Version 6.10.0 of Unraid OS has been released. This operating system allows a server to be set up for tasks such as network attached storage, application server, and virtualization host. It is easy to set up and extremely flexible with regard to the hardware used and the size of the hard drives. Docker is used to add functionality and this apps are validated and maintained by an active community. There is a one-time purchase price that depends on the number of hard drives and SSDs used. Basic costs $59 and allows up to six devices, a Plus license costs $89 for up to twelve devices, and Pro is unlimited for $129. The most important changes made in version 6.10.0 are listed below.
My Servers Plugin and the UPC
The most visible new feature in version 6.10.0 is located in the upper right corner of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to better manage their registration keys and install the optional My Servers plugin† My Servers is our set of cloud-based services and features that integrate with your Unraid server(s).
After installing the My Servers plugin, you will be prompted to sign-in to your server with an existing Unraid.net accountor create a new Unraid.net account† Once installed, here are some of the features of My Servers:
- Real-time Status – with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization, and other information.
- Local Access link – this is a direct link to the server webGUI on your LAN.
- Remote Access link – if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely over the Internet.
- Automatic Flash Backup – every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed.
- Notification of critical security-related updates – In the event of a serious security vulnerability that has been discovered and patched, we will send out a notification to all email addresses associated with registered servers.
- Posting privilege in a new set of My Servers forum boards†
Signed-in servers maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Refer to the Privacy section for more information.
It is now mandatory to define a root password and changing the root user password will log out all webGUI browser sessions. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys.
Other Security Improvements:
- For new configurations, the flash share default export setting is No.
- For new configurations, SMBv1 is disabled by default.
- For new configurations, telnet and ssh are disabled by default.
- For all new user shares, the default export setting is No.
- We removed certain strings from Diagnostics such as passwords found in the ‘go’ file.
Let’s Encrypt Wildcard SSL Certificates
Starting with this release, we no longer issue new single-host SSL certificates (now called legacy certificates). Instead, all new Unraid.net SSL certificates are wildcard certificates (still provided by Let’s Encrypt). Much more info on this new feature can be found in the wiki article linked below.
Both libvirt and qemu have been updated. In addition, qemu has been compiled with OpenGL support, and ARM emulation (experimental).
Windows 11 Support
To support Windows 11 (which requires TPM and Secure boot), we have added TPM emulation and added a “Windows 11” VM template which automatically selects TPM-aware OVMF bios. Thanks to ich777, we have also added instructions here for upgrading a Windows 10 VM to Windows 11†
Docker Docker labels
- Docker labels are added to allow people using Docker compose to make use of icons and GUI access.
- Look at the Docker ‘run’ command output to see exactly what labels are used.
Docker custom networks
- A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10
- The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require reconfiguring anything on the Docker level as internally everything is being taken care of.
Docker bridge network (docker0)
- docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4, and uses network translation to communicate with the outside world.
- Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration)
- In addition, several enhancements are made in the IPv6 implementation to better deal with the use (or non-use) of IPv6.
The Wireguard plugin has been integrated into webGUI and there is no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the “Plugins/Plugin File Install Errors” page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved.
Resident network guru @bonienl has added the capability to bind a Wireguard virtual network interface to a docker container. One use of this feature is to configure a Wireguard-enabled VPN which may then be exclusively used by that container, while your main server makes use of the normal LAN network interface. Please refer to this post for additional details†
Upgraded to Linux 5.15.x LTS kernel which includes so-called Sequoia and Dirty Pipe vulnerability mitigations. For full kernel changes, including GPU drivers support added, please see the Linux Kernel wiki section†
Virtually the entire base package set has been updated. please see the wiki for full Base Package update info.
An Event-driven model has been added to obtain server information and update the webGUI in real-time.
- The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact
- In addition, stale browser sessions won’t create any CSRF errors anymore
- People who keep their browser open 24/7 will find the webGUI stays responsive at all times
- Consistent state information is maintained across all browser instances open to a particular server
- The plugins page now loads information in two steps: First, the list of plugins is created and next the more time-consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed.
- The dashboard now has two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the ‘General Info’ selection)
- The CPU graph may be hidden as well in case it is not desired
- Both graphs have a configurable timeline, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history.
- Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances.
- You can now split a parity check into smaller pieces and let it run over multiple days or weeks. For example, a check can be performed in a time frame of 01:00am to 06:00am for several days in a row until it is completed. This way a long parity check won’t interfere with the normal daily activities, like watching a movie.
- Added ability to schedule pool ‘balance’ and ‘scrub’ operations and calculate whether a full balance is recommended.
Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. System start-up will check bz file sha256sums at boot time to verify no corruption.