Beiträge von kromsam

kromsam · 9. Oktober 2019

So some time ago I succesfully got Nextcloud running with Let's Encrypt. This is how I did it: Problems installing Nextcloud + Let's Encrypt

But some days ago. Nextcloud just stopped working. The container stopped and I could not restart it (the buttons where just grayed out). In the GUI when I clicked 'modify' I got the error that 'It is not possible to modify a data container'. There was no problem with the Let's Encrypt container because other nginx reverse proxies were still running.

I thought that I'd just rerun the Dockerfile (which is given in the other forum post). But then I encountered the following error:

Code

# docker-compose up -d                              


Recreating letsencrypt
Recreating nextclouddb


ERROR: for letsencrypt  Cannot start service letsencrypt: write /var/lib/containerd/io.containerd.metadata.v1.bolt/meta.db: read-only file system: unknown


ERROR: for mariadb  Cannot start service mariadb: write /var/lib/containerd/io.containerd.metadata.v1.bolt/meta.db: read-only file system: unknown
ERROR: Encountered errors while bringing up the project.

Alles anzeigen

So there is some issue with a read-only file system? Does someone no what is wrong?

Oh and yeah, now my Let's Encrypt container also stopped working. It is in the container list as Nextcloud was before: same status: 'Created', not able to start it, same error when I try to modify it.

kromsam · 27. September 2019

Thanks for the hint! Now I got it running. For anyone that has been bumping their head to the wall for some time trying to get this running, maybe try this approach!

(One more question: should I worry about the alerts and error messages about LuaJIT?)

I changed the router ports to what you have proposed. Now when I rerun the docker-compose, this is what docker logs -f letsencrypt returns:

Code

- Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/[domain.tld]/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/[domain.tld]/privkey.pem
   Your cert will expire on 2019-12-26. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:


   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le


New certificate generated; starting nginx
creating GeoIP2 database
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing... 
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:
	no field package.preload['resty.core']
	no file './resty/core.lua'
	no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
	no file '/usr/local/share/lua/5.1/resty/core.lua'
	no file '/usr/local/share/lua/5.1/resty/core/init.lua'
	no file '/usr/share/lua/5.1/resty/core.lua'
	no file '/usr/share/lua/5.1/resty/core/init.lua'
	no file '/usr/share/lua/common/resty/core.lua'
	no file '/usr/share/lua/common/resty/core/init.lua'
	no file './resty/core.so'
	no file '/usr/local/lib/lua/5.1/resty/core.so'
	no file '/usr/lib/lua/5.1/resty/core.so'
	no file '/usr/local/lib/lua/5.1/loadall.so'
	no file './resty.so'
	no file '/usr/local/lib/lua/5.1/resty.so'
	no file '/usr/lib/lua/5.1/resty.so'
	no file '/usr/local/lib/lua/5.1/loadall.so')
Server ready

Alles anzeigen

Now when I visit https://www.[domain.tld], it gives me the 'Welcome to our server' notice.

This is the docker-compose file I use. (Removed the NC port forwarding).

JavaScript: docker-compose.yml

version: "2"
services:
  nextcloud:
    image: linuxserver/nextcloud
    container_name: nextcloud
    environment:
      - PUID=1000
      - PGID=100 
      - TZ=[TZ]
    volumes:
      - /sharedfolders/AppData/Nextcloud:/config
      - /sharedfolders/Nextcloud:/data 
    depends_on:
      - mariadb
    restart: always
  mariadb:
    image: linuxserver/mariadb
    container_name: nextclouddb
    environment:
      - PUID=1000
      - PGID=100
      - MYSQL_ROOT_PASSWORD=[root_pw]
      - TZ=[TZ]
    volumes:
      - /sharedfolders/AppData/Nextclouddb:/config 
    restart: always
  letsencrypt:
    image: linuxserver/letsencrypt
    container_name: letsencrypt
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=100
      - TZ=[TZ]
      - URL=[domain.tld]
      - SUBDOMAINS=www,cloud
      - VALIDATION=http
      - EMAIL=[mail]
    volumes:
      - /sharedfolders/AppData/Letsencrypt:/config 
    ports:
      - 444:443
      - 81:80
    restart: always

Alles anzeigen

docker-compose up -d && docker logs -f letsencrypt
cd /sharedfolders/AppData/Letsencrypt/nginx/proxy-confs
cp nextcloud.subdomain.conf.sample nextcloud.subdomain.conf
nano nextcloud.subdomain.conf
I changed line 19 into:
server_name cloud.*;
cd /sharedfolders/AppData/Nextcloud/www/nextcloud/config
nano config.php

