Open Beta v7.3 | Please help testing and hardening the upcoming release

General Discussion
1

The new beta is ready for testing. We are thankful for every tester. All info about what has changed, how to apply and report bugs can be found here: https://github.com/MichaIng/DietPi/issues/4498

2

what is the procedure to make our dietpi system to beta (7.2 to 7.3 beta version) & after installing desire software back to master version rather then stay in beta version? I want to try adguard home & fast reverse proxy & inform you if find any difficulty in usage . thanks

3

Hi,

Did you had a look to the link shared? There is a How to apply secretion. :wink:

If you like to switch back, simply change to master branch and rerun the update.

4

I tried to install adguard home & unbound via dietpi software & got error & system not able to install it. my system is INTEL NUC. in my old dietpi setup i had uninstall docker & docker compose. after that install wireguard & plex both installed perfectly. but when i tried to install adguard & unbound both the system show error.

adguard_error.jpg
adguard_error.jpg1333×574 51.4 KB

5

If possible don’t do screen prints. You can copy the error from SSH terminal.

Pls can you post following

journalctl -u unbound
ss -tulpn | grep LISTEN
6

Hi, the provided commands had given following result. I think adguardhome is working. i am able to open adgurad home webUI at “192.168.1.90:8083”.
so till now i confirm plex, & adguardhome are installed & i am able to access webUI for them. only unbound having some trouble.


root@DietPi:~# journalctl -u adguardhome
-- Logs begin at Sat 2021-06-19 22:02:54 MDT, end at Sun 2021-06-20 06:04:43 MDT. --
Jun 19 22:04:00 DietPi systemd[1]: Started AdGuard Home (DietPi).
Jun 19 22:04:00 DietPi AdGuardHome[557]: 2021/06/19 22:04:00.844616 [info] AdGuard Home, version v0.106.3
Jun 19 22:04:00 DietPi AdGuardHome[557]: 2021/06/19 22:04:00.860510 [info] Initializing auth module: /mnt/2b3e5872-f81d-4a5f-91ad-bfc916090b6c/dietpi_userdata/adguardhome/data/sessions.db
Jun 19 22:04:00 DietPi AdGuardHome[557]: 2021/06/19 22:04:00.861317 [info] auth: initialized.  users:1  sessions:0
Jun 19 22:04:00 DietPi AdGuardHome[557]: 2021/06/19 22:04:00.861351 [info] Initialize web module
Jun 19 22:04:00 DietPi AdGuardHome[557]: 2021/06/19 22:04:00.888234 [info] AdGuard Home is available on the following addresses:
Jun 19 22:04:00 DietPi AdGuardHome[557]: 2021/06/19 22:04:00.888910 [info] Go to http://127.0.0.1:8083
Jun 19 22:04:00 DietPi AdGuardHome[557]: 2021/06/19 22:04:00.888936 [info] Go to http://[::1]:8083
Jun 19 22:04:00 DietPi AdGuardHome[557]: 2021/06/19 22:04:00.888952 [info] Go to http://192.168.1.90:8083
Jun 19 22:04:00 DietPi AdGuardHome[557]: 2021/06/19 22:04:00.888966 [info] Go to http://10.9.0.1:8083
Jun 19 22:04:01 DietPi AdGuardHome[557]: 2021/06/19 22:04:01.297121 [info] Starting the DNS proxy server
Jun 19 22:04:01 DietPi AdGuardHome[557]: 2021/06/19 22:04:01.297164 [info] Ratelimit is enabled and set to 20 rps
Jun 19 22:04:01 DietPi AdGuardHome[557]: 2021/06/19 22:04:01.297178 [info] The server is configured to refuse ANY requests
Jun 19 22:04:01 DietPi AdGuardHome[557]: 2021/06/19 22:04:01.297191 [info] DNS cache is enabled
Jun 19 22:04:01 DietPi AdGuardHome[557]: 2021/06/19 22:04:01.297205 [info] MaxGoroutines is set to 300
Jun 19 22:04:01 DietPi AdGuardHome[557]: 2021/06/19 22:04:01.297224 [info] Creating the UDP server socket
Jun 19 22:04:01 DietPi AdGuardHome[557]: 2021/06/19 22:04:01.297551 [info] Listening to udp://[::]:53
Jun 19 22:04:01 DietPi AdGuardHome[557]: 2021/06/19 22:04:01.297571 [info] Creating a TCP server socket
Jun 19 22:04:01 DietPi AdGuardHome[557]: 2021/06/19 22:04:01.297664 [info] Listening to tcp://[::]:53
Jun 19 22:04:01 DietPi AdGuardHome[557]: 2021/06/19 22:04:01.298436 [info] Entering the UDP listener loop on [::]:53
Jun 19 22:04:01 DietPi AdGuardHome[557]: 2021/06/19 22:04:01.298491 [info] Entering the tcp listener loop on [::]:53
root@DietPi:~#




root@DietPi:~# journalctl -u unbound
-- Logs begin at Sat 2021-06-19 22:02:54 MDT, end at Sun 2021-06-20 06:12:43 MDT. --
-- No entries --
root@DietPi:~#




