Posts by Skullchuck

Skullchuck · Jan 31st 2024

Quote

"works for a while" is the current state --> I have access for 1-3 minutes, then I get ERR_CONNECTION_REFUSED again (WTF!?)

Ok this behaviour was apparently caused by the desktop & mobile clients trying to connect to NC with the "old" credentials (I chose the same user name and password, but there seems to be a difference anyway). NC or maybe Fail2Ban probably just blocked the connection from my IP after a while.

Now the access works locally & from the internet! Finally after almost 2 weeks nightmare....

It's very interesting though that I set overwrite.cli.url' => '192.168.0.101:451', BUT the access via domain works, also from the internet. NC with Swag remains a mystery for me.

I just restored my calendar app using https://help.nextcloud.com/t/c…ks-as-ics-vcf-files/11978 and the procedure was a bit different for me:

1. I stopped all "new" containers related to NC

2. Commented out everything from the old stack apart from the mariadb section and added the following lines to it:

Code

   ports:
      - 3306:3306

3. Deployed the stack

4. Followed https://codeberg.org/BernieO/c…ncloud-nextcloud-instance

5. In the /usr/local/bin/nextcloud_dummy/config/config.php I had to set:

Code

'dbhost' => '192.168.0.101',  # replace by your local IP
'dbport' => '3306',

The container name, "localhost" or "127.0.0.1" did NOT work! Took me a while to figure this out.

6. Then the script would work and I could download the backup file to my PC via SMB and upload it to the new calendar (old container stopped, new containers started again) via the web GUI

This might be useful for anyone having to restore calendars and contacts from the Nextcloud database.

Skullchuck · Jan 30th 2024

Current status:

This table shows what I changed (config, before, after) and the result (remaining columns)

config	before	after	domain	https://192.168.0.101:451/	domain on phone	from the internet
nextcloud.subdomain.conf	set $upstream_app nextcloud;	set $upstream_app nextcloud1;	does not work	works, insecure	-	-
Tuesday morning initial state			does not work	does not work	works for a while!?	-
/etc/appdata/nextcloud1/config/www/nextcloud/config/config.php	'overwrite.cli.url' => 'https://nextcloud.<ANONYMIZED>.duckdns.org',	overwrite.cli.url' => '192.168.0.101:451',	does not work	does not work	works for a while!?	-
hosts	192.168.0.101 nextcloud.<ANONYMIZED>.duckdns.org	commented out	works for a while!?	-	works for a while!?	works for a while!?

Some remarks:

"-" means I didn't test it
I don't know why the "Tuesday morning initial state" is different from before. There's an automated swag restart during the night, maybe this changed something...
"works for a while" is the current state --> I have access for 1-3 minutes, then I get ERR_CONNECTION_REFUSED again (WTF!?)
"hosts" means the local Windows hosts file on my PC. I had an entry there to prevent routing my local traffic to my ISP and back

Skullchuck · Jan 29th 2024

KM0201 pic... Windows.... not sure if you confuse me with someone else?

These are the permissions of the data folder:

Code

drwxrwx--- 8 docker1 users 4096 25. Jan 13:48 data

If these were wrong, it wouldn't have worked locally before.

Interestingly, now opening https://192.168.0.101:451/ leads to ERR_CONNECTION_REFUSED again with overwriting the URL. It might be a belated reaction to the new config.php, but actually I'm not aware of changing anything since then... very very strange.

Skullchuck · Jan 29th 2024

Quote

Note line 16. you have an extra / in there after "nextcloud"

This wasn't real – something went wrong when I replaced the domain by <ANONYMIZED>. The line actually already looks like this:

Code

 'overwrite.cli.url' => 'https://nextcloud.<ANONYMIZED>.duckdns.org',

In nextcloud.subdomain.conf I changed "set $upstream_app nextcloud;" to set $upstream_app nextcloud1; and restarted both the nextcloud1 and the swag container. The result was that NC is available again under https://192.168.0.101:451/ (but insecure and not replacing the URL), but not under the domain.

Also, I noticed that the old NC config.php was much more comprehensive, so I added a few sections from the old to the new config (redis config, trusted_proxies and mail config). Now it looks like this:

PHP

<?php
$CONFIG = array (  
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'redis',
    'port' => 6379,
  ),
  'datadirectory' => '/data',
  'instanceid' => 'ocws1d9utfc2',
  'passwordsalt' => '<ANONYMIZED>',
  'secret' => '<ANONYMIZED>',
  'trusted_domains' =>
  array (
    0 => '192.168.0.101:451',
    1 => 'nextcloud.<ANONYMIZED>.duckdns.org',
  ),
  'dbtype' => 'mysql',
  'version' => '28.0.1.1',
  'overwrite.cli.url' => 'https://nextcloud.<ANONYMIZED>.duckdns.org',
  'overwritehost' => 'nextcloud.<ANONYMIZED>.duckdns.org',
  'overwriteprotocol' => 'https',
  'dbname' => 'nextcloud1',
  'dbhost' => 'nextclouddb1',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'oc_nextcloud-adm',
  'dbpassword' => '<ANONYMIZED>',
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'filelocking.enabled' => true,
  'memcache.locking' => '\\OC\\Memcache\\APCu',
  'upgrade.disable-web' => true,
  'default_phone_region' => 'COUNTRY_CODE',
  'trusted_proxies' =>
  array (
    0 => '192.168.0.101:451',
    1 => 'nextcloud.<ANONYMIZED>.duckdns.org',
  ),
  'mail_smtpmode' => 'smtp',
  'mail_smtpsecure' => 'tls',
  'mail_sendmailmode' => 'smtp',
  'mail_smtphost' => '<ANONYMIZED>',
  'mail_smtpport' => '<ANONYMIZED>',
  'mail_smtpauth' => 1,
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpname' => '<ANONYMIZED>',
  'mail_smtppassword' => '<ANONYMIZED>',
  'mail_from_address' => '<ANONYMIZED>',
  'mail_domain' => '<ANONYMIZED>',
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
);