I found it like this:

PHP

<?php
$CONFIG = array (
  'memcache.local' => '\OC\Memcache\APCu',
  'datadirectory' => '/data',
  );

And left it like this:

PHP: config.php

<?php
$CONFIG = array (
  'memcache.local' => '\OC\Memcache\APCu',
  'datadirectory' => '/data',
  'trusted_proxies' =>
  array (
    0 => 'letsencrypt',
  ),
  'overwrite.cli.url' => 'https://cloud.[domain.tld]',
  'overwritehost' => 'cloud.[domain.tld]',
  'overwriteprotocol' => 'https',
  'trusted_domains' =>
  array (
    0 => '192.168.1.2:443',
    1 => 'cloud.[domain.tld]',
  ),
  );

Alles anzeigen

docker restart letsencrypt && docker logs -f letsencrypt

Code

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing... 
usermod: no changes


-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \ 
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/




Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------


User uid:    1000
User gid:    100
-------------------------------------


[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing... 
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing... 
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing... 
Variables set:
PUID=1000
PGID=100
TZ=Europe/Amsterdam
URL=[domain.tld]
SUBDOMAINS=www,cloud
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
EMAIL=[mail]
STAGING=


2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are:  -d www.[domain.tld] -d cloud.[domain.tld]
E-mail address entered: [mail]
http validation is selected
Certificate exists; parameters unchanged; starting nginx
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing... 
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [emerg] "proxy_max_temp_file_size" directive invalid value in /config/nginx/proxy-confs/nextcloud.subdomain.conf:29
Server ready

Alles anzeigen

and then the nginx: [emerg] "proxy_max_temp_file_size" directive invalid value in /config/nginx/proxy-confs/nextcloud.subdomain.conf:29 error just endlessy repeats.

^ C

docker restart nextcloud

When I visit https://domain.tld now I get an error: ERR_CONNECTION_REFUSED.

Now I try to get rid of the max file size error.
nano /sharedfolders/AppData/Letsencrypt/nginx/proxy-confs/nextcloud.subdomain.conf

Change line 29 to
proxy_max_temp_file_size 1024m;

docker restart letsencrypt && docker logs -f letsencrypt returns:

Code

Certificate exists; parameters unchanged; starting nginx
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing... 
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:
	no field package.preload['resty.core']
	no file './resty/core.lua'
	no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
	no file '/usr/local/share/lua/5.1/resty/core.lua'
	no file '/usr/local/share/lua/5.1/resty/core/init.lua'
	no file '/usr/share/lua/5.1/resty/core.lua'
	no file '/usr/share/lua/5.1/resty/core/init.lua'
	no file '/usr/share/lua/common/resty/core.lua'
	no file '/usr/share/lua/common/resty/core/init.lua'
	no file './resty/core.so'
	no file '/usr/local/lib/lua/5.1/resty/core.so'
	no file '/usr/lib/lua/5.1/resty/core.so'
	no file '/usr/local/lib/lua/5.1/loadall.so'
	no file './resty.so'
	no file '/usr/local/lib/lua/5.1/resty.so'
	no file '/usr/lib/lua/5.1/resty.so'
	no file '/usr/local/lib/lua/5.1/loadall.so')
Server ready

Alles anzeigen

kromsam · 26. September 2019

Zitat von HannesJo

- You could try out this docker compose way from macoms tutorial. Just to try out different ways as long as yours dont work.
forum.openmediavault.org/index…g-OMV-and-docker-compose/

Hi, I am trying to get things going with the Docker compose file. I do have to say that I've never been closer to a successful set up then at the moment. But I still am not able to get it running as expected. In docker logs -f letsencrypt I get the following error:

Code

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \ 
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/




Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------


User uid:    1000
User gid:    100
-------------------------------------


[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing... 
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing... 
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing... 
Variables set:
PUID=1000
PGID=100
TZ=[my_TZ]
URL=[domain.tld]
SUBDOMAINS=www,cloud
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
EMAIL=[my_email]
STAGING=


2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are:  -d www.[domain.tld] -d cloud.[domain.tld]
E-mail address entered: [my_email]
http validation is selected
Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.[domain.tld]
http-01 challenge for [domain.tld]
http-01 challenge for www.[domain.tld]
Waiting for verification...
Challenge failed for domain cloud.[domain.tld]
Challenge failed for domain [domain.tld]
Challenge failed for domain www.[domain.tld]
http-01 challenge for cloud.[domain.tld]
http-01 challenge for [domain.tld]
http-01 challenge for www.[domain.tld]
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:


