Docker-transmission-openvpn: Synology NAS Install, Error with Logfile Permissions

Created on 25 Jun 2019 · 5Comments · Source: haugene/docker-transmission-openvpn

When following the install guide for the Synology NAS, I am unable to get the container to start.

Here is the command I used to create the container:

docker run --cap-add=NET_ADMIN -d \ --device=/dev/net/tun \ -v /volume1/Torrents/TransmissionVPN/resolv.conf:/etc/resolv.conf \ -v /volume1/downloads/:/data \ -e "OPENVPN_PROVIDER=NEWSHOSTING" \ -e "OPENVPN_CONFIG=sjc-a02" \ -e "OPENVPN_USERNAME=XXXXXXXX" \ -e "OPENVPN_PASSWORD=XXXXX" \ -e "LOCAL_NETWORK=192.168.0.0/24" \ -e "OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60" \ -e "PGID=100" \ -e "PUID=1234" \ -p 9091:9091 \ --sysctl net.ipv6.conf.all.disable_ipv6=0 \ --name "transmission-openvpn-syno" \ haugene/transmission-openvpn:latest

Here is the log:

Enforcing ownership on transmission config directories,
Applying permissions to transmission config directories,
Setting owner for transmission paths to 1234:100,
Setting permission for files (644) and directories (755),
,
-------------------------------------,
Transmission will run as,
-------------------------------------,
User name: abc,
User uid: 1234,
User gid: 100,
-------------------------------------,
,
STARTING TRANSMISSION,
NO PORT UPDATER FOR THIS PROVIDER,
Transmission startup script complete.,
Tue Jun 25 16:21:04 2019 /sbin/ip route add 209.197.6.156/32 via 172.17.0.1,
Tue Jun 25 16:21:04 2019 /sbin/ip route add 0.0.0.0/1 via 172.21.92.1,
Tue Jun 25 16:21:04 2019 /sbin/ip route add 128.0.0.0/1 via 172.21.92.1,
Tue Jun 25 16:21:04 2019 Initialization Sequence Completed,
Couldn't (re)open log file "/data/transmission-home/transmission.log": Permission denied,
Tue Jun 25 16:22:58 2019 event_wait : Interrupted system call (code=4),
Tue Jun 25 16:22:58 2019 SIGTERM received, sending exit notification to peer,
Tue Jun 25 16:23:03 2019 /sbin/ip route del 209.197.6.156/32,
Tue Jun 25 16:23:03 2019 /sbin/ip route del 0.0.0.0/1,
Tue Jun 25 16:23:03 2019 /sbin/ip route del 128.0.0.0/1,
Tue Jun 25 16:23:03 2019 Closing TUN/TAP interface,
Tue Jun 25 16:23:03 2019 /sbin/ip addr del dev tun0 172.21.92.18/23,
Tue Jun 25 16:23:03 2019 /etc/openvpn/tunnelDown.sh tun0 1500 1553 172.21.92.18 255.255.254.0 init,
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec],
Tue Jun 25 16:23:03 2019 SIGTERM[soft,exit-with-notification] received, process exiting,
Using OpenVPN provider: NEWSHOSTING,
Starting OpenVPN using config sjc-a02.ovpn,
Setting OPENVPN credentials...,
adding route to local network 192.168.0.0/24 via 172.17.0.1 dev eth0,
Tue Jun 25 16:23:06 2019 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 19 2019,
Tue Jun 25 16:23:06 2019 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08,
Tue Jun 25 16:23:06 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts,
Tue Jun 25 16:23:06 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]209.197.6.156:1194,
Tue Jun 25 16:23:06 2019 Socket Buffers: R=[212992->212992] S=[212992->212992],
Tue Jun 25 16:23:06 2019 UDP link local: (not bound),
Tue Jun 25 16:23:06 2019 UDP link remote: [AF_INET]209.197.6.156:1194,
Tue Jun 25 16:23:06 2019 TLS: Initial packet from [AF_INET]209.197.6.156:1194, sid=4e865792 006e1415,
Tue Jun 25 16:23:06 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this,
Tue Jun 25 16:23:06 2019 VERIFY OK: depth=1, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN,
Tue Jun 25 16:23:06 2019 VERIFY KU OK,
Tue Jun 25 16:23:06 2019 Validating certificate extended key usage,
Tue Jun 25 16:23:06 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication,
Tue Jun 25 16:23:06 2019 VERIFY EKU OK,
Tue Jun 25 16:23:06 2019 VERIFY OK: depth=0, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=vpn, name=VPN,
Tue Jun 25 16:23:06 2019 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA,
Tue Jun 25 16:23:06 2019 [vpn] Peer Connection Initiated with [AF_INET]209.197.6.156:1194,
Tue Jun 25 16:23:07 2019 SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1),
Tue Jun 25 16:23:07 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 493216,sndbuf 493216,explicit-exit-notify 5,comp-lzo no,route-gateway 172.21.92.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.21.92.18 255.255.254.0,peer-id 3,cipher AES-256-GCM',
Tue Jun 25 16:23:07 2019 OPTIONS IMPORT: timers and/or timeouts modified,
Tue Jun 25 16:23:07 2019 OPTIONS IMPORT: explicit notify parm(s) modified,
Tue Jun 25 16:23:07 2019 OPTIONS IMPORT: compression parms modified,
Tue Jun 25 16:23:07 2019 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified,
Tue Jun 25 16:23:07 2019 Socket Buffers: R=[212992->425984] S=[212992->425984],
Tue Jun 25 16:23:07 2019 OPTIONS IMPORT: --ifconfig/up options modified,
Tue Jun 25 16:23:07 2019 OPTIONS IMPORT: route options modified,
Tue Jun 25 16:23:07 2019 OPTIONS IMPORT: route-related options modified,
Tue Jun 25 16:23:07 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified,
Tue Jun 25 16:23:07 2019 OPTIONS IMPORT: peer-id set,
Tue Jun 25 16:23:07 2019 OPTIONS IMPORT: adjusting link_mtu to 1625,
Tue Jun 25 16:23:07 2019 OPTIONS IMPORT: data channel crypto options modified,
Tue Jun 25 16:23:07 2019 Data Channel: using negotiated cipher 'AES-256-GCM',
Tue Jun 25 16:23:07 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key,
Tue Jun 25 16:23:07 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key,
Tue Jun 25 16:23:07 2019 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:05,
Tue Jun 25 16:23:07 2019 TUN/TAP device tun0 opened,
Tue Jun 25 16:23:07 2019 TUN/TAP TX queue length set to 100,
Tue Jun 25 16:23:07 2019 /sbin/ip link set dev tun0 up mtu 1500,
Tue Jun 25 16:23:07 2019 /sbin/ip addr add dev tun0 172.21.92.18/23 broadcast 172.21.93.255,
Tue Jun 25 16:23:07 2019 /etc/openvpn/tunnelUp.sh tun0 1500 1553 172.21.92.18 255.255.254.0 init,
Up script executed with tun0 1500 1553 172.21.92.18 255.255.254.0 init,
Updating TRANSMISSION_BIND_ADDRESS_IPV4 to the ip of tun0 : 172.21.92.18,
Generating transmission settings.json from env variables,
sed'ing True to true,
Enforcing ownership on transmission config directories,
Applying permissions to transmission config directories,
Setting owner for transmission paths to 1234:100,
Setting permission for files (644) and directories (755),
,
-------------------------------------,
Transmission will run as,
-------------------------------------,
User name: abc,
User uid: 1234,
User gid: 100,
-------------------------------------,
,
STARTING TRANSMISSION,
NO PORT UPDATER FOR THIS PROVIDER,
Transmission startup script complete.,
Tue Jun 25 16:23:07 2019 /sbin/ip route add 209.197.6.156/32 via 172.17.0.1,
Tue Jun 25 16:23:07 2019 /sbin/ip route add 0.0.0.0/1 via 172.21.92.1,
Tue Jun 25 16:23:07 2019 /sbin/ip route add 128.0.0.0/1 via 172.21.92.1,
Tue Jun 25 16:23:07 2019 Initialization Sequence Completed,
Couldn't (re)open log file "/data/transmission-home/transmission.log": Permission denied,

