NextCloud Installation Q & A

  • Is version 15 final yet? I am on stable release channel right now, which provides 14.0.3 I think.

    Chaos is found in greatest abundance wherever order is being sought.
    It always defeats order, because it is better organized.
    Terry Pratchett

    • Offizieller Beitrag

    I have been working on a Nextcloud install on OMV , off and on, since mid September of this year. Currently I am working with an Odroid HC2.

    • I have had Nextcloud working locally several times. The remote I am attempting now started with a local install that worked perfectly this morning.
    • I have all my Duck DNS's in a row, so to speak.
    • I have had a cert from Letsencrypt container several times, and presently have one now.
    • Earlier today I modified my config.php and nextcloud.subdomain.conf files according to @TechnoDadLife 's Letsencrypt install video.
    • I cannot get anything to load when I use my subdomain.duckdns.org, just "Unable to connect".

    I have combed the forums for some clues, but have come up empty. Can anyone see what is amiss? Here are my config.php & nextcloud.subdomain.conf files:



  • It's been a while but I've had a similar issue when editing the config files.
    First things first do you restart nextcloud after you make changes?
    Does it work if you remove
    1 => 'mysubdomain.duckdns.org',


    Sent from my H8276 using Tapatalk

    • Offizieller Beitrag

    @HackitZ

    • yes
    • let me check
    • Offizieller Beitrag

    @HackitZ
    No. When I remove that line, save config.php, and restart Nextcloud container, and I type in the actual url listed in 0 => ... the browser reverts to https://mysubdomain.duckdns.org.


    Thanks for the help.

  • I have been working on a Nextcloud install on OMV , off and on, since mid September of this year. Currently I am working with an Odroid HC2.

    • I have had Nextcloud working locally several times. The remote I am attempting now started with a local install that worked perfectly this morning.
    • I have all my Duck DNS's in a row, so to speak.
    • I have had a cert from Letsencrypt container several times, and presently have one now.
    • Earlier today I modified my config.php and nextcloud.subdomain.conf files according to @TechnoDadLife 's Letsencrypt install video.
    • I cannot get anything to load when I use my subdomain.duckdns.org, just "Unable to connect".

    I have combed the forums for some clues, but have come up empty. Can anyone see what is amiss? Here are my config.php & nextcloud.subdomain.conf files:



    Agricola: I like your tenacity!


    If it can't connect, are you sure it is not the router not being properly port forwarded?


    Sorry, I just jumped in here. I didn't look at the rest of the thread.


    Sorry, I am going to jump out again. I am going to be busy the next couple of days. :(

    • Offizieller Beitrag

    If it can't connect, are you sure it is not the router not being properly port forwarded?

    I guess so, but I just figured if I was able to get the cert from Letsencrypt that the routher was set up properly. I will dig into the port forwarding on the router today and see what I come up with. Thanks.

    • Offizieller Beitrag

    Thanks @TechnoDadLife. I think you are right. I happened to notice on my dashboard that I do not have an "eth0" network interface, only an "enx000..." and four "veth...." and one "lo". I am pretty sure some setting (or settings) is not right, but I don't know enough to know what it is. Help. I have a Tomato router.

    • Offizieller Beitrag

    Sorry, I am going to jump out again. I am going to be busy the next couple of days.

    And just when I watched the Letsencrypt update video. I have so many questions:

    • Will this work with the lsioarmhf version? I am assuming it will.
    • Does this mean you do not need the Duckdns docker?
    • How does this dovetail into getting Nextcloud working externally?
    • How does this apply to Plex if I want it to work beyond my lan?
    • How does this fit into getting a remote machine (hc1) set up for off-site backups?

    Trouble maker.
    If anyone else has answers, feel free. I thirst for knowledge.

    • Offizieller Beitrag

    Well, I guess I did have my ports forwarded properly:

    The new Letsencrypt video tutorial worked flawlessly. Thanks @TechnoDadLife. Now to get Nextcloud folded in.

    System Backup Typo alert: Under the Linux section the command should be sudo umount /dev/sda1 NOT sudo unmount /dev/sda1

    Backup Data Disk to Backup Disk on Same Machine: In a Scheduled Job:rsync -av --delete /srv/dev-disk-by-uuid-f8814ed9-9a5c-4e1c-8830-426968c20ea3/ /srv/dev-disk-by-uuid-e67439d5-00a3-4942-bd5f-b84ab86aa850/ Don't forget trailing slashes, and BE CAREFUL. (HT: Getting Started with OMV5)

    Equipment - Thinkserver TS140, NanoPi M4 (v.1), Odroid XU4 (Using DietPi): PiHole

  • Hi,


    I followed the videos by technodadlife to setup nextcloud in docker. Everything works fine, except fail2ban.
    I can do as many failed logins without getting blocked, there is only 30 seconds delay for each new login.


    Status of the jails with "docker exec -it letsencrypt fail2ban-client status":

    Code
    |- Number of jail: 3
    `- Jail list: nginx-badbots, nginx-botsearch, nginx-http-auth


    Status for the jail: nginx-http-aut

    Code
    |- Filter
    | |- Currently failed: 0
    | |- Total failed: 0
    | `- File list: /config/log/nginx/error.log
    `- Actions
    |- Currently banned: 0
    |- Total banned: 0
    `- Banned IP list:


    My jail.local

    Is the path to the logfiles for fail2ban correct?
    /config/log/nginx/error.log
    /config/log/nginx/access.log


    I can find nextcloud-logs in "/sharedfolders/letsencrypt/log/nginx/"
    "access.log" and "error.log"


    In access.log I find a login with the false username, but there is no hint for an error:
    31.16.115.12 - - [29/Dec/2018:22:45:21 +0100] "GET /index.php/login?user=fake HTTP/1.1" 200 4573 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"


    I think fail2ban listen to the wrong log-files, but I can´t find the right path, maybe my nextcloud-settings for the logs are wrong?
    I´ve already tried to change my nextcloud config.php and add the following lines:



    Code
    'log_type' => 'file',
    'loglevel' => 2,
    'logtimezone' => 'Europe/Berlin',
    'logfile' => '/var/log/nextcloud.log',


    But there is nothing in nextcloud.log


    Maybe someone can help me with that.


    Thanks!

  • Install fail2ban


    set logging in nextcloud.conf



    Code
    nano your_path_to_nextcloud_here/config/config.php

    with



    Code
    'loglevel' => 2,
      'logtimezone' => 'Europe/Berlin',
      'logfile' => '/var/log/nextcloud.log',
      'log_rotate_size' => 10485760,

    provide a suitable email in your plugin and set


    Code
    action_mwl

    as action in your fail2ban plugin.


    setup filter:

    Code
    nano /etc/fail2ban/filter.d/nextcloud.conf

    with

    Code
    http://www.rojtberg.net/711/secure-owncloud-server/
    [Definition]
    failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$
                ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
                ^.*\"remoteAddr\":\"<HOST>\".*Trusted domain error.*$
    ignoreregex =


    configure filter within fail2ban plugin (jails):
    Adjust Ports to your needs, my nextcloud runs on 443, so https is fine for me.


    Save everything, see failed logins/bannded ips under services->fail2ban.

    Chaos is found in greatest abundance wherever order is being sought.
    It always defeats order, because it is better organized.
    Terry Pratchett

  • Hi,


    thanks, unfortunately I´m not able to install fail2ban, there is only this waiting screen:


    Nevertheless, I´ve fail2ban is already installed with the letsencrypt docker: https://hub.docker.com/r/linuxserver/letsencrypt


    I´ve found the error log with the failed logins in my Nextcloud-Folder /sharedfolders/Nextcloud/nextcloud.log


    Code
    {"reqId":"oni6bfmPMlF6SV1A8FIU","level":2,"time":"2018-12-30T15:24:11+01:00","remoteAddr":"172.18.0.2","user":"--","app":"core","method":"POST","url":"\/index.php\/login","message":"Login failed: 'test' (Remote IP: '172.18.0.2')","userAgent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/71.0.3578.98 Safari\/537.36","version":"15.0.0.10"}

    If I put this path to jail.conf fail2ban will not start, I believe because it runs in a docker without access to "/sharedfolders/Nextcloud"!?


    So for testing I put a copy of the file in /sharedfolders/AppData/letsencrypt/log/nginx/nextcloud.log
    fail2ban is starting, but there is still no success:

    Code
    Status for the jail: nextcloud
    |- Filter
    | |- Currently failed: 0
    | |- Total failed: 0
    | `- File list: /config/log/nginx/nextcloud.log
    `- Actions
    |- Currently banned: 0
    |- Total banned: 0
    `- Banned IP list:

    My Jail.conf:

    My filter "nextcloud.conf":


    Code
    [Definition]
    failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$
                ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
                ^.*\"remoteAddr\":\"<HOST>\".*Trusted domain error.*$

    I´ve tried your filter, but it´s also not working.

  • jail.conf line 57:


    Code
    logpath = /config/log/nginx/nextcloud.log

    does this match your logfile destination you set within nextclouds config?

    Chaos is found in greatest abundance wherever order is being sought.
    It always defeats order, because it is better organized.
    Terry Pratchett

  • No, the logfile is /sharedfolders/Nextcloud/nextcloud.log



    If I use this path in jail.conf I´m not able to start fail2ban service:

    Code
    Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?

    I believe it´s because this path is not available in the docker letsencrypt in which fail2ban is active!?

  • Well, your jail will not work if it can't reach nextclouds logfile. Easy logic.


    fail2ban needs to check the logfile for failed logins and their IP adresses.

    Chaos is found in greatest abundance wherever order is being sought.
    It always defeats order, because it is better organized.
    Terry Pratchett

  • Hm, ok, is it possible to save the log outside the nextcloud docker or alternative read the nextcloud docker location from the letsencrypt docker?


    If I try to set a path outside the container-path in nextcloud config.php nothing happens.
    If I try to read a path outside the letsencrypt container-path in fail2ban jail, fail2ban will not start:

    Code
    Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
  • I´ve copied the nextcloud.log manually and run the regex test:


    Test seems to be ok and find some failed logins, but status of the jail is:


    Code
    Status for the jail: nextcloud
    |- Filter                                                                                                                                                              
    |  |- Currently failed: 0                                                                                                                                              
    |  |- Total failed:     0                                                                                                                                              
    |  `- File list:        /config/log/nginx/nextcloud.log                                                                                                                
    `- Actions                                                                                                                                                             
       |- Currently banned: 0                                                                                                                                              
       |- Total banned:     0                                                                                                                                              
       `- Banned IP list:
  • Hello everybody, I have recently started OMV running in combination with docker. In the docker environment I have set mariadb and Nextcloud now I get the following error message:


    While surfing on the nextcloud environment: 504 Gateway Time-out
    And this error message while uploading: 505 gateway time-out to PUT link......


    someone who can help me with this?

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!