NextCloud Installation Q & A

    • OMV 3.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • I have been working on a Nextcloud install on OMV , off and on, since mid September of this year. Currently I am working with an Odroid HC2.
      1. I have had Nextcloud working locally several times. The remote I am attempting now started with a local install that worked perfectly this morning.
      2. I have all my Duck DNS's in a row, so to speak.
      3. I have had a cert from Letsencrypt container several times, and presently have one now.
      4. Earlier today I modified my config.php and nextcloud.subdomain.conf files according to @TechnoDadLife 's Letsencrypt install video.
      5. I cannot get anything to load when I use my subdomain.duckdns.org, just "Unable to connect".
      I have combed the forums for some clues, but have come up empty. Can anyone see what is amiss? Here are my config.php & nextcloud.subdomain.conf files:

      PHP Source Code: config.php

      1. <?php
      2. $CONFIG = array (
      3. 'memcache.local' => '\\OC\\Memcache\\APCu',
      4. 'datadirectory' => '/data',
      5. 'instanceid' => 'xxxxxxxx',
      6. 'passwordsalt' => 'xxxxxxxxxxxxxxxxxx',
      7. 'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
      8. 'trusted_domains' =>
      9. array (
      10. 0 => '192.168.1.101:444',
      11. 1 => 'mysubdomain.duckdns.org',
      12. ),
      13. 'overwrite.cli.url' => 'https://mysubdomain.duckdns.org',
      14. 'overwritehost' => 'mysubdomain.duckdns.org',
      15. 'overwriteprotocol' => 'https',
      16. 'dbtype' => 'mysql',
      17. 'version' => '15.0.0.10',
      18. 'dbname' => 'nextcloud',
      19. 'dbhost' => '192.168.1.101:3306',
      20. 'dbport' => '',
      21. 'dbtableprefix' => 'oc_',
      22. 'dbuser' => 'xxxxxx',
      23. 'dbpassword' => 'xxxxxxxxxxxxxx',
      24. 'installed' => true,
      25. );
      Display All


      Source Code: nextcloud.subdomain.conf

      1. server {
      2. listen 443 ssl;
      3. listen [::]:443 ssl;
      4. server_name mysubdomain.*;
      5. include /config/nginx/ssl.conf;
      6. client_max_body_size 0;
      7. location / {
      8. include /config/nginx/proxy.conf;
      9. resolver 127.0.0.11 valid=30s;
      10. set $upstream_nextcloud nextcloud;
      11. proxy_max_temp_file_size 2048m;
      12. proxy_pass https://$upstream_nextcloud:443;
      13. }
      14. }
      Display All
      Retired. Love to garden and mess with computers. The more I mess with both the less I know about either.
      OMV 4.1.14-1, Odroid hc2 w/ 4TB WD Blue.
    • Agricola wrote:

      I have been working on a Nextcloud install on OMV , off and on, since mid September of this year. Currently I am working with an Odroid HC2.
      1. I have had Nextcloud working locally several times. The remote I am attempting now started with a local install that worked perfectly this morning.
      2. I have all my Duck DNS's in a row, so to speak.
      3. I have had a cert from Letsencrypt container several times, and presently have one now.
      4. Earlier today I modified my config.php and nextcloud.subdomain.conf files according to @TechnoDadLife 's Letsencrypt install video.
      5. I cannot get anything to load when I use my subdomain.duckdns.org, just "Unable to connect".
      I have combed the forums for some clues, but have come up empty. Can anyone see what is amiss? Here are my config.php & nextcloud.subdomain.conf files:

      PHP Source Code: config.php

      1. <?php
      2. $CONFIG = array (
      3. 'memcache.local' => '\\OC\\Memcache\\APCu',
      4. 'datadirectory' => '/data',
      5. 'instanceid' => 'xxxxxxxx',
      6. 'passwordsalt' => 'xxxxxxxxxxxxxxxxxx',
      7. 'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
      8. 'trusted_domains' =>
      9. array (
      10. 0 => '192.168.1.101:444',
      11. 1 => 'mysubdomain.duckdns.org',
      12. ),
      13. 'overwrite.cli.url' => 'https://mysubdomain.duckdns.org',
      14. 'overwritehost' => 'mysubdomain.duckdns.org',
      15. 'overwriteprotocol' => 'https',
      16. 'dbtype' => 'mysql',
      17. 'version' => '15.0.0.10',
      18. 'dbname' => 'nextcloud',
      19. 'dbhost' => '192.168.1.101:3306',
      20. 'dbport' => '',
      21. 'dbtableprefix' => 'oc_',
      22. 'dbuser' => 'xxxxxx',
      23. 'dbpassword' => 'xxxxxxxxxxxxxx',
      24. 'installed' => true,
      25. );
      Display All

      Source Code: nextcloud.subdomain.conf

      1. server {
      2. listen 443 ssl;
      3. listen [::]:443 ssl;
      4. server_name mysubdomain.*;
      5. include /config/nginx/ssl.conf;
      6. client_max_body_size 0;
      7. location / {
      8. include /config/nginx/proxy.conf;
      9. resolver 127.0.0.11 valid=30s;
      10. set $upstream_nextcloud nextcloud;
      11. proxy_max_temp_file_size 2048m;
      12. proxy_pass https://$upstream_nextcloud:443;
      13. }
      14. }
      Display All
      Agricola: I like your tenacity!

      If it can't connect, are you sure it is not the router not being properly port forwarded?

      Sorry, I just jumped in here. I didn't look at the rest of the thread.

      Sorry, I am going to jump out again. I am going to be busy the next couple of days. :(
      Build, Learn, Create.

      How to Videos for OMV

      Post any questions to the forum, so others can benefit from your curiosity. :thumbsup:
      No private support.
    • TechnoDadLife wrote:

      If it can't connect, are you sure it is not the router not being properly port forwarded?
      I guess so, but I just figured if I was able to get the cert from Letsencrypt that the routher was set up properly. I will dig into the port forwarding on the router today and see what I come up with. Thanks.
      Retired. Love to garden and mess with computers. The more I mess with both the less I know about either.
      OMV 4.1.14-1, Odroid hc2 w/ 4TB WD Blue.
    • Thanks @TechnoDadLife. I think you are right. I happened to notice on my dashboard that I do not have an "eth0" network interface, only an "enx000..." and four "veth...." and one "lo". I am pretty sure some setting (or settings) is not right, but I don't know enough to know what it is. Help. I have a Tomato router.
      Retired. Love to garden and mess with computers. The more I mess with both the less I know about either.
      OMV 4.1.14-1, Odroid hc2 w/ 4TB WD Blue.
    • TechnoDadLife wrote:

      Sorry, I am going to jump out again. I am going to be busy the next couple of days.
      And just when I watched the Letsencrypt update video. I have so many questions:
      1. Will this work with the lsioarmhf version? I am assuming it will.
      2. Does this mean you do not need the Duckdns docker?
      3. How does this dovetail into getting Nextcloud working externally?
      4. How does this apply to Plex if I want it to work beyond my lan?
      5. How does this fit into getting a remote machine (hc1) set up for off-site backups?
      Trouble maker.
      If anyone else has answers, feel free. I thirst for knowledge.
      Retired. Love to garden and mess with computers. The more I mess with both the less I know about either.
      OMV 4.1.14-1, Odroid hc2 w/ 4TB WD Blue.
    • Hi,

      I followed the videos by technodadlife to setup nextcloud in docker. Everything works fine, except fail2ban.
      I can do as many failed logins without getting blocked, there is only 30 seconds delay for each new login.

      Status of the jails with "docker exec -it letsencrypt fail2ban-client status":

      Source Code

      1. |- Number of jail: 3
      2. `- Jail list: nginx-badbots, nginx-botsearch, nginx-http-auth

      Status for the jail: nginx-http-aut

      Source Code

      1. |- Filter
      2. | |- Currently failed: 0
      3. | |- Total failed: 0
      4. | `- File list: /config/log/nginx/error.log
      5. `- Actions
      6. |- Currently banned: 0
      7. |- Total banned: 0
      8. `- Banned IP list:

      My jail.local

      Source Code

      1. # This is the custom version of the jail.conf for fail2ban
      2. # Feel free to modify this and add additional filters
      3. # Then you can drop the new filter conf files into the fail2ban-filters
      4. # folder and restart the container
      5. [DEFAULT]
      6. # "bantime" is the number of seconds that a host is banned.
      7. bantime = 7200
      8. # A host is banned if it has generated "maxretry" during the last "findtime"
      9. # seconds.
      10. findtime = 1200
      11. # "maxretry" is the number of failures before a host get banned.
      12. maxretry = 3
      13. [ssh]
      14. enabled = false
      15. [nginx-http-auth]
      16. enabled = true
      17. filter = nginx-http-auth
      18. port = http,https
      19. logpath = /config/log/nginx/error.log
      20. [nginx-badbots]
      21. enabled = true
      22. port = http,https
      23. filter = nginx-badbots
      24. logpath = /config/log/nginx/access.log
      25. maxretry = 2
      26. [nginx-botsearch]
      27. enabled = true
      28. port = http,https
      29. filter = nginx-botsearch
      30. logpath = /config/log/nginx/access.log
      Display All
      Is the path to the logfiles for fail2ban correct?
      /config/log/nginx/error.log
      /config/log/nginx/access.log

      I can find nextcloud-logs in "/sharedfolders/letsencrypt/log/nginx/"
      "access.log" and "error.log"

      In access.log I find a login with the false username, but there is no hint for an error:
      31.16.115.12 - - [29/Dec/2018:22:45:21 +0100] "GET /index.php/login?user=fake HTTP/1.1" 200 4573 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"

      I think fail2ban listen to the wrong log-files, but I can´t find the right path, maybe my nextcloud-settings for the logs are wrong?
      I´ve already tried to change my nextcloud config.php and add the following lines:


      Source Code

      1. 'log_type' => 'file',
      2. 'loglevel' => 2,
      3. 'logtimezone' => 'Europe/Berlin',
      4. 'logfile' => '/var/log/nextcloud.log',

      But there is nothing in nextcloud.log

      Maybe someone can help me with that.

      Thanks!
    • Install fail2ban

      set logging in nextcloud.conf


      Source Code

      1. nano your_path_to_nextcloud_here/config/config.php
      with


      Source Code

      1. 'loglevel' => 2,
      2. 'logtimezone' => 'Europe/Berlin',
      3. 'logfile' => '/var/log/nextcloud.log',
      4. 'log_rotate_size' => 10485760,
      provide a suitable email in your plugin and set

      Source Code

      1. action_mwl
      as action in your fail2ban plugin.

      setup filter:

      Source Code

      1. nano /etc/fail2ban/filter.d/nextcloud.conf
      with

      Source Code

      1. http://www.rojtberg.net/711/secure-owncloud-server/
      2. [Definition]
      3. failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$
      4. ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
      5. ^.*\"remoteAddr\":\"<HOST>\".*Trusted domain error.*$
      6. ignoreregex =

      configure filter within fail2ban plugin (jails):
      Adjust Ports to your needs, my nextcloud runs on 443, so https is fine for me.


      Save everything, see failed logins/bannded ips under services->fail2ban.
      Chaos is found in greatest abundance wherever order is being sought.
      It always defeats order, because it is better organized.
      Terry Pratchett
    • Hi,

      thanks, unfortunately I´m not able to install fail2ban, there is only this waiting screen:


      Nevertheless, I´ve fail2ban is already installed with the letsencrypt docker: hub.docker.com/r/linuxserver/letsencrypt

      I´ve found the error log with the failed logins in my Nextcloud-Folder /sharedfolders/Nextcloud/nextcloud.log

      Source Code

      1. {"reqId":"oni6bfmPMlF6SV1A8FIU","level":2,"time":"2018-12-30T15:24:11+01:00","remoteAddr":"172.18.0.2","user":"--","app":"core","method":"POST","url":"\/index.php\/login","message":"Login failed: 'test' (Remote IP: '172.18.0.2')","userAgent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/71.0.3578.98 Safari\/537.36","version":"15.0.0.10"}
      If I put this path to jail.conf fail2ban will not start, I believe because it runs in a docker without access to "/sharedfolders/Nextcloud"!?

