Crazy, I had to delete the cookies and cache associated with the IP address to refresh the browser. Firefox and Chrome have been having constant problems lately…
Thank you for helping me solve the problem @mrmarkuz
This is what Firebird Settings looks like now.
I need to test if the settings changes are reflected in the environment and work.
Can anyone help me with this?
I think you need to use True or False in Python instead uppercase as I found here, see Python Booleans
To test, click save in the settings and check if the variables are set correctly in the /home/firebird1/.config/state/environment file.
Open the settings and check if the fields are prefilled with what you entered before.
Thank you for your comments and suggestions @mrmarkuz
I made some changes to the validation-output files in the configure-module and get-configure directories.
Unfortunately, it does not solve the problem, because after updating, the error shown in the image appears.
When I try to change the Settings I get a “Does not match pattern” error message for setting charset, port and tz, similar to the one below.
I’m working on it, looking for the cause of the problem, but I haven’t found it yet…
I also don’t understand why settings.firebird_fqdn, settings.charset, settings.port, settings.tz appear on the page in the settings.
Thanks and Regards
Just remove the validate-input.json file in the meanwhile. You could setup the validation later. Every field needs a correct validation and the pattern \\. doesn’t work for all fields.
Because the translation is missing in ns8-firebird/ui/public/i18n/en/translation.json at main · sipi58/ns8-firebird · GitHub
I removed the validation-input and validation-output files for testing. I entered different data than what was in the environment file and saved it. The save was successful message appeared on the screen, but the environment file was not changed.
I modified the translation file but it has no effect on the display, the Setting page has not changed. Should I check the settings of some variable?
I found that your actions scripts are not executable and therefore don’t run.
I created a PR.
Thank you @mrmarkuz I applied your PR.
I’m starting to understand the modifications and suggestions you made, and they work. The validity check has now been removed from the package, but it will need to be put back in at the end.
After the update, the values set on the Settings page will appear in the environment file. The image shows the settings, below is the content of the environment file:
[firebird5@ns8 state]$ cat environment
FIREBIRD_DATABASE_DEFAULT_CHARSET=UTF8
FIREBIRD_IMAGE=docker.io/firebirdsql/firebird:3.0.11
FIREBIRD_PORT=3050
IMAGE_DIGEST=sha256:c44ee1edc4d46512485393a9c562ee1ecfb0c9faefc00399a1ddc42fcf72ef64
IMAGE_ID=a1cd16757411f027ea2baf3dab41c1a426d9bca152a499b2b310b1c8b0921292
IMAGE_REOPODIGEST=ghcr.io/sipi58/firebird@sha256:c44ee1edc4d46512485393a9c562ee1ecfb0c9faefc00399a1ddc42fcf72ef64
IMAGE_URL=ghcr.io/sipi58/firebird:latest
MODULE_ID=firebird5
MODULE_UUID=f35882ab-6698-4ff3-95f9-eedcb78c9a75
NODE_ID=1
PREV_FIREBIRD_IMAGE=docker.io/firebirdsql/firebird:3.0.11
PREV_IMAGE_DIGEST=sha256:23d3caa4432932eb4b80100bc979c42601b8c8fda87852f50e568f16c1be6486
PREV_IMAGE_ID=de25acef91614fa1426b6ddc73f675642a148fa14d0118e091d0400666d30d45
PREV_IMAGE_REOPODIGEST=ghcr.io/sipi58/firebird@sha256:23d3caa4432932eb4b80100bc979c42601b8c8fda87852f50e568f16c1be6486
PREV_IMAGE_URL=ghcr.io/sipi58/firebird:latest
TCP_PORT=20012
TCP_PORTS=20012
TCP_PORT_FIREBIRD=3051
TRAEFIK_HOST=firebird.diakont.lan
TRAEFIK_HTTP2HTTPS=True
TRAEFIK_LETS_ENCRYPT=False
TZ=Europe/Wien
But I messed something up because there is a FIREBIRD_PORT=3050 and a TCP_PORT_FIREBIRD=3051 and TCP_PORT=20012 and TCP_PORTS=20012 are the same.