root@DietPi:~# ss -tulpn | grep LISTEN
tcp     LISTEN   0        128            127.0.0.1:34757          0.0.0.0:*      users:(("Plex Script Hos",pid=703,fd=7))
tcp     LISTEN   0        128            127.0.0.1:32401          0.0.0.0:*      users:(("Plex Media Serv",pid=672,fd=57))
tcp     LISTEN   0        128              0.0.0.0:22             0.0.0.0:*      users:(("dropbear",pid=571,fd=3))
tcp     LISTEN   0        128            127.0.0.1:32600          0.0.0.0:*      users:(("Plex Tuner Serv",pid=935,fd=10))
tcp     LISTEN   0        128                    *:32400                *:*      users:(("Plex Media Serv",pid=672,fd=56))
tcp     LISTEN   0        128                    *:8083                 *:*      users:(("AdGuardHome",pid=557,fd=15))
tcp     LISTEN   0        128                    *:21                   *:*      users:(("proftpd",pid=667,fd=0))
tcp     LISTEN   0        128                    *:53                   *:*      users:(("AdGuardHome",pid=557,fd=17))
tcp     LISTEN   0        128                 [::]:22                [::]:*      users:(("dropbear",pid=571,fd=4))
root@DietPi:~#




root@DietPi:~# journalctl -u plexmediaserver
-- Logs begin at Sat 2021-06-19 22:02:54 MDT, end at Sun 2021-06-20 06:17:01 MDT. --
Jun 19 22:04:01 DietPi systemd[1]: Starting Plex Media Server...
Jun 19 22:04:01 DietPi systemd[1]: Started Plex Media Server.
root@DietPi:~#
7

Unbound service seems to be mask. Therefore install process is not able to restart Unbound. Do you mask the service in past manually?

8

Thanks Joulinar, In past i have pihole and unbound installled on same machine. To install adgaurd i went towards docker. but as adguard now part of standard dietpi installation method so i come back dietpi way. after unmasking unbound system able to start working for unbound also. the log are as below. so everything working properly on my system. i have checked plex, adguard & unbound. thanks for always helping me & for all dietpi administrator for making perfect operating system companion.

root@DietPi:~# journalctl -u unbound
-- Logs begin at Sun 2021-06-20 06:31:59 MDT, end at Sun 2021-06-20 06:37:41 MDT. --
Jun 20 06:37:19 DietPi systemd[1]: Starting Unbound DNS server...
Jun 20 06:37:19 DietPi package-helper[2172]: /var/lib/unbound/root.key has content
Jun 20 06:37:19 DietPi package-helper[2172]: success: the anchor is ok
Jun 20 06:37:19 DietPi unbound[2177]: [2177:0] info: start of service (unbound 1.9.0).
Jun 20 06:37:19 DietPi systemd[1]: Started Unbound DNS server.
root@DietPi:~#
9

ok good that it is working now.

10

In new version one new proxy software is added “frp | This proxy system has been added as install option with ID 171.” . is anywhere i can find the instruction how i can use it. This time in my home two dietpi machines hosting plex, adguard home, bitwarden, homeasssitant. I can access my local machine via internal lan address or rpi.local/nuc.local. I can use this reverse proxy if easy to use.

two thing also want to confirm the letencrypted ssl certificate needed for this reverse proxy server & in backend that reverse proxy server connect to local app’s via port:80?

is dietpi letencrypted ssl certificate support wild card domain certificate?

certbot only support http validation. it should be better if it also support dns validation for getting ssl certificate for domain.

for local LAN use how to get self signed certificates for my all apps individually and then connect to FRP (reverse proxy)

11

is anywhere i can find the instruction how i can use it

We will add a quick documentation on next release but this will not describe the usage. For this we will link to official documentation frp/README.md at dev · fatedier/frp · GitHub

is dietpi letencrypted ssl certificate support wild card domain certificate?

I don’t think so

certbot only support http validation. it should be better if it also support dns validation for getting ssl certificate for domain.

This I don’t understand. Let’s Encrypt will verify your DNS/domain before issuing a certificate, always. For this, HTTP is used to connect from a Let’s Encrypt server to your domain to verify and authenticate you.

for local LAN use how to get self signed certificates for my all apps

There is no need to create self singed certificate on your local network and there is no plan to create a guide for this from our end. If needed, there are quite some guides on the web on how to achieve this.

12

For frp I’ll also add a simple example setup guide, to access via external port to an internal server listening on a different port. I’ll see if I can include HTTPS/443 for the external server component.

dietpi-letsencrypt currently only supports regular HTTP validation (with webserver modules, webroot authentication or standalone mode, depending on installed webserver), hence no wildcard domains are supported, but multiple domains at least. Certbot itself however supports DNS validation, via plugins. Check the list of APT packages available for the various DNS providers: https://packages.debian.org/python3-certbot-dns-

So you can either install Certbot and the matching plugin and run it manually, following the on-screen instructions of Certbot, or you can use dietpi-letsencrypt to also include our webserver setup and then migrate the actual certificate to a wildcard DNS validated one. Certbot allows to extend an existing cert and change the validation/authentication method via:

certbot renew --force-renewal --dns-<provider> -d example.org -d *.example.org

or

certbot --expand --dns-<provider> -d *.example.org

One of these methods or both should work. Replace with your DNS provider, like “cloudflare”, matching the DNS plugin name.

13

DietPi v7.3 has been released: https://dietpi.com/docs/releases/#june-2021-version-73

Many thanks to all testers :slight_smile:.