Display More

The result is still the same, unfortunately.

Skullchuck · Jan 25th 2024

1.

Yes we left it on 443 but I adapted it to the guide because I thought there must be a reason for these ports.

2.

Code

## Version 2021/05/18
# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => ['swag'],
#  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
#  'overwritehost' => 'nextcloud.your-domain.com',
#  'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'nextcloud.your-domain.com',
#  ),

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name nextcloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app nextcloud;
        set $upstream_port 443;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_max_temp_file_size 2048m;
    }
}

Display More

This could be it, it's still on 443. But I don't have time to try now...

Skullchuck · Jan 25th 2024

So there was no way to update this container properly. Nobody knows why

I deployed a new stack in portainer with the containers nextcloud1, nextclouddb1 and redis1. Nextcloud was running locally on port 451 and with the help of KM0201 we managed to transfer the user data from the old data directory to the new one.

Next step was to make it reachable from the internet again by using swag (generally, following this guide). As I already had a nextcloud stack and a Swag stack, I applied the following steps:

In my router I forwarded port 80 external to 82 internal and 443 external to 444 internal (it was 443 to 443 before)
In the swag stack for the swag container I added under environment
- DOCKER_MODS=linuxserver/mods:swag-dashboard and under ports: - 444:443- 82:80 - 81:81 and redeployed the stack
checked that in /etc/appdata/swag/nginx/proxy-confs there is an nextcloud.subdomain.conf (without .sample). It was like this already and I didn't change anything
adapted /etc/appdata/nextcloud1/config/www/nextcloud/config/config.php
Uncommented the ##network modes in the nextcloud1 stack and redeployed

Situation now: domain gives ERR_CONNECTION_REFUSED from inside the network, 502 from outside. https://192.168.0.101:451/, which worked before, also gives ERR_CONNECTION_REFUSED and overwrites the IP with my domain. https://<MY_DOMAIN>.duckdns.org/ shows the SWAG park page, but with invalid certificate.

Also, by accident, I started the old nextcloud stack once. Nextcloud didn't come up, but mariadb and redis. Hope that didn't break anything. I removed them immediately after realizing.

Somehow I've got the feeling that I would need to assign port 444 to 451 somewhere inside of swag. I already tried to set

ports:

- 444:451

(instead of 444:443) in the swag stack, but it didn't change anything.

You can find the config that I changed and the complete portainer stacks attached.

I hope I just have a silly mistake somewhere and someone here can spot it and point me towards it. I will be offline from now on till at least Sunday night. Maybe someone has some spare time over the weekend? Thanks

Skullchuck · Jan 24th 2024

So after bare-metal restart, the mariadb container is starting successfully. All containers (nextcloud, mariadb, swag & redis) are now running fine according to the container logs, but the front end still gives me 404. What am I missing?

Skullchuck · Jan 23rd 2024

config/databases/b3506031d05d.err says:

Code

240123 19:21:45 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended
240123 19:21:46 mysqld_safe Starting mariadbd daemon with databases from /config/databases
2024-01-23 19:21:46 0 [Note] /usr/bin/mariadbd (mysqld 10.5.13-MariaDB-log) starting as process 7028 ...
2024-01-23 19:21:46 0 [Note] InnoDB: Uses event mutexes
2024-01-23 19:21:46 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2024-01-23 19:21:46 0 [Note] InnoDB: Number of pools: 1
2024-01-23 19:21:46 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
2024-01-23 19:21:46 0 [ERROR] mariadbd: Can't create/write to file '/var/tmp/ibXXXXXX' (Errcode: 13 "Permission denied")
2024-01-23 19:21:46 0 [ERROR] InnoDB: Unable to create temporary file; errno: 13
2024-01-23 19:21:46 0 [ERROR] mariadbd: Can't create/write to file '/var/tmp/ibXXXXXX' (Errcode: 13 "Permission denied")
2024-01-23 19:21:46 0 [ERROR] InnoDB: Unable to create temporary file; errno: 13
2024-01-23 19:21:46 0 [ERROR] InnoDB: Plugin initialization aborted with error Generic error
2024-01-23 19:21:46 0 [Note] InnoDB: Starting shutdown...
2024-01-23 19:21:46 0 [ERROR] Plugin 'InnoDB' init function returned error.
2024-01-23 19:21:46 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
2024-01-23 19:21:46 0 [Note] Plugin 'FEEDBACK' is disabled.
2024-01-23 19:21:46 0 [ERROR] Unknown/unsupported storage engine: InnoDB
2024-01-23 19:21:46 0 [ERROR] Aborting

Display More

and repeats this every second.

What I'm asking myself is how is this

Code

Can't create/write to file '/var/tmp/ibXXXXXX' (Errcode: 13 "Permission denied")

even possible? That's a directory within the container, right? How can it not have permissions inside the container?

I can go inside the container and execute chmod 777 /var/tmp and the container will start successfully (at least until the next deployment). But NC keeps showing me 404

Skullchuck · Jan 23rd 2024

Thanks again KM0201 for all the great support

This is the current error message of the nextcloud container:

Code

Doctrine\DBAL\Exception: Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [2002] Connection refused in /config/www/nextcloud/lib/private/DB/Connection.php:142

Stack trace:
#0 /config/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php(1531): OC\DB\Connection->connect()
#1 /config/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php(1029): Doctrine\DBAL\Connection->getWrappedConnection()
#2 /config/www/nextcloud/lib/private/DB/Connection.php(264): Doctrine\DBAL\Connection->executeQuery()
#3 /config/www/nextcloud/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php(345): OC\DB\Connection->executeQuery()
#4 /config/www/nextcloud/lib/private/DB/QueryBuilder/QueryBuilder.php(280): Doctrine\DBAL\Query\QueryBuilder->execute()
#5 /config/www/nextcloud/lib/private/AppConfig.php(418): OC\DB\QueryBuilder\QueryBuilder->execute()
#6 /config/www/nextcloud/lib/private/AppConfig.php(184): OC\AppConfig->loadConfigValues()
#7 /config/www/nextcloud/lib/private/AppConfig.php(374): OC\AppConfig->getApps()
#8 /config/www/nextcloud/lib/private/legacy/OC_App.php(976): OC\AppConfig->getValues()
#9 /config/www/nextcloud/lib/private/Server.php(729): OC_App::getAppVersions()
#10 /config/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(171): OC\Server->OC\{closure}()
#11 /config/www/nextcloud/3rdparty/pimple/pimple/src/Pimple/Container.php(122): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}()
#12 /config/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(138): Pimple\Container->offsetGet()
#13 /config/www/nextcloud/lib/private/ServerContainer.php(171): OC\AppFramework\Utility\SimpleContainer->query()
#14 /config/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(65): OC\ServerContainer->query()
#15 /config/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(193): OC\AppFramework\Utility\SimpleContainer->get()
#16 /config/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(171): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}()
#17 /config/www/nextcloud/3rdparty/pimple/pimple/src/Pimple/Container.php(118): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}()
#18 /config/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(138): Pimple\Container->offsetGet()
#19 /config/www/nextcloud/lib/private/ServerContainer.php(171): OC\AppFramework\Utility\SimpleContainer->query()
#20 /config/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(65): OC\ServerContainer->query()
#21 /config/www/nextcloud/lib/private/Server.php(1110): OC\AppFramework\Utility\SimpleContainer->get()
#22 /config/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(171): OC\Server->OC\{closure}()
#23 /config/www/nextcloud/3rdparty/pimple/pimple/src/Pimple/Container.php(122): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}()
#24 /config/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(138): Pimple\Container->offsetGet()
#25 /config/www/nextcloud/lib/private/ServerContainer.php(171): OC\AppFramework\Utility\SimpleContainer->query()
#26 /config/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(65): OC\ServerContainer->query()
#27 /config/www/nextcloud/lib/private/Server.php(2065): OC\AppFramework\Utility\SimpleContainer->get()
#28 /config/www/nextcloud/lib/private/Files/View.php(119): OC\Server->getLockingProvider()
#29 /config/www/nextcloud/lib/private/Server.php(464): OC\Files\View->__construct()
#30 /config/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(171): OC\Server->OC\{closure}()
#31 /config/www/nextcloud/3rdparty/pimple/pimple/src/Pimple/Container.php(122): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}()
#32 /config/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(138): Pimple\Container->offsetGet()
#33 /config/www/nextcloud/lib/private/ServerContainer.php(171): OC\AppFramework\Utility\SimpleContainer->query()
#34 /config/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(65): OC\ServerContainer->query()
#35 /config/www/nextcloud/lib/private/Server.php(1467): OC\AppFramework\Utility\SimpleContainer->get()
#36 /config/www/nextcloud/lib/base.php(623): OC\Server->boot()
#37 /config/www/nextcloud/lib/base.php(1165): OC::init()
#38 /config/www/nextcloud/cron.php(43): require_once('...')
#39 {main}

Display More

And the mariadb container keeps writing:

Code

240123 12:06:28 mysqld_safe Logging to '/config/databases/b3506031d05d.err'.
240123 12:06:28 mysqld_safe Starting mariadbd daemon with databases from /config/databases

Any ideas?

Skullchuck · Jan 22nd 2024

Thanks for the quick responses.

KM0201

Quote

You never set a proper data directory for portainer is my guess.

