Posts by riff-raff

I have an issue with NC natively installed on OMV4. The max. downloadable file size is 1 GB. I read about

proxy_max_temp_file_size 1024m

and

proxy_buffering off

to eliminate this issue, but I don't know where to set this. Do you have any hit for me?

With every nextcloud update I run into the integrity check failing due to two extra files within my nextcloud installation; its my imprint and data security statement pages.

So can I exclude/ignore these files during this process anyhow? I found some solutions which disable integrity check during install entirely, but I have a bad feeling about this.
My solution atm is to move these 2 files by hand out of the dir before update and back afterwards. Check permissions.

I use the same workaround within every renewal period.

I use OMV4.0 with the suitable plugin.

I have an issue with my letsencrypt, every renewal I have the problem, that the cert gets renewed, but the older one kept in use by nginx. I need to apply a self-signed one to nginx, manually delete the letsentcrypt-cert in cert organisation of OMV and then try to renew the letsencrypt cert. It says that the cert is already up to date and then lists the new letsencrypt cert in OMV so that I can use it in nginx.

IS there a way to automaticly replace the cert in OMV & nginx with the new one when it gets renewed automaticly?

Well, your jail will not work if it can't reach nextclouds logfile. Easy logic.

fail2ban needs to check the logfile for failed logins and their IP adresses.

I still use calibre 2.75.1 provided within debian strech repos, it works like a charm. My tutorial posted earlier ist still up to date, so if you prefer a native install, use this one.
There is no need for a separate plugin with GUI, since book import and conversion can be done with scripts and calibre itself provides a GUI/webstore which is accessible from almost all ebook readers which have a wireless network connection.

jail.conf line 57:

logpath = /config/log/nginx/nextcloud.log

does this match your logfile destination you set within nextclouds config?

Install fail2ban

set logging in nextcloud.conf

nano your_path_to_nextcloud_here/config/config.php

with

'loglevel' => 2,
  'logtimezone' => 'Europe/Berlin',
  'logfile' => '/var/log/nextcloud.log',
  'log_rotate_size' => 10485760,

provide a suitable email in your plugin and set

action_mwl

as action in your fail2ban plugin.

setup filter:

nano /etc/fail2ban/filter.d/nextcloud.conf

with

http://www.rojtberg.net/711/secure-owncloud-server/
[Definition]
failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$
            ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
            ^.*\"remoteAddr\":\"<HOST>\".*Trusted domain error.*$
ignoreregex =

configure filter within fail2ban plugin (jails):
Adjust Ports to your needs, my nextcloud runs on 443, so https is fine for me.

Save everything, see failed logins/bannded ips under services->fail2ban.

yeah, I have "test cert" checked in letsencrypt ....

Should I deactivate this function? I thought it checks the cert after creation with every renewal.

I don't get what you mean with description in cert tab,

OMV ssl cert comment/description says the old date of the cert if you mean that

Thx for the quick response, actually I am on OMV4, so thats why I wonder why automatic replacement of cert will not work.

My cert will expire on Nov 11. 2018, letsencrypt replaces it with a new one (no renewal needed, cert valid till 2019), but within the nginx server the old cert and under certs in OMV GUI the old one is still listed.

To resolve this issue I stopped the nginx plugin, within my server I assigned a self signed cert, deleted unter OMV certs the letsencrypt cert, started a new renewal (no renewal needed, cert is valid) and here you go, the new letsencrypt cert is now listed under OMV certs and can be assinged to my server.

Why is there no automatic replacement? Bug? Feature? On purpose? I would prefer an automatic replacement.

What about wildcards like I asked here?

Do they only support one webroot? for example: /var/www and then subdirectories nextcloud and wordpress? But what if I want to use separate webroots?

I need to set up a small wordpress blog with my OMV4. I have the WebUI running on port 8080 and use nginx to run Nextcloud with letsencrypt on port 80 and 443. The share on my drive for Nextcloud has the same name. The nextcloud service is directly reachable unter my domain

Now I want to add wordpress, so i thought of switching to subdomains: blog.domain.com and clould.domain.com, both with letsencrypt (I saw wildcards are not supported through the plugin yet?) but different data root. I started messing with different ports, but this did not work out well.

I found This old topic from 2014 is it still up to date or is there an easier way to do it right now? I have access to my domain and can add subdomains, redirects etc.

I would appreciate a little hint how to set this up.

Edit: I would prefer a solution which is configurable through nginx plugin web interface, if possible. My OMV-Webinterface sould NOT be accessable through internet, since I use VPN when I need to apply changes from outside of my network.

Is version 15 final yet? I am on stable release channel right now, which provides 14.0.3 I think.

I got the notification this morning, that pending sectors turned into offline uncorrectable ones ... I'll replace the drive.

Time for RMA ended August 26, 2018, the drives have more than 26k hours runtime, I have them for quite a while.

Zeroing might help, I keep that in mind, but does the drive an correction by assigning new areas by itself or do I need to force it to do that?

I am a litte concerned ripping the ZPS mirror apart.

I use two WD Red 6 TB each in Luks encrypted, unlocked at boot, and in an ZFS morror pool integrated.

SMART send me an notification, that there are 16 pendig sectors, 0 allocated, 0 offline uncorrectable and 1 multizone error. The day before yesterday I got the notification from weekly SMART self check that the multizone error was discovered, today I received the notification about the pending sectors.

The pending sectors wait for their reallocation, how can I force this or trigger this?

The ZFS pool is still availabe, backups are done already.

Is the removal of the disk, zero whipe it, encrypt it again and adding it back to the ZFS mirror pool an solution?

Port 80 is open? letsencrypt requires it.

Check the permissions of your nextcloud folder.