   Domain: cloud.[domain.tld]
   Type:   connection
   Detail: Fetching
   https://_/.well-known/acme-challenge/[random]:
   Invalid hostname in redirect target, must end in IANA registered
   TLD


   Domain: [domain.tld]
   Type:   connection
   Detail: Fetching
   https://_/.well-known/acme-challenge/[random]:
   Invalid hostname in redirect target, must end in IANA registered
   TLD


   Domain: www.[domain.tld]
   Type:   connection
   Detail: Fetching
   https://_/.well-known/acme-challenge/[random]:
   Invalid hostname in redirect target, must end in IANA registered
   TLD


   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Alles anzeigen

This is really strange... Now when I visit http://[domain.tld] or http://[public_ip] the address in the browser is changed to https://_ . When I go to https://[domain.tld] or https://[public_ip] I get an certification warning, when I choose to go on I enter Nextcloud. This is the situation wherein i have enabled port forwarding on my router.

When I disable port forwarding on my router both the http and the https of my domain and public_ip send me to the login page of my router. When I try to run the docker-compose again, docker logs -f letsencrypt returns another error:

Code

IMPORTANT NOTES:
 - The following errors were reported by the server:


Some challenges have failed.
   Domain: cloud.[domain.tld]
   Type:   connection
   Detail: Fetching
   http://cloud.[domain.tld]/.well-known/acme-challenge/[random]:
   Timeout during connect (likely firewall problem)


   Domain: [domain.tld]
   Type:   connection
   Detail: Fetching
   http://[domain.tld]/.well-known/acme-challenge/[random]:
   Timeout during connect (likely firewall problem)


   Domain: www.[domain.tld]
   Type:   connection
   Detail: Fetching
   http://www.[domain.tld]/.well-known/acme-challenge/[random]:
   Timeout during connect (likely firewall problem)


   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Alles anzeigen

This is the docker-compose that I use:

Code: docker-compose.yml

version: "2"
services:
  nextcloud:
    image: linuxserver/nextcloud
    container_name: nextcloud
    environment:
      - PUID=1000 #change PUID if needed
      - PGID=100  #change PGID if needed
      - TZ=[my_TZ] #change Time Zone if needed
    volumes:
      - /sharedfolders/AppData/Nextcloud:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted
      - /sharedfolders/Nextcloud:/data     #/srv/dev-disk-by-label-disk1 needs to be adjusted
    depends_on:
      - mariadb
    ports: # uncomment this and the next line if you want to bypass the proxy
      - 450:443
      - 90:80
    restart: always
  mariadb:
    image: linuxserver/mariadb
    container_name: nextclouddb
    environment:
      - PUID=1000 #change PUID if needed
      - PGID=100  #change PGID if needed
      - MYSQL_ROOT_PASSWORD=7fxXzcUP8gqH2QqB  #change password
      - TZ=[my_TZ] #Change Time Zone if needed
    volumes:
      - /sharedfolders/AppData/Nextclouddb:/config    #/srv/dev-disk-by-label-disk1 needs to be adjusted
    restart: always
  letsencrypt:
    image: linuxserver/letsencrypt
    container_name: letsencrypt
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000 #change PUID if needed
      - PGID=100  #change PGID if needed
      - TZ=[my_TZ] # change Time Zone if needed
      - URL=[domain.tld]
      - SUBDOMAINS=www,cloud
      - VALIDATION=http
      - EMAIL=[my_email]# define email; required to renew certificate
    volumes:
      - /sharedfolders/AppData/Letsencrypt:/config  #/srv/dev-disk-by-label-disk1 needs to be adjusted
    ports:
      - 444:443
      - 81:80
    restart: always

Alles anzeigen

The A-type column of the DNS is referring to the public IP of my server.

The port forwarding is (when on) set up like this:

Code

Trigger Start Port : 80 [/ 443]
End Port : 80 [/ 443]
Translation Start Port : 90 [/ 450]
Translation End Port : 90 [/ 450]
Server IP Address : 192.168.1.2
Protocol : TCP/UDP

BTW I did not make a docker1 user, just using the standard user.

Does this make any sense?

kromsam · 25. September 2019

Thanks for the reply!

For some reason my filebrowser showed me the '-'. But it is not there.

Also, when I change the file size to 1024 I get an error in the docker log.