help wanted

Source

pk2ca

All 5 comments

Hello, user abc|1234|100 is just example:

Transmission will run as,
-------------------------------------,
User name: abc,
User uid: 1234,
User gid: 100,

You must create real user folow this tips:
https://github.com/haugene/docker-transmission-openvpn/issues/621#issuecomment-430352483

evsasha on 29 Jun 2019

👍1

Hello, I followed the tutorial to install on my Synology NAS.
Everything works fine (VPN), except that when I access https://192.168.2.100:9091 (my nas address), Transmission does not display. This is the message I have:

Secure connection failure

An error occurred during a connection at 192.168.2.100:9091. SSL has received a record that exceeds the maximum allowed length

Can you please help me.

Thank you.

#

docker run --cap-add=NET_ADMIN --device=/dev/net/tun -d -v /volume2/Files/TransmissionVPN/resolv.conf:/etc/resolv.conf -v /volume2/Downloads/TransmissionVPN/:/data -e "OPENVPN_PROVIDER=NORDVPN" -e "OPENVPN_USERNAME=myvpnaccount" -e "OPENVPN_PASSWORD=myvpnpassword" -e "LOCAL_NETWORK=192.168.2.0/24" -e "OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60" -e "PGID=100" -e "PUID=1024" -p 9091:9091 --sysctl net.ipv6.conf.all.disable_ipv6=0 --name "transmission-openvpn-syno" haugene/transmission-openvpn:latest

gudbes on 30 Aug 2019

@pk2ca When Synology creates directories via the Web GUI it doesn't set the appropriate permissions on the actual share directory. This is the issue.

You need to open a root terminal and set the execution bit on the shared folder. In your case the command would be:

chmod 711 /volume1/downloads

taylorsmcclure on 2 Oct 2019

👍1

Fixed the issue for me, thanks. Don't entirely get why, since permissions before applying this command were:
drwxrwxrwx+ 1 root root

and now it's
drwx--x--x 1 root root

but it worked. Maybe something about that +

hobbes444 on 25 Nov 2019

👍1

Closing this then. If it's still a problem @pk2ca - feel free to re-open.

PS: @gudbes The issue you're facing is quite different than what is discussed here. If it's still a problem, create a new issue for this. But it's worth mentioning that the Transmission Web server is not https but http. Changing that in your URL should be the first step I guess. Unless you've configured a separate proxy in front to add SSL. In that case you should still check if you can access Transmission on http, as that would point to your proxy being wrong.