Since 2023 I've been using Monit running on an old laptop to ping devices on the campus network. If something something important goes offline (eg. a switch or an IP phone) it sends me an email, and it also provides a web interface where my colleagues can see the status to support troubleshooting when I'm unavailable.
I'm replacing the old laptop with a Ugreen NAS. I was planning to migrate Monit into a Docker container running on the NAS, but it was looking to be a bit fiddley because I'd need to set up another container to run a mail transfer agent such as MSMTP.
After reviewing my options, I decided to try Uptime Kuma because it has full-featured notification handling built in, and it turned out to be generally better suited for the job than Monit (which is better suited for watching server processes).
Anyway, installing Uptime Kuma in Docker on the NAS was extremely easy with the following steps:
- If you don't have Docker installed on the NAS yet, go and install it in the App Centre
- Start Docker
- Go to Image > Image Database > Search for "louislam/uptime-kuma" (the official image), and download it
- Go to Container > New Container
- Select the image that you just downloaded
- Limit CPU to 2 cores, and memory to 512MB. Enable Auto restart
- Leave the defaults under Storage Pool: One item with [blank], '/app/data', and 'Read/write' in the three fields respectively
- Under Network configuration, select 'host'
- Save
Now if you go to http://your-nas-ip:3001, Uptime Kuma should be running and you can set up an admin account. Everything works... except when I create a Ping monitor, I get the following error: Failing: ping: socket: Operation not permitted
I checked the permissions for the container, and NET_RAW (which is required for pings) was already granted, so I opened a shell in the container (Click on the container's name while it's running, and go to the Terminal tab). I ran a few ping commands in the terminal and they all worked correctly, so that implied that the issue was to do with the user in the container that was running the Uptime Kuma process.
I explained the situation to an LLM chatbot and it suggested that the kernel settings on the NAS OS were limiting this for security reasons. To check if this is the case...
1. Enable the SSH service in the NAS OS: Control panel > Terminal
2. SSH in from your machine,
3. And then run:
sudo sysctl net.ipv4.ping_group_range
If the settings are on default, the command will return a value of 1 0,
indicating that only the root user is allowed to open sockets and run pings (more secure).
Assuming your Uptime Kuma container is running as the default user (UID 1000)* then you can change the permissions temporarily with this command:
sudo sysctl -w net.ipv4.ping_group_range="0 1000"
You should see the pings start working in Uptime Kuma, but this will reset after reboot.
If you want to apply the change permanently...
1. Create a file in /etc/sysctl.d/
sudo nano /etc/sysctl.d/local.conf
2. Enter this text in the file:
# Define which UIDs are allowed to send pings
# Required to make pings work in Uptime Kuma container (which runs with UID 1000)
net.ipv4.ping_group_range = 0 1000
Press Ctrl + X to close and save
3. Reboot the NAS to check if the the fix has persisted.
* Look at the environment variables for your container - if the UID and PUID entries have a value other that '1000', you should substitute '1000' with your UID where ever it appears in the commands above.