Code

nginx: [emerg] PEM_read_bio_DHparams("/config/nginx/dhparams.pem") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: DH PARAMETERS)

After changing it back to 2048 I still get errors . (Line 29 is as you can see the line whereon the filesize is set)

Code

nginx: [emerg] "proxy_max_temp_file_size" directive invalid value in /config/nginx/proxy-confs/nextcloud.subdomain.conf:29

So... This did not change much.

kromsam · 24. September 2019

Alright. Here we are again. It's been such a hassle to install Nextcloud together with Let's Encrypt...

I successfully installed Nextcloud and MariaDB using the TDL video instruction.
I got DuckDNS running successfully. (For instance, I made a Port Forwarding for my Jellyfin on 8096.)
I managed to create the Let's Encrypt Certificates.

But I am stuck from there. When I visit my [domain1].duckdns.org, Chromium errors: ERR_CONNECTION_REFUSED.

I will show all the steps I proceeded and hope someone can help me.

I run OMV on a RockPro64 (4GB RAM).
OMV version 4.1.25-1 (Arrakis)
Kernel: Linux 4.4.167-1213-rockchip-ayufan-g34ae07687fce
Processor: ARMv8 Processor rev 2 (v8l)

-- installing DuckDNS --
linuxserver/duckdns

# Container name
duckdns

# Restart Policy
always

# Environment variables
PUID = 1000
PGID = 100
TZ = Europe/Amsterdam
SUBDOMAINS = [domain1],[domain2],[domain3],[domain4],[domain5]
TOKEN = [duckdnstoken]

-- Setting Port Forwarding on the router --
TCP/UDP
80 -> 90
[local_server_ip]

TCP/UDP
443 -> 450
[local_server_ip]

-- Add '#' in front of bind-address=0.0.0.0 at /sharedfolders/AppData/Nextclouddb/custom.cnf --

-- Creating lets-net docker network in ssh --
~# docker network create lets-net

-- Making changes to Nextcloud container --
~# docker network connect lets-net nextcloud

-- installing Let's Encrypt docker image --
# Container name
letsencrypt

# Restart Policy
always

# Port forwarding
Host Port
450
Exposed Port
443/tcp

Host Port
90
Exposed Port
80

# Environment variables
PUID = 1000
PGID = 100
EMAIL = [mailaddress]
URL = duckdns.org
SUBDOMAINS = [domain1],[domain2],[domain3],[domain4],[domain5]
VALIDATION = http
TZ = [my_TZ]
ONLY_SUBDOMAINS = true

# Volumes and Bind mounts
Host path
/sharedfolders/AppData/Letsencrypt
Container path
/config

# Extra arguments
--cap-add=NET_ADMIN

-- Connect letsencrypt to lets-net network --
docker network connect lets-net letsencrypt

-- Change /sharedfolders/AppData/Letsencrypt/nginx/proxy-confs/nextcloud.-subdomain.conf --

Code: nextcloud.-subdomain.conf

# make sure that your dns has a cname set for nextcloud
# assuming this container is called "letsencrypt", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => ['letsencrypt'],
#  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
#  'overwritehost' => 'nextcloud.your-domain.com',
#  'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'nextcloud.your-domain.com',
#  ),


server {
    listen 443 ssl;
    listen [::]:443 ssl;


    server_name [domain1].*;


    include /config/nginx/ssl.conf;


    client_max_body_size 0;


    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_nextcloud nextcloud;
        proxy_max_temp_file_size 2048m;
        proxy_pass https://$upstream_nextcloud:443;
    }
}

Alles anzeigen

-- restart Nextcloud container --

-- Change /sharedfolders/AppData/Nextcloud/www/nextcloud/config/config.php --

PHP: config.php

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => '[xxx]',
  'passwordsalt' => '[xxx]',
  'secret' => '[xxx]',
  'trusted_domains' =>
  array (
    0 => '[local_server_ip]:444',
    1 => '[domain1].duckdns.org',
  ),
  'overwrite.cli.url' => 'https://[domain1].duckdns.org',
  'overwritehost' => '[domain1].duckdns.org',
  'overwriteprotocol' => 'https',
  'dbtype' => 'mysql',
  'version' => '16.0.3.0',
  'dbname' => 'nextcloud',
  'dbhost' => '[local_server_ip]:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => '[xxx]',
  'dbpassword' => '[xxx]',
  'installed' => true,
);

Alles anzeigen

-- restart letsencrypt container

So, my simple question is: where did I go wrong? What am I missing out on?

kromsam · 29. Juli 2019

Thanks for answering. My solution was that I had to run

service docker stop

before I did the rest. This is also the case when I want to add or remove any shared folders. And then after you have to run

service docker start

of course.

