Posts by godfuture

    While that may be true, too many people screw up their systems with the plugin and I don't have time to maintain the plugin. Docker is just a better fit.

    Technically I totally agree. But I am not so well with nginx config files and the GUI helped me to get to my target. Could the nginx plugin be used to simply write the config file? Then the user could specify the path to nginx config files of nginx container bind mount -> not access to whole system.

    Edit: The integration to certs was also nice given that Letsencrypt was easy to integrate / select. I really miss those two pluggis.

    I tried openvpn. It worked mostly, but often I got cert problems. Not with ca or server cert, but with the one that manages revoke state. I tried to use one easyRSA for two instances, but ended up with many issues when recreating the container. OpenVpnAs works very well, but allows only two parallel connections. And now I have routing issues with receiving RTP packets. On top, openVPN keepalive packets cost battery life on my phone. To me wireguard is the last hope to be honest :)

    plugins="cups dnsmasq docker-gui domoticz duplicati eyefi ldap letsencrypt mysql nginx openvpn pxe remotedesktop route shellinabox syncthing transmissionbt urbackup-server vdo virtualbox webdav netatalk route mumble vdr vdr-extras vdr-vnsiserver"

    There are many plugins, I really like. Nginx, urbackup-server, letsencrypt. Will I loose my nginx sites config? Could I try out before doing the migration? Or do I have to do a full disk backup? I read about a lot problems afterwards :(


    I am trying to install on my OMV4 docker environment. But compiling fails. My current kernel is backports 4.19.

    I do not know anything about kernels. So my question is, if Debian 9 will be working together with latest kernels? In my case I would like to install Ubuntu mainline. Am I completely free when choosing the kernel? How could I elaborate dependencies?

    Thanks a lot for help here!

    Many tried to hijack this thread, so lets get back to topic.

    My IO monitoring stopped at June '19. This might be the day I have installed a new kernel. Where could I check this? Anyhow, for some devices I have a crying smiley, but I don't know if this was always the case or just changed together with the IO monitoring loss.

    Is there a solution with regular update system to get the IO monitoring back to life?

    kernel: 4.19.0-0.bpo.6-amd64

    Same problem here.

    I have used "--network=docker" to create my own subnets where host names will be dynamically resolved. Problematic with the gui is also that if you started the container using "--network=docker" as extra argument in bridged mode, the next edit will show network mode "Docker". If you save the editor without changing it back to "Bridge", it will fail and reset all port configs.

    Now this trick with "--network=docker" does not work anymore. What happened is that my Nextcloud container disappeared due to the error message in the opening post.

    Why is the additional network adapter not supported in the gui? How could we fix this problem?

    Hello together,

    lately I encounter issues with my mountpoints. I noticed that when I am changing configuration of shared folders in web gui, I get an email informing me about many of my partitions:

    Short after I get this email:

    Does someone have similar issues?

    1. i put in my usb key (sde)

    I don't know what you want to do with this USB stick, besides using it for storing the encryption key. But I formatted the USB stick
    with mbr and added a fat32 partition. This way you might even use it to store something and additionally make it look even more "normal" to intruders. I know, this sounds so paranoid...but I guess you read newspaper ;-)

    2. dd if=/dev/random of=/dev/sde bs=512 seek=1 count=2046 to create random bytes ( how long takes that?)

    As said, /dev/random uses true random data which is the safest, but has also dependencies -> enough entropy. Means, you need to make sure your entropy stream does not run out of data. The stream gets blocked, if entropy runs out. This would increase the time used to create random numbers enormously. Entropy is normally filled by random input like keyboard, mouse and so on. But these type of inputs are not directly available on server. Threfore get an application that creates entropy by inputs like network data...can't remember the name of the app now. If that sounds too much for you, you might want to read about /dev/random vs /dev/urandom.

    3. dd if=/dev/sde bs=512 skip=1 count=8 > tempKeyFile.bin (this create the keyfile?)

    Yes, but on server.

    4. i go to omv luks an create a new luks hdd and upload the key file ( tempKeyFile.bin?)

    Instead of transferring the key to client and then upload it back again, you might want to create the luks device on webconsole (starting with password) and add the key by command line later on. But still, its up to you. Starting with keyfile is fine as well.

    5. i find out my uuid from the usb key (sde)

    UUID for the partition that should get unlocked and ID for accessing the USB stick during boot for the keyfile.

    6. i edit the cryptab file and a the usb keyfile for the hdd (example sdb-crypt uuid /uuid(usb) ?

    Yes. See above in previous comments.

    Shouldn't that be enough if you have not forwarded any ports?

    Good question. I do have a few port forwards. Isn't the (insecure) application behind open ports the real thread here? I mean are common router firewalls known to be insecure by default considering the user wants to host a service privately? Is it best practice to have multiple firewalls active?

    Have a look at the 3-2-1-Backup-Strategy

    Thanks. I will do that.

    Thank you guys for your valuable hints. I still couldnt find anything, but as you said there might be many reasons for this. I am also not very skilled in thi.s I guess I will follow your suggestion and start from scratch. Also installing a firewall will be the way to go. Now I am using the router firewall only :(

    Still I dont know how to safe my important data...very likely I have to buy an external drive I guess.

    Again, thank you very much :/

    Last night my OMV was not accessible anymore. Also docker not. I tried to open my web gui, but it responded very slow. After tipying my password and hitting login, I saw firefox was sending and waiting for a lot requests (little notice at the bottom of firefox). I checked the cpu, io and ram usage, but nothing was suspicious. When I tried to login via ssh, I barely could type any letter. After typing two letters into the ssh terminal, I had to wait long time till the next two would appear.

    I could not find anything leaking in kernel log. What could explain the slow response from omv nginx? What could explain the extreme delay in which the letters appeared in ssh terminal? Today everything seems back to normal.

    How could I check if my server was hacked? :/

    Is it possible to create a keyfile via GUI. And store it on a USB Stick. To unlock my luks HDD ?

    I don't think so. As I see it OMV lets you only uploading the file.

    Is there an easy way with the OMV GUI over Storage-Encyption-Keys-Add ?

    I don't think so. As I see it OMV lets you only add a keyfile to the LUKS header.

    now i think i copy from an "random file" the key to my usb stick be more precise, it is not a file, but a stream. I recommend you to read the man page before using dd. Without knowing what you do, you might end up with data loss.

    What happens here ? Overwrite the same file with a skip or copy it with a skip ?

    512 * 8 bytes of random data from USB stick is exported to file.

    How can i add it in my header (i have done the luks encryption in the OMV GUI)
    which entries the fstab ?

    Via the GUI or commandline (cryptsetup luksAddKey). The screenshot you have posted shows how it works to add a keyfile or password.

    I have written this in the thread few posts before (LUKS + KeyFile + AutoMount? [SOLVED]). Also about the crypttab entry. Good luck!