NextCloud Installation Q & A

  • I have been working on a Nextcloud install on OMV , off and on, since mid September of this year. Currently I am working with an Odroid HC2.

    • I have had Nextcloud working locally several times. The remote I am attempting now started with a local install that worked perfectly this morning.
    • I have all my Duck DNS's in a row, so to speak.
    • I have had a cert from Letsencrypt container several times, and presently have one now.
    • Earlier today I modified my config.php and nextcloud.subdomain.conf files according to @TechnoDadLife 's Letsencrypt install video.
    • I cannot get anything to load when I use my subdomain.duckdns.org, just "Unable to connect".

    I have combed the forums for some clues, but have come up empty. Can anyone see what is amiss? Here are my config.php & nextcloud.subdomain.conf files:



    RAID is NOT a backup and not useful for most home users. Rsync makes true backup and restoration stupid easy, and it's built right in to OMV. Use this command in a Scheduled Job: rsync -av --delete /srv/dev-disk-by-label-NAMEofSOURCEdisk/ /srv/dev-disk-by-label-NAMEofDESTINATIONdisk/

    Hardware: OMV 5 (current) - NanoPi M4: Nextcloud, Plex, & Heimdall - Acer Aspire T180: backup - Odroid XU4: Pi-Hole (DietPi) - Odroid HC2, Raspberry Pi 3B+, and HP dx2400: testing.

  • @HackitZ

    • yes
    • let me check

    RAID is NOT a backup and not useful for most home users. Rsync makes true backup and restoration stupid easy, and it's built right in to OMV. Use this command in a Scheduled Job: rsync -av --delete /srv/dev-disk-by-label-NAMEofSOURCEdisk/ /srv/dev-disk-by-label-NAMEofDESTINATIONdisk/

    Hardware: OMV 5 (current) - NanoPi M4: Nextcloud, Plex, & Heimdall - Acer Aspire T180: backup - Odroid XU4: Pi-Hole (DietPi) - Odroid HC2, Raspberry Pi 3B+, and HP dx2400: testing.

  • @HackitZ
    No. When I remove that line, save config.php, and restart Nextcloud container, and I type in the actual url listed in 0 => ... the browser reverts to https://mysubdomain.duckdns.org.


    Thanks for the help.

    RAID is NOT a backup and not useful for most home users. Rsync makes true backup and restoration stupid easy, and it's built right in to OMV. Use this command in a Scheduled Job: rsync -av --delete /srv/dev-disk-by-label-NAMEofSOURCEdisk/ /srv/dev-disk-by-label-NAMEofDESTINATIONdisk/

    Hardware: OMV 5 (current) - NanoPi M4: Nextcloud, Plex, & Heimdall - Acer Aspire T180: backup - Odroid XU4: Pi-Hole (DietPi) - Odroid HC2, Raspberry Pi 3B+, and HP dx2400: testing.

  • I have been working on a Nextcloud install on OMV , off and on, since mid September of this year. Currently I am working with an Odroid HC2.

    • I have had Nextcloud working locally several times. The remote I am attempting now started with a local install that worked perfectly this morning.
    • I have all my Duck DNS's in a row, so to speak.
    • I have had a cert from Letsencrypt container several times, and presently have one now.
    • Earlier today I modified my config.php and nextcloud.subdomain.conf files according to @TechnoDadLife 's Letsencrypt install video.
    • I cannot get anything to load when I use my subdomain.duckdns.org, just "Unable to connect".

    I have combed the forums for some clues, but have come up empty. Can anyone see what is amiss? Here are my config.php & nextcloud.subdomain.conf files:



    Agricola: I like your tenacity!


    If it can't connect, are you sure it is not the router not being properly port forwarded?


    Sorry, I just jumped in here. I didn't look at the rest of the thread.


    Sorry, I am going to jump out again. I am going to be busy the next couple of days. :(

  • If it can't connect, are you sure it is not the router not being properly port forwarded?

    I guess so, but I just figured if I was able to get the cert from Letsencrypt that the routher was set up properly. I will dig into the port forwarding on the router today and see what I come up with. Thanks.

    RAID is NOT a backup and not useful for most home users. Rsync makes true backup and restoration stupid easy, and it's built right in to OMV. Use this command in a Scheduled Job: rsync -av --delete /srv/dev-disk-by-label-NAMEofSOURCEdisk/ /srv/dev-disk-by-label-NAMEofDESTINATIONdisk/

    Hardware: OMV 5 (current) - NanoPi M4: Nextcloud, Plex, & Heimdall - Acer Aspire T180: backup - Odroid XU4: Pi-Hole (DietPi) - Odroid HC2, Raspberry Pi 3B+, and HP dx2400: testing.

  • Thanks @TechnoDadLife. I think you are right. I happened to notice on my dashboard that I do not have an "eth0" network interface, only an "enx000..." and four "veth...." and one "lo". I am pretty sure some setting (or settings) is not right, but I don't know enough to know what it is. Help. I have a Tomato router.

    RAID is NOT a backup and not useful for most home users. Rsync makes true backup and restoration stupid easy, and it's built right in to OMV. Use this command in a Scheduled Job: rsync -av --delete /srv/dev-disk-by-label-NAMEofSOURCEdisk/ /srv/dev-disk-by-label-NAMEofDESTINATIONdisk/

    Hardware: OMV 5 (current) - NanoPi M4: Nextcloud, Plex, & Heimdall - Acer Aspire T180: backup - Odroid XU4: Pi-Hole (DietPi) - Odroid HC2, Raspberry Pi 3B+, and HP dx2400: testing.

  • Sorry, I am going to jump out again. I am going to be busy the next couple of days.

    And just when I watched the Letsencrypt update video. I have so many questions:

    • Will this work with the lsioarmhf version? I am assuming it will.
    • Does this mean you do not need the Duckdns docker?
    • How does this dovetail into getting Nextcloud working externally?
    • How does this apply to Plex if I want it to work beyond my lan?
    • How does this fit into getting a remote machine (hc1) set up for off-site backups?

    Trouble maker.
    If anyone else has answers, feel free. I thirst for knowledge.

    RAID is NOT a backup and not useful for most home users. Rsync makes true backup and restoration stupid easy, and it's built right in to OMV. Use this command in a Scheduled Job: rsync -av --delete /srv/dev-disk-by-label-NAMEofSOURCEdisk/ /srv/dev-disk-by-label-NAMEofDESTINATIONdisk/

    Hardware: OMV 5 (current) - NanoPi M4: Nextcloud, Plex, & Heimdall - Acer Aspire T180: backup - Odroid XU4: Pi-Hole (DietPi) - Odroid HC2, Raspberry Pi 3B+, and HP dx2400: testing.

  • Well, I guess I did have my ports forwarded properly:
    Screen Shot 2018-12-11 at 7.30.25 PM.png
    The new Letsencrypt video tutorial worked flawlessly. Thanks @TechnoDadLife. Now to get Nextcloud folded in.

    RAID is NOT a backup and not useful for most home users. Rsync makes true backup and restoration stupid easy, and it's built right in to OMV. Use this command in a Scheduled Job: rsync -av --delete /srv/dev-disk-by-label-NAMEofSOURCEdisk/ /srv/dev-disk-by-label-NAMEofDESTINATIONdisk/

    Hardware: OMV 5 (current) - NanoPi M4: Nextcloud, Plex, & Heimdall - Acer Aspire T180: backup - Odroid XU4: Pi-Hole (DietPi) - Odroid HC2, Raspberry Pi 3B+, and HP dx2400: testing.

  • Hi,


    I followed the videos by technodadlife to setup nextcloud in docker. Everything works fine, except fail2ban.
    I can do as many failed logins without getting blocked, there is only 30 seconds delay for each new login.


    Status of the jails with "docker exec -it letsencrypt fail2ban-client status":

    Code
    |- Number of jail: 3
    `- Jail list: nginx-badbots, nginx-botsearch, nginx-http-auth


    Status for the jail: nginx-http-aut

    Code
    |- Filter
    | |- Currently failed: 0
    | |- Total failed: 0
    | `- File list: /config/log/nginx/error.log
    `- Actions
    |- Currently banned: 0
    |- Total banned: 0
    `- Banned IP list:


    My jail.local

    Is the path to the logfiles for fail2ban correct?
    /config/log/nginx/error.log
    /config/log/nginx/access.log


    I can find nextcloud-logs in "/sharedfolders/letsencrypt/log/nginx/"
    "access.log" and "error.log"


    In access.log I find a login with the false username, but there is no hint for an error:
    31.16.115.12 - - [29/Dec/2018:22:45:21 +0100] "GET /index.php/login?user=fake HTTP/1.1" 200 4573 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"


    I think fail2ban listen to the wrong log-files, but I can´t find the right path, maybe my nextcloud-settings for the logs are wrong?
    I´ve already tried to change my nextcloud config.php and add the following lines:



    Code
    'log_type' => 'file',
    'loglevel' => 2,
    'logtimezone' => 'Europe/Berlin',
    'logfile' => '/var/log/nextcloud.log',


    But there is nothing in nextcloud.log


    Maybe someone can help me with that.


    Thanks!

  • Install fail2ban


    set logging in nextcloud.conf



    Code
    nano your_path_to_nextcloud_here/config/config.php

    with



    Code
    'loglevel' => 2,
    'logtimezone' => 'Europe/Berlin',
    'logfile' => '/var/log/nextcloud.log',
    'log_rotate_size' => 10485760,

    provide a suitable email in your plugin and set


    Code
    action_mwl

    as action in your fail2ban plugin.


    setup filter:

    Code
    nano /etc/fail2ban/filter.d/nextcloud.conf

    with

    Code
    http://www.rojtberg.net/711/secure-owncloud-server/
    [Definition]
    failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$
    ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
    ^.*\"remoteAddr\":\"<HOST>\".*Trusted domain error.*$
    ignoreregex =


    configure filter within fail2ban plugin (jails):
    Adjust Ports to your needs, my nextcloud runs on 443, so https is fine for me.
    Unbenannt.JPG


    Save everything, see failed logins/bannded ips under services->fail2ban.

    Chaos is found in greatest abundance wherever order is being sought.
    It always defeats order, because it is better organized.
    Terry Pratchett

  • Hi,


    thanks, unfortunately I´m not able to install fail2ban, there is only this waiting screen:
    Bildschirmfoto 2018-12-30 um 17.09.47.png


    Nevertheless, I´ve fail2ban is already installed with the letsencrypt docker: https://hub.docker.com/r/linuxserver/letsencrypt


    I´ve found the error log with the failed logins in my Nextcloud-Folder /sharedfolders/Nextcloud/nextcloud.log


    Code
    {"reqId":"oni6bfmPMlF6SV1A8FIU","level":2,"time":"2018-12-30T15:24:11+01:00","remoteAddr":"172.18.0.2","user":"--","app":"core","method":"POST","url":"\/index.php\/login","message":"Login failed: 'test' (Remote IP: '172.18.0.2')","userAgent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/71.0.3578.98 Safari\/537.36","version":"15.0.0.10"}

    If I put this path to jail.conf fail2ban will not start, I believe because it runs in a docker without access to "/sharedfolders/Nextcloud"!?


    So for testing I put a copy of the file in /sharedfolders/AppData/letsencrypt/log/nginx/nextcloud.log
    fail2ban is starting, but there is still no success:

    Code
    Status for the jail: nextcloud
    |- Filter
    | |- Currently failed: 0
    | |- Total failed: 0
    | `- File list: /config/log/nginx/nextcloud.log
    `- Actions
    |- Currently banned: 0
    |- Total banned: 0
    `- Banned IP list:

    My Jail.conf:

    My filter "nextcloud.conf":


    Code
    [Definition]
    failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$
    ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
    ^.*\"remoteAddr\":\"<HOST>\".*Trusted domain error.*$

    I´ve tried your filter, but it´s also not working.

  • jail.conf line 57:


    Code
    logpath = /config/log/nginx/nextcloud.log

    does this match your logfile destination you set within nextclouds config?

    Chaos is found in greatest abundance wherever order is being sought.
    It always defeats order, because it is better organized.
    Terry Pratchett

  • No, the logfile is /sharedfolders/Nextcloud/nextcloud.log



    If I use this path in jail.conf I´m not able to start fail2ban service:

    Code
    Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?

    I believe it´s because this path is not available in the docker letsencrypt in which fail2ban is active!?

  • Well, your jail will not work if it can't reach nextclouds logfile. Easy logic.


    fail2ban needs to check the logfile for failed logins and their IP adresses.

    Chaos is found in greatest abundance wherever order is being sought.
    It always defeats order, because it is better organized.
    Terry Pratchett

  • Hm, ok, is it possible to save the log outside the nextcloud docker or alternative read the nextcloud docker location from the letsencrypt docker?


    If I try to set a path outside the container-path in nextcloud config.php nothing happens.
    If I try to read a path outside the letsencrypt container-path in fail2ban jail, fail2ban will not start:

    Code
    Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
  • I´ve copied the nextcloud.log manually and run the regex test:


    Test seems to be ok and find some failed logins, but status of the jail is:


    Code
    Status for the jail: nextcloud
    |- Filter
    | |- Currently failed: 0
    | |- Total failed: 0
    | `- File list: /config/log/nginx/nextcloud.log
    `- Actions
    |- Currently banned: 0
    |- Total banned: 0
    `- Banned IP list:
  • Hello everybody, I have recently started OMV running in combination with docker. In the docker environment I have set mariadb and Nextcloud now I get the following error message:


    While surfing on the nextcloud environment: 504 Gateway Time-out
    And this error message while uploading: 505 gateway time-out to PUT link......


    someone who can help me with this?

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!