
    image: "pihole/pihole:latest"
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "80:80/tcp"
    environment:
      - TZ=$TZ
      - DNS1=80.58.61.250
      - DNS2=80.58.61.254
      - ServerIP=192.168.1.5
      - WEBPASSWORD=$PIPASSWD
    dns:
      - 80.58.61.250
      - 80.58.61.254
    networks:
      ph_network:
        ipv4_address: 192.168.1.5
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    cap_add:
      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    restart: unless-stopped

networks:
  ph_network:
    name: ph_network
    external: true

Notes

  • Pending to migrate cli docker network create to docker-compose
  • Change the dns values to your Internet access provider DNS servers.
  • No conflicts with 80 or 443 ports because is running in a different IP from host (in this case 192.168.1.5): [NOTE: limited solution] docker network create -d macvlan -o parent=enp1s0f0 --subnet=192.168.1.0/24 --gateway=192.168.1.1 --ip-range=192.168.1.4/30 ph_network
  • The network address will be 192.168.1.4/30 and the pi-hole address will be 192.168.1.5
  • If you want to communicate your Pi-hole with another docker instances in the same host:
sudo ip link add macvlan0 link enp1s0f0 type macvlan mode bridge
sudo ip addr add 192.168.1.4/30 dev macvlan0
sudo ip link set macvlan0 up

You can put these commands in a macvlan0.sh script in a systemd file in /etc/systemd/system/macvlan0.service:

[Unit]
Description=macvlan0 interface
After=network-online.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/srv/docker/macvlan0.sh

[Install]
WantedBy=multi-user.target

More details about these networking solution: https://gist.github.com/xirixiz/ecad37bac9a07c2a1204ab4f9a17db3c

Mosquitto-eclipse

SWAG as reverse proxy

SWAG requires text-based configuration but it works for me. I've tried Ngnix Proxy Manager but it takes several minutes to boot.

Tip for Home Assistant

If container doesn't share a bridge network with the SWAG nginx, remember to add in http.trusted_proxies[] in configuration.yml its docker ip (something like 172...)

@jaimemrjm
Copy link
Author

Add ngnix https and websocket for home assistant Stackoverflow Q&A

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment