Beiträge von Haris2887

Hello All,
I am wondering If I could pick some brains in-terms of planning my Openmedia Vault docker design.
Basically I am a little bit worried about security.

Design consists of :
- External bridge network which only carries https (encrypted traffic) (port 80 redirects are set).
- internal bridge network which can potentially carry unencrypted traffic. This network does not have any ports open/published/exposed so traffic from external cannot get onto this network. Only Container to Container communication.
- Each container runs under its own user context.
- The permissions on the storage will be allowed to only the user's that need to access them. I will use groups for this (not shown).
- Idea is to have all traffic hit the reverse proxy. I am not aware of any WAF capable reverse proxy so I am just using Traefik reverse proxy.

Can anyone make any improvements/recommendations to this design ?
I am just after security best practises and I am pretty new to docker.

Zitat von riff-raff

Did you set ACL and Privileges?

Keep in mind, adding files through Samba into the nexcloud/owncloud data folder does NOT pass them through to your nextcloud, because the entries in database are missing. Try to use the official sync-client or WebDAV instead to share within your network, so files can be added and you do not result in a faulty database<->folder relation.
Read only access to your files is possible and works, but would not recommend it. Too risky messing up your database.

Yes It is deff an Issue with the FS permissions. Its good you mentioned that files added outside nextcloud might cause DB corruption. OK Thanks for the feedback. I did get it up an running via changing chmod 770 on the "haris" folder.

Even after setting the shared folder privileges it still does not work, same error.
Access Denied.

HI All,
I have in installation of NextCloud with the data Directory path @ /srv/dev-disk-by-id-md-name-openmediavault-Raid5Array/NextCloudData

I would like to make an SMB share to that path so I have an alternative way of accessing the files outside of nextcloud.

First I create a share

Then I create the SMB share

The user "Haris" is part of the following groups

When I browse to SMB share in windows

My credentials Don't work...

Hello all,
Was wondering if someone could help me with the permission issues in my docker install.

Setup:
Raid 1 Mirror that I have mounted on

*note the permission for the /srv/mount point is root:root ???

Below is my compose file.

version: '2'




services:
  db:
    container_name: Nextcloud-db
    image: mariadb
    restart: always
    networks:
        - My-Network
    volumes:
      - /srv/dev-disk-by-id-md-name-openmediavault-Raid5Array/ContainerData/SQL:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=xxxxxxxxxxxx
      - MYSQL_PASSWORD=xxxxxxxxxxx
      - MYSQL_DATABASE=Nextcloud-db
      - MYSQL_USER=nextcloud


  nextcloud-app:
    container_name: Nextcloud-app
    image: nextcloud
    depends_on:
        - db
    ports:
        - 8080:80
    networks:
        - My-Network


    volumes:
      - /srv/dev-disk-by-id-md-name-openmediavault-Raid5Array/ContainerData/NextCloud:/var/www/html
      - /srv/dev-disk-by-id-md-name-openmediavault-Raid5Array/Documents:/var/www/html/data
    restart: always


networks:
    My-Network:
        driver: bridge

Does that work with Outlook, IE do i need a mail server to archive or is there a direct integration with outlook.
Can I setup outlook rules to automatically archive ?

HI All.
I wanted to know what everyone is doing around archiving Emails.
I have a lot of Email in .PST archive files form Outlook and would like to have them stores off my laptop.

I was thinking of running Zimbra Mail server in docker but that might be over kill.

What are you guys doing around email storage/archiving ?
I probably have 100 GB worth of emails alone.

Thanks for you reply DR.Seltsam.
My goal is to have one box hence i was asking about XBMC.
Alternatively I can run Libreelec on a RPI as well.

I just wanted to know how to compile XBMC and give it a try on my hardware
I guess that the only way to find out how it will run.

Hi Everyone .
I have been a long term user of OVM.
Never had any real issues with it.

I am looking to build my NAS.
I have found some old computer hardware I am planing to purpose.

I plan in running docker containers for duplicati and Nextcloud along with an SQL docker instance and a NGINx reverse proxy.
This bit i am very confident with.

My question:
Is it worth looking at installing KODI on the NAS as well ? My NAS sits under my TV and would be great to be able to plug in a HDMI cable from the NaS into the TV.
I have read from various people that KODI does not run smoothly/video lags etc... for whatever reason.

has anyone had any experience with KODI running on OVM and is working smoothly and no driver issues etc ?

I just installed it from the ISO downloaded form openmediavault.org.

here is my sources.

cat /etc/apt/sources.list
#


# deb cdrom:[Debian GNU/Linux 8 _Jessie_ - Official Snapshot amd64 LIVE/INSTALL Binary 20170731-21:43]/ jessie contrib main non-free


#deb cdrom:[Debian GNU/Linux 8 _Jessie_ - Official Snapshot amd64 LIVE/INSTALL Binary 20170731-21:43]/ jessie contrib main non-free


deb http://security.debian.org/ jessie/updates main contrib non-free
deb-src http://security.debian.org/ jessie/updates main contrib non-free


# jessie-updates, previously known as 'volatile'
deb http://ftp.au.debian.org/debian/ jessie-updates main contrib non-free
deb-src http://ftp.au.debian.org/debian/ jessie-updates main contrib non-free
root@openmediavault:~#

Hello All,
I am New to docker, I love the idea of containers.

I did get docker installed on my OMV 3.0.

sudo apt-get update
 sudo apt-get install docker-ce

I then tested it with

sudo docker run hello-world

everything worked fine.

I am looking to install the plugin but it keeps failing.
Here is the install log.

>>> *************** Error ***************
Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C; export DEBIAN_FRONTEND=noninteractive; apt-get --yes --force-yes --fix-missing --allow-unauthenticated --reinstall install openmediavault-docker-gui 2>&1' with exit code '100': Reading package lists...


Building dependency tree...


Reading state information...


Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:


The following packages have unmet dependencies:
 openmediavault-docker-gui : Depends: php5-imagick but it is not installable
E
:
Unable to correct problems, you have held broken packages.


<<< