Beiträge von FragoulisNaval

Zitat von Soma

You say you have Nginx-Proxy, but how are you running it?

If it's through docker, what you're doing won't work.

The fail2ban plugin on OMV "only" protects the OS Nginx, not the ones running via docker.

On the other hand, SWAG proxy already has a fail2ban protection included.

[EDIT]

Just remembered that you have an app on Nextcloud called "Brute Force Settings" that might serve your purposes

Alles anzeigen

thank you for your reply.

Nginx-Proxy is indeed running trough docker, I thought that by having fail2ban looking at the nextvloug.log file for failed attempts, it might block the ip , regardless of being a dockerized program or not.

I will check the link you provided. Thanks!

Good afternoon gentlemen,

I would like to setup fail2ban to monitor my nextcloud installation.

I have installed the plugin and believe that the attached configuration is correct. Nextcloud is not listening to any report and I am using Nginx proxy manager to reverse proxy the app to port 80

Can someone verify it please?

I don't know what happen but the CPU load has dropped to only 1~2% from last night.

Maybe it was doing some short of indexing after the last update to 5.6.4-1....

Hello gentlemen,

The last few days I am seeing that my usb boot drive utilisation is constantly over 65% on average. Is this a sign that the drive is slowly failing and I have to consider its replacement? My Netdata iowait monitors suggests so, since the drive is now a bottleneck for my system.

As an example, I am having constant dropouts when even when I am streaming a 40MB Flac file from my nap to my local streaming device.

This behaviour was absent a week ago...

Any thoughts on the above?

Good day gentlemen,

I would like to setup fail2ban on my server and I would like your recommendations how to best do so.

Below are two screenshots from my server.

The first photo displays what I think I should enable.

Te second photo on the top left corner shows the programs that are currently installed and running. All programs are accessible through the internet through NginxProxyManager. As you can see, fail2ban is not enabled yet on the background.

My question is: Is there anything else I should enable in the first photo that I am missing?

Good day gentlemen,

Today I wanted to start Nginx-Proxy_Manager to play around a little with my recently installed Unifi Controller.

The container refused to start because the port 80 was blinded from another program that was running at the time.

I stopped all running containers leaving only portioner and tried to restart Nginx-Proxy_Manager.

Unfortunately, I received the same error.

After doing some digging, I reached to the attached image.

As you can see, while the web guy says port 82, running omv-firstaid I see port 80.

I tried changing the port from imv-extras to 82 again, and although it says that it changes it, Nginx-Proxy_Manager. still refuses to start, as can be seen from image screenshot 2

Funny thing is that the web gui listens to port 82.

What can be that is binding port 80?

Thank you for your assistance.

The idea to change the internal address o the router has not passed my mind. I will try it. Thank you!!!!!

this is the stack used from TDL for installing next cloud. And it works flawlessly.

version: 2
services:
  nextcloud:
    image: ghcr.io/linuxserver/nextcloud:amd64-latest
    container_name: nextcloud
    environment:
      - PUID=XXX
      - PGID=XXX
      - TZ=Europe/Athens
    volumes:
      - /srv/dev-disk-by-uuid-e856b37e-372a-4c8a-a962-b3d678884601/Configuration/nextcloud:/config
      - /srv/dev-disk-by-uuid-e856b37e-372a-4c8a-a962-b3d678884601/Configuration/nextcloud/data:/data
    depends_on:
      - mariadb
    restart: unless-stopped
  mariadb:
    image: ghcr.io/linuxserver/mariadb:amd64-latest
    container_name: mariadb
    environment:
      - PUID=XXX
      - PGID=XXX
      - TZ=Europe/Athens
      - MYSQL_ROOT_PASSWORD=XXXXXXXXXXXXXX
    volumes:
      - /srv/dev-disk-by-uuid-e856b37e-372a-4c8a-a962-b3d678884601Configuration/mariadb:/config
    restart: unless-stopped
  Swag:
    image: ghcr.io/linuxserver/swag:amd64-latest
    container_name: swag
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=XXX
      - PGID=XXX
      - TZ=Europe/Athens
      - URL=XXXXXXXXXXX
      - SUBDOMAINS=wildcard
      - VALIDATION=duckdns
      - DUCKDNSTOKEN=XXXXXXXXXXXXX
      - EMAIL=XXXXXXXXXXXXXXX
    volumes:
      - /srv/dev-disk-by-uuid-e856b37e-372a-4c8a-a962-b3d678884601/Configuration/Swag:/config
    ports:
      - 443:443
      - 84:80
    restart: unless-stopped

as you see, the port 443 is already taken.

I want to transform it to something like this:

version: "2.1"
services:
nextcloud:
image: ghcr.io/linuxserver/nextcloud:amd64-latest
container_name: nextcloud
environment:
- PUID=xxxxx
- PGID=xxxxxxx
- TZ=Europe/Athens
- MYSQL_PASSWORD=xxxxxx
- MYSQL_DATABASE=xxxxxx
- MYSQL_USER=xxxxxxx
- MYSQL_HOST=xxxxxxxxxxx
volumes:
- /srv/dev-disk-by-uuid-e856b37e-372a-4c8a-a962-b3d678884601/Configuration/nextcloud2:/config
- /srv/dev-disk-by-uuid-e856b37e-372a-4c8a-a962-b3d678884601/Configuration/nextcloud2/data:/data
ports:
- 8281:80
depends_on:
- nextcloud-db
restart: unless-stopped
nextcloud-db:
image: ghcr.io/linuxserver/mariadb:amd64-latest
container_name: mariadb
environment:
- PUID=xxxxx
- PGID=xxxxx
- TZ=Europe/Athens
- MYSQL_ROOT_PASSWORD=xxxxxx
- MYSQL_PASSWORD=xxxxxx
- MYSQL_DATABASE=xxxxxx
- MYSQL_USER=xxxxxxx
volumes:
- /srv/dev-disk-by-uuid-e856b37e-372a-4c8a-a962-b3d678884601/Configuration/mariadb2:/config
restart: unless-stopped

publishing only one port listening to 80 and then using NPM for the 443 and SSL cert.

