Posts by stratege1401

    Hello,


    It's been more than a years (18 month ) since this built was made.
    And some things have changed...


    So, here my little story.
    The big change was i quit my ISP "ORANGE" with it's livebox Ftth. The contract i had was a 1Gb/s - 300Mb/s.
    Now, I am using FREE as my new ISP, with a box called "DELTA". I now have 10 Gb/s - 600 Mb/s. That DELTA box is providing SFP+ connection.


    I had to update my network hardware so i bought an Microtik Optical switch : https://mikrotik.com/product/crs305_1g_4s_in featuring four SFP+ ports, for up to 10 Gbit per port.
    I choose some 10G DAC/OAC from fs.com ( 2 X 3m DAC ref:SFPP-PC03 and one OAC-15M ref:SFPP-AO15 )
    I had to quit my motherboard copper nic to Intel X520-DA2 (5.0 GT/s, x8 Lane)


    It's good, but i am still bottlenecked by the SATA disk on my server.
    But on my devel rigs, who used nvme ssd, it is faster than light. Really fun !
    My disk setup move from raid6 1 Array to a raid60 with 2 Array Capacity 16 TB
    Speed gain 4x read speed, no write speed gain
    Fault tolerance At least 2-drive failure. Two disk from each RAID6 set can fail without data loss.


    Upgraded the server ram from 8 GB to 32 GB.
    Overall usage is fine. I did hope to use omv4 but ...
    I have now 53 users on it . Family members ( 7 ) and customers ( 3 free users, 43 paying customers ) mostly medical office and architect.
    I have reach 36% of my 16 To storage capacity.


    But, as a NAS server, even using raid60 needs a backup, i am using a nightly backup to a cloned NAS. Yep, i now have TWO nas server. For simplicity, i build the exact same machine.


    The economic depreciation was reach at +14 months for the first server. Witch is now 18 month old. My wife say's it is time he move out !!!
    The second server is now 10 month old.


    In 18 months, over the 16 HDD, i had one disk failure. Hopefully, i had bought my disk through a "seagate champion partner" and i was still under warranty.


    My plans are quiet simple.
    - Adding more paying customers.
    - Moving out one of the server to a hosting company ( the home uptime is not professional ). 3 month from now.
    - planning the future as my 16 TO will be one day reach ( hopefully ).


    Planning the future is kind of tricky. My paying customers have so far no concern for the reactivity of the server ( speed of the server himself and bandwidth ) but i do !
    I may start to plan for a new hardware set. Larger and newer processor. raid pci 2.0 controllers .... who knows. Bandwidth will depend on my future hosting solution.


    And the data capability. I have reach 36 % of 16 TO. If i reach 75%, i will start to plan to have more space.
    - Upgrading the array by switching 4 TO HDD to 10/12 TO HDD.
    - Planning an hardware upgrade to SSD ( reallllly expensive ), and in that case, i will need hardware PCI controller. Maybe in 5 to 8 years.


    And, as i have now one employee in my small business, i want to simplify the back office management. Here come OMV5, witch is now more align with my needs. So, testing time come again !!

    Hello all,


    It's been too long since i pop up here !


    When OMV4 was release, unfortunately, it did not completely meet my need ...
    As OMV5 is coming, and been still very much interested by your project, i wanted to start to test it.


    Used vagrant to Virtualbox, passed the few minor errors:
    - Virtualbox been set-up by default for IDE controllers, sata controller error
    - Bad parameters for remote screen


    So, now, i have a working test OMV5.


    I notice a small problem, who might be related to me playing around with the apt-update-upgrade in order to test to real update Debian 10.
    The Diagnostics-Dashboard and Diagnostic-System Information link are Broken. When click-on, nothing happening.


    I tested using Chrome/firefox/Edge and differents languages in the GUI.


    Otherwise, the test release seem already so perfectly working i cant wait to try/use it again !


    Congrats to the hard working already produce here.

    Because WBB has features that PHPBB or others do not have. And really, PHPBB has the worst code i've ever seen.

    I am very interested about those extra features as i am helping actually a old-large forum on debian to choose it next cms. If you don't mind to educate me :) i am all hears !


    I look to this (commercials ?) thread https://www.forum-software.org…-vs-woltlab-burning-board
    But i did not really see any differences, except phpbb is totaly free and wbb needs a license.


    I agree about worst code, but at least it is free and open.

    Dear THKAISER,


    I wonder why you are using burning board, witch is not a free forum as it cost actually for a single forum licence around 89 EUR ??


    Why no phplikebb forum, witch are free, or smf ...


    Thx.

    It' been 3 month since i have builded my own nas serveur not using openmediavault....



    My actual specs:
    Nextcloud server 13.0.x
    Based A8-6500 16MO with Motherboard Gigabyte GA-F2A88XM-D3HP
    RAID6 with 6 HDD Seagate IronWolf PRO 4 TB, ST4000NE0025
    4.9.0-6-amd64 #1 SMP Debian 4.9.88-1 (2018-04-29)
    Apache 2.4.29 / php 7.0.27 / 10.1.26-MariaDB / mysqlnd 5.0.12
    phpadmin 4.6.6deb4 / Redis server v=3.2.6 / HTTP2 / Fail2ban abuseIPDB /


    I have made some changes since initial build:
    - Updated the Motherboard to an Gigabyte GA-F2A88XM-D3HP for the 8 native sata ports. The extended SATA controller cards were too unstable due to heating, and the old motherboard was getting old.
    - Updated the 8Mo to 16Mo as nextcloud is more reactive. Also, i am running an IDS firewall and it needed more ram, plus all other software or options.
    - Updated all my HDD for brand new Seagate IronWolf PRO 4 TB, ST4000NE0025


    Actually, i am running in a strange Smartmontool (smartd) problem as the ST4000NE0025 is actually not present in the smartd-database. The ST4000NE0025 is the PRO version of the 4TO HDD, the public version is the ST4000NE0004 and i have strange smart reading... Still working on.


    I am very happy with this build. Using Debian instead of openmediavault or other specific distribution was the right move for me. Having 100% knowledge of the build is really a plus. Of course, no more nice GUI for setup. But also, no more strange behaviors or bugs.


    Futur updates:
    - i may update to more ram as nextcloud gallery eat out a lot of ram.

    adding my two cents for the built:


    - use sticker to put the ID on your hdd, and map them

    Code
    cat /proc/mdstat
    Personalities : [raid6] [raid5] [raid4] [linear] [multipath] [raid0] [raid1] [raid10]
    md0 : active raid6 sdd1[3] sdb1[1] sda1[0] sde1[4] sdc1[2]
    2929886208 blocks super 1.2 level 6, 512k chunk, algorithm 2 [5/5] [UUUUU]
    bitmap: 0/8 pages [0KB], 65536KB chunk


    Code
    sda1 STF607MH3NNTZK ----> fatcage1 p2
    sdb1 JP2940HZ2XSJJC ----> Temp internal top
    sdc1 WD-WCC6Y6AYU911 ----> fatcage1 p3
    sdd1 WD-WCAV5D807897 ----> fatcage1 p1
    sde1 JP2940HZ2XX7AC ----> Temp internal bottom
    sdg temporary usb ----> n/a

    In case of failure, easier to fix. you wont have to search for the good disk

    Finally almost done ...
    - Missing the new HDD
    - Missing my second Icydock MB153SP-B FATCAGE, the delivery is lost in the french snow ... LAST PIECE ARRIVED 5 days later !!!




    Unfortunately, openmediavault 4 did not do the trick for me, so i did my own NAS based on:


    Nextcloud server 13.0.0
    based A8-6500 8GO RAID6 6*8TO
    4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04)
    / apache 2.4.29 / php 7.0.27 / 10.1.26-MariaDB / mysqlnd 5.0.12
    / phpadmin 4.6.6deb4 / Redis server v=3.2.6 / HTTP2 / Fail2ban abuseIPDB /



    I just notice the image are blocked and need to be followed one-by-one.


    Sorry for that. Here a direct link to my nextcloud gallery: nextcloud.rkn.ovh/index.php/s/3yp93A7oNMPexcp

    Because discourse is a mess of endless message feed without any logical structure.
    The nextcloud community run under discourse and it is almost impossible to dig informations and clues.
    For exemple, the new messages are not even in first position in the normal feed, they are in the feed, somewhere ...
    Another exemple: you ask a question, the answer solved your problem. Just a tiny green quote in your original message display it is solve. But this is INSIDE the message, not in the title (no tag or whatsoever). So, when you search by tiltle, you have no clue when you found a message title about his status. ( ongoing, closed, solved ... ). You need to open it. When there is 2 or three messages, that's fine, but when there is hundred, you simply waste your time.


