Hi, how do you check data integrity of your backups? I have been reading that is common after some years that some data may be corrupted. How do you check that the data on the disks are still ok?
My OMV installation is based on a RPi4.
Thank you
Hi, how do you check data integrity of your backups? I have been reading that is common after some years that some data may be corrupted. How do you check that the data on the disks are still ok?
My OMV installation is based on a RPi4.
Thank you
I think I don't need it
Hi,
I mainly use OMV for local shared folders and also for a instance of Nextcloud(backup of photos from family members). Recently nextcloud anounce that the installation should run on a 64bits OS. Since I Installed OMV for the first time, ~2years ago, the RPi4 add support for 64bits and also for run the OS from the SSD.
Right now I have a RPi4 with the OS on the sdcard, an HDD for data/backups and an SSD for docker + nextcloud DATA.
After the last update of NC my instance of nextcloud became slow.
I have already read about how to move omv.
My doubts are:
- Install a 64bit OS on the sdcard and use the SSD for docker + nextcloud DATA(the same setup as current)?
- Install the OS on the ssd, doesn't need to point the docker to another disk and also use this SSD for nextcloud DATA?
I didn't have any problems with OMV during these 2 years but from time to time I duplicate the sdcard in case I need to restore it. If I move to the SSD I think I'll lost the easier process of recover.
Dear all,
I have a maybe silly question. Assuming I have a computer with a clean swag server (listening the port 443 if I understand well for any https request pointing on my box), could I get a second computer running swag on the same network for managing the containers on this second computer.
I understood that this possible to access by internet two different OMV6 servers by the solution through the duckdns container by opening the two different OMV ports on my box. But with swag, any https request two the box will go only on one swag server, no ?
Thank you very much,
Harold
You only can port-forwarding a port 443 to one server. So only one SWAG could be reached from outside however I think nginx is capable of forward the packets from one SWAG to another based of subdomain per example.
You don't need two SWAG services running if you want to access OMV outside of your network. You can set the SWAG to forward a domain to a container on the some host or a machine on the same network using ip address.
SWAG service:
- omv1.domain.com -> localhost omv(omv on same machine as SWAG);
- omv2.domain.com -> ip of second host running omv;
Hi,
Do you encrypt your data disks? Is it possible on a RPi4 based setup?
Thank you
May I suggest "real" router/firewall like pfSense with IDS/IPS running?
Isn't fail2ban or CrowdSec enought for this type of attack?
EDIT:
if you don't want to go down the cloudflare or pfsense/opnsense road, at the very least you should be using a reverse proxy like swag or nginx-proxy-manager with fail2ban enabled so that hammering by a hacker is blocked after a few failed login attempts. I believe swag has fail2ban built in, while nginx-proxy-manager requires an extra docker container and some custom config to make it work.
Read it after :p
The main reason to my last post was me trying to find out why my nextcloud instance became slower lately.
192.168.1.248 - - [25/Mar/2023:19:02:31 +0000] "GET /apps/dashboard/ HTTP/2.0" 200 9646 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "-"0.881 0.880 0.020 0.870
192.168.1.248 - - [25/Mar/2023:19:02:32 +0000] "GET /apps/activity/js/activity-sidebar.js?v=71c8fb49-0 HTTP/2.0" 200 373126 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "-"0.270 0.270 0.030 0.050
192.168.1.248 - - [25/Mar/2023:19:02:32 +0000] "GET /apps/activity/js/activity-dashboard.js?v=71c8fb49-0 HTTP/2.0" 200 341839 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "-"0.283 0.280 0.030 0.070
192.168.1.248 - - [25/Mar/2023:19:02:32 +0000] "GET /apps/viewer/js/viewer-main.js?v=71c8fb49-0 HTTP/2.0" 200 670644 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "-"0.712 0.710 0.260 0.280
192.168.1.248 - - [25/Mar/2023:19:02:32 +0000] "GET /ocs/v2.php/search/providers?from=%2Fapps%2Fdashboard%2F HTTP/2.0" 200 221 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "-"0.353 0.350 0.030 0.350
192.168.1.248 - - [25/Mar/2023:19:02:33 +0000] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/2.0" 200 480 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "-"0.296 0.300 0.030 0.300
192.168.1.248 - - [25/Mar/2023:19:02:34 +0000] "PUT /ocs/v2.php/apps/user_status/api/v1/heartbeat?format=json HTTP/2.0" 200 119 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "-"0.400 0.390 0.030 0.390
192.168.1.248 - - [25/Mar/2023:19:02:34 +0000] "GET /ocs/v2.php/apps/activity/api/v2/activity/by HTTP/2.0" 200 872 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "-"0.557 0.550 0.030 0.550
192.168.1.248 - - [25/Mar/2023:19:02:34 +0000] "GET /apps/recommendations/api/recommendations/always HTTP/2.0" 200 314 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "-"0.929 0.930 0.030 0.930
192.168.1.248 - - [25/Mar/2023:19:02:34 +0000] "GET /ocs/v2.php/apps/user_status/api/v1/statuses/josex HTTP/2.0" 200 127 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "-"0.607 0.610 0.050 0.610
192.168.1.248 - - [25/Mar/2023:19:02:34 +0000] "PUT /ocs/v2.php/apps/user_status/api/v1/heartbeat?format=json HTTP/2.0" 200 119 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" "-"0.618 0.620 0.050 0.620
Alles anzeigen
It looks like that is the nextcloud server that takes too much time to answer. How can I identify what could cause it?
$request_time – Full request time, starting when NGINX reads the first byte from the client and ending when NGINX sends the last byte of the response body
$upstream_response_time – Time between establishing a connection to an upstream server and receiving the last byte of the response body
$upstream_connect_time – Time spent establishing a connection with an upstream server
$upstream_header_time – Time between establishing a connection to an upstream server and receiving the first byte of the response header
Anyone knows how can I change the nginx log format on swag?
I would like to add some more info:
# Specifies the main log format.
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
'$request_time '
'$upstream_response_time '
'$upstream_connect_time '
'$upstream_header_time';
I try to add it to config/nginx/nginx.conf without success.
solved: I need to add the main tag to the access_log path: access_log /config/log/nginx/access.log main;
Alles anzeigenI have OMV 6 running on my RasPi 4. Only problem is the USB3 port and SSD enclosure. Works with RasPi4 USB2 port. Check out the following website for USB3/SSD issue:
https://jamesachambers.com/ras…ide-for-ssd-flash-drives/
System Info:
===========
Hostname: raspberrypi
OMV Version: 6.3.4-1 (Shaitan)
Processor: BCM2835
Revision: c03112
Model: Raspberry Pi 4 Model B Rev 1.2
RAM: 4G
OS: Raspberry Pi OS Lite (64-bit) A port of Debian Bullseye with no desktop environment
Kernel: Linux 6.1.19-v8+
SSD: SK Hynix SHGS31 - 500GS-2
USB3 Drive Connection: Sabrent Model:EC-OCUB
Drive Formated: EXT4
USB3 Powered Hub: Atolla 204
Static IP Address
But is it because you're using an unspported case?
Is 64bit installation recommended now?
Hi, needed to install docker and portainer at the end. I was very cautious during the process and it is working with the new ssd
Change the cp -rp with cp -rav. -v to know what cp is doing and -a because reading the man page it looks like it perserve more information.
Thank you for the guide
Edit: I just realized you had more than just docker on that drive.... Well how I detailed above is how I'd move docker. For the other files.. I usually just use rsync... When it's all done, just format the old drive.
I only have docker on that driver but I have mutiple containers running. When I'm home I can share a ls of the disk. cp command keep all the owners and permissions?
Thank you for the detailed explanation
Hi,
I have an sdd connected to rpi4 that I use for docker. I have set the docker storage path to this disk. The mainly docker image used is nextcloud that I have been running smooth for like 1 year. Now I want to replace the 128GB that is almost full with a 512GB disk.
How should I proceed with this?
Can I dd from one disk to another and then expand the disk?
Should I rsync all the files from one to another?
Thank you
On the NFS settings changed the anonuid and anongid to a user that I use to login via samba and now I have the permissions.
Hi,
I have a shared folder called 'Fotos' than I create a NFS share:
'Ler/Escrever' means 'Read/Write'
On the Host side, ssh using the admin-user login, this is what I get:
On the client side this is what I get:
Using samba I can create and edit files however using NFS I can only create folders and files inside folders created by the user admin-user. I can't create folders on the root of 'Fotos'.
What I'm doing wrong?
