Is version 15 final yet? I am on stable release channel right now, which provides 14.0.3 I think.
NextCloud Installation Q & A
-
- OMV 3.x
- tinh_x7
-
-
I have been working on a Nextcloud install on OMV , off and on, since mid September of this year. Currently I am working with an Odroid HC2.
- I have had Nextcloud working locally several times. The remote I am attempting now started with a local install that worked perfectly this morning.
- I have all my Duck DNS's in a row, so to speak.
- I have had a cert from Letsencrypt container several times, and presently have one now.
- Earlier today I modified my config.php and nextcloud.subdomain.conf files according to @TechnoDadLife 's Letsencrypt install video.
- I cannot get anything to load when I use my subdomain.duckdns.org, just "Unable to connect".
I have combed the forums for some clues, but have come up empty. Can anyone see what is amiss? Here are my config.php & nextcloud.subdomain.conf files:
PHP: config.php
Alles anzeigen<?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'xxxxxxxx', 'passwordsalt' => 'xxxxxxxxxxxxxxxxxx', 'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', 'trusted_domains' => array ( 0 => '192.168.1.101:444', 1 => 'mysubdomain.duckdns.org', ), 'overwrite.cli.url' => 'https://mysubdomain.duckdns.org', 'overwritehost' => 'mysubdomain.duckdns.org', 'overwriteprotocol' => 'https', 'dbtype' => 'mysql', 'version' => '15.0.0.10', 'dbname' => 'nextcloud', 'dbhost' => '192.168.1.101:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'dbuser' => 'xxxxxx', 'dbpassword' => 'xxxxxxxxxxxxxx', 'installed' => true, );
Code: nextcloud.subdomain.conf
Alles anzeigenserver { listen 443 ssl; listen [::]:443 ssl; server_name mysubdomain.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nextcloud nextcloud; proxy_max_temp_file_size 2048m; proxy_pass https://$upstream_nextcloud:443; } }
-
It's been a while but I've had a similar issue when editing the config files.
First things first do you restart nextcloud after you make changes?
Does it work if you remove
1 => 'mysubdomain.duckdns.org',Sent from my H8276 using Tapatalk
-
-
-
@HackitZ
No. When I remove that line, save config.php, and restart Nextcloud container, and I type in the actual url listed in 0 => ... the browser reverts to https://mysubdomain.duckdns.org.Thanks for the help.
-
When I get home tonight I'll check my setup. I did have a similar issue.
Sent from my H8276 using Tapatalk
-
-
I have been working on a Nextcloud install on OMV , off and on, since mid September of this year. Currently I am working with an Odroid HC2.
- I have had Nextcloud working locally several times. The remote I am attempting now started with a local install that worked perfectly this morning.
- I have all my Duck DNS's in a row, so to speak.
- I have had a cert from Letsencrypt container several times, and presently have one now.
- Earlier today I modified my config.php and nextcloud.subdomain.conf files according to @TechnoDadLife 's Letsencrypt install video.
- I cannot get anything to load when I use my subdomain.duckdns.org, just "Unable to connect".
I have combed the forums for some clues, but have come up empty. Can anyone see what is amiss? Here are my config.php & nextcloud.subdomain.conf files:
PHP: config.php
Alles anzeigen<?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'xxxxxxxx', 'passwordsalt' => 'xxxxxxxxxxxxxxxxxx', 'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', 'trusted_domains' => array ( 0 => '192.168.1.101:444', 1 => 'mysubdomain.duckdns.org', ), 'overwrite.cli.url' => 'https://mysubdomain.duckdns.org', 'overwritehost' => 'mysubdomain.duckdns.org', 'overwriteprotocol' => 'https', 'dbtype' => 'mysql', 'version' => '15.0.0.10', 'dbname' => 'nextcloud', 'dbhost' => '192.168.1.101:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'dbuser' => 'xxxxxx', 'dbpassword' => 'xxxxxxxxxxxxxx', 'installed' => true, );
Code: nextcloud.subdomain.conf
Alles anzeigenserver { listen 443 ssl; listen [::]:443 ssl; server_name mysubdomain.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nextcloud nextcloud; proxy_max_temp_file_size 2048m; proxy_pass https://$upstream_nextcloud:443; } }
Agricola: I like your tenacity!