Unfortunately, that's my guess, as well

Quote

Do you still have your old version of portainer installed? (Even if it is not working)

How would I find this out? I cannot see it anymore in the OMV plugins. Portainer GUI is not reachable anymore (this is how I noticed it at all). A docker container ls does not list portainer or any of the containers that I had before the installation of openmediavault-compose. Btw I'm on 6.9.12-2 (Shaitan).

chente

Quote

To solve the Portainer issue you can follow these steps. https://wiki.omv-extras.org/do…openmediavault-compose_67

I can't, because as I wrote above, the portainer data directory either never existed or is gone now.

Quote

As for the quick setup guide you followed, I assume you read the beginning of the guide and the conditions for using it. If you are doing this installation on an already configured server, this guide will serve as a reference but you should follow this: https://wiki.omv-extras.org/doku.php?id=omv6:docker_in_omv

I'm not sure how this should help? The NPM and the failban containers are up and running. NPM is having a Letsencrypt issue though, as I described above. This is the one I cannot solve

So from my perspective I can either try to "go backward" (reviving Portainer somehow) or to "go forward" (solving the NPM/Letsencrypt issue). And both directions seem blocked...

Skullchuck · Jan 22nd 2024

Ok since I need to find a solution rather quickly I went ahead with trying to install NC AIO by following this, deciding for the "with proxy" variant and ultimately using that.

What a mess....! If I had realized that installing the docker-compose plugin would destroy Portainer, I would've never done it. So Portainer is gone and it seems I can't bring it back (this does not work, there is no Portainer container running anymore and I don't have a directory with the Portainer data).

Anyway, also going ahead does not work, because NPM just gives me an "internal error" without any explanation when I try to create a proxy host:

Container log:

Code

[1/22/2024] [12:01:44 PM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -t -g "error_log off;"
[1/22/2024] [12:01:44 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[1/22/2024] [12:01:44 PM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -s reload
[1/22/2024] [12:01:50 PM] [SSL      ] › ℹ  info      Requesting Let'sEncrypt certificates for Cert #4: <DOMAIN_ANONYMIZED>
[1/22/2024] [12:01:50 PM] [SSL      ] › ℹ  info      Command: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-4" --agree-tos --authenticator webroot --email "<MAIL_ANONYMIZED>" --preferred-challenges "dns,http" --domains "<DOMAIN_ANONYMIZED>" 
[1/22/2024] [12:01:50 PM] [Global   ] › ⬤  debug     CMD: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-4" --agree-tos --authenticator webroot --email "<MAIL_ANONYMIZED>" --preferred-challenges "dns,http" --domains "<DOMAIN_ANONYMIZED>" 
[1/22/2024] [12:01:54 PM] [Nginx    ] › ⬤  debug     Deleting file: /data/nginx/temp/letsencrypt_4.conf
[1/22/2024] [12:01:54 PM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -t -g "error_log off;"
[1/22/2024] [12:01:54 PM] [Nginx    ] › ℹ  info      Reloading Nginx
[1/22/2024] [12:01:54 PM] [Global   ] › ⬤  debug     CMD: /usr/sbin/nginx -s reload
[1/22/2024] [12:01:54 PM] [Express  ] › ⚠  warning   Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

Display More

And the letsencrypt.log:

Display Spoiler

[...]

{

"type": "http-01",

"status": "pending",

"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/306890539026/dlPRLA",

"token": "_RzIMOQR1rrp3OSVoBK1iPb5xiuSBvRz_N7wMfPoKA0"

}

2024-01-22 12:01:52,664:DEBUG:acme.client:Storing nonce: WjH7rlvslZcZaQ-Ksp2_gjHSbF47ZWxlM67SiyNMhSlNLJlQXjI

2024-01-22 12:01:52,665:INFO:certbot._internal.auth_handler:Waiting for verification...

2024-01-22 12:01:53,666:DEBUG:acme.client:JWS payload:

b''

2024-01-22 12:01:53,676:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencry…me/authz-v3/306890539026:

{

"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTUyOTU0NzM4NiIsICJub25jZSI6ICJXakg3cmx2c2xaY1phUS1Lc3AyX2dqSFNiRjQ3Wld4bE02N1NpeU5NaFNsTkxKbFFYakkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMwNjg5MDUzOTAyNiJ9",

"signature": "eW8Ctz0FYteRiOrzOXB3HhrxAbg2PzlmRIqOgiUSUkCose_vaoHLdNJxszbD9MAOxPoCLxcWfkMA8_4s4B2vVYOIxnXQ5o3jM6qYglbmcpq-wKvEN7Fuqpkcq_fJ7vOmrCRWwZoEbW8R3uNNwhWBQ8rIliAfiXIlHa1QdIhCxgXfV_aFRlSG-nIzXz0KprcjiP4y_mZF6T-wLwo5HcBzTFuRCVlPahDR7Ia7RqmTUxQfXUjsKuN4qCZrg00Ce_6M59Bv57_eVKKA-PHlbLsaiDWBya9oGNUj3tGlnNdNTSODI64IN9MR2xfTKmOyfpUBfhBEqlhAfsxv0wcMDVM1Yg",

"payload": ""

}

2024-01-22 12:01:53,835:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/306890539026 HTTP/1.1" 200 1036

2024-01-22 12:01:53,836:DEBUG:acme.client:Received response:

HTTP 200

Server: nginx

Date: Mon, 22 Jan 2024 11:01:53 GMT

Content-Type: application/json

Content-Length: 1036

Connection: keep-alive

Boulder-Requester: 1529547386

Cache-Control: public, max-age=0, no-cache

Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"

Replay-Nonce: C_JVVWRmhY_ysi6shgz-RQf0tYHNOKTnaFj956qkW3oFiKcM1ks

X-Frame-Options: DENY

Strict-Transport-Security: max-age=604800

{

"identifier": {

"type": "dns",

"value": "<DOMAIN_ANONYMIZED>"

},

"status": "invalid",

"expires": "2024-01-29T11:01:52Z",

"challenges": [

{

"type": "http-01",

"status": "invalid",

"error": {

"type": "urn:ietf:params:acme:error:connection",

"detail": "84.44.146.11: Fetching http://<DOMAIN_ANONYMIZED>/.well-known/acme-challenge/_RzIMOQR1rrp3OSVoBK1iPb5xiuSBvRz_N7wMfPoKA0: Error getting validation data",

"status": 400

},

"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/306890539026/dlPRLA",

"token": "_RzIMOQR1rrp3OSVoBK1iPb5xiuSBvRz_N7wMfPoKA0",

"validationRecord": [

{

"url": "http://<DOMAIN_ANONYMIZED>/.well-known/acme-challenge/_RzIMOQR1rrp3OSVoBK1iPb5xiuSBvRz_N7wMfPoKA0",

"hostname": "<DOMAIN_ANONYMIZED>",

"port": "80",

"addressesResolved": [

"84.44.146.11"

],

"addressUsed": "84.44.146.11"

}

],

"validated": "2024-01-22T11:01:52Z"

}

]

}

2024-01-22 12:01:53,837:DEBUG:acme.client:Storing nonce: C_JVVWRmhY_ysi6shgz-RQf0tYHNOKTnaFj956qkW3oFiKcM1ks

2024-01-22 12:01:53,838:INFO:certbot._internal.auth_handler:Challenge failed for domain <DOMAIN_ANONYMIZED>

2024-01-22 12:01:53,839:INFO:certbot._internal.auth_handler:http-01 challenge for <DOMAIN_ANONYMIZED>

2024-01-22 12:01:53,839:DEBUG:certbot._internal.display.obj:Notifying user:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:

Domain: <DOMAIN_ANONYMIZED>

Type: connection

Detail: 84.44.146.11: Fetching http://<DOMAIN_ANONYMIZED>/.well-known/acme-challenge/_RzIMOQR1rrp3OSVoBK1iPb5xiuSBvRz_N7wMfPoKA0: Error getting validation data

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2024-01-22 12:01:53,842:DEBUG:certbot._internal.error_handler:Encountered exception:

Traceback (most recent call last):

File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations

self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)

File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations

raise errors.AuthorizationError('Some challenges have failed.')

certbot.errors.AuthorizationError: Some challenges have failed.

2024-01-22 12:01:53,842:DEBUG:certbot._internal.error_handler:Calling registered functions

2024-01-22 12:01:53,843:INFO:certbot._internal.auth_handler:Cleaning up challenges

2024-01-22 12:01:53,843:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/_RzIMOQR1rrp3OSVoBK1iPb5xiuSBvRz_N7wMfPoKA0

2024-01-22 12:01:53,844:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up

2024-01-22 12:01:53,845:DEBUG:certbot._internal.log:Exiting abnormally:

Traceback (most recent call last):

File "/opt/certbot/bin/certbot", line 8, in <module>

sys.exit(main())

^^^^^^

File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main

return internal_main.main(cli_args)

^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1869, in main

return config.func(config, plugins)

^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1600, in certonly

lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert

lineage = le_client.obtain_and_enroll_certificate(domains, certname)

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate

cert, chain, key, _ = self.obtain_certificate(domains)

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate

orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations

authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations

self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)

File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations

raise errors.AuthorizationError('Some challenges have failed.')

certbot.errors.AuthorizationError: Some challenges have failed.

2024-01-22 12:01:53,853:ERROR:certbot._internal.log:Some challenges have failed.

I'm getting desperate. Could someone please help?

Skullchuck · Jan 21st 2024

Not sure if I'm right here, please just move this post if it doesn't belong.

I've Nextcloud + Swag set up and so far I was on NC 25.0.13. Since it's officially unsupported (and I was maybe too update-eager) I wanted to upgrade to NC 28.

I followed this approach, i.e. I pulled the latest NC image and re-deployed the container with it. Obviously I forgot that NC cannot skip major versions

So the new container was not working and my idea was now to go back to the old version and then go through the major releases iteratively. However, after deploying the copy of my backup image and overwriting the config folder with my backup config folder, I receive the following backend error:

nginx: [emerg] duplicate upstream "php-handler" in /config/nginx/site-confs/default.conf:1

On the front end this is a "502 bad gateway". When I comment out the respective lines in default.conf, the container starts, gives me some warnings ("nginx: [warn] conflicting server name "_" on 0.0.0.0:80, ignored"), but the front end shows 404.

The question is now: How to proceed? Does it make sense to fix the container at all and if yes, how can it be fixed? Or would it be simpler to switch to NC AIO?

Looking forward to your ideas and opinions, thanks

Skullchuck · Mar 26th 2023

Nice, that sounds easy. For problem A I just copied your solution (scheduled IP renewal with duckdns via a cron job in the OMV GUI)

For problem B I realized I don't even need systemd. Just scheduled "docker restart swag" in the OMV GUI scheduler.

Probably that solves the issues. I will watch if it keeps on working from now on.

Skullchuck · Mar 25th 2023

Hi all,

I'm on 6.0.28-3 (Shaitan) and I've been having my Nextcloud + Swag + DuckDNS (following this guide, kudos) to access it externally running for over a year. I noticed two small problems:

Problem A:

Often duckDNS does not refresh the IP address (for at least a day or so).

My current workaround:

I have to log in manually, delete the IPv4 address and let it detect it again. Pretty annoying.

I don't know if duckDNS would notice the outdated IP eventually, but it definitely takes too long.

I'm aware that there are charged services (e.g. Cloudflare) that might work better, but right now this is not an option for me.

Problem B:

Even if duckDNS has the correct IP address, sometimes the external access is not working (404).

My current workaround:

Restart the swag container.

I will soon be going on a longer journey and won't have access to my local network to do this (right now there is no VPN and actually I would like to keep it this way). So my current idea (not implemented yet) is to set up a service with systemd that executes "docker restart swag" and schedule this service with cron.

Did anyone experience similar issues? Any other suggestions on how to cope with these issues?

Thank you

Skullchuck · Feb 11th 2023

Indeed, it was the disk. I replaced it and now it works like a charm.

Skullchuck · Jan 27th 2023

So the test is still running, but curiously I looked at sudo smartctl -a /dev/sde and found some errors in the log:

Code

Error 804 occurred at disk power-on lifetime: 61 hours (2 days + 13 hours)
When the command that caused the error occurred, the device was active or idle.


After command completion occurred, registers were:
ER ST SC SN CL CH DH
-- -- -- -- -- -- --
04 61 02 00 00 00 a0  Device Fault; Error: ABRT


Commands leading to the command that caused the error were:
CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
-- -- -- -- -- -- -- --  ----------------  --------------------
ef 10 02 00 00 00 a0 08      09:42:04.027  SET FEATURES [Enable SATA feature]
ec 00 00 00 00 00 a0 08      09:42:04.026  IDENTIFY DEVICE
ef 03 46 00 00 00 a0 08      09:42:04.026  SET FEATURES [Set transfer mode]
ef 10 02 00 00 00 a0 08      09:42:04.026  SET FEATURES [Enable SATA feature]
ec 00 00 00 00 00 a0 08      09:42:04.026  IDENTIFY DEVICE


Error 803 occurred at disk power-on lifetime: 61 hours (2 days + 13 hours)
When the command that caused the error occurred, the device was active or idle.


After command completion occurred, registers were:
ER ST SC SN CL CH DH
-- -- -- -- -- -- --
04 61 46 00 00 00 a0  Device Fault; Error: ABRT


Commands leading to the command that caused the error were:
CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
-- -- -- -- -- -- -- --  ----------------  --------------------
ef 03 46 00 00 00 a0 08      09:42:04.026  SET FEATURES [Set transfer mode]
ef 10 02 00 00 00 a0 08      09:42:04.026  SET FEATURES [Enable SATA feature]
ec 00 00 00 00 00 a0 08      09:42:04.026  IDENTIFY DEVICE
ef 10 02 00 00 00 a0 08      09:42:04.011  SET FEATURES [Enable SATA feature]


Error 802 occurred at disk power-on lifetime: 61 hours (2 days + 13 hours)
When the command that caused the error occurred, the device was active or idle.


After command completion occurred, registers were:
ER ST SC SN CL CH DH
-- -- -- -- -- -- --
04 61 02 00 00 00 a0  Device Fault; Error: ABRT


Commands leading to the command that caused the error were:
CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
-- -- -- -- -- -- -- --  ----------------  --------------------
ef 10 02 00 00 00 a0 08      09:42:04.026  SET FEATURES [Enable SATA feature]
ec 00 00 00 00 00 a0 08      09:42:04.026  IDENTIFY DEVICE
ef 10 02 00 00 00 a0 08      09:42:04.011  SET FEATURES [Enable SATA feature]
ec 00 00 00 00 00 a0 08      09:42:04.010  IDENTIFY DEVICE


Error 801 occurred at disk power-on lifetime: 61 hours (2 days + 13 hours)
When the command that caused the error occurred, the device was active or idle.


After command completion occurred, registers were:
ER ST SC SN CL CH DH
-- -- -- -- -- -- --
04 61 02 00 00 00 a0  Device Fault; Error: ABRT


Commands leading to the command that caused the error were:
CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
-- -- -- -- -- -- -- --  ----------------  --------------------
ef 10 02 00 00 00 a0 08      09:42:04.011  SET FEATURES [Enable SATA feature]
ec 00 00 00 00 00 a0 08      09:42:04.010  IDENTIFY DEVICE
ef 03 46 00 00 00 a0 08      09:42:04.010  SET FEATURES [Set transfer mode]
ef 10 02 00 00 00 a0 08      09:42:04.010  SET FEATURES [Enable SATA feature]
ec 00 00 00 00 00 a0 08      09:42:04.010  IDENTIFY DEVICE


Error 800 occurred at disk power-on lifetime: 61 hours (2 days + 13 hours)
When the command that caused the error occurred, the device was active or idle.


