Any news on how to start the MySQL with correct permissions?
Posts by riff-raff
-
-
I suggest for more security, store the keyfile somewhere remote and load it at boot. I use 2 NAS in 2 different locations, the opposite keyfile for encryption lies on the other NAS.
Using this TPM or a local keyfile encrypts the device and/or the drive as long as the TPM is present. without VPN or the keyfile reachable, the NAS contains garbage.
-
Try
docker exec -it nextcloud sudo -u abc php /config/www/nextcloud/occ db:add-missing-primary-keys
Alternatively open the console of your nextcloud container within Portainer. Change directory towards /config/www/nextcloud and perform
sudo -u abc php occ db:add-missing-primary-keys
-
Check on using an external database until this issue is fixed. Exporting and importing the database should be a piece of cake.
DB-configuration is done in
zm.default within the conf-folder. Create a backup of this configuration in advance. Files will be created after first unsuccessful run.
Edit: A new version was published today, still same issue.
According to this post, which has a similar issue, a new setup should do it. I'll try to use a custom user script do solve the DNS-issue at the first start of this container.
-
is owned by docker:docker
I checked with group 100 (users), no issue regarding group any more, but still unreachable ppa's.
Checking those manually shows availability, so there might be some name resolving issue. I tried setting up a different bridged network as well; specified my router and google as DNS, still the same thing.
-
995 is group docker and works fine for more than 20 other containers. I only have this issue with zoneminder.
-
Using dlandon/zoneminder docker, I run into a DNS issue. Starting this docker gives me this log:
Code
Display More*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh..., *** Running /etc/my_init.d/05_set_the_time.sh..., *** Running /etc/my_init.d/06_set_php_time.sh..., *** Running /etc/my_init.d/10_syslog-ng.init..., Nov 13 21:59:49 zoneminder syslog-ng[16]: syslog-ng starting up; version='3.13.2', *** Running /etc/my_init.d/20_apt_update.sh..., Performing updates..., Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease, Temporary failure resolving 'archive.ubuntu.com', Err:2 http://security.ubuntu.com/ubuntu bionic-security InRelease, Temporary failure resolving 'security.ubuntu.com', Err:3 http://ppa.launchpad.net/iconnor/zoneminder-1.34/ubuntu bionic InRelease, Temporary failure resolving 'ppa.launchpad.net', Err:4 http://ppa.launchpad.net/jonathonf/ffmpeg-4/ubuntu bionic InRelease, Temporary failure resolving 'ppa.launchpad.net', Err:5 http://archive.ubuntu.com/ubuntu bionic-updates InRelease, Temporary failure resolving 'archive.ubuntu.com', Err:6 http://ppa.launchpad.net/ondrej/php/ubuntu bionic InRelease, Temporary failure resolving 'ppa.launchpad.net', Err:7 http://archive.ubuntu.com/ubuntu bionic-backports InRelease, Temporary failure resolving 'archive.ubuntu.com', Reading package lists..., W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease Temporary failure resolving 'archive.ubuntu.com', W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease Temporary failure resolving 'archive.ubuntu.com', W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease Temporary failure resolving 'archive.ubuntu.com', W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease Temporary failure resolving 'security.ubuntu.com', W: Failed to fetch http://ppa.launchpad.net/iconnor/zoneminder-1.34/ubuntu/dists/bionic/InRelease Temporary failure resolving 'ppa.launchpad.net', W: Failed to fetch http://ppa.launchpad.net/jonathonf/ffmpeg-4/ubuntu/dists/bionic/InRelease Temporary failure resolving 'ppa.launchpad.net', W: Failed to fetch http://ppa.launchpad.net/ondrej/php/ubuntu/dists/bionic/InRelease Temporary failure resolving 'ppa.launchpad.net', W: Some index files failed to download. They have been ignored, or old ones used instead., Warning: Unable to update! Check Internet connection., *** Running /etc/my_init.d/30_gen_ssl_keys.sh..., using existing keys in "/config/keys", *** Running /etc/my_init.d/40_firstrun.sh..., Using existing conf folder, le zm.conf already moved, Moving zmeventnotification.ini, Moving secrets.ini, Moving opencv.sh, Moving debug_opencv.sh, Moving the event notification server, Moving the pushover api, Using existing ssmtp folder, Using existing mysql database folder, Copy /config/control/ scripts to /usr/share/perl5/ZoneMinder/Control/, Copy /config/conf/ scripts to /etc/zm/conf.d/, Creating symbolink links, usermod: no changes, usermod: group '995' does not exist, usermod: no changes, Using existing data directory for events, Using existing data directory for images, Using existing data directory for temp, Using existing data directory for cache, no crontab for root, Setting shared memory to : 50% of 16303828 bytes, Starting services..., * Starting MariaDB database server mysqld, ...done., Nov 13 21:59:54 zoneminder /etc/mysql/debian-start[352]: Upgrading MySQL tables if necessary., Nov 13 21:59:54 zoneminder /etc/mysql/debian-start[356]: /usr/bin/mysql_upgrade: the '--basedir' option is always ignored, Nov 13 21:59:54 zoneminder /etc/mysql/debian-start[356]: Looking for 'mysql' as: /usr/bin/mysql, Nov 13 21:59:54 zoneminder /etc/mysql/debian-start[356]: Looking for 'mysqlcheck' as: /usr/bin/mysqlcheck, Nov 13 21:59:54 zoneminder /etc/mysql/debian-start[356]: This installation of MySQL is already upgraded to 10.1.47-MariaDB, use --force if you still need to run mysql_upgrade, Nov 13 21:59:54 zoneminder /etc/mysql/debian-start[363]: Checking for insecure root accounts., Nov 13 21:59:54 zoneminder /etc/mysql/debian-start[367]: Triggering myisam-recover for all MyISAM tables and aria-recover for all Aria tables, , Database already at version 1.34.22, update skipped., , , Freshening configuration in database, Migratings passwords, if any..., Loading config from DB 230 entries, Saving config to DB 230 entries, * Starting Apache httpd web server apache2, * , Starting ZoneMinder:, Nov 13 21:59:56 zoneminder zmpkg[435]: INF [Sanity checking States table...], Nov 13 21:59:56 zoneminder zmpkg[435]: INF [Command: start], DBI connect('database=zm;host=localhost','zmuser',...) failed: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (13) at /usr/share/perl5/ZoneMinder/Database.pm line 110., DBI connect('database=zm;host=localhost','zmuser',...) failed: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (13) at /usr/share/perl5/ZoneMinder/Database.pm line 110., Nov 13 21:59:57 zoneminder zmdc[442]: ERR [Error reconnecting to db: errstr:Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (13) error val:], DBI connect('database=zm;host=localhost','zmuser',...) failed: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (13) at /usr/share/perl5/ZoneMinder/Database.pm line 110., Can't call method "prepare_cached" on an undefined value at /usr/share/perl5/ZoneMinder/Config.pm line 96., BEGIN failed--compilation aborted at /usr/share/perl5/ZoneMinder/Config.pm line 147., Compilation failed in require at /usr/share/perl5/ZoneMinder.pm line 33., BEGIN failed--compilation aborted at /usr/share/perl5/ZoneMinder.pm line 33., Compilation failed in require at /usr/bin/zmdc.pl line 67., BEGIN failed--compilation aborted at /usr/bin/zmdc.pl line 67., Nov 13 21:59:57 zoneminder zmdc[442]: ERR [Error reconnecting to db: errstr:Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (13) error val:], Nov 13 21:59:57 zoneminder zmpkg[435]: ERR [Unable to run "sudo -u www-data /usr/bin/zmdc.pl check", output is "", status is 255], neMinder failed to start, , *** /etc/my_init.d/40_firstrun.sh failed with status 1, , *** Killing all processes..., Nov 13 21:59:57 zoneminder syslog-ng[16]: syslog-ng shutting down; version='3.13.2',
The container uses the bridged network without any modification. I sticked to the standard configuration recommended by the author.
Code
Display Moredocker run -d --name="Zoneminder" \ --net="bridge" \ --privileged="true" \ -p 8443:443/tcp \ -p 8080:80/tcp \ -p 9000:9000/tcp \ -e TZ="Europe/Berlin" \ -e SHMEM="50%" \ -e PUID="1000" \ -e PGID="995" \ -e INSTALL_HOOK="0" \ -e INSTALL_FACE="0" \ -e INSTALL_TINY_YOLOV3="0" \ -e INSTALL_YOLOV3="0" \ -e INSTALL_TINY_YOLOV4="0" \ -e INSTALL_YOLOV4="0" \ -e MULTI_PORT_START="0" \ -e MULTI_PORT_END="0" \ -v "/mnt/Zoneminder":"/config":rw \ -v "/mnt/Zoneminder/data":"/var/cache/zoneminder":rw \ dlandon/zoneminder
Any suggestions how to resolve the DNS errors?
-
My bitwarden works like a charm, I enabled admin page and cancled registration, but exposing it gives me some worries due to possible brute force attempts. Having fail2ban would be a nice security pillow. Might be a good thing to set up on a rainy Sunday
-
Do you have fail2ban of your letsenctypt container (I assume its the one from LS.IO?) configured?
-
You should not, never, ever run as root.
Try running your nextcloud container with user-rights with PUID and PGID-settings.
-
Ah, awesome! Thanks. Makes sense.
Morlan: How does your reverse proxy configuration with letsencrypt look like? Did you stick to the sample provided with the letsencrypt-container?
Code
Display More# make sure that your dns has a cname set for bitwarden and that your bitwarden container is not using a base url # make sure your bitwarden container is named "bitwarden" server { listen 443 ssl; listen [::]:443 ssl; server_name bitwarden.*; include /config/nginx/ssl.conf; client_max_body_size 128M; # enable for ldap auth, fill in ldap details in ldap.conf #include /config/nginx/ldap.conf; # enable for Authelia #include /config/nginx/authelia-server.conf; location / { # enable the next two lines for ldap auth #auth_request /auth; #error_page 401 =200 /ldaplogin; # enable for Authelia #include /config/nginx/authelia-location.conf; include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app bitwarden; set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } location /notifications/hub { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app bitwarden; set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } location /notifications/hub/negotiate { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app bitwarden; set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } }
EDIT: WORKS!
Code
Display Moreserver { listen 443 ssl; listen [::]:443 ssl; server_name bitwarden.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app bitwardenrs; set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_max_temp_file_size 128m; } }
-
But how do you login with your clients? Setting server address is obvious, but login email and master password is still required.
-
Does the BitwardenRS-Server work with the payed features, like multiple user? As far as I cound figure out, even with self -hosting, a Bitwarden-Account is still needed and with more than one user, a little allowance to be due.
-
A little Typo within your command
docker exec nextcloud sudo -u abc php /config/www/nextcloud/occ maintenance:mode --on
docker exec nextcloud sudo -u abc php /config/www/nextcloud/occ maintenance:mode --off
works like a charm.
Next do do: Dump of database for backup purposes.
Thank you Morlan
Edit:
docker exec nextclouddb /usr/bin/mysqldump -u nextcloud --password=xxx nextcloud > /srv/dev-disk-by-label-xxx/backup/nextcloud_backup.sql
Seems to work, but backup database seems a litte too small somehow. (Previous natively installed MariaDB backups of NC were >120 MB, this is only 40 MB and there was not much activity on this cloud lately)
-
How do I push the nextcloud instance into maintenance-mode from the host?
I tried something like this:
but did not work. My assumtions:
- user abc runs the webserver within the nextcloud container
- the path to occ must be the leative one within the container
-
Maybe it's power related, which plattform do you use? My setup is a Xeon 4C/8T with 32 GB of RAM.
-
Do you have redis in use and preview-generation active in config?
Code
Display More'memcache.local' => '\\OC\\Memcache\\APCu', 'memcache.locking' => '\\OC\\Memcache\\Redis', 'redis' => array ( 'host' => 'your.redis.container.ip.here', 'port' => 6379, ), 'preview_max_filesize_image' => 300, 'enable_previews' => true, 'enabledPreviewProviders' => array ( 0 => 'OC\\Preview\\JPEG', 1 => 'OC\\Preview\\PDF', 2 => 'OC\\Preview\\PNG', 3 => 'OC\\Preview\\GIF', 4 => 'OC\\Preview\\BMP', 5 => 'OC\\Preview\\TXT', 6 => 'OC\\Preview\\JPG', ),
-
Is a bug on tracker related to the new photos app. Quite nasty, since in shares photos won't open at all.
It was supposed to be fixed with 19, but its still there. I wait day by day for a new release.
-
The bitwardenrs is my alternative. I got the official setup running in a VM right now and have a look on reverse proxy configuration, environments, volumes etc.
My goal would be to set it up with official and create a little HowTo.
-
Keeping all my passowords in mind bothers me quite a while, so in the process of merging OMV4->OMV5 and all native services into docker I discovered the quite charming tool bitwarden.
After a short research if figured out that many users use the bitwardenrs/server container. On the other hand there are the official containers, which separate each service part.
I use letsencrypt with reverse proxy and nextcloud (subdomain-configuration) and I might need to integrate bitwarden in the existing setup. As far as I know, the installer script of bitwarden installs a separate letsencrypt-container which I already have. So I guess I need to configurate my letsencrypt to match both services, bitwaren and nextcloud with nextcloud.domain.com and bitwarden.domain.com and therefore I can't use the installer script.
I lack the documentation (environment, ports, volumes, etc) of each of the required bitwarden containers and their connection.
Can someone show me a direction or where to start?
Is the usage of official containers the best way for me or should I stick to the RS?