If it can't connect, are you sure it is not the router not being properly port forwarded?
Sorry, I just jumped in here. I didn't look at the rest of the thread.
Sorry, I am going to jump out again. I am going to be busy the next couple of days.
-
If it can't connect, are you sure it is not the router not being properly port forwarded?
I guess so, but I just figured if I was able to get the cert from Letsencrypt that the routher was set up properly. I will dig into the port forwarding on the router today and see what I come up with. Thanks.
-
Thanks @TechnoDadLife. I think you are right. I happened to notice on my dashboard that I do not have an "eth0" network interface, only an "enx000..." and four "veth...." and one "lo". I am pretty sure some setting (or settings) is not right, but I don't know enough to know what it is. Help. I have a Tomato router.
-
-
Sorry, I am going to jump out again. I am going to be busy the next couple of days.
And just when I watched the Letsencrypt update video. I have so many questions:
- Will this work with the lsioarmhf version? I am assuming it will.
- Does this mean you do not need the Duckdns docker?
- How does this dovetail into getting Nextcloud working externally?
- How does this apply to Plex if I want it to work beyond my lan?
- How does this fit into getting a remote machine (hc1) set up for off-site backups?
Trouble maker.
If anyone else has answers, feel free. I thirst for knowledge. -
Well, I guess I did have my ports forwarded properly:
The new Letsencrypt video tutorial worked flawlessly. Thanks @TechnoDadLife. Now to get Nextcloud folded in. -
Hi,
I followed the videos by technodadlife to setup nextcloud in docker. Everything works fine, except fail2ban.
I can do as many failed logins without getting blocked, there is only 30 seconds delay for each new login.Status of the jails with "docker exec -it letsencrypt fail2ban-client status":
Status for the jail: nginx-http-autCode|- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File list: /config/log/nginx/error.log `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list:
My jail.localCode
Alles anzeigen# This is the custom version of the jail.conf for fail2ban # Feel free to modify this and add additional filters # Then you can drop the new filter conf files into the fail2ban-filters # folder and restart the container [DEFAULT] # "bantime" is the number of seconds that a host is banned. bantime = 7200 # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 1200 # "maxretry" is the number of failures before a host get banned. maxretry = 3 [ssh] enabled = false [nginx-http-auth] enabled = true filter = nginx-http-auth port = http,https logpath = /config/log/nginx/error.log [nginx-badbots] enabled = true port = http,https filter = nginx-badbots logpath = /config/log/nginx/access.log maxretry = 2 [nginx-botsearch] enabled = true port = http,https filter = nginx-botsearch logpath = /config/log/nginx/access.log
Is the path to the logfiles for fail2ban correct?
/config/log/nginx/error.log
/config/log/nginx/access.logI can find nextcloud-logs in "/sharedfolders/letsencrypt/log/nginx/"
"access.log" and "error.log"In access.log I find a login with the false username, but there is no hint for an error:
31.16.115.12 - - [29/Dec/2018:22:45:21 +0100] "GET /index.php/login?user=fake HTTP/1.1" 200 4573 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"I think fail2ban listen to the wrong log-files, but I can´t find the right path, maybe my nextcloud-settings for the logs are wrong?
I´ve already tried to change my nextcloud config.php and add the following lines:Code'log_type' => 'file', 'loglevel' => 2, 'logtimezone' => 'Europe/Berlin', 'logfile' => '/var/log/nextcloud.log',
But there is nothing in nextcloud.logMaybe someone can help me with that.
Thanks!
-
-
Install fail2ban
set logging in nextcloud.conf
with
Code'loglevel' => 2, 'logtimezone' => 'Europe/Berlin', 'logfile' => '/var/log/nextcloud.log', 'log_rotate_size' => 10485760,
provide a suitable email in your plugin and set
as action in your fail2ban plugin.
setup filter:
with
Codehttp://www.rojtberg.net/711/secure-owncloud-server/ [Definition] failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$ ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$ ^.*\"remoteAddr\":\"<HOST>\".*Trusted domain error.*$ ignoreregex =
configure filter within fail2ban plugin (jails):
Adjust Ports to your needs, my nextcloud runs on 443, so https is fine for me.Save everything, see failed logins/bannded ips under services->fail2ban.
