Posts by Konsti

    Yes indeed, so this means that each sync job will be re-checked in terms of checksum so for 400+ GB of photos and personal data, we're talking hours before the actual sync happens. Thank you macom it's a shame we cannot use a --checksum alternative to only confirm that the files were copied across correctly.


    I will leave the service to run for a few days and I will try a more secure approach via public key, if I find troubles I will come here for your advice, everyone. Thank you again.

    Thanks macom ! Am I correct in my assumption (per rsync functionality) that if we keep --checksum in the job, it will always compare both source and target files even if there is no update to push forward to the client?

    Hello everyone, hope you are well and in good health.


    Thank you from me too for this tutorial, I managed to run rsync via OMV-Extras as a plugin to my home and remote OMV5 small server to sync a 500GB folder of family stuff, was rather straight forward! (if you add the modem-router settings etc.)


    However, the job did take a while but I want to be sure the files were not corrupted during copying across the other side of Europe.


    I am aware of the checksum option -c or --checksumhowever, where do we add this option in OMV UI? On the "server" tab as option or the client "job" itself?


    Also, would be great to append the rsync tutorial with that important point and perhaps also mention that if -c / --checksum option is always there, each rsync session will RESCAN all files for checksums... thus adding more to the time a copy takes, no? (I mean, it won't just be the new files to be checkedsum'ed...)


    Thank you in advance

    Hello everyone, I have a question related to this topic because installing OMV5 on a USB-stick as boot disk (from another USB-installer-stick) still produces this "mdadm: no arrays found in config file or automatically" appearing upon boot (alongside some other error). Even on the very first boot after installation (and insists, despite omv-upgrade to latest).


    The contents of my /etc/initramfs-tools/conf.d/resume file have just the swap partition UUID which, upon installing the flash plugin has to be removed (per instructions) to "avoid mdadm errors" so not sure if the method posted yorgabr can work on USB-boot-disks?


    Moreover, following the flash-plugin instructions (which are a little unclear to me after step 4/5) did not solve this error.


    Your kind advice is very welcome; I fear yorgabr method above is not or cannot be used for non-RAID and flash-plugin-installed systems, correct? I am using a small Intel NUC with 1xSATA (AHCI) port drive for data only, and installed OMV5 on a USB-stick-as-boot-drive. Thanks.

    Hello macom thank you for your tip. Where is the override file normally located, per your comment?


    As root via SSH, I did systemctl edit docker.service and immediately exited (Ctrl+X). Terminal showed this message:


    Editing "/etc/systemd/system/docker.service.d/override.conf" canceled: temporary file is empty.


    I do not see anything beyond folder /etc/systemd/system/ i.e. no /docker.service.d/ folder there....


    Running OMV 5.6.12-1 on a test home server with Docker reporting version 5:20.10.7~3-0~debian-buster on a rather "clean" installation a few days ago.


    Thank you

    So, to fix it, I delayed the docker initialization with 30 sec:

    Bash: /lib/systemd/system/docker.service
    ExecStartPre=/bin/sleep 30
    StartLimitInterval=300s


    Thank you for this tip Bas it saved my reboot headache. I had placed the /data folder of NextCloud on another disk (to allow space...) that obviously took a little longer to mount, compared to Docker startup time, and thanks to this delay I had no Portainer containers not running after each reboot. Thank you!


    Next time I will do things in a little more "proper" way as ryecoaaron suggested and Krowi asked, i.e.


    sudo systemctl edit docker.service


    ...and add the following to the "override" file that will be created:

    Code
    [Service]
    ExecStartPre=/bin/sleep 30
    StartLimitInterval=300s

    Thanks again, everyone.

    Hello everyone, despite this being an older thread, I would like to post my question/scenario on OMV 4.1.36-1 that's been happening for a few months, perhaps it is similar and you can offer your insight (except proposing to update to OMV5, I know I know :D :D)


    I decided some time ago to try allowing a friend accessing the NAS via sftp and installed the sftp-plugin via OMV-Extras. User account was there, and under his account in Access List tab/page, I added a couple of folders available already in SMB and shared, but that reside on another HDD than the system. With access set and working /sftp/jorge/ folder, including permissions to block going up the tree etc. it seemed to work.


    But with almost each OMV4 reboot, I see that the services related to the mounts of those folders, fail almost each time when checked via

    systemctl list-units -all --state=failed command.


    Namely, a couple of sftp-jorge-SharedStuff.mount errors (the actual folders) were shown in red, and I was forced to restart these sftp services by hand. After that, systemctl list-units -all --state=failed showed no errors.


    Obviously, when I cannot check for failed services (when working remotely) these SFTP folders appear without content, as they are not "mounted".


    How can I delay these "services" to start, but only after all drives are mounted etc. or some check is done for the file-system or path? I suspect the sftp-plugin, based on ssh if I am not mistaken, initialises too early.


    in /etc/fstab one can find the expected shared folders as defined in OMV's UI (last two entries):

    Code
    # >>> [openmediavault]
    [...] SOME PHYSICAL DISK ENTRIES [...]
    /srv/dev-disk-by-id-ata-WDC_WDS400T2B0A-part1/Stuff /sftp/Jorge/Stuff none bind,ro,nofail 0 0
    /srv/dev-disk-by-id-ata-WDC_WDS400T2B0A-part1/MyStuff /sftp/Jorge/MyStuff none bind,ro,nofail 0 0
    # <<< [openmediavault]

    Therefore, is this behaviour expected or can be remedied?


    Thank you in advance ; apologies if this question is not totally related.

    Hello everyone, I am kind of reviving this old thread for a couple of questions to you, please, as I have a WD MyCloud (1st Generation, I think, model WDBCTL0020HWT with 2TB) and the disk fails SMART constantly. Before sending it for recycling (and weeping for the money lost) please can I kindly ask you:


    a) Does your procedure work for a replacement, virgin HDD, say of same capacity? Do I need to "transfer" some boot files/procedure from the old HDD? (disk still runs but fails in writing data etc.)


    b) What is the latest OMV that can run on this ARM board, and being compatible with the Gigabit LAN Port and USB port? I read OMV 1.x as OMV 2.x may not support the LAN as fast as WD (driver?) just wanted to reconfirm what svriderk3 wrote +1 year ago.


    Would it be worth the money for a new 2/4TB HDD plus the time spent trying to install OMV on this?


    Thank you in advance for your time, best regards, Season Greetings.

    Hi ryecoaaron I am returning to this thread just to get your advice if you have time; although this method (and running omv-mki18ndict command) seems to work on MacOS and Firefox 81, it doesn't seem to work for Safari 13.


    I checked on both

    http://www.reliply.org/tools/requestheaders.php and https://www.localeplanet.com/support/browser.html and I do get Accept-Language: en-gb and navigator.language: en-gb but for some reason, any changes to the PO file are not visible on Safari.


    Any ideas if Safari has some quirks that prevent OMV 4 interface from translating the UI sections? I tried "private browsing" and there, too, I don't seem to get the PO being used...


    Thank you again.

    Hi tinh_x7 not sure if you found a solution. Here's my settings screen for your visual assistance.

    At the bottom where it says "Public address" I have entered my registered DuckDNS.org dynamic domain.


    I logged in to thank you karlkarlsen123 for posting your simple and elegant solution, as no conf file was needed to be edited etc.

    I was abroad and after a specific date I realised I could not reconnect from my MacBook to my home OMV and got puzzled as to what has happened... I was getting client-side an error "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)" but eventually the official page didn't offer much help to my situation.


    The error registered in openvpn.log was found later to be:

    Code
    Tue Sep 01 22:29:52 2020 X.X.X.X:49638 VERIFY ERROR: depth=0, error=CRL has expired: CN=Konsti
    Tue Sep 01 22:29:52 2020 X.X.X.X:49638 OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
    Tue Sep 01 22:29:52 2020 X.X.X.X:49638 TLS_ERROR: BIO read tls_read_plaintext error
    Tue Sep 01 22:29:52 2020 X.X.X.X:49638 TLS Error: TLS object -> incoming plaintext read error
    Tue Sep 01 22:29:52 2020 X.X.X.X:49638 TLS Error: TLS handshake failed

    Your post helped me resolve the issue, many warm thanks!

    I used the following steps:

    Bash
    export EASYRSA_CERT_EXPIRE=3650
    export EASYRSA_CRL_DAYS=3650
    cd /etc/openvpn/
    sudo -E /opt/EasyRSA-3.0.3/easyrsa gen-crl
    sudo service openvpn restart


    Use the following command to check whether this was successful (check the "Next Update" date):

    Bash
    sudo openssl crl -in /etc/openvpn/pki/crl.pem -text

    Your solution worked and I could now reconnect just fine with Tunnelblick on MacOS.


    Finally, I would strongly advise anyone installing a fresh OpenVPN client to directly do this 10-year regeneration of the certificate, before deploying to VPN clients, to avoid unpleasant surprises 6 months later...

    Indeed, I keep port 80 on my modem/router closed due to multiple attacks, as there is no real need: neither the mobile app nor the MacOS client connect to NextCloud on simple http. I opened it just earlier today.


    Side note: Also I point out that the need to go sub-domain setup (with duckdns.org) rather than /nextcloud/ folder is because of the computer (macOS) client that asks a URL during installation and connection of the account(s).


    So this means that cron runs each day... OK then I will need to redo the renewal manually via your tip of running ./app/le-renew.sh from within the container OR leave port 80 open for 24h and let the cron re-run successfully, I guess..!


    But this also means that this tip/post on the previous page to just run certbot renew in a Docker installation, will most likely fail for some people, better run ./app/le-renew.sh instead, no?


    Thank you very much for your time and input, Morlan. I hope others will profit from this and can confirm this too!

    Thanks Morlan I am puzzled now.


    First of all, the redirections worked great all this time, so you would expect (per docker-compose.yml too) to be:

    Router from internet 80:443 pushed to 81:444 to OMV (static IP) respectively. Still work great so far.


    However, running what you asked prompted to success now? Have a look at the log:

    What do you make out of this? Why would ./app/le-renew.sh from within the container work but not certbot renew or the cron ?


    How can I validate the cron running in this letsencrypt container? Perhaps there's some syntax or other error on some file, inside the container?


    UPDATE: What would you make out of this, Morlan ?


    Thanks!

    Hi Morlan thank you for replying to me, appreciate it. I looked for /config/log/letsencrypt/letsencrypt.log in my main OMV system partition, there is none. Did you mean inside the letsencrypt container after I log in with docker exec -it letsencrypt /bin/bash ?


    If yes, then that log is empty (zero bytes). I did restart the docker before accessing it via shell. I paste the contents of zcat letsencrypt.log.2.gz

    As you can see there's no explicit mention of the problem... Seems the same as if I force to certbot renew.

    Otherwise, the contents of /var/log/letsencrypt/letsencrypt.log inside the container are much different, as I can see.

    Thanks.

    What is the best (correct, or preferred) method for renewing the letsencrypt cert under this setup?

    Should be done automatically


    Hello everyone, I successfully have installed NextCloud, MariaDB and LetsEncrypt via your great guide here, almost 3 months ago, using my subdomain (instead of domain/folder/ set-up) with duckdns.org.


    But it's time to get Let's Encrypt renewed and I still have a deadline in 7 days; it is still expiring. Not sure how it is supposed to be done automatically, nor do I know how many days in advance this is supposed to happen...


    So per the guide, modem/router redirects 80/443 to ports 81 and 444 to OMV & container(s), whist keeping port 80 (internal network) for http access and the actual OMV WebUI.


    But when I login to the container docker exec -it letsencrypt /bin/bash and run certbot renew I get the following error (replaced my subdomain with XXXXX):



    I made sure my modem/router has again open port 80->81 (due to many attacks lately, fail2ban went nuts) whilst already using 443->444 to OMV as usual; I can access NextCloud from outside without problems.


    I was hoping to avoid deleting the "letsencrypt" container and re-create it, via some separate docker-compose file as I am afraid this may screw up my NextCloud working setup :-(


    Can I kindly also ask macom or Morlan for your valuable experience/knowledge? Any help from anyone faced this, is very welcome.


    Here are the files I think you may need:


    For /appdata/letsencrypt/nginx/proxy-confs/ I copied nextcloud.subdomain.conf.sample as nextcloud.subdomain.conf and changed the subdomain parameter server_name nextcloud.*; to mine: server_name XXXXX.*; of course.


    Then for config.php for NextCloud:


    Finally, the part of docker-compose.yml used for Let's Encrypt where ports are redirected (without changing default ports on the NextCloud section):

    Thank you everyone in advance.

    Hi everyone, apologies to bring back this thread to active, but what if the docker container itself was not mapped to ports 443 and 80 but instead, as some guides suggest, to 444 and 81 with redirection? That was after following this guide that created a docker-compose file to use for installing MariaDB and NextCloud... I keep port 80 for http and the actual OMV WebUI.


    So I successfully log inside the "letsencrypt" container but when I run certbot renew I get the following error (replaced my subdomain with XXXXX):



    I made sure my modem/router has again open port 80->81 whilst keeping 443->444 to OMV 4.x as usual; I can access NextCloud from outside just fine. But I am not sure if the error of Problem binding to port 80 refers to the external ports of Docker itself, eventually, and not OMV server?


    I asked this question here too in the thread for Q&As regarding NextCloud, MariaDB and Let'sEncrypt installation. Thanks in advance for your tips/assistance/insight.

    Turning Monitoring off under the Monitoring menu, saving it, re-enabling it and saving it again. I no longer get any errors related to the ghosted filesystem.

    Thank you for posting your solution, I had the same issue when I had attached an external USB HDD that the mini-PC kept ejecting and there was no way to properly remove it in OMV.
    I followed your instruction in the UI (System > Monitoring > Enable=Off) and even cleaned up the logs in CLI to confirm upon reboot. Indeed the error is gone upon reboot.
    Great find, many thanks, works in OMV 4.x

    Hello everyone, I have been searching on the forum through many discussions regarding APM (Advanced Power Management) on disks but there's notably a lot of talks -expected- on HDDs and not much on SSDs.


    So I have a mini PC (Core i3) running the latest OMV 4.x build that I set-up for storing only personal data, running SyncThing and NextCloud to replace Dropbox really. The setup includes dual-SSDs where one is M.2 type and contains the boot/system and a data partition (Crucial MX500 M.2) whereas another SSD SATA drive contains just a data partition (Samsunv 860 QVO). All is reported working well and as expected, including OpenVPN etc.


    The use is not much per day, obviously, and the mini-PC already consumes low power but I wanted to ask the people who know and are experienced on the APM settings for those 2 drives... Do I leave then running all the time? (i.e. no spin-down).


    What APM setting would you think to be ideal to preserve the life of both SSDs but without causing SMART data "strain" in other parameters like cycle-count or spin-down or wear-leveling etc. that are usually avoided for rotary HDDs? (N.B. in my previous OMV setup I had a rotary 7mm Seagate 2.5" HDD that I set to never spin-down (APM=128) as I also believe that the HDD is more prone to errors when spinning-down and up, than running it all the time especially when it's a 5400rpm one).


    My current setting on both SSDs is "128 - Minimum power without stand-by". Should I go back to "Disabled" totally or "1 - Minimum power usage with standby (spindown)"? And if APM=1 what would be the ideal spindown, say 12 hours is normal? (I understand it is per usage). Any ideas on SSD wear for APM=1?


    The purpose of my question is to find out whether APM makes sense for SSD-only based OMV at all, and what would be the optimal (if any?) APM setting, for those who know the subject well.


    Many thanks in advance.

    Thank you for your reply; as I want to confirm any translation on my OMV 4.x installation locally first, may I ask you for any idea as to why the edited .po file does not eventually show up on my browser? (Safari/Firefox on macOS)
    I did confirm the requested language and cleared cache but still, I cannot see improvements (I did see that the plugin has the text in brackets as required for translation).
    Is there some web cache I must purge on OMV in SSH? Thanks!

    Hi @ryecoaaron I am currently using fail2ban plugin (latest seems to be still v4.0.2) on my OMV 4.1.34-1 and I would like to offer my time to improve on the UI and more specifically the texts/translations of this plugin.


    I tried adding a .po file in /usr/share/openmediavault/locale/el_GR/ and improving the existing openmediavault-fail2ban.po in /usr/share/openmediavault/locale/en_GB/ but I cannot seem to see the changes.


    I restarted both service and server. My macOS Safari browser does request in en_GB per http://www.reliply.org/tools/requestheaders.php


    Any ideas how to see the text-changes and where to submit them, are very welcome. Thank you.