Beiträge von OhMyVirtual

"But nevertheless one has to add another certificate exception in Firefox. This is because the exception is bound to a specific port and the webui and Syncthing ports differ. So it's no real advantage to use one certificate."

Sorry, but this is utter nonsense. TLS certs don't care one bit about the port they're used through, they care about the IPv4/6 addresses or DNS entries they're trusted for. If you connect through LAN, and it expects a WAN IP, you'll get a warning from Firefox. You can solve that problem by running dnsmasq somewhere on your LAN, where you let the domain name point to the LAN IP. If you resolve using that local dnsmasq, firefox doesn't require an exception.

For me the "File Systems" option has disappeared entirely. Is this a kernel bug too?
Gee, I wonder why I'm even still running OMV, since most, if not all, my issues involve admin and config outside of OMV.

I installed and use Webmin, to handle these issues. It's quite good. It does all that OMV fails to do.

Zitat von ryecoaaron

I'm sure you can always find some issue but I have yet to see this with OMV and OMV-extras (I have 10+ installs) especially since they don't use the trusted.gpg file. They put their own trusted file in /etc/apt/trusted.gpg.d/.

That's actually not true. If your public keys aren't correct, no repo will work properly. See also https://github.com/openmediava…enmediavault-docs/pull/26 for a good example.

Zitat von ryecoaaron

Install OMV4 on Debian 9 (Stretch)

Installing the openmediavault-keyring package fixes that and not having a key does not ruin apt. It may install a package that you don't want/like but in this case you are safe. The other solution is to use the OMV installer ISO.

Actually, debian 9 has some issues with apt. Check this out. Thus far, the past few months, I have experienced similar issues on 2 different debian servers. Mainly the upgrade from Jessie seems to be causing failures with apt on Stretch. Something with permissions of trusted.gpg and then having to re-validate keys.

So where is the functional install script for OMV4 on an existing Debian 9.4 system? Can't seem to find it. And the one I found expects me to do package management without a valid key auth, which is not a good base to start from (and usually ruins apt entirely).

# ./omv.sh
Get:1 http://packages.openmediavault.org/public arrakis InRelease [12.7 kB]
Hit:2 http://security.debian.org stretch/updates InRelease
Ign:3 http://ftp.stw-bonn.de/debian stretch InRelease
Hit:4 http://ftp.stw-bonn.de/debian stretch-updates InRelease
Hit:5 http://ftp.stw-bonn.de/debian stretch Release
Ign:1 http://packages.openmediavault.org/public arrakis InRelease
Ign:6 http://download.webmin.com/download/repository sarge InRelease
Hit:8 http://nginx.org/packages/mainline/debian stretch InRelease
Hit:7 http://cdn-fastly.deb.debian.org/debian stretch-backports InRelease
Hit:10 http://download.webmin.com/download/repository sarge Release
Fetched 12.7 kB in 0s (14.0 kB/s)
Reading package lists... Done
W: GPG error: http://packages.openmediavault.org/public arrakis InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7E7A6C592EF35D13 NO_PUBKEY 24863F0C716B980B
W: The repository 'http://packages.openmediavault.org/public arrakis InRelease' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Reading package lists... Done
Building dependency tree
Reading state information... Done
openmediavault-keyring is already the newest version (1.0).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Hit:1 http://security.debian.org stretch/updates InRelease
Hit:2 http://nginx.org/packages/mainline/debian stretch InRelease
Get:3 http://packages.openmediavault.org/public arrakis InRelease [12.7 kB]
Ign:5 http://ftp.stw-bonn.de/debian stretch InRelease
Hit:6 http://ftp.stw-bonn.de/debian stretch-updates InRelease
Hit:4 http://cdn-fastly.deb.debian.org/debian stretch-backports InRelease
Hit:7 http://ftp.stw-bonn.de/debian stretch Release
Ign:8 http://download.webmin.com/download/repository sarge InRelease
Ign:3 http://packages.openmediavault.org/public arrakis InRelease
Hit:9 http://download.webmin.com/download/repository sarge Release
Fetched 12.7 kB in 0s (14.2 kB/s)
Reading package lists... Done
W: GPG error: http://packages.openmediavault.org/public arrakis InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7E7A6C592EF35D13 NO_PUBKEY 24863F0C716B980B
W: The repository 'http://packages.openmediavault.org/public arrakis InRelease' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Reading package lists... Done
Building dependency tree
Reading state information... Done
postfix is already the newest version (3.1.8-0+deb9u1).
postfix set to manually installed.
The following additional packages will be installed:
  apt-transport-https avahi-daemon beep btrfs-progs collectd collectd-core cpufrequtils dmeventd fontconfig gdisk hdparm ifenslave jfsutils jq libavahi-client3 libavahi-common-data libavahi-common3 libavahi-core7 libcairo2 libcpufreq0 libcups2 libdaemon0 libdatrie1 libdbi1
  libdbus-glib-1-2 libdevmapper-event1.02.1 libfile-copy-recursive-perl libfile-slurp-perl libgraphite2-3 libharfbuzz0b libjavascript-minifier-xs-perl libjq1 libjs-extjs6 libjs-jquery libjs-sphinxdoc libjs-underscore libjson-perl libldb1 liblocale-po-perl liblvm2app2.2 liblvm2cmd2.02
  liblzo2-2 libmemcached11 libmemcachedutil2 libnl-3-200 libnl-genl-3-200 libnss-mdns libonig4 libossp-uuid16 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpcsclite1 libpixman-1-0 libpython2.7 librrd8 libtalloc2 libtdb1 libtevent0 libthai-data libthai0 libxcb-render0
  libxcb-shm0 libxext6 libxrender1 lvm2 monit nginx php-bcmath php-cgi php-fpm php-mbstring php-pam php7.0-bcmath php7.0-cgi php7.0-fpm php7.0-mbstring pm-utils proftpd-basic proftpd-mod-vroot python-crypto python-dnspython python-ldb python-samba python-talloc python-tdb python3-dbus
  python3-dialog python3-lxml python3-natsort python3-netifaces python3-pyudev python3-six quota quotatool rrdcached rrdtool samba samba-common samba-common-bin samba-libs samba-vfs-modules sdparm smartmontools tdb-tools update-inetd uuid wpasupplicant xfsprogs xmlstarlet
Suggested packages:
  avahi-autoipd collectd-dev librrds-perl libregexp-common-perl libconfig-general-perl httpd-cgi apache2 apcupsd bind9 ceph chrony gpsd hddtemp ipvsadm lm-sensors mbmon memcached notification-daemon nut openvpn olsrd pdns-server postgresql redis-server slapd time-daemon varnish
  zookeeper libatasmart4 libesmtp6 libganglia1 libgdk-pixbuf2.0-0 libgps22 libhiredis0.13 libmicrohttpd12 libmodbus5 libmosquitto1 libnotify4 libnspr4 libnss3 libopenipmi0 liboping0 libowcapi-3.1-5 libprotobuf-c1 librabbitmq4 librdkafka1 libriemann-client0 librte-acl2 librte-cfgfile2
  librte-cmdline2 librte-cryptodev2 librte-distributor1 librte-eal3 librte-ethdev5 librte-hash2 librte-ip-frag1 librte-jobstats1 librte-kni2 librte-kvargs1 librte-lpm2 librte-mbuf2 librte-mempool2 librte-meter1 librte-net1 librte-pdump1 librte-pipeline3 librte-pmd-af-packet1
  librte-pmd-bnxt1 librte-pmd-bond1 librte-pmd-cxgbe1 librte-pmd-e1000-1 librte-pmd-ena1 librte-pmd-enic1 librte-pmd-fm10k1 librte-pmd-i40e1 librte-pmd-ixgbe1 librte-pmd-null-crypto1 librte-pmd-null1 librte-pmd-pcap1 librte-pmd-qede1 librte-pmd-ring2 librte-pmd-vhost1
  librte-pmd-virtio1 librte-pmd-vmxnet3-uio1 librte-pmd-xenvirt1 librte-port3 librte-power1 librte-reorder1 librte-ring1 librte-sched1 librte-table2 librte-timer1 librte-vhost3 libsensors4 libsigrok2 libsnmp30 libtokyotyrant3 libupsclient4 libvarnishapi1 libvirt0 libxen-4.8 libyajl2
  default-jre-headless apmd cups-common avahi-autoipd | zeroconf pcscd thin-provisioning-tools sysvinit-core radeontool openbsd-inetd | inet-superserver proftpd-doc proftpd-mod-ldap proftpd-mod-mysql proftpd-mod-odbc proftpd-mod-pgsql proftpd-mod-sqlite proftpd-mod-geoip
  python-crypto-dbg python-crypto-doc python-gpgme python-dbus-doc python3-dbus-dbg python3-doc python3-lxml-dbg python-lxml-doc libnet-ldap-perl bind9utils ctdb ldb-tools smbldap-tools winbind ufw heimdal-clients gsmartcontrol smart-notifier wpagui libengine-pkcs11-openssl xfsdump
  attr
Recommended packages:
  libatasmart4 libesmtp6 libganglia1 libgdk-pixbuf2.0-0 libgps22 libhiredis0.13 libmicrohttpd12 libmodbus5 libmosquitto1 libnotify4 libnspr4 libnss3 libopenipmi0 liboping0 libowcapi-3.1-5 libprotobuf-c1 librabbitmq4 librdkafka1 libriemann-client0 librte-acl2 librte-cfgfile2
  librte-cmdline2 librte-cryptodev2 librte-distributor1 librte-eal3 librte-ethdev5 librte-hash2 librte-ip-frag1 librte-jobstats1 librte-kni2 librte-kvargs1 librte-lpm2 librte-mbuf2 librte-mempool2 librte-meter1 librte-net1 librte-pdump1 librte-pipeline3 librte-pmd-af-packet1
  librte-pmd-bnxt1 librte-pmd-bond1 librte-pmd-cxgbe1 librte-pmd-e1000-1 librte-pmd-ena1 librte-pmd-enic1 librte-pmd-fm10k1 librte-pmd-i40e1 librte-pmd-ixgbe1 librte-pmd-null-crypto1 librte-pmd-null1 librte-pmd-pcap1 librte-pmd-qede1 librte-pmd-ring2 librte-pmd-vhost1
  librte-pmd-virtio1 librte-pmd-vmxnet3-uio1 librte-pmd-xenvirt1 librte-port3 librte-power1 librte-reorder1 librte-ring1 librte-sched1 librte-table2 librte-timer1 librte-vhost3 libsensors4 libsigrok2 libsnmp30 libtokyotyrant3 libupsclient4 libvarnishapi1 libvirt0 libxen-4.8 libyajl2
  default-jre-headless javascript-common libjson-xs-perl vbetool python3-gi python3-bs4 python3-html5lib python-natsort-doc attr samba-dsdb-modules
The following NEW packages will be installed:
  apt-transport-https avahi-daemon beep btrfs-progs collectd collectd-core cpufrequtils dmeventd fontconfig gdisk hdparm ifenslave jfsutils jq libavahi-client3 libavahi-common-data libavahi-common3 libavahi-core7 libcairo2 libcpufreq0 libcups2 libdaemon0 libdatrie1 libdbi1
  libdbus-glib-1-2 libdevmapper-event1.02.1 libfile-copy-recursive-perl libfile-slurp-perl libgraphite2-3 libharfbuzz0b libjavascript-minifier-xs-perl libjq1 libjs-extjs6 libjs-jquery libjs-sphinxdoc libjs-underscore libjson-perl libldb1 liblocale-po-perl liblvm2app2.2 liblvm2cmd2.02
  liblzo2-2 libmemcached11 libmemcachedutil2 libnl-3-200 libnl-genl-3-200 libnss-mdns libonig4 libossp-uuid16 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpcsclite1 libpixman-1-0 libpython2.7 librrd8 libtalloc2 libtdb1 libtevent0 libthai-data libthai0 libxcb-render0
  libxcb-shm0 libxext6 libxrender1 lvm2 monit nginx openmediavault php-bcmath php-cgi php-fpm php-mbstring php-pam php7.0-bcmath php7.0-cgi php7.0-fpm php7.0-mbstring pm-utils proftpd-basic proftpd-mod-vroot python-crypto python-dnspython python-ldb python-samba python-talloc
  python-tdb python3-dbus python3-dialog python3-lxml python3-natsort python3-netifaces python3-pyudev python3-six quota quotatool rrdcached rrdtool samba samba-common samba-common-bin samba-libs samba-vfs-modules sdparm smartmontools tdb-tools update-inetd uuid wpasupplicant xfsprogs
  xmlstarlet
0 upgraded, 111 newly installed, 0 to remove and 0 not upgraded.
Need to get 51.9 MB of archives.
After this operation, 279 MB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
  libjs-extjs6 php-pam openmediavault
E: There were unauthenticated packages and -y was used without --allow-unauthenticated

Zitat von luxflow

for RSA key length 4096, should have to change omv-letsencrypt to support it
but not sure when that feature is released

Maybe just use the renewal options to change it, or a conf include for custom user config?

/etc/letsencrypt/renewal/*.conf
[...]
# Options used in the renewal process
[renewalparams]
rsa-key-size = 4096
[...]

By the way, have you heard about acme.sh? It's really awesome. Use it for work all the time. Perhaps you can snag some things from it for the OMV plugin.

Zitat von luxflow

you can change cipher for omv web gui as you want (see here)
so you just add OMV_NGINX_SITE_WEBGUI_SSL_CIPHERS="EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH" in /etc/default/openmediavault
not to use DH keys

It's not about not using DH, it's about using the right ones. See a favored nginx A+ ssllabs rated config here.

OMV_NGINX_SITE_WEBGUI_SSL_CIPHERS="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
but I have it on a debian wheezy machine, with;

nginx version: nginx/1.11.3
built by gcc 4.7.2 (Debian 4.7.2-5)
built with OpenSSL 1.0.1e 11 Feb 2013 (running with OpenSSL 1.0.1t 3 May 2016)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --add-dynamic-module=debian/extra/njs-0.1.0/nginx --with-threads --with-stream --with-stream_ssl_module --with-stream_geoip_module=dynamic --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,--as-needed'

while OMV3 runs;

nginx version: nginx/1.6.2
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module --add-module=/build/nginx-AGNHOe/nginx-1.6.2/debian/modules/nginx-auth-pam --add-module=/build/nginx-AGNHOe/nginx-1.6.2/debian/modules/nginx-dav-ext-module --add-module=/build/nginx-AGNHOe/nginx-1.6.2/debian/modules/nginx-echo --add-module=/build/nginx-AGNHOe/nginx-1.6.2/debian/modules/nginx-upstream-fair --add-module=/build/nginx-AGNHOe/nginx-1.6.2/debian/modules/ngx_http_substitutions_filter_module

so I'll let you know if it works..

2 things relating to the plugin on OMV;

- Qualys TLS check rightfully rates the cert with a B ("This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.")
- The server Key is only 2048 bit, while I'd prefer RSA 4096 bits (e 65537), like, for example, on this test.

Sure, I can change nginx config manually, but it gets overwritten at every OMV update, so that's a bad idea.. hence the reason I mention this here.

Thanks in advance for improvements on this TLS implementation for OMV.

Is there a how to for the use of syncthing through OMV 3 ? And by that I mean how it uses storage per user, how it restricts storage access to other user's dirs etc. How to best set it up for that?

Is there a "syncthing how to" on the forum of some sort? I see it's the most searched for combi in the box in the upper right.. Must be missing it, but I can't find it. I'd really like not to mess the thing up again, I have syncthing on other systems and am finally ready to have the syncs active on OVM 3* as well.

Zitat von aroundmyroom

Why not put one of these http://www8.hp.com/emea_middle…t-detail.html?oid=5194891 in one of your Gen8s (like I have). Then put some extra RAM in that unit, virtualize the 4 servers on the 1, connect a lot of external drives through the backport of the P222 and you'll basically have the same, only faster (6Gbit SATA) and with 3 times less noise in your attic

Zitat von deeprain

Hello ryecoaaron, you wrote that dnsmasq ist deleted.

dnsmasq is real easy to install and config on commandline. One of the easiest to understand config files there are for linux. Plus, you'll get the latest version for debian that way.

Zitat von tekkb

There are a number of modules ( what webmin calls plugins)

Webmin calls them modules. OVM calls them plugins.

Another great advantage of webmin is the easy install and config of http://configserver.com/cp/csf.html as a module, which is the best firewall/security suite of scripts I've ever seen and used on linux servers. Sure, you can also install CSF standalone, but it's easier to maintain through webmin.

Zitat von luxflow

I fotgot to mention, apt-get install -t jessie-backports certbotsorry!

So you are still decided on using certbot for letsencrypt on OVM ? It invokes dependency hell on many systems, not to mention the huge storage footprint. Why not use https://github.com/Neilpang/acme.sh instead? It's a really well-maintained script. Much more reliable results than certbot (in my experience anyway).

For my day-job I've been installing security and certificates for years, and ever since Snowden stuff has changed. LetsEncrypt is great, but I can recommend using https://github.com/Neilpang/acme.sh instead of the certbot python monstrosity and dependency hell.

By the way, pity we're still at nginx -v 1.6.* on OMV3. I would love to use http2 and be able to use this config:
https://gist.githubusercontent…cb67d85e1454b10997566/TLS
We only get a B- at qualys ssllabs test.

It has, for me. I cleaned apt and re-installed OVM-extras deb3, and now it only shows the ones that work. Except maybe dnsmasq, but I had that installed on shell already, and that works nicely without a gui for me.

Thanks for the quick responses!

Zitat von ryecoaaron

I hate to say it but the letsencrypt plugin has not been ported yet either. I guess I just need to start deleting repos since there is no good way to keep people from installing plugins that aren't ported.

Just put a warning on the OMV-Extras page. And link to these posts. I would have understood and looked away. Now trying a letsencrypt plugin was way too tempting

Anyway, thanks for the hint, a simple
apt-get purge openmediavault-letsencrypt
solved this one for me.
I'll stick with the ones that are supported, like syncthing

The plugin fails on the latest OMV3.*, just so others know, when they would consider installing it on the beta: Don't do it, yet.
Is OMV3 (Erasmus) still in beta or is it considered stable?

Zitat von ryecoaaron

It is true. I install OMV 3.x multiple times per day most days. There are harmless errors that people worry too much about. Commercial NASes just hide the errors. Whenever you install a php or nginx update, nginx and/or php5-fpm need to be restarted. This generates communication errors until the service is restarted. This is almost impossible to avoid but harmless.

I'm sorry but I would have to disagree on that. I realize I'm using extras-testing, but I think having SSL is a major requirement for access from the outside. So I tried this 1 plugin over a new clean OMV3, and immediately fall into that same hole:

Reading package lists...
Building dependency tree...
Reading state information...
The following extra packages will be installed:
git git-man liberror-perl
Suggested packages:
git-daemon-run git-daemon-sysvinit git-doc git-el git-email git-gui gitk
gitweb git-arch git-cvs git-mediawiki git-svn
Recommended packages:
patch
The following NEW packages will be installed:
git git-man liberror-perl openmediavault-letsencrypt
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 4563 kB of archives.
After this operation, 23.6 MB of additional disk space will be used.
Get:1 http://ftp.surfnet.nl/os/Linux/distr/debian/ jessie/main liberror-perl all 0.17-1.1 [22.4 kB]
Get:2 https://dl.bintray.com/openmed…velopers/erasmus-testing/ jessie/main openmediavault-letsencrypt all 2.3 [11.2 kB]
Get:3 http://ftp.surfnet.nl/os/Linux/distr/debian/ jessie/main git-man all 1:2.1.4-2.1+deb8u2 [1267 kB]
Get:4 http://ftp.surfnet.nl/os/Linux/distr/debian/ jessie/main git amd64 1:2.1.4-2.1+deb8u2 [3262 kB]
Fetched 4563 kB in 0s (9033 kB/s)
Selecting previously unselected package liberror-perl.
(Reading database ... (Reading database ... 5%(Reading database ... 10%(Reading database ... 15%(Reading database ... 20%(Reading database ... 25%(Reading database ... 30%(Reading database ... 35%(Reading database ... 40%(Reading database ... 45%(Reading database ... 50%(Reading database ... 55%(Reading database ... 60%(Reading database ... 65%(Reading database ... 70%(Reading database ... 75%(Reading database ... 80%(Reading database ... 85%(Reading database ... 90%(Reading database ... 95%(Reading database ... 100%(Reading database ... 32733 files and directories currently installed.)
Preparing to unpack .../liberror-perl_0.17-1.1_all.deb ...
Unpacking liberror-perl (0.17-1.1) ...
Selecting previously unselected package git-man.
Preparing to unpack .../git-man_1%3a2.1.4-2.1+deb8u2_all.deb ...
Unpacking git-man (1:2.1.4-2.1+deb8u2) ...
Selecting previously unselected package git.
Preparing to unpack .../git_1%3a2.1.4-2.1+deb8u2_amd64.deb ...
Unpacking git (1:2.1.4-2.1+deb8u2) ...
Selecting previously unselected package openmediavault-letsencrypt.
Preparing to unpack .../openmediavault-letsencrypt_2.3_all.deb ...
Unpacking openmediavault-letsencrypt (2.3) ...
Processing triggers for man-db (2.7.0.2-5) ...

>>> *************** Error ***************
Failed to read from socket: Connection reset by peer
<<< *************************************

>>> *************** Error ***************
Failed to connect to socket: Connection refused
<<< *************************************

>>> *************** Error ***************
Failed to connect to socket: Connection refused
<<< *************************************

Either way, I now have a weird Error dialog window I can't close, and the entire web-gui is locked up because of that. It says [Error] Communication error. So, I can have all the patience in the world, but when this keeps happening with the install of just the first crucial plugin I would like to use, it has nothing to do with patience. When I look in syslog, this might be of interest;

Jul 23 14:58:21 sugar monit[815]: 'omv-engined' restart on user request
Jul 23 14:58:21 sugar monit[815]: Monit daemon with PID 815 awakened
Jul 23 14:58:21 sugar monit[815]: Awakened by User defined signal 1
Jul 23 14:58:21 sugar monit[815]: 'omv-engined' trying to restart
Jul 23 14:58:21 sugar monit[815]: 'omv-engined' stop: /bin/systemctl
Jul 23 14:58:21 sugar monit[815]: 'omv-engined' start: /bin/systemctl
Jul 23 14:58:21 sugar systemd[1]: openmediavault-engined.service: Supervising process 6433 which is not our child. We'll most likely not notice when it exits.
Jul 23 14:58:21 sugar monit[815]: 'omv-engined' restart action done
Jul 23 14:58:22 sugar systemd[1]: openmediavault-engined.service: main process exited, code=exited, status=255/n/a
Jul 23 14:58:22 sugar systemd[1]: Unit openmediavault-engined.service entered failed state.
Jul 23 14:58:27 sugar monit[815]: 'omv-engined' restart on user request
Jul 23 14:58:27 sugar monit[815]: Monit daemon with PID 815 awakened
Jul 23 14:58:27 sugar monit[815]: Awakened by User defined signal 1
Jul 23 14:58:27 sugar monit[815]: 'omv-engined' trying to restart
Jul 23 14:58:27 sugar monit[815]: 'omv-engined' start: /bin/systemctl
Jul 23 14:58:27 sugar systemd[1]: openmediavault-engined.service: Supervising process 6815 which is not our child. We'll most likely not notice when it exits.
Jul 23 14:58:27 sugar systemd[1]: openmediavault-engined.service: main process exited, code=exited, status=255/n/a
Jul 23 14:58:27 sugar systemd[1]: Unit openmediavault-engined.service entered failed state.
Jul 23 14:58:57 sugar monit[815]: 'omv-engined' failed to start (exit status 0) -- no output
Jul 23 14:58:57 sugar monit[815]: 'omv-engined' restart action done
Jul 23 14:59:27 sugar monit[815]: 'omv-engined' process is not running
Jul 23 14:59:27 sugar monit[815]: 'omv-engined' trying to restart
Jul 23 14:59:27 sugar monit[815]: 'omv-engined' start: /bin/systemctl
Jul 23 14:59:27 sugar systemd[1]: openmediavault-engined.service: Supervising process 6853 which is not our child. We'll most likely not notice when it exits.
Jul 23 14:59:28 sugar systemd[1]: openmediavault-engined.service: main process exited, code=exited, status=255/n/a
Jul 23 14:59:28 sugar systemd[1]: Unit openmediavault-engined.service entered failed state.
Jul 23 14:59:58 sugar monit[815]: 'omv-engined' failed to start (exit status 0) -- no output
Jul 23 15:00:01 sugar CRON[6860]: (root) CMD (/usr/sbin/omv-mkgraph >/dev/null 2>&1)
Jul 23 15:00:01 sugar rrdcached[862]: Received FLUSHALL
Jul 23 15:00:28 sugar monit[815]: 'omv-engined' process is not running
Jul 23 15:00:28 sugar monit[815]: 'omv-engined' trying to restart
Jul 23 15:00:28 sugar monit[815]: 'omv-engined' start: /bin/systemctl
Jul 23 15:00:28 sugar systemd[1]: openmediavault-engined.service: Supervising process 6925 which is not our child. We'll most likely not notice when it exits.
Jul 23 15:00:28 sugar systemd[1]: openmediavault-engined.service: main process exited, code=exited, status=255/n/a
Jul 23 15:00:28 sugar systemd[1]: Unit openmediavault-engined.service entered failed state.
Jul 23 15:00:58 sugar monit[815]: 'omv-engined' failed to start (exit status 0) -- no output

I tried searching on some of these and its possible solutions, but it's not easily solved, not even for me. And this is my job.
After a reboot, I get this again (under the [Show details] button):

Error #0:exception 'OMV\Rpc\Exception' with message 'Failed to connect to socket: Connection refused' in /usr/share/php/openmediavault/rpc/rpc.inc:138Stack trace:#0 /usr/share/php/openmediavault/rpc/proxy/json.inc(95): OMV\Rpc\Rpc::call('Services', 'getStatus', Array, Array, 3)#1 /var/www/openmediavault/rpc.php(45): OMV\Rpc\Proxy\Json->handle()#2 {main}