-
Hi,
thanks, unfortunately I´m not able to install fail2ban, there is only this waiting screen:
Nevertheless, I´ve fail2ban is already installed with the letsencrypt docker: https://hub.docker.com/r/linuxserver/letsencrypt
I´ve found the error log with the failed logins in my Nextcloud-Folder /sharedfolders/Nextcloud/nextcloud.log
Code{"reqId":"oni6bfmPMlF6SV1A8FIU","level":2,"time":"2018-12-30T15:24:11+01:00","remoteAddr":"172.18.0.2","user":"--","app":"core","method":"POST","url":"\/index.php\/login","message":"Login failed: 'test' (Remote IP: '172.18.0.2')","userAgent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/71.0.3578.98 Safari\/537.36","version":"15.0.0.10"}
If I put this path to jail.conf fail2ban will not start, I believe because it runs in a docker without access to "/sharedfolders/Nextcloud"!?
So for testing I put a copy of the file in /sharedfolders/AppData/letsencrypt/log/nginx/nextcloud.log
fail2ban is starting, but there is still no success:CodeStatus for the jail: nextcloud |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File list: /config/log/nginx/nextcloud.log `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list:
My Jail.conf:
Code
Alles anzeigen# This is the custom version of the jail.conf for fail2ban # Feel free to modify this and add additional filters # Then you can drop the new filter conf files into the fail2ban-filters # folder and restart the container [DEFAULT] # "bantime" is the number of seconds that a host is banned. bantime = 7200 # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 1200 # "maxretry" is the number of failures before a host get banned. maxretry = 3 [ssh] enabled = false [nginx-http-auth] enabled = true filter = nginx-http-auth port = http,https logpath = /config/log/nginx/error.log [nginx-badbots] enabled = true port = http,https filter = nginx-badbots logpath =/config/log/nginx/access.log maxretry = 2 [nginx-botsearch] enabled = true port = http,https filter = nginx-botsearch logpath = /config/log/nginx/access.log [nextcloud] enabled = true port = http,https filter = nextcloud maxretry = 3 bantime = 36000 findtime = 36000 logpath = /config/log/nginx/nextcloud.log
My filter "nextcloud.conf":
Code[Definition] failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$ ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$ ^.*\"remoteAddr\":\"<HOST>\".*Trusted domain error.*$
I´ve tried your filter, but it´s also not working.
-
-
-
No, the logfile is /sharedfolders/Nextcloud/nextcloud.log
If I use this path in jail.conf I´m not able to start fail2ban service:
I believe it´s because this path is not available in the docker letsencrypt in which fail2ban is active!?
-
Well, your jail will not work if it can't reach nextclouds logfile. Easy logic.
fail2ban needs to check the logfile for failed logins and their IP adresses.
-
Hm, ok, is it possible to save the log outside the nextcloud docker or alternative read the nextcloud docker location from the letsencrypt docker?
If I try to set a path outside the container-path in nextcloud config.php nothing happens.
If I try to read a path outside the letsencrypt container-path in fail2ban jail, fail2ban will not start: -
-
I´ve copied the nextcloud.log manually and run the regex test:
Code
Alles anzeigendocker exec -it letsencrypt fail2ban-regex /config/log/nginx/nextcloud.log /etc/fail2ban/filter.d/next cloud.conf Running tests ============= Use failregex filter file : nextcloud, basedir: /etc/fail2ban Use log file : /config/log/nginx/nextcloud.log Use encoding : UTF-8 Results ======= Failregex: 118 total |- #) [# of hits] regular expression | 2) [118] ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$ `- Ignoreregex: 0 total Date template hits: |- [# of hits] date format | [948] ExYear(?P<_sep>[-/.])Month(?P=_sep)Day[T ]24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)? `- Lines: 948 lines, 0 ignored, 118 matched, 830 missed [processed in 0.16 sec]
Test seems to be ok and find some failed logins, but status of the jail is: -
Hello everybody, I have recently started OMV running in combination with docker. In the docker environment I have set mariadb and Nextcloud now I get the following error message:
While surfing on the nextcloud environment: 504 Gateway Time-out
And this error message while uploading: 505 gateway time-out to PUT link......someone who can help me with this?
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!