After command completion occurred, registers were:
ER ST SC SN CL CH DH
-- -- -- -- -- -- --
04 61 46 00 00 00 a0  Device Fault; Error: ABRT


Commands leading to the command that caused the error were:
CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
-- -- -- -- -- -- -- --  ----------------  --------------------
ef 03 46 00 00 00 a0 08      09:42:04.010  SET FEATURES [Set transfer mode]
ef 10 02 00 00 00 a0 08      09:42:04.010  SET FEATURES [Enable SATA feature]
ec 00 00 00 00 00 a0 08      09:42:04.010  IDENTIFY DEVICE
ef 10 02 00 00 00 a0 08      09:42:03.991  SET FEATURES [Enable SATA feature]

Display More

It doesn't seem like these error codes (800-804) are the official ones from WD, but maybe someone knows how to interpret them...

Skullchuck · Jan 27th 2023

The drive is brand-new. I can only image that the shutdown during extension broke something

I would like to run a long SMART test, but again no device is listed:

Am I doing something wrong?

EDIT: Solved it by

sudo smartctl -t long /dev/sde

It will be running for 10 hours...

Skullchuck · Jan 27th 2023

Quote from geaves

That is because the drive /dev/sde has a raid signature on it according to blkid

I assume that /dev/sde is the drive you added to grow the array, if that's the case then mdadm --add /dev/md127 /dev/sde should add the drive back to the array

Thank you for the quick response. OK, I did that. Unfortunately it's still "clean, degraded":

Code

          Version : 1.2
     Creation Time : Sun Sep  2 04:05:15 2018
        Raid Level : raid5
        Array Size : 11720661504 (11177.69 GiB 12001.96 GB)
     Used Dev Size : 3906887168 (3725.90 GiB 4000.65 GB)
      Raid Devices : 4
     Total Devices : 4
       Persistence : Superblock is persistent

     Intent Bitmap : Internal

       Update Time : Fri Jan 27 10:12:16 2023
             State : clean, degraded
    Active Devices : 3
   Working Devices : 3
    Failed Devices : 1
     Spare Devices : 0

            Layout : left-symmetric
        Chunk Size : 512K

Consistency Policy : bitmap

              Name : openmediavault:RAIDAR  (local to host openmediavault)
              UUID : e98b7abd:4f328c81:40a102c3:1824afcf
            Events : 79932

    Number   Major   Minor   RaidDevice State
       0       8       16        0      active sync   /dev/sdb
       1       8       32        1      active sync   /dev/sdc
       2       8       48        2      active sync   /dev/sdd
       -       0        0        3      removed

       3       8       64        -      faulty   /dev/sde

Display More

cat /proc/mdstat

Code

Personalities : [raid6] [raid5] [raid4] [linear] [multipath] [raid0] [raid1] [raid10]
md127 : active raid5 sde[3](F) sdc[1] sdb[0] sdd[2]
11720661504 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/3] [UUU_]
bitmap: 11/30 pages [44KB], 65536KB chunk

Looks like the drive is faulty

Do you know if this must be a hardware error or do I have any (software-wise) recovery options from here on?

Skullchuck · Jan 27th 2023

Hi all,

I'm on 6.0.28-3 (Shaitan). I extended my RAID-5 to a new 4 TB HDD, having 3x 4 TB already in the system. During extension, the system shut down (for some unknown reason, maybe overheating), but when I started it again, it continued with the extension. When it ended (seemingly successfully), I was in a hurry and just quickly extended the file system, which worked.

Now having a closer look at the RAID, it tells me it's in the state "clean, degraded":

Code

Version : 1.2 Creation Time : Sun Sep 2 04:05:15 2018 Raid Level : raid5 Array Size : 11720661504 (11177.69 GiB 12001.96 GB) Used Dev Size : 3906887168 (3725.90 GiB 4000.65 GB) Raid Devices : 4 Total Devices : 3 Persistence : Superblock is persistent
Intent Bitmap : Internal
Update Time : Fri Jan 27 07:00:56 2023 State : clean, degraded Active Devices : 3 Working Devices : 3 Failed Devices : 0 Spare Devices : 0
Layout : left-symmetric Chunk Size : 512K

Consistency Policy : bitmap
Name : openmediavault:RAIDAR (local to host openmediavault) UUID : e98b7abd:4f328c81:40a102c3:1824afcf Events : 79896
Number Major Minor RaidDevice State 0 8 16 0 active sync /dev/sdb 1 8 32 1 active sync /dev/sdc 2 8 48 2 active sync /dev/sdd - 0 0 3 removed

Googling suggested to me the mdadm --add command to add the missing drive back to the array. However, I would have expected the "recover" option in the GUI to do the same, but I cannot select a device there:

Does anyone have experience with this? Can I safely execute the mdadm --add command or do I need to do something else?

Here some detailed information:

cat /proc/mdstat

Code

Personalities : [raid6] [raid5] [raid4] [linear] [multipath] [raid0] [raid1] [raid10]
md127 : active raid5 sdc[1] sdb[0] sdd[2]
11720661504 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/3] [UUU_]
bitmap: 20/30 pages [80KB], 65536KB chunk

blkid

Code

/dev/sda1: UUID="64ae1488-3bd9-4236-8742-9ea44db6f56c" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="76aa5ac0-01"
/dev/sda5: UUID="c2b0cb47-aeec-4b5a-8285-857b1c56da54" TYPE="swap" PARTUUID="76aa5ac0-05"
/dev/sdb: UUID="e98b7abd-4f32-8c81-40a1-02c31824afcf" UUID_SUB="a36eadb0-2348-fb83-ec76-65c9fa5df48b" LABEL="openmediavault:RAIDAR" TYPE="linux_raid_member"
/dev/sdc: UUID="e98b7abd-4f32-8c81-40a1-02c31824afcf" UUID_SUB="94cf7512-43e5-3957-7060-0e6cc0cdd526" LABEL="openmediavault:RAIDAR" TYPE="linux_raid_member"
/dev/sdd: UUID="e98b7abd-4f32-8c81-40a1-02c31824afcf" UUID_SUB="f1ae8b96-55da-2541-bc00-7be870687109" LABEL="openmediavault:RAIDAR" TYPE="linux_raid_member"
/dev/md127: LABEL="Raidar" UUID="5d21dac9-d7ba-4831-9d29-e6d9d8de5b3b" BLOCK_SIZE="4096" TYPE="ext4"
/dev/sde: UUID="e98b7abd-4f32-8c81-40a1-02c31824afcf" UUID_SUB="e80184c3-5dc3-17b4-1f73-a6f95f5fb718" LABEL="openmediavault:RAIDAR" TYPE="linux_raid_member"
/dev/sdf1: UUID="b533ba9f-52ff-9d49-8092-a954a53881e4" BLOCK_SIZE="4096" TYPE="ext4" PTUUID="d433308c" PTTYPE="dos" PARTUUID="d433308c-01"

fdisk -l | grep "Disk "

Code

Disk /dev/sda: 111,79 GiB, 120034123776 bytes, 234441648 sectors
Disk model: 2115
Disk identifier: 0x76aa5ac0
Disk /dev/sdb: 3,64 TiB, 4000787030016 bytes, 7814037168 sectors
Disk model: WDC WD40EFRX-68N
Disk /dev/sdc: 3,64 TiB, 4000787030016 bytes, 7814037168 sectors
Disk model: WDC WD40EFRX-68N
Disk /dev/sdd: 3,64 TiB, 4000787030016 bytes, 7814037168 sectors
Disk model: WDC WD40EFRX-68N
Disk /dev/md127: 10,92 TiB, 12001957380096 bytes, 23441323008 sectors
Disk /dev/sde: 3,64 TiB, 4000787030016 bytes, 7814037168 sectors
Disk model: WDC WD40EFRX-68W
Disk /dev/sdf: 114,61 GiB, 123060879360 bytes, 240353280 sectors
Disk model:  SanDisk 3.2Gen1
Disk identifier: 0xd433308c

Display More

cat /etc/mdadm/mdadm.conf

Code

# This file is auto-generated by openmediavault (https://www.openmediavault.org)
# WARNING: Do not edit this file, your changes will get lost.


# mdadm.conf
#
# Please refer to mdadm.conf(5) for information about this file.
#


# by default, scan all partitions (/proc/partitions) for MD superblocks.
# alternatively, specify devices to scan, using wildcards if desired.
# Note, if no DEVICE line is present, then "DEVICE partitions" is assumed.
# To avoid the auto-assembly of RAID devices a pattern that CAN'T match is
# used if no RAID devices are configured.
DEVICE partitions


# auto-create devices with Debian standard permissions
CREATE owner=root group=disk mode=0660 auto=yes

[...]

# definitions of existing MD arrays
ARRAY /dev/md/openmediavault:RAIDAR metadata=1.2 name=openmediavault:RAIDAR UUID=e98b7abd:4f328c81:40a102c3:1824afcf

Display More

mdadm --detail --scan --verbose

Code

ARRAY /dev/md/openmediavault:RAIDAR level=raid5 num-devices=4 metadata=1.2 name=openmediavault:RAIDAR UUID=e98b7abd:4f328c81:40a102c3:1824afcf
devices=/dev/sdb,/dev/sdc,/dev/sdd

Any help is appreciated, thank you.

Skullchuck · Jan 26th 2022

Quote from Zoki

Arn#t you using letsencrypt certs for the internet access?

This was the right hint. Until now I was bypassing the proxy (=Swag/letsencrypt). Now I changed the Swag port to 443 and it works without cert error both internally and externally!

Thank you Zoki for staying persistent

Now I finally understand this:

Quote from chente

You would see the service because it would enter through Swag on port 443.

I just didn't expect Swag to behave differently depending on the port it's running on.

Posts by Skullchuck

Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

swag duckDNS minor issues

swag duckDNS minor issues

Raid 5 after extension: clean, degraded

Raid 5 after extension: clean, degraded

Raid 5 after extension: clean, degraded

Raid 5 after extension: clean, degraded

Raid 5 after extension: clean, degraded

Swag Nextcloud Docker reach internal IP