I don’t think the two Firebird ports are the right place, and I think redirecting Treafik from the public port to port 305x should be a port range if we want to run multiple Firebirds on the same node.
I don’t know how I’m going to solve this yet.
Thanks and Regards
The TCP_PORT and TCP_PORTS are internal env variables that define the port or the ports that traefik redirects to. In your case this isn’t needed as there’s no web interface and you open the port directly so you could set tcp-ports-demand=0 here
I’d use the FIREBIRD_PORT variable to define the port and abandon the TCP_PORT_FIREBIRD.
So one can define the firebird port in the UI and it’s possible to install multiple firebird instances which listen on different ports.
In the firebird.service file you could change the published port like this:
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/firebird.pid \
--pod-id-file %t/firebird.pod-id \
--name firebird \
--publish ${FIREBIRD_PORT}:3050 \
--replace
To make the new port available, the service needs to be restarted, so you need to edit the services fragment and change it like here so the service is enabled and restarted.
The firewall needs to be configured when the port is changed. You could add a fragment like in create-module to the configure-module action using the replace option, see Firewall | NS8 dev manual
Unfortunately, unpleasant problems came up so I didn’t have time to deal with the problems.
In the meantime, I thought about accessing the individual services, because the protection of the test NS8 server in the local network is solved, but if it has to be placed on a server farm, then the only solution is to close all ports and only allow access via VPN.
There is no openVPN for NS8 and Wiregurd can only be used with Nethsecurity. I can’t find a module or option to create a VPN in NS8, but someone please correct me if I’m wrong.
Nethsercurity is mentioned in several places as a solution for this, but this has to be installed as a separate server and a direct connection to the NS8 server has to be established. Although I couldn’t find a description of this… This can only be solved on a server farm by renting a dedicated server, it’s not possible on a VPS.
Is it possible that I’m trying to develop the Firebird module with your help in a completely unnecessary way, because I won’t be able to use it for the intended purpose?
While searching for a solution, I found that there are no descriptions or guides for NS8 like the ones previously made for NS7 by developers or forum members (I remember even making them myself). Maybe I just didn’t find them?
Is there a solution to the above problems?
Would the NS8 WG-Eassy app help? Maybe you missed the earlier suggestion by @mrmarkuz ?
After many other problems, restoring connections, data, etc., I managed to get back to work on the project. I made the recommended settings and went through all the files.
I was surprised that almost nothing had changed.
FIREBIRD_PORT and TCP_PORT_FIREBIRD still exist, and even TCP_PORT and TCP_PORTS exist despite the setting. Despite editing the 70open-port-Firewall file, Firebird is still available on TCP port 3050.
Unfortunately, it seems that I can’t create a WG VPN for NS8. Even though I have a static IP address, the NS7 backup server is running and getting a Let’s Encrypt certificate. I can’t make another server (NS8) available so that it can also get a certificate. Unfortunately, I can’t configure WG-Easy for the connection to test whether Firebird is accessible via VPN… Unfortunately, the Firebird Settings don’t work either, and running a second Firebird fails.
Do you have any ideas for a solution and testing the VPN?
Thank you for your help
I opened a pull request to fix the issues.
It’s possible to run more instances using different ports.
For testing it should be enough to forward port 80 to the NS8 just to get the certificate and then set the port forward to the NS7 again.
As NS7 needs port 80 for certs, you could also forward port 443 to the NS8 and setup TLS challenge, see Release notes — NS8 documentation
@mrmarkuz Thank you for the patch you suggested, I applied it, but unfortunately there is a problem.
Firebird won’t start, when I check it the following appears:
The following ports are open on the firewall:
I wonder why there are so many ports open on the firewall, but I think in the end I will have to set it so that only the WG VPN port is openfor security reasons…
It seems that the firebird5 port is open on the firewall, but in the Settings module the port field is empty, only the suggested 3050 is dimly visible. I type 3050 in the port field and save, but the error message below appears.
Firebird cannot start due to an error, this image appears after starting:
The environment file contains the following:
Interestingly, although it has been modified, the values TCP_PORT, TCP_PORTS, TCP_PORT_FIREBIRD are still included in the environment.