      So for testing I put a copy of the file in /sharedfolders/AppData/letsencrypt/log/nginx/nextcloud.log
      fail2ban is starting, but there is still no success:

      Source Code

      1. Status for the jail: nextcloud
      2. |- Filter
      3. | |- Currently failed: 0
      4. | |- Total failed: 0
      5. | `- File list: /config/log/nginx/nextcloud.log
      6. `- Actions
      7. |- Currently banned: 0
      8. |- Total banned: 0
      9. `- Banned IP list:
      My Jail.conf:

      Source Code

      1. # This is the custom version of the jail.conf for fail2ban
      2. # Feel free to modify this and add additional filters
      3. # Then you can drop the new filter conf files into the fail2ban-filters
      4. # folder and restart the container
      5. [DEFAULT]
      6. # "bantime" is the number of seconds that a host is banned.
      7. bantime = 7200
      8. # A host is banned if it has generated "maxretry" during the last "findtime"
      9. # seconds.
      10. findtime = 1200
      11. # "maxretry" is the number of failures before a host get banned.
      12. maxretry = 3
      13. [ssh]
      14. enabled = false
      15. [nginx-http-auth]
      16. enabled = true
      17. filter = nginx-http-auth
      18. port = http,https
      19. logpath = /config/log/nginx/error.log
      20. [nginx-badbots]
      21. enabled = true
      22. port = http,https
      23. filter = nginx-badbots
      24. logpath =/config/log/nginx/access.log
      25. maxretry = 2
      26. [nginx-botsearch]
      27. enabled = true
      28. port = http,https
      29. filter = nginx-botsearch
      30. logpath = /config/log/nginx/access.log
      31. [nextcloud]
      32. enabled = true
      33. port = http,https
      34. filter = nextcloud
      35. maxretry = 3
      36. bantime = 36000
      37. findtime = 36000
      38. logpath = /config/log/nginx/nextcloud.log
      Display All
      My filter "nextcloud.conf":

      Source Code

      1. [Definition]
      2. failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$
      3. ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
      4. ^.*\"remoteAddr\":\"<HOST>\".*Trusted domain error.*$
      I´ve tried your filter, but it´s also not working.
    • No, the logfile is /sharedfolders/Nextcloud/nextcloud.log


      If I use this path in jail.conf I´m not able to start fail2ban service:

      Source Code

      1. Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
      I believe it´s because this path is not available in the docker letsencrypt in which fail2ban is active!?
    • Hm, ok, is it possible to save the log outside the nextcloud docker or alternative read the nextcloud docker location from the letsencrypt docker?

      If I try to set a path outside the container-path in nextcloud config.php nothing happens.
      If I try to read a path outside the letsencrypt container-path in fail2ban jail, fail2ban will not start:

      Source Code

      1. Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
    • I´ve copied the nextcloud.log manually and run the regex test:

      Source Code

      1. docker exec -it letsencrypt fail2ban-regex /config/log/nginx/nextcloud.log /etc/fail2ban/filter.d/next
      2. cloud.conf
      3. Running tests
      4. =============
      5. Use failregex filter file : nextcloud, basedir: /etc/fail2ban
      6. Use log file : /config/log/nginx/nextcloud.log
      7. Use encoding : UTF-8
      8. Results
      9. =======
      10. Failregex: 118 total
      11. |- #) [# of hits] regular expression
      12. | 2) [118] ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
      13. `-
      14. Ignoreregex: 0 total
      15. Date template hits:
      16. |- [# of hits] date format
      17. | [948] ExYear(?P<_sep>[-/.])Month(?P=_sep)Day[T ]24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?
      18. `-
      19. Lines: 948 lines, 0 ignored, 118 matched, 830 missed
      20. [processed in 0.16 sec]
      Display All

      Test seems to be ok and find some failed logins, but status of the jail is:

      Source Code

      1. Status for the jail: nextcloud
      2. |- Filter
      3. | |- Currently failed: 0
      4. | |- Total failed: 0
      5. | `- File list: /config/log/nginx/nextcloud.log
      6. `- Actions
      7. |- Currently banned: 0
      8. |- Total banned: 0
      9. `- Banned IP list:
    • Users Online 2

      2 Guests