I thought of a workaround solution to this when I buy the nuclear

I have Backup for all my files. The problem is that I do not know how to backup my Nextcloud setting and having them transferred to a new/fresh installation.

Thanks for your time though

PS: Collabora & onlyoffice sems to be troublesome when running on RPI instead of a x86 chip. That is at least the feeling I got after doing some research

I understand your point but if I do it like you propose, I will not be able to use NPM. The problem is not only the trusted certificates but also the correlation between the internal IP with the domain name.

If there is no way to retain my current Nextcloud settings unaltered by the migration, then I will wait until I buy a new mini pc for installing NPM there together with adguard and Collabora/onlyoffice. The latter is the only reason that I choose mini pc (intel nut) instead of a rpi.

Yes I did.

My Nextcloud installation is totally secured and working flawlessly.

The problem is that I cannot use Nginx-Proxy-Manager simultaneously, because with the way TDL is installing it. he binds the ports 80 and 443 to the Nextcloud installation and the Nginx-Proxy-Manager cannot ruction properly. You have to turn down one to use the other.

A workaround would either be to delete my Nextcloud instance and set it up again OR buy a mini pc/raspberry pi to have hosting adguard and the other services I want to have access trough the internet.

If I follow the first route, I do not want to set everything up again in a new Nextcloud installation..

Good afternoon all,

After some digging, reading, watching videos on YouTube I realised that I have my Nextcloud installation wrongly configured. The reason is that I use duckdns for my subdomain ( I followed techno dad life guide on YouTube) whereas I found out that using Cloudflare instead is not only more secure, but also it will allow me to utilise Nginx-Proxy-Manager, a thing I cannot do right now.

The problem is that my current Nextcloud installation is working perfectly until now and I have set up talk, deck, contacts etc. I would like to find a way to migrate all of these settings to my new installation without missing/deleting anything.

Do you know if/how this is possible?

Zitat von macom

For this you can use privileges and give here read/write on Documents and nothing else, if not needed.

Or this might help:

https://wiki.omv-extras.org/do…d=nas_permmissions_in_omv

Thank you for your reply. I did not know that wiki existed. I will read it thoroughly.

hi all,

I would like to make a dump question about setting correctly ACL permission for folders.

I have created a new user profile for my wife Katerina an I would like to restrict her access to my Documents folder, because all my work is stored there and I don't want her messing accidentally deleting something.

Can you pinpoint on the attached photo which are the correct boxes to tick?

Thank you!!

hello everyone,

I will need your valuable assistance one more time.

I reinstalled my OMV after I suffered a SSD failure and I set up portioner from scratch.

I have a configuration folder where I have installed all me setup/configuration files on a different drive than my OS drive and I have backed this folder through duplicati to an external usb drive.

I would like to know how will I be able to restore all my previous configuration the easiest way. I do not want to install and setup all the programs again from scratch.

If my understanding is correct, I will have to install duplicati again on portainer and restore the backup from there, correct? Will this mean that all the docker images will be restored, as well as my settings?

another thought that crossed my mind is to install all the programs again through portainer to another folder in a different location and when I am done to overwrite the newly created folders with the old folders. Will I achieve anything or will I make a complete mess?

Attach you can see that my old configuration folder is there with all my installation folders. However my new portioner is empty.

I don't know what it did, but it works! Thank you!

Would you like to explain in a few words what this command did?

Hello everyone,

after installing all the latest available updates today I receive an error message, as in the attached pdf. My problem is that after the update, the system asks me to apply the changes made, I hit OK but the error message appears.

Any ideas why this might be happening?

error message.pdf

error message.pdf

Zitat von macom

Inside the container. If you are using Portainer you can open a terminal with an icon which is next to the name of the container.

Command: RE: Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

Thank you, but i receive the following error: bash: occ: command not found. I just copy-paste the command, is my syntax wrong or i have to do something beforehand? maybe i should update/upgrade through sudo apt first?

Hi everyone,

I am receiving the following security issues with my installation:

---------------------------------------------------------------------------------------

There are some warnings regarding your setup.

• The reverse proxy header configuration is incorrect, or you are accessing Nextcloud from a trusted proxy. If not, this is a security issue and can allow an attacker to spoof their IP address as visible to the Nextcloud. Further information can be found in the documentation.
• The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.

• The database is missing some primary keys. Due to the fact that adding primary keys on big tables could take some time they were not added automatically. By running "occ db:add-missing-primary-keys" those missing primary keys could be added manually while the instance keeps running.
  • Missing primary key on table "oc_federated_reshares".
  • Missing primary key on table "oc_systemtag_object_mapping".
  • Missing primary key on table "oc_comments_read_markers".
  • Missing primary key on table "oc_collres_resources".
  • Missing primary key on table "oc_collres_accesscache".
  • Missing primary key on table "oc_filecache_extended".

--------------------------------------------------------------------------------------------

I followed the installation video of TechnoDadLife in youtube.

Do you have any ideas how can i fix them?

Where do i run the command: "occ db:add-missing-primary-keys"??

I could buy a cubed case, and install the sbc inside there. Nice thought!

Zitat von macom

You could use a desktop enclosure and put drives and sbc inside. There are also examples in the My NAS build forum.