Maybe look at "step 9" at https://www.linuxbabe.com/ubun…tu-20-04-nginx-lemp-stack. Modify the size according to your needs. Maybe the files are in different locations, but if you look at the instructions above of the guide, you should be able to understand what should be in the files (i.e. how they should look like to know if you are working on the correct file).
You try to access via Web-Browser or via shell? Did you change anything since it used to work and now?
gwrosenbaum: If I may add just my 2cents: Would it not be an option and do the opposite as you inititally stipulated? I have similar requirements as you, and feel very happy using OMV as base system, with all disks and shares under its control, and then running in KVM several machines which I either let access shares, or created dynamic qcow2-files within a share? Many other features of Proxmox I did not feel the need to utilize anyway. By the way, I do not even use the Proxmox-kernel anymore, but run the standard backport kernels, which do a great job (if I am wrong regarding the kernel, I am happy to be corrected from the community here).
If I may politely suggest considering the following option: setting up a KVM-machine and install subsequently an Ubuntu server, and after that following this instructions:
Carsten Rieger even provided an installation script, besides his detailed descriptions (which I did not test, I was successful with the explanation of linuxbabe):
It worked for me pretty smooth, keeps me independent of maintainers of containers and snaps, performs quite good, and is easy to backup, and I reduce the risk of messing up my base system which is OMV, hosting all the things I virtualized.
Hm. With docker I am not firm. But the reason why I asked if you have KVM, and maybe the behaviour is similar in docker, is that I also had random reboots. Machine was up even 2 or 3 days, and suddenly rebooted, as if power would have gone unstable. No logs whatsoever, as if power supply failed, or any other power supplying component failing, causing a cold restart.
However, the problem was that I did not create a "bridge" device in the OMV-GUI for the assigned network card. As soon as this device has been created with the NIC I intended to assign to my virtual machines, and as soon as it has subsequently been properly referred to "br0" in my Virtual Machine Manager for my virtual machines, all problems resolved, no sporadic unexplainable crashes at all.
If you have IPv6 activated, maybe try with IPv4 only. Also this caused troubles for me sometimes.
Maybe verify this is not causing your issues.
PeterPan, do you use KVM?
I also suffered from your experience. If you use a linux-platform as desktop-OS: I was much happier installing Virtual Machine Manager, Cockpit does by far not cover what it should do.
I installed on the server client:
sudo apt install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager qemu-utils virtinst libvirt-daemon
on the server and on the client:
sudo apt install ncat -> client and server installing!!
In virtual machine manager you can then choose via GUI for RDP the protocol 'spice'. Please note that you need to choose in the Virtual Machine Manager in "Display Spice" the dropdown 'all interfaces', otherwise you run again into the Cockpit-issue. If you specify also a TLS-port you have a fixed address for your external viewer; in my case Remmina.
Additionally, for Windows there is a helper file from Fedora, which you install when Windows is running:
Choose the latest directory, and run the ISO inside Windows, it will install a lot of useful things.
If you need/want I can provide you my config-file; in which is in xml cleartext everything visible, and can also easily be imported by virsh define ConfigFileVirtualMachine.xml
For _CREATING_ a Qemu-Disk in the terminal, skipping the hellish Cockpit:
qemu-img create -f qcow2 /srv/dev-disk-by-label-8TBMai2020/VirtualMachines/Win10/Win10.qcow2 500G
creates a machine in the path /srv/.. , the file is called Win10.qcow2, maximal size 500G (it is dynamically growing, with all its advantages and disadvantages)
For _INSTALLING_ the Operating System I used:
virt-install --name=Win10 --vcpus=1 --ram=8000 --init=/srv/ --os-variant=win10 --cdrom=/srv/dev-disk-by-label-6TBDisk1/Software/Microsoft/Windows_10_Install-ISO/Win10-Install.iso --disk=/srv/dev-disk-by-label-8TBMai2020/VirtualMachines/Win10/Win10.qcow2,format=qcow2
Obviously, most of the things are self-explanatory. Can all be changed later in the Virtual Machine Manager.
I personally cancel with Ctrl+c then the installation in the terminal, modify then afterwards in particular the network-interface manually in the network bridge, entering manually the name br0, setting VIRTIO to the HDDs and run the machine again.
Hope that helps a bit.
First of all, thank you for the great product you have created with openmediavault!
I run currently usul 5.4.6-1 and have made some tests on my servers. Among them was the one of https://pentest-tools.com/home , which (I think correctly, as the suggestions also apply for nextcloud) recommends hardening the NGINX-server-Block:
Here the relevant part copied from the report which I think might be valid for many users who did not modify their standard files:
Missing HTTP security headers
HTTP Security Header Header Role Status
X-Frame-Options Protects against Clickjacking attacks Not set
X-XSS-Protection Mitigates Cross-Site Scripting (XSS) attacks Not set
Strict-Transport-Security Protects against man-in-the-middle attacks Not set
X-Content-Type-Options Prevents possible phishing or XSS attacks
Because the X-Frame-Options header is not sent by the server, an attacker could embed this website into an iframe of a third party website. By
manipulating the display attributes of the iframe, the attacker could trick the user into performing mouse clicks in the application, thus
performing activities without user's consent (ex: delete user, subscribe to newsletter, etc). This is called a Clickjacking attack and it is described
in detail here:
The X-XSS-Protection HTTP header instructs the browser to stop loading web pages when they detect reflected Cross-Site Scripting (XSS)
attacks. Lack of this header exposes application users to XSS attacks in case the web application contains such vulnerability.
The HTTP Strict-Transport-Security header instructs the browser not to load the website via plain HTTP connection but always use HTTPS. Lack of
this header exposes the application users to the risk of data theft or unauthorized modification in case the attacker implements a man-in-the-
middle attack and intercepts the communication between the user and the server.
The HTTP X-Content-Type-Options header is addressed to Internet Explorer browser and prevents it from reinterpreting the content of a web
page (MIME-sniffing) and thus overriding the value of the Content-Type header). Lack of this header could lead to attacks such as Cross-Site
Scripting or phishing.
We recommend you to add the X-Frame-Options HTTP response header to every page that you want to be protected against Clickjacking
More information about this issue:
We recommend setting the X-XSS-Protection header to "X-XSS-Protection: 1; mode=block".
More information about this issue:
We recommend setting the Strict-Transport-Security header.
More information about this issue:
We recommend setting the X-Content-Type-Options header to "X-Content-Type-Options: nosniff".
More information about this issue:
Thank you for your time and consideration.
No, in fact I am leaving the adapter installed.
Hello to everybody!
I used to install OMV 2 and OMV 3 with a graphics card during the installation process, and removed it afterwards to save energy. All went well.
2 days ago, I installed on the very same platform a clean OMV 4, did all the updates and so on, and when removing the graphics adapter, the system boots until a certain point, but consequently refuses to accept logins via web-GUI or ssh (both not reachable at all).
I compared the syslog-file when booting _with_ and _without_ installed graphics card, and saw that they are more or less (not exactly) identical until the point:
Apr 15 11:52:47 openmediavault proftpd: 127.0.1.1 - ProFTPD 1.3.5b (maint) (built Wed Apr 5 2017 13:57:53 UTC) standalone mode STARTUP
Apr 15 11:52:47 openmediavault proftpd: .
Apr 15 11:52:47 openmediavault systemd: Started LSB: Starts ProFTPD daemon.
Apr 15 11:52:47 openmediavault systemd: Started Generate the prelogin message.
Apr 15 11:52:47 openmediavault systemd: Started LSB: minidlna server.
Apr 15 11:53:14 openmediavault monit: 'openmediavault' Monit 5.20.0 started
Apr 15 11:53:14 openmediavault monit: HTTP server -- Cannot translate IPv4 socket [localhost]:2812 -- Name or service not known
Apr 15 11:53:14 openmediavault monit: HTTP server -- Cannot translate IPv6 socket [localhost]:2812 -- Name or service not known
There it stops, whereas with installed graphics adapter also SMB and other services get started.
Nota bene: When installing OMV 3, and consequently upgrading to OMV 4, no problem removing graphics card, all works as expected.
Thank you in advance for your ideas.
Thank you very much tekkb, I understand. Thank you for your support!!
Hello, may I repeat my question:
Did you recently re-locate or delete any of your folders? The background of my question is if you are experience this problem:
ein paar Gedanken:
Hast du für Win 8.1 das update Nr. 2975719 installiert?
Ist aus irgendeinem Grund Deine Win 8.1 IP-adresse irgendwo geblockt, zB von fail2ban?
SMB- Port ist 445?
Credentials in Win 8.1 ok?
Hello, Did you recently re-locate or delete any of your folders?
I tried several times again with
and now get always correclty the DNS-servers from Austria when connected via OpenVPN. So it seems this was a hiccup either on side of OpenVPN or f-secure, because I cannot re-produce it anymore.
Thank you very much for your help, I appreciate it a lot.
Thank you for your quick reply again.
I just tried to re-produce it exactly as I did before, and see now to my surprise the correct Austrian DNS-servers. I am not sure how this is possible, because when I created the initial post, I have seen my Austrian server but the Algerian (where I am located at the moment) DNS-Servers when I tested it with F-secure (link below). I assume my question is resolved, but since I have no explication for this, I put below what I actually already prepared for replying to you when I executed in the background the f-secure-test and was surprised by the results. However, the network-manager still shows the local Algerian DNS-server as in use.
I will also do some further testing, because I did not change anything during my first post and this one now.
edit: I forgot to answer the question regarding CPU: It is an i3-2100, and memory I use 4 GB RAM.
Please find enclosed 3 screenshots:
* One is the picture
of OMV, with my public IP-address removed as requested, but it is correctly set in real life.
* One is the system-view
of the Ubuntu network manager, where you can see that it is using the local (Algerian) address, despite it is successfully connected to my server in Austria. When I do a „how is my ip-address“-request while using OpenVPN, I see my Austrian IP-address as well as the location 'Austria'.
* The third screenshot,
which brings [NOW: brought] me to the assumption that local DNS-servers are used despite a working OpenVPN-connection is from
where it displays [now: displayED] my Austrian server, but still reflects [now: reflected] to Algerian DNS-servers.
Thank you for your quick reply tekkb.
Sorry for not having expressed myself clearly enough.
If I am using the OpenVPN-connection, it seems it is connecting to the server, but somehow seems to still use the local DNS-server. If I am mistaken, and the OpenVPN-server-DNS-entries are used, then of course this topic is resolved.
Regarding VPN through SSH:
Some countries who censor the internet also do deep-packet-inspection in order to determine if an OpenVPN-connection is established. If an OpenVPN-connection is detected, then the connection will be terminated. So it seems to help to add an additional layer around in order to complicate the identification of an OpenVPN-usage in the first place.
First of all, thank you for making OMV such a valuable and versatile platform with your plug-ins.
In particular I have a question to OpenVPN: Do you think it would be possible to enable in the GUI the pushing of DNS-servers to the client, and also using ssh or other methods to hide the OpenVPN-traffic, by using checkboxes in the GUI?
The reasoning behind my question: If one needs OpenVPN-access in countries where the internet is censored, then usually one needs also uncensored/unblocked DNS-servers, as well as might be needed to hide OpenVPN-traffic at all, like for China.
I assume many people are interested in using OpenVPN while being noobs like me, and these features in the GUI could bring more liberty to noobs, too.
Thank you for considering my request, and thank you for your very much appreciated work.