    The old rules is good:
    - MAKE IT SIMPLE
    - MAKE IT STRUCTURAL
    - IF IT'S AIN BROKEN, DONT UPGRADE IT

    small info: it seem somepeople are trying to use a vulnerability in the diffie-hellman-group1-sha1 called logjam attack.


    here an exemple:
    sshd[11867]: Unable to negotiate with 103.89.88.40 port 53879: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]


    In order to protect my server, i had to twek my ssl config like this: ( A+ on sslabs )


    <IfModule mod_ssl.c>


    <VirtualHost *:443>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    # http2
    Protocols h2 http/1.1
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    SSLCertificateFile /etc/letsencrypt/live/nextcloud.rkn.ovh/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.rkn.ovh/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
    ServerName nextcloud.rkn.ovh
    # Guarantee HTTPS for 6 Month including Sub Domains
    Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
    </VirtualHost>


    # modern configuration, tweak to your needs
    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
    #SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDS$
    # super strong cypher avoiding attacks like logjam
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
    SSLHonorCipherOrder on
    SSLCompression off
    SSLSessionTickets off
    SSLOptions +StrictRequire



    # OCSP Stapling, only in httpd 2.3.3 and later
    SSLUseStapling on
    SSLStaplingResponderTimeout 5
    SSLStaplingReturnResponderErrors off
    SSLStaplingCache shmcb:/var/run/ocsp(128000)



    # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
    </IfModule>




    the Include /etc/letsencrypt/options-ssl-apache.conf is midified too
    # Baseline setting to Include for SSL sites


    SSLEngine on


    # Intermediate configuration, tweak to your needs
    #SSLProtocol all -SSLv2 -SSLv3
    #SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AE$
    #SSLHonorCipherOrder on
    #SLCompression off


    #SSLOptions +StrictRequire


    # Add vhost name to log entries:
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
    LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common


    #CustomLog /var/log/apache2/access.log vhost_combined
    #LogLevel warn
    #ErrorLog /var/log/apache2/error.log


    # Always ensure Cookies have "Secure" set (JAH 2012/1)
    #Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"

    I do think OMV is a great project.
    I do think Nextcloud is also a great project.


    Unfortunately, adding two great project together sometimes doesn't work, or failed, or end ups being not so successful.


    I spend sometimes (2 weeks times, around 20 hours ) trying to make them work together and failed because i am consider myself as a medium linux user and get bored quicly.


    So i decided to do my homework and start from a clean debian-9.3.0-amd64-netinst with only the common-tools and openssh installed ( 128 paquets )


    It took me around 10 hours to learn/apply/built my system from sratch.


    Now, i am able to do whatever i want with it.


    I can send you my "notes" with a list of steps i did ( not completes, just giving directions ) ... on request.


    final system is:



    Nextcloud server 12.0.5 --> 13.0.0 no problems so far
    based A8-6500 8GO RAID6 8*6TO
    4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04)
    / apache 2.4.25 --> 2.4.29 / php 7.0.27 / 10.1.26-MariaDB / mysqlnd 5.0.12
    / phpadmin 4.6.6deb4 / Redis server v=3.2.6 / HTTP2 /

    Sorry, can't help. What you're experiencing is one of the reasons This is why i gave up.

    thank for all, i will continue to play with omv on my vm for fun ...


    Finaly, did my own project:


    Nextcloud server 12.0.5 Raid6 8-6TO based on a A8-6500 16 Go ram
    Debian 9.3 4.9.0-4-amd64 #1 SMP Debian 4.9.65-3+deb9u1 ( upgrade not done yet )
    MDADM-3.4 / LVM-2.02.168/ apache 2.4.25 / php 7.0.27 / 10.1.26-MariaDB / mysqlnd 5.0.12 / phpadmin 4.6.6deb4 / Redis server v=3.2.6 / HTTP2 / Fail2Ban / Munin / external smtp relay.

    If you have issues, you can use this : [url='https://homputersecurity.com/2018/01/28/guide-d-installation-de-nextcloud-sur-docker/']homputersecurity.com/2018/01/2…-de-nextcloud-sur-docker/[/url] Thank. Unfortunately already tried

    Code
    Recreating 0287dac63b6d_proxy ... error
    ERROR: for 0287dac63b6d_proxy Cannot create container for service proxy: invalid port specification: "86623"
    when ports setup is 8080 and 1443 ...

    Concerning docker plugin included with omv, the lack of explanation for the config make me think i will run in the same trouble.


    SOOooooo, i am done with this project.


    Going full debian LAMPS and manual install of everything. At last, i will perfectly managed my stuff ...


    Thank you for helping