Thank you
Hi,
I tried lscr.io/linuxserver/transmission:latest and it worked. Then I tried transmission with openvpn but can't make it work with nordvpn:
---
version: "2"
services:
transmission-openvpn:
image: haugene/transmission-openvpn:latest
container_name: transmission-openvpn-syno
restart: always
cap_add:
- NET_ADMIN # This runs the container with raised privileges
devices:
- /dev/net/tun # This creates a tunnel for Transmission
volumes:
- /srv/dev-disk-by-label-DATA/Filmes:/data # Change this to your Torrent path
environment:
- OPENVPN_PROVIDER=NORDVPN # Or other compatible OpenVPN provider
#- OPENVPN_CONFIG=Spain # Or other region that supports port forwarding. Check with your VPN provider
- OPENVPN_USERNAME=USER # VPN provider username
- OPENVPN_PASSWORD=PASS # VPN provider password
#- NORDVPN_COUNTRY=ES
- LOCAL_NETWORK=192.168.1.5 # If your server's IP address is 192.168.1.x, then use this. If your server's IP address is 192.168.0.x, then change to 192.168.0.0/24
- OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60 # Leave this as is
- PUID=1002 #Change to your PUID
- PGID=100 #Change to your PGID
logging:
driver: json-file
options:
max-size: 10m
ports:
- 9091:9091 #GUI Port
- 8888:8888 #Transmission Port
dns:
- 8.8.8.8 #Use whatever DNS provider you want. This is Google.
- 8.8.4.4 #Use whatever DNS provider you want. This is Google.
Alles anzeigen
Output log:
ZitatAlles anzeigenUsing OpenVPN provider: NORDVPN,
Running with VPN_CONFIG_SOURCE auto,
Provider NORDVPN has a bundled setup script. Defaulting to internal config,
Executing setup script for NORDVPN,
2022-08-29 16:56:52 Checking curl installation,
2022-08-29 16:56:52 Removing existing configs,
2022-08-29 16:56:52 Selecting the best server...,
2022-08-29 16:56:52 Searching for group: legacy_p2p,
2022-08-29 16:56:52 Searching for technology: openvpn_udp,
2022-08-29 16:56:52 Best server : pt89.nordvpn.com,
2022-08-29 16:56:52 Downloading config: default.ovpn,
2022-08-29 16:56:52 Downloading from: https://downloads.nordcdn.com/…pt89.nordvpn.com.udp.ovpn,
Starting OpenVPN using config default.ovpn,
Modifying /etc/openvpn/nordvpn/default.ovpn for best behaviour in this container,
Modification: Point auth-user-pass option to the username/password file,
Modification: Change ca certificate path,
Modification: Change ping options,
Modification: Update/set resolv-retry to 15 seconds,
Modification: Change tls-crypt keyfile path,
Modification: Set output verbosity to 3,
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop,
Setting OpenVPN credentials...,
adding route to local network 192.168.1.5 via 172.23.0.1 dev eth0,
Mon Aug 29 16:56:53 2022 OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022,
Mon Aug 29 16:56:53 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10,
Mon Aug 29 16:56:53 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts,
Mon Aug 29 16:56:53 2022 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication,
Mon Aug 29 16:56:53 2022 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication,
Mon Aug 29 16:56:53 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]5.154.174.161:1194,
Mon Aug 29 16:56:53 2022 Socket Buffers: R=[180224->180224] S=[180224->180224],
Mon Aug 29 16:56:53 2022 UDP link local: (not bound),
Mon Aug 29 16:56:53 2022 UDP link remote: [AF_INET]5.154.174.161:1194,
Mon Aug 29 16:56:53 2022 TLS: Initial packet from [AF_INET]5.154.174.161:1194, sid=767af0f4 2fee763b,
Mon Aug 29 16:56:53 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this,
Mon Aug 29 16:56:53 2022 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA,
Mon Aug 29 16:56:53 2022 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7,
Mon Aug 29 16:56:53 2022 VERIFY KU OK,
Mon Aug 29 16:56:53 2022 Validating certificate extended key usage,
Mon Aug 29 16:56:53 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication,
Mon Aug 29 16:56:53 2022 VERIFY EKU OK,
Mon Aug 29 16:56:53 2022 VERIFY X509NAME OK: CN=pt89.nordvpn.com,
Mon Aug 29 16:56:53 2022 VERIFY OK: depth=0, CN=pt89.nordvpn.com,
Mon Aug 29 16:56:53 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA,
Mon Aug 29 16:56:53 2022 [pt89.nordvpn.com] Peer Connection Initiated with [AF_INET]5.154.174.161:1194,
Mon Aug 29 16:56:54 2022 SENT CONTROL [pt89.nordvpn.com]: 'PUSH_REQUEST' (status=1),
Mon Aug 29 16:56:54 2022 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.2.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.2.2 255.255.255.0,peer-id 0,cipher AES-256-GCM',
Mon Aug 29 16:56:54 2022 OPTIONS IMPORT: timers and/or timeouts modified,
Mon Aug 29 16:56:54 2022 OPTIONS IMPORT: explicit notify parm(s) modified,
Mon Aug 29 16:56:54 2022 OPTIONS IMPORT: compression parms modified,
Mon Aug 29 16:56:54 2022 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified,
Mon Aug 29 16:56:54 2022 Socket Buffers: R=[180224->360448] S=[180224->360448],
Mon Aug 29 16:56:54 2022 OPTIONS IMPORT: --ifconfig/up options modified,
Mon Aug 29 16:56:54 2022 OPTIONS IMPORT: route options modified,
Mon Aug 29 16:56:54 2022 OPTIONS IMPORT: route-related options modified,
Mon Aug 29 16:56:54 2022 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified,
Mon Aug 29 16:56:54 2022 OPTIONS IMPORT: peer-id set,
Mon Aug 29 16:56:54 2022 OPTIONS IMPORT: adjusting link_mtu to 1657,
Mon Aug 29 16:56:54 2022 OPTIONS IMPORT: data channel crypto options modified,
Mon Aug 29 16:56:54 2022 Data Channel: using negotiated cipher 'AES-256-GCM',
Mon Aug 29 16:56:54 2022 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key,
Mon Aug 29 16:56:54 2022 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key,
Mon Aug 29 16:56:54 2022 ROUTE_GATEWAY 172.23.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:17:00:02,
Mon Aug 29 16:56:54 2022 TUN/TAP device tun0 opened,
Mon Aug 29 16:56:54 2022 TUN/TAP TX queue length set to 100,
Mon Aug 29 16:56:54 2022 /sbin/ip link set dev tun0 up mtu 1500,
Mon Aug 29 16:56:54 2022 /sbin/ip addr add dev tun0 10.8.2.2/24 broadcast 10.8.2.255,
Mon Aug 29 16:56:54 2022 /etc/openvpn/tunnelUp.sh tun0 1500 1585 10.8.2.2 255.255.255.0 init,
Up script executed with tun0 1500 1585 10.8.2.2 255.255.255.0 init,
Updating TRANSMISSION_BIND_ADDRESS_IPV4 to the ip of tun0 : 10.8.2.2,
Updating Transmission settings.json with values from env variables,
Using existing settings.json for Transmission /data/transmission-home/settings.json,
Overriding bind-address-ipv4 because TRANSMISSION_BIND_ADDRESS_IPV4 is set to 10.8.2.2,
Overriding download-dir because TRANSMISSION_DOWNLOAD_DIR is set to /data/completed,
Overriding incomplete-dir because TRANSMISSION_INCOMPLETE_DIR is set to /data/incomplete,
Overriding rpc-port because TRANSMISSION_RPC_PORT is set to 9091,
Overriding watch-dir because TRANSMISSION_WATCH_DIR is set to /data/watch,
sed'ing True to true,
Enforcing ownership on transmission config directories,
Applying permissions to transmission config directories,
Setting owner for transmission paths to 1002:100,
Setting permissions for download and incomplete directories,,
2,
Directories: 775,
Files: 664,
Setting permission for watch directory (775) and its files (664),
,
-------------------------------------,
Transmission will run as,
-------------------------------------,
User name: abc,
User uid: 1002,
User gid: 100,
-------------------------------------,
,
STARTING TRANSMISSION,
Transmission startup script complete.,
Mon Aug 29 16:56:55 2022 /sbin/ip route add 5.154.174.161/32 via 172.23.0.1,
Mon Aug 29 16:56:55 2022 /sbin/ip route add 0.0.0.0/1 via 10.8.2.1,
Mon Aug 29 16:56:55 2022 /sbin/ip route add 128.0.0.0/1 via 10.8.2.1,
Mon Aug 29 16:56:55 2022 Initialization Sequence Completed,
It looks like it can connect to nordvpn but doesn't set up transmission.
LOCAL_NETWORK was wrongly configured.
I tried to do omv-update but it fails. Also I doesn't have an omv-upgrade command.
The plugins I have installed are: openmediavault-flashmemory 5.0.7 and openmediavault-omvextrasorg 5.6
How do I know if they have been ported to 6?
Thank you