I restarted NS8 but nothing changed, Firebird still won’t start.
I’m working on the NS8 Let’s Encrypt certificate, I hope I can solve it…
In the screenshot it shows the traefik-route but it’s not there anymore, see ns8-firebird/imageroot/actions/configure-module at main · sipi58/ns8-firebird · GitHub
By default NS8 caches the app images by tags (in your case latest) to not always download them.
This is nice but when you’re developing you need to download the changes from the repo. This could be done by updating including the "force":true option.
Please only use this option, when you’re developing and never for usual app updates, as it will overwrite the app even with older/wrong versions.
So I think you need to use following command to really upgrade the app from the repo:
api-cli run update-module --data '{"module_url":"ghcr.io/sipi58/firebird:latest","instances":["firebird5"],"force":true}'
Some browsers (i.e. Firefox) need a hard refresh to show the UI changes correctly.
Just the ports that are needed by the apps are open.
To get more information about a service and it’s port you could use
firewall-cmd --info-service=firebird5
Yes, that’s ok, the variables aren’t deleted automatically.
I recommend to remove and reinstall the app (if you use the latest tag, you need to upgrade after install to get the right image) to get a clean environment.
Good luck, if questions arise, feel free to ask.
Thank you for your suggestion, you suggested this before, so I’ll update Firebird this way.
I cleared the cache in the browser, but the situation remains unchanged.
Should I really delete and reinstall Firebird? Then I can start all over again, editing security.fdb, uploading databases, etc. It will take a long time…
In the Firebird5 - Node 1 log I found the following:
2025-09-13T20:10:28+02:00 [1:firebird5:systemd] Starting Podman firebird.service...
2025-09-13T20:10:28+02:00 [1:firebird5:podman] Error: cannot parse "${FIREBIRD_PORT" as an IP address
2025-09-13T20:10:28+02:00 [1:firebird5:systemd] firebird.service: Control process exited, code=exited, status=125/n/a
2025-09-13T20:10:28+02:00 [1:firebird5:podman] Error: reading pod ID file: open /run/user/1019/firebird.pod-id: no such file or directory
2025-09-13T20:10:28+02:00 [1:firebird5:systemd] firebird.service: Control process exited, code=exited, status=125/n/a
2025-09-13T20:10:28+02:00 [1:firebird5:systemd] firebird.service: Failed with result 'exit-code'.
2025-09-13T20:10:28+02:00 [1:firebird5:systemd] Failed to start Podman firebird.service.
2025-09-13T20:10:28+02:00 [1:firebird5:systemd] Dependency failed for Podman firebird-app.service.
2025-09-13T20:10:28+02:00 [1:firebird5:systemd] firebird-app.service: Job firebird-app.service/start failed with result 'dependency'.
2025-09-13T20:10:28+02:00 [1:firebird5:systemd] firebird.service: Start request repeated too quickly.
2025-09-13T20:10:28+02:00 [1:firebird5:systemd] firebird.service: Failed with result 'exit-code'.
2025-09-13T20:10:28+02:00 [1:firebird5:systemd] Failed to start Podman firebird.service.
2025-09-13T20:10:28+02:00 [1:firebird5:systemd] Dependency failed for Podman firebird-app.service.
2025-09-13T20:10:28+02:00 [1:firebird5:systemd] firebird-app.service: Job firebird-app.service/start failed with result 'dependency'.
2025-09-13T20:11:09+02:00 [1:firebird5:agent@firebird5] task/module/firebird5/d77e4ff0-a990-49eb-8cfd-cb54c72f90ee: get-status/20read is starting
2025-09-13T20:11:10+02:00 [1:firebird5:agent@firebird5] task/module/firebird5/d77e4ff0-a990-49eb-8cfd-cb54c72f90ee: action "get-status" status is "completed" (0) at step validate-output.json
There seems to be a problem with the ${FIREBIRD_PORT} variable.