My source: https://forums.docker.com/t/ho…stallation-directory/1169

I can really recommend doing this for people that flash their images on a sd-card!

kromsam · 29. Juli 2019

Zitat von Nefertiti

I continue my monologue this time I think it is working, the problem was too many docker nested into each other
so I had to change my link
ln -s /sharedfolders/AppData/data/docker/docker /var/lib/docker
Well at least I am learning CLI.

Hi, I am trying to do the same as you. It would be handy for me to be able to remove the SD-card out of my RockPro so that I can put new images on it, without having to reinstall all the dockers.

I did the following:

First I created a Shared Folder in webgui: DockerData
The I ran (as root)
mv /var/lib/docker /sharedfolders/DockerDataln -s /sharedfolders/DockerData/docker /var/lib/docker

But when I tried to install a new Docker I get the following error message:

Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; docker run -d --restart=always -v /etc/localtime:/etc/localtime:ro --net=host -e PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" --name="watchtower" --label omv_docker_extra_args="-v /var/run/docker.sock:/var/run/docker.sock" -v /var/run/docker.sock:/var/run/docker.sock "containrrr/watchtower:latest" 2>&1' with exit code '125': ce4b09904a5cc1ecee4bfe2a82261a3f852e8949b8a9a45768ba9f04ed032790docker: Error response from daemon: OCI runtime create failed: /var/lib/docker/overlay2/42adf7a818ee0fa1dc7ac7f1a5dd209f5669ab56be76ac5e3745375ef9ba7430/merged is not an absolute path or is a symlink: unknown.

Code

Error #0:
OMV\ExecException: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; docker run -d --restart=always -v /etc/localtime:/etc/localtime:ro --net=host -e PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" --name="watchtower" --label omv_docker_extra_args="-v /var/run/docker.sock:/var/run/docker.sock" -v /var/run/docker.sock:/var/run/docker.sock "containrrr/watchtower:latest" 2>&1' with exit code '125': ce4b09904a5cc1ecee4bfe2a82261a3f852e8949b8a9a45768ba9f04ed032790
docker: Error response from daemon: OCI runtime create failed: /var/lib/docker/overlay2/42adf7a818ee0fa1dc7ac7f1a5dd209f5669ab56be76ac5e3745375ef9ba7430/merged is not an absolute path or is a symlink: unknown. in /usr/share/php/openmediavault/system/process.inc:182
Stack trace:
#0 /usr/share/openmediavault/engined/rpc/docker.inc(607): OMV\System\Process->execute()
#1 [internal function]: OMVRpcServiceDocker->runContainer(Array, Array)
#2 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
#3 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('runContainer', Array, Array)
#4 /usr/sbin/omv-engined(537): OMV\Rpc\Rpc::call('Docker', 'runContainer', Array, Array, 1)
#5 {main}

So for some reason it finds it a problem that this is a symlink. How did you get around this?

kromsam · 28. Juli 2019

Well after another night the machine is working again. But I still cannot access any of the folders when ssh-ing in root.

As to try I gave my own user all permissions and shh-ed. Then I was able to see all the files. Although when running ls -l I saw that all folders where owned by root.

kromsam · 28. Juli 2019

Zitat von macom

Did you manually edit fstab or any other system file lately?

I am running into the exact same problem again. Plus, when in ssh I run ls only n sharedfolders is shown. And only one of my shared folders is shown in the folder.

kromsam · 26. Juli 2019

I turned off the machine one night, the next morning it was working again. Now when I run mount line 6 is /dev/mmcblk0p7 on / type ext4 (rw,relatime).

Although I still don't know what went wrong

kromsam · 26. Juli 2019

Hm, the same goes for that port.

kromsam · 25. Juli 2019

When I try to login to the web-gui, I get the following error:

Failed to connect to socket: No such file or directory

Code

Error #0:
OMV\Rpc\Exception: Failed to connect to socket: No such file or directory in /usr/share/php/openmediavault/rpc/rpc.inc:140
Stack trace:
#0 /var/www/openmediavault/rpc/session.inc(56): OMV\Rpc\Rpc::call('UserMgmt', 'authUser', Array, Array, 2, true)
#1 [internal function]: OMVRpcServiceSession->login(Array, Array)
#2 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
#3 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('login', Array, Array)
#4 /usr/share/php/openmediavault/rpc/proxy/json.inc(95): OMV\Rpc\Rpc::call('Session', 'login', Array, Array, 3)
#5 /var/www/openmediavault/rpc.php(45): OMV\Rpc\Proxy\Json->handle()
#6 {main}

I can still login via ssh, but my Docker services are not running.

