Posts by HannesJo

Quote from Trail9

Good evening, is it possible to use the stacks found in the thread to run nextcloud only in the local network and without opening ports and fix warnings such as “You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead.” and "Strict Transport-Security.

The stack I'm using is this:

Code

version: "2.1"
services:
  nextcloud:
    image: ghcr.io/linuxserver/nextcloud:latest
    container_name: nextcloud
    ##network_mode: swag_default
    environment:
      - PUID=1000
      - PGID=100
    volumes:
      - /path/to/nextcloud/config:/config
      - /path/to/nextcloud-data:/data
      - /etc/localtime:/etc/localtime:ro
    depends_on:
      - mariadb
    ports:
      - 450:443
    restart: unless-stopped
  mariadb:
    image: ghcr.io/linuxserver/mariadb:latest
    container_name: nextclouddb
    ##network_mode: swag_default
    environment:
      - PUID=1000
      - PGID=100
      - MYSQL_ROOT_PASSWORD=YOUR_MYSQL_PASSWORD
    volumes:
      - /path/to/mariadb/config:/config
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped

Display More

I can access to nextcloud UI and finish the configuration, but then those warnings remain even if i remove the

"#" in front of

#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

and restart the nextcloud docker.

I would just like to use nextcloud in my lan network and access it from outside via wireguard.

Display More

You may need an open port for retrieving the cert. But that does not mean nextcloud must be accessible from outside your lan. You could add sth like the following statements to your nextcloud proxy conf file

allow 192.168.1.0/24;
deny all;

Your clients also need a DNS entry that points your domain cloud.example.org to the local ip eg 192.168…. or they would be blocked too. Could be done via pihole if you use it.

Wer sowas ohne VPN macht benutzt als Passwort für alles „Passwort1“

Who told you to use raid but no backup? Why would you want high availability but low data safety?

Krisbee Thanks for clarification 👍

Quote from Krisbee

The problems with BTRFS raid5/6 go much deeper than just the write hole problem. Not much has changed re: this https://www.reddit.com/r/btrfs…s_read_before_you_create/

That’s interesting, thx. So some say it is as safe as any solution and some say it is not. While the official notice of btrfs devs only mentions the write hole issue that seems to be an actual problem of all raid solutions. Topic remains unclear 🤔

Quote from geaves

I found that from the btrfs read the docs page I have no idea how old that is

Yeah but as I learned here the RAID 5 write hole on btrfs is not btrfs specific but exists on every raid solution. It is just the fact that devs of other solutions do not warn about that anymore.

Quote from geaves

BTRFS, I know the raid implementation is still somewhat suspect and the recommendation is not to use it production.

Is it so? My most recent info was that the danger in using btrfs raid5 exists without power redundancy only - being an actual issue on any raid solution. Thus, power cut would be potentially dangerous on btrfs like on any other raid technology. In the other hand as long as there is no power cut btrfs would be as safe as any other solution. Did I miss sth?

Don’t know about mdadm but I’m using btrfs stripe and had no problem. Clean install of omv6 -> plugged in disks -> mounted -> that’s it. Of course you always need a backup anyway.

Quote from irvan.hendrik

Currently I am using 1 disk without RAID system ( I know it is stupid).

Why do you think so? Having no backup is stupid. Having raid and thinking that would be a backup is also stupid. Having no raid is just having no raid.

Quote from macchese

Am I doing something wrong?

Thank you

Bro you did not even told what you doing so how do you think we would know if it was wrong. Should I look into a glass ball?

Some years ago I was kind of addicted to always using the newest kernel. Don’t even know why exactly. Guess I just wanted to be as up-to-date as possible. At some point I learned that updating without a specific reason is usually just a waste of time.

As a non-professional if you really need to unlock new features or your current kernel is going EOL: Update. If not: Do not. Never change a running system.

Oh I see. That is weird indeed

It is your container having incorrect date. Not OMV. Perhaps it is just not using correct timezone. Depending on what image you use, there could be a env var or you could try to bind mount /etc/localtime:/etc/localtime:ro. That was necessary on some of my containers too.

If I was in your situation I would probably just use plain Debian and config all the services by hand

Quote from lolek

I think I did explain it earlier but let me do this one more time.

I had to manually modify some values in the system because OMV doesn't have proper fields for this. This is today, say that in the next year I may need to change something and I may forget that I did that. I'd like omv to tell me this. Either by checking md5sum of that file that it has been altered outside of omv or by allowing me to instruct omv that this config file has been altered by me and there should be no possibility to edit it from the gui anymore. Either option is fine for me.

At the end of the day omv is just a tool like a car. And it obviously doesn’t fit your needs. Let’s say omv is a Smart. You would not ask a car company to change their Smart so you can transport 40 tons of stuff with it.

I am confused. When you change an OMV env var, there shouldn't be any problem. The setting is not gonna be overwritten by OMV. Only if you manually edit config files this can happen. Right?

Quote from lolek

I do understand that authors of OMV want the UI to be simple - perfectly fine, then these sort of things can be hidden under "advanced mode".

I would say environment vars is the hidden advanced mode. The GUI is for noobs and/or daily tasks. If there was a vote I would be against the option in the gui.

What site is that. I cannot even play your vid. Best you can do now is do nothing but what you are being told here.

What do you mean by Heimdall connecting to ips? In the end of the day it’s always your browser that connects. If it connects directly or via pihole or via swag or via both depends on your links and your configuration. Everything is possible

Depends