I can’t get the Let’s Encrypt certificate. My public IP address is registered with the NS7 backup server in DNS and it works. I redirected port 443 on the router to the local IP address of NS8. My Mikrotik router has DDNS service and when I turn it on, it also points to my public IP address. I tried to request a certificate for traefik1 for the DDNS FQDN because the NS8 server name is ns8.domain.lan which is not a standard public server. It didn’t work, I got the following error message:
2025-09-13T19:48:10+02:00
<3>2025-09-13T19:48:10+02:00 unable to generate a certificate for the domains [``hgw0a49badp.sn.mynetname.net``]: error: one or more domains had a problem:
<3>[``hgw0a49badp.sn.mynetname.net``] invalid authorization: acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 94.21.177.63: Invalid response from ``http://hgw0a49badp.sn.mynetname.net/.well-known/acme-challenge/-EHz4k-0XC2L4FMv0r9rA2WycJ7jj6ye-iiumJNA79g:`` 404
<3>
This could be a FQDN problem, although I don’t know how to solve it, renaming all FQDNs of NS8, using them, etc. is an impossible task without reinstalling and configuring. The separate problem is that I can’t check users’ mail in the test environment, and there were a lot of problems with that.
That’s all I managed…
I did a fresh installation of the app on another NS8 cluster and it just worked.
No, it’s not necessary and I didn’t know that the firebird config including DBs takes a long time. My intention was to tidy up the environment file so you don’t have the old env vars but it shouldn’t be an issue if they are there.
There seems to be a missing } at the end.
Could you please share the output of following command: (content of the firebird service)
runagent -m firebird5 systemctl --user cat firebird --no-pager
Did you enable the TLS challenge on NS8 that’s needed for using port 443? Execute following command as is:
api-cli run module/traefik1/set-acme-server --data '{"challenge":"TLS-ALPN-01","url":"https://acme-v02.api.letsencrypt.org/directory"}'
Thanks, I got the following output:
[Unit]
Description=Podman firebird.service
Requires=firebird-app.service
Before=firebird-app.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
EnvironmentFile=-%S/state/environment
Restart=always
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/firebird.pid %t/firebird.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/firebird.pid \
--pod-id-file %t/firebird.pod-id \
--name firebird \
--publish ${FIREBIRD_PORT:-3050}:3050 \
--replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/firebird.pod-id
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/firebird.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/firebird.pod-id
PIDFile=%t/firebird.pid
Type=forking
[Install]
WantedBy=default.target
Thanks, I had to restart NS8 for the ACME setting to take effect. After that, I received the certificate almost immediately. Next, I will try to configure WG VPN with WG-Easy.
Thank you for your help
This is wrong and I wonder why because it doesn’t exist in the code anymore, see ns8-firebird/imageroot/systemd/user/firebird.service at main · sipi58/ns8-firebird · GitHub
You could try to force the update once more: (just for development, don’t use it for usual app updates)
api-cli run update-module --data '{"module_url":"ghcr.io/sipi58/firebird:latest","instances":["firebird5"],"force":true}'
and if it doesn’t work, just change it in the service file:
runagent -m firebird5 systemctl --user edit --full firebird
It should be:
--publish ${FIREBIRD_PORT}:3050 \
Thank you very much, this manual editing helped, I didn’t have to reload the databases, edit security.fdb, etc. Firebird has started and I can connect to it from the local network and the databases are accessible with the client program.
Now comes the WG VPN, I don’t know how to set it up yet but I hope I can figure it out.
In the meantime, I make any settings on the Firebird module Setting page, it saves but the environment does not change. For example, I changed the port from 3050 to 3059 but it is still available on port 3050. I think the same is true with character encoding. Is this related to the previously disabled checks?
I don’t know why the update doesn’t work correctly.
I suspect that other files aren’t updated too.
Please post the output of following commands:
runagent -m firebird5 ls ../actions/configure-module
runagent -m firebird5 cat ../actions/configure-module/10configure_environment_vars
Please also share the output of the update command.
api-cli run update-module --data '{"module_url":"ghcr.io/sipi58/firebird:latest","instances":["firebird5"],"force":true}'
You could compare with Github and edit the files manually but usually the update should work.
Sorry, which disabled checks?