Posts by pcon

    Here the solution from the JFrog site:

    „How to remediate CVE-2024-3094

    Immediately downgrade your version of xz to an earlier version (5.4.6 is the latest unaffected version in most distributions).“


    The installed version on OMV 7 is 5.4.1-0.2

    root@xxxxxxx:~# apt search xz-utils

    root@xxxxxxx:~# xz-utils/stable,now 5.4.1-0.2 amd64 [Installiert,automatisch]


    All is fine.

    After the upgrade from OMV 6 to OMV 7 I get this error message if I execute omv-upgrade.

    Any idea how to fix?

    ===============================================
    Resolved


    Execute

    Code
    sudo apt remove --purge nfs-common


    After that the hole OMV 7 was gone. OMV website not longer reachable. ngix error 403. Container running fine after this action.
    Install openmediavault on an existing Debian following this instruction from the OMV documatation side:


    Installation on Debian


    Restart / reboot after the installation and OMV 7 is back. Services like NFS, Rsync, SMB/Cifs, SSH are working fine with the old configuration.

    Missed: OMV-Extras 7 are vanished after the restart / reboot. Install OMV-Extras 7 with:


    Code
    wget -O - https://github.com/OpenMediaVault-Plugin-Developers/packages/raw/master/install | bash

    after the OMV-Etraxs installation I have to reinstall the missing plugins. The plugins working with the old configuration.

    Come ai installato. Con quale Tutorial? Ai installato OMV 6 con la connessione SSH? La IP che usi nel Browser e uguale a quella del SSH?

    Rclone ist Sync Tool and duplicati is a Backup and Restore Tool with a lot of options.

    Duplicati has data deduplication, that saves a lot of space, backup plans, different retention times for multiple backups, encryption, …

    For Backup and Restore I would recommend duplicati in a container.

    Kenji

    If you use this Ports on your SWAG Container:


    ports:
    - 444:443
    - 82:80
    - 81:81


    Than your Fritz!Box configuration is wrong. You are mapping:

    - 444:443

    444 is your Host port that will mapped to the 443 port of your Container

    at the Fritz!Box you have to you use only 444


    Same think for 82:80



    It seams that the folder are not created with the root user. If you create folder with the root user is root root or root user and not 1000 1000. That is strange because you say that you have created the folder with root.


    Try please http://6587546657474575XXXX.duckdns.org


    In the SWAG log are errors for the validation methode.

    Chance in the SWAG Docker config

    from SUBDOMAIN=wildcard to SUBDOMAINS=www

    and recreate the Docker Container.


    Code
    Exception: Not installed in /config/www/nextcloud/lib/…

    In you Netcloud log are a lot of excption of not installed files. That cut be a rights problem with the Docker Nextcloud folder.

    First of all. To delete and recreate the folders and set the correct port forwarding is crucial for the Nextcloud container set up.


    --

    1. - Fritzbox ports have been adjusted.

    port extern 443 to port 444 intern (IP OVM)

    extern 80 to port 81 intern (IP OVM)

    I don't know where you get the port 444 but in the template from #84 there isn't a port 444. Only 443 and 80. See also Post #84

    In post #91 is written that you need only the port 443 and 80. Why do you forwarding from 443 (ext.) to 444 (int.) This will not work because your Swag is running on 443. You are forwarding somewhere in the Nirwana on your OMV there isn't a docker or a service that response to port 444. You need to forward from 443 (ext.) to 443 (int.) and 80 (ext.) to 80 (int.) on your Fritz!Box

    0 => '192.168.178.22:444' Isn’t needed in this set up. See Post #88. In the Nextcloud container there is no Port 444. Only in SWAG are the port 443:443 & 80:80.


    In your screenshots http.png & https.png in post #90 you set Port Forwarding for 443 to 444 and 80 to 81. Only 443 and 80 are needed for SWAG for the letsencrypt and Proxy forwarding too the Nextcloud.

    --

    Points 2. 3. and 4 are OK. If you have deleted and recreated the folder on the cli with the root user, like written in post #88

    --

    5.1 Now Configuration of proxy:

    In the post #84 isn't a instruction to change the Nextcloud proxy. Please follow only the steps in post #84 and report where you get problems.

    --

    You are mix up the OMV [How-To] Nextcloud with swag (Letsencrypt) using OMV and docker-compose and my instruction from post #84. This is not a good idea, because the value, ports, ... are different and at the end the configuration will not work . You have to use only one instruction the OMV How To or my 3 simple step from the post #84. For both you have to delete and recreate the folder before you start like written in #88.

    --

    - Swag Log says this: Why?