I found this Reddit thread where someone had the same issue: https://www.reddit.com/r/OpenM…d_only_file_system_error/.

When I run mount, it returns.

Code

sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=1980300k,nr_inodes=495075,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=396700k,mode=755)
/dev/mmcblk0p7 on / type ext4 (ro,relatime)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
sunrpc on /run/rpc_pipefs type rpc_pipefs (rw,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
nfsd on /proc/fs/nfsd type nfsd (rw,relatime)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=42,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
mqueue on /dev/mqueue type mqueue (rw,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
configfs on /sys/kernel/config type configfs (rw,relatime)
tmpfs on /tmp type tmpfs (rw,relatime)
/dev/mmcblk0p6 on /boot/efi type vfat (rw,relatime,sync,fmask=0022,dmask=0022,codepage=936,iocharset=utf8,shortname=mixed,errors=remount-ro)
/dev/sdb1 on /srv/dev-disk-by-label-hoofdschijf type ext4 (rw,noexec,relatime,data=ordered,jqfmt=vfsv0,usrjquota=aquota.user,grpjquota=aquota.group)
/dev/sdb1 on /sharedfolders/AppData type ext4 (rw,noexec,relatime,data=ordered,jqfmt=vfsv0,usrjquota=aquota.user,grpjquota=aquota.group)
/dev/sdb1 on /sharedfolders/Nextcloud type ext4 (rw,noexec,relatime,data=ordered,jqfmt=vfsv0,usrjquota=aquota.user,grpjquota=aquota.group)
/dev/sda1 on /srv/dev-disk-by-label-backupschijf type ext4 (rw,noexec,relatime,data=ordered,jqfmt=vfsv0,usrjquota=aquota.user,grpjquota=aquota.group)
/dev/mmcblk0p7 on /var/folder2ram/var/log type ext4 (ro,relatime)
folder2ram on /var/log type tmpfs (rw,nosuid,nodev,noexec,relatime)
/dev/mmcblk0p7 on /var/folder2ram/var/tmp type ext4 (ro,relatime)
folder2ram on /var/tmp type tmpfs (rw,nosuid,nodev,noexec,relatime)
/dev/mmcblk0p7 on /var/folder2ram/var/lib/openmediavault/rrd type ext4 (ro,relatime)
folder2ram on /var/lib/openmediavault/rrd type tmpfs (rw,nosuid,nodev,noexec,relatime)
/dev/mmcblk0p7 on /var/folder2ram/var/spool type ext4 (ro,relatime)
folder2ram on /var/spool type tmpfs (rw,nosuid,nodev,noexec,relatime)
/dev/mmcblk0p7 on /var/folder2ram/var/lib/rrdcached type ext4 (ro,relatime)
folder2ram on /var/lib/rrdcached type tmpfs (rw,nosuid,nodev,noexec,relatime)
/dev/mmcblk0p7 on /var/folder2ram/var/lib/monit type ext4 (ro,relatime)
folder2ram on /var/lib/monit type tmpfs (rw,nosuid,nodev,noexec,relatime)
/dev/mmcblk0p7 on /var/folder2ram/var/lib/php type ext4 (ro,relatime)
folder2ram on /var/lib/php type tmpfs (rw,nosuid,nodev,noexec,relatime)
/dev/mmcblk0p7 on /var/folder2ram/var/lib/netatalk/CNID type ext4 (ro,relatime)
folder2ram on /var/lib/netatalk/CNID type tmpfs (rw,nosuid,nodev,noexec,relatime)
/dev/mmcblk0p7 on /var/folder2ram/var/cache/samba type ext4 (ro,relatime)
folder2ram on /var/cache/samba type tmpfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=396696k,mode=700)

Alles anzeigen

The problem seems to be on line 6. When I try to fix it as suggested in the reddit thread with mount -o remount,rw /, this is what it returns:

mount: cannot remount /dev/mmcblk0p7 read-write, is write-protected

Does someone else see what is the matter?

kromsam · 24. Juli 2019

I solved this particular problem. I selected the wrong WAN interface.

But I still don't have it running. So the story continues in this thread:

Problems running Let's Encrypt (TDL tutorial)

kromsam · 24. Juli 2019

I run OMV on a RockPro64 (4GB RAM).
OMV version 4.1.23-1 (Arrakis)
Kernel: Linux 4.4.167-1213-rockchip-ayufan-g34ae07687fce
Processor: ARMv8 Processor rev 2 (v8l)

I am trying to get Let's Encrypt running using this TDL tutorial (

Externer Inhalt www.youtube.com

Inhalte von externen Seiten werden ohne Ihre Zustimmung nicht automatisch geladen und angezeigt.

Durch die Aktivierung der externen Inhalte erklären Sie sich damit einverstanden, dass personenbezogene Daten an Drittplattformen übermittelt werden. Mehr Informationen dazu haben wir in unserer Datenschutzerklärung zur Verfügung gestellt.

).

(This I kind of a follow-up on: Problems installing Let's Encrypt (with DuckDNS) - [TDL tutorial])

I managed to install the Let's Encrypt container and its certificates. I did get this 'alert' afterwards:

Code

New certificate generated; starting nginx
[cont-init.d] 50-config: exited 0.
[cont-init.d] 99-custom-files: executing... 
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
nginx: [error] lua_load_resty_core failed to load the resty.core module from https://github.com/openresty/lua-resty-core; ensure you are using an OpenResty release from https://openresty.org/en/download.html (rc: 2, reason: module 'resty.core' not found:
	no field package.preload['resty.core']
	no file './resty/core.lua'
	no file '/usr/share/luajit-2.1.0-beta3/resty/core.lua'
	no file '/usr/local/share/lua/5.1/resty/core.lua'
	no file '/usr/local/share/lua/5.1/resty/core/init.lua'
	no file '/usr/share/lua/5.1/resty/core.lua'
	no file '/usr/share/lua/5.1/resty/core/init.lua'
	no file '/usr/share/lua/common/resty/core.lua'
	no file '/usr/share/lua/common/resty/core/init.lua'
	no file './resty/core.so'
	no file '/usr/local/lib/lua/5.1/resty/core.so'
	no file '/usr/lib/lua/5.1/resty/core.so'
	no file '/usr/local/lib/lua/5.1/loadall.so'
	no file './resty.so'
	no file '/usr/local/lib/lua/5.1/resty.so'
	no file '/usr/lib/lua/5.1/resty.so'
	no file '/usr/local/lib/lua/5.1/loadall.so')
Server ready

Alles anzeigen

At this point I expected to be able to go to my server address on port 90 and see the "Welcome to our server" message. Instead I got this error in Chromium: ERR_CONNECTION_REFUSED.

Another clue is that, when I use port forwarding, port 80 and 8096 (jellyfin) can be opened, but 90 isn't getting opened, as if nothing is listening.

What could be the case here?

All the best,

kromsam · 24. Juli 2019

Zitat von Morlan

Maybe. Do you have any special firewall configurations in place?
Does the router mark the port forwarding as active?
You cloud try a port scanner to see if the ports are actually open.

Output changed when I tweaked DMZ and UPnP settings. Could the solution lay there maybe?

kromsam · 21. Juli 2019

I put off all the firewalls of my router.

When I used this port scanner: https://hidemyna.me/en/ports/

I get the following back:

All 1000 scanned ports on [adsl.isp] ([ip adress]) are closed (990) or filtered (10)
Nmap done: 1 IP address (1 host up) scanned in 10.22 seconds.

So they just don't seem to be open... How do I get around this.

kromsam · 6. Juli 2019

Yes the machine is on there. Could it be a problem with the firewall?

kromsam · 3. Juli 2019

I run OMV on a RockPro64 (4GB RAM).
OMV version 4.1.23-1 (Arrakis)
Kernel: Linux 4.4.132-1075-rockchip-ayufan-ga83beded8524
Processor: ARMv8 Processor rev 2 (v8l)

--

I tried to get Let's Encrypt running with DuckDNS following the TechnoDad tutorial (https://www.youtube.com/watch?v=TkjAcp8q0W0). Used the linuxserver dockers without any additional tags.

After running the Let's Encrypt docker, and running docker logs -f letsencrypt I get the following output. There we goo now:

Code

root@rockpro64:~# docker logs -f letsencrypt
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing... 


-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \ 
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/




Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------


User uid:    1000
User gid:    100
-------------------------------------


[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing... 
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing... 
generating self-signed keys in /config/keys, you can replace these with your own keys if required
Generating a RSA private key
..............+++++
..............+++++
writing new private key to '/config/keys/cert.key'
-----
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing... 
Variables set:
PUID=1000
PGID=100
TZ=[Timezone]
URL=duckdns.org
SUBDOMAINS=[domain1,domain2,domain3,domain4,domain5]
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
DHLEVEL=2048
VALIDATION=http
DNSPLUGIN=
EMAIL=[emailaddress]
STAGING=


Created donoteditthisfile.conf
Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time


[.*+]


DH parameters successfully created - 2048 bits
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are:  -d domain1.duckdns.org -d domain2.duckdns.org -d domain3.duckdns.org -d domain4.duckdns.org -d domain5.duckdns.org
E-mail address entered: [emailaddress]
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain1.duckdns.org
http-01 challenge for domain2.duckdns.org
http-01 challenge for domain3.duckdns.org
http-01 challenge for domain4.duckdns.org
http-01 challenge for domain5.duckdns.org
Waiting for verification...
Challenge failed for domain domain1.duckdns.org
Challenge failed for domain domain2.duckdns.org
Challenge failed for domain domain3.duckdns.org
Challenge failed for domain domain4.duckdns.org
Challenge failed for domain domain5.duckdns.org
http-01 challenge for domain1.duckdns.org
http-01 challenge for domain2.duckdns.org
http-01 challenge for domain3.duckdns.org
http-01 challenge for domain4.duckdns.org
http-01 challenge for domain5.duckdns.org
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:


   Domain: domain1.duckdns.org
   Type:   connection
   Detail: Fetching
   http://domain1.duckdns.org/.well-known/acme-challenge/[B1c]:
   Timeout during connect (likely firewall problem)


   Domain: domain2.duckdns.org
   Type:   connection
   Detail: Fetching
   http://domain2.duckdns.org/.well-known/acme-challenge/[C2d]:
   Timeout during connect (likely firewall problem)


   Domain: domain3.duckdns.org
   Type:   connection
   Detail: Fetching
   http://domain3.duckdns.org/.well-known/acme-challenge/[D3e]:
   Timeout during connect (likely firewall problem)


   Domain: domain4.duckdns.org
   Type:   connection
   Detail: Fetching
   http://domain4.duckdns.org/.well-known/acme-challenge/[E4f]:
   Timeout during connect (likely firewall problem)


   Domain: domain5.duckdns.org
   Type:   connection
   Detail: Fetching
   http://domain5.duckdns.org/.well-known/acme-challenge/[F5g]]:
   Timeout during connect (likely firewall problem)


   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Alles anzeigen

--

So I have an idea that this could be an issue with my router settings. My router is a ZyXEL VMG8324-B10A.
I go to Network Settings > NAT. There I found no existing rules.
I added two new rules following this scheme:

Service Name : Lets Encrypt (80 [/443])
WAN Interface : ADSL_via_[ISP]
WAN IP :
Trigger Start Port : 80 [/ 443]
End Port : 80 [/ 443]
Translation Start Port : 90 [/ 450]
Translation End Port : 90 [/ 450]
Server IP Address : 192.168.1.2
Protocol : TCP/UDP
I did nothing with the WOL settings.

When I saved the port forwarding for 80->90 I needed to confirm the following:
Since TCP port 80 is used.
The router WEB server port will be moved to 8080.

For the 443->450 rule it was:

Since TCP port 443 is used.
The router HTTPS server port will be moved to 4433.

In both cases I clicked to confirm.

What could be the problem here? Something with my Port Forwarding settings?

All the best,

Beiträge von kromsam

Nextcloud stopped working, can't be reinstalled

Problems installing Nextcloud + Let's Encrypt

Problems installing Nextcloud + Let's Encrypt

Problems installing Nextcloud + Let's Encrypt

Problems installing Nextcloud + Let's Encrypt

Move docker /var/lib/docker folder on external drive

Move docker /var/lib/docker folder on external drive

Failed to connect to socket: No such file or directory

Failed to connect to socket: No such file or directory

Failed to connect to socket: No such file or directory

Problems running Let's Encrypt (TDL tutorial)

Failed to connect to socket: No such file or directory

Problems installing Let's Encrypt (with DuckDNS) - [TDL tutorial]

Problems running Let's Encrypt (TDL tutorial)

Problems installing Let's Encrypt (with DuckDNS) - [TDL tutorial]

Problems installing Let's Encrypt (with DuckDNS) - [TDL tutorial]

Problems installing Let's Encrypt (with DuckDNS) - [TDL tutorial]

Problems installing Let's Encrypt (with DuckDNS) - [TDL tutorial]