    The port forwarding on your Fritz!Box is not correct. You are forwarding from external port 443 to a internal port 444. But your Swag container is listening on the port 443, on port 444 is nothing. SWAG need port 443 and port 80 for the validation. You need to forward from 443 (ext.) to 443 (int.) and 80 (ext.) to 80 (int.) on your Fritz!Box.

    --

    - Nextcloud Log says the following:

    Maybe the Nextcloud website can't be reached. If you browsing to the URL https://658754665747457XXXX.duckdns.org the request will send to SWAG Proxy and the SWAG Proxy will pass the request to Nextcloud. This is not working correctly because the port forwarding on your Fritz!Box is not correct. You are forwarding from external port 443 to a internal port 444. SWAG need port 443 and port 80 for Proxy forwarding to Nextcloud. You need to forward from 443 (ext.) to 443 (int.) and 80 (ext.) to 80 (int.) on your Fritz!Box.

    --

    &thumbnail=1

    https://forum.openmediavault.org/wsc/index.php?attachment/30647/&thumbnail=1

    for the 3 Nextcloud container it is OK. On the pic you can see that only SWAG is listening on the ports 443 & 80.

    --

    &thumbnail=1 &thumbnail=1

    https://forum.openmediavault.org/wsc/index.php?attachment/30648-http-png/

    https://forum.openmediavault.org/wsc/index.php?attachment/30649-https-png/

    You need only to set on the HTTP-server forwarding all ports to port 80.

    You need only to set on the HTTPS-server forwarding all ports to port 443.

    --

    &thumbnail=1

    https://forum.openmediavault.org/wsc/index.php?attachment/30651-lsa-png/

    Because you have only delete the user/s Katharina sftp-access and not delete and recreate the folder.

    --


    Please reed and follow the instruction. Please don't mix up different How Tos, #84 and other thinks that are wrote in this threat. If you use the #84 for your setup, first delete and recreate the folder and set your Fritz!Box port correct to 443 and 80. Otherwise all the rest that will not work.


    If there is anything you don't understand or are unclear about, ask before you do anything. If you mix up different instructions it is difficult to give you a reasonable answer, because we don't know what exactly you did.

    The folder are looking strange. It seams that the are not created with the Root User. Have you deleted the folder and recreated on the cli with the Root User?


    Letsencrypt is not generating a new certifacate and report: “No e-mail address entered or address invalid“ in the log the @ isn’t in the email address.


    trusted_domains' =>

    array (

    0 => '192.168.178.22:444'

    1 => '658754665747457XXXX.duckdns.org',

    ),

    0 => '192.168.178.22:444' Isn’t needed in this set up. See Post #88. In the Nextcloud container there is no Port 444. Only in SWAG are the port 443:443 & 80:80.


    In your screenshots http.png & https.png in post #90 you set Port Forwarding for 443 to 444 and 80 to 81. Only 443 and 80 are needed for SWAG for the letsencrypt and Proxy forwarding too the Nextcloud.


    I don’t understand you responses and don’t know If you following the instructions. What you need is in the post #84 and #88 as simple and step to step instruction. I have tested and it is working.

    You need only to following the description from the post #84 other think are not needed. And please read the instruction.

    I write go to the SWAG folder, you try to chage someting in the nextcloud container.


    Quote

    Rename the proxy file

    Go to the SWAG's folder /config/nginx/proxy-confs in your case it must be this folder on the OMV:


    Unfortunately I can't find any "proxy-confs" here see screenshot

    Code

    Code
    /srv/dev-disk-by-uuid-7abc2b1f-3752-462a-be72-51d4e4e/appdata/swag

    The files are there. This is the path for the SWAG config on your OMV = /srv/dev-disk-by-uuid-7abc2b1f-3752-462a-be72-51d4e4e/appdata/swag you have only to change to /config/nginx/proxy-confs here the full path:

    Code
    cd /srv/dev-disk-by-uuid-7abc2b1f-3752-462a-be72-51d4e4e/appdata/swag/nginx/proxy-confs


    Your folders are not correct:

    Code
    root@omv:~# ls -lsa /srv/dev-disk-by-uuid-7abc2b1f-3752-462a-be72-51d4e4e/appdata                                                                          
    insgesamt 20
    4 drwxr-xr-x  5 root      root        4096 19. Jun 17:35 .
    4 drwxr-sr-x  3 root      users       4096 19. Jun 17:35 ..
    4 drwxr-xr-x  4 root      root        4096 20. Jun 17:48 nextcloud
    4 drwxr-xr-x  4 Katharina sftp-access 4096 20. Jun 17:49 nextclouddb
    4 drwxr-xr-x 11 Katharina sftp-access 4096 20. Jun 17:49 swag
    Quote

    ls -lsa /srv/dev-disk-by-uuid-7abc2b1f-3752-462a-be72-51d4e4e/appdata/swag/nginx/proxy-confs/

    insgesamt 1204

    24 drwxrwxr-x 2 Katharina sftp-access 24576 20. Jun 20:59 .

    4 drwxrwxr-x 4 Katharina sftp-access 4096 20. Jun 20:59 ..

    Katharina sftp-access have rights on the folder. That seams that are folder that are used or created for other things or user.

    On the cli delete with rm the folder, first change to the appdata folder with cd:

    Code
    cd /srv/dev-disk-by-uuid-7abc2b1f-3752-462a-be72-51d4e4e/appdata
    
    rm -r nextcloud
    rm -r nextclouddb
    rm -r swag


    recreate the folder with mkdir

    Code
    mkdir nextcloud
    mkdir nextclouddb
    mkdir swag


    Delete your docker container and follow the instruction from post #84 only 3 steps

    Create the container

    Rename the proxy file

    Do the first set up for Nexcloud.


    That's all not more or less. If your ports are open on the Fritz!Box it will work.

    Let first check the rights on the folder. Please login with putty and the root user on your OMV and do athe ls command and post the result:

    Code
    ls -lsa /srv/dev-disk-by-uuid-7abc2b1f-3752-462a-be72-51d4e4e/appdata/


    Code
    ls -lsa /srv/dev-disk-by-uuid-7abc2b1f-3752-462a-be72-51d4e4e/appdata/swag/
    ls -lsa /srv/dev-disk-by-uuid-7abc2b1f-3752-462a-be72-51d4e4e/appdata/swag/nginx/proxy-confs/


    The screenshots are not helpful.

    &thumbnail=1

    This screenshot shows the file from: ... nextcloud - config - ngix Why? there is nothing to change

    &thumbnail=1


    Why the change? This is not needed 192.168.178.22:444 there is no port 444 open in the nextcloud container.

    At the moment I can't follow any more this discussion and it is very heavy to give answers.


    Maybe we to go back and doing little steps. Starting with creating the folders on OMV. The Fritz!Box Ports are OK and don't need to be touched. Please create the folder in OMV with the admin account (not with WinSCP) and if your ports are set on the Fritz!Box go ahead with the following instruction from Linux Server IO.


    Create first the container

    Here's a docker compose stack to set up SWAG, nextcloud and mariadb containers. The Volumes paths are adjusted to your paths, SWAG URL and Email must be adjusted to your Email and URL.


    Step 1

    create the container. Copy & Paste the following code in a docker compose stack in Portainer. The Volumes paths are adjusted to your paths, SWAG URL and Email must be adjusted to your Email and URL.


    Step 2

    Rename the proxy file

    Go to the SWAG's folder /config/nginx/proxy-confs in your case it must be this folder on the OMV:

    Code
    /srv/dev-disk-by-uuid-7abc2b1f-3752-462a-be72-51d4e4e/appdata/swag

    rename the file

    Code
    nextcloud.subdomain.conf.sample to nextcloud.subdomain.conf


    Step 3

    connect to


    https://5465345XXXX.dedyn.io


    and do the first set up for Nexcloud.

    Fill out the mariaDB username, password and database.

    After a configuration time you see the intro slides and then see the Nextcloud dashboard


    Done you can access Nextcloud from inside your network and from the internet with: https://5465345XXXX.dedyn.io

    Have you done the SWAG Proxy configuration like written in the How To?


    Configuration of proxy

    • cd /srv/dev-disk-by-label-disk1/appdata/swag/nginx/proxy-confs
    • /srv/dev-disk-by-label-disk1 has to be adjusted
    • cp nextcloud.subfolder.conf.sample nextcloud.subfolder.conf this will copy the sample configuration file for nextcloud and removes the .sample so that the file will become active
    • nano /srv/dev-disk-by-label-disk1/appdata/nextcloud/config/www/nextcloud/config/config.php and insert the text from the box below at the end, but befor the ");" - change "your.url" to your domain

    Code

    Code
    'trusted_proxies' =>   array (    0 => 'swag',  ),  'overwritewebroot' => '/nextcloud',  'overwrite.cli.url' => 'https://your.url/',  'trusted_domains' =>   array (    0 => 'your.url:443',  ),


    • docker restart swag to restart the swag container
    • docker logs -f swag to check for errors
    • docker restart nextcloud

    Have you added in the conig.php the IP and your DNS Name in the array section?

    It must be like this:

    Code
    'trusted_domains' => 
      array (
        0 => '172.168.178.22:444',
        1 => '65875466574745XXXXXX.duckdns.org',
      ),


    SWAG and Letsencrypt are ok you get a certificate.

    See the SWAG log: This certificate expires on 2023-09-16.

    This error message appears when I adjust the ports according to the template above.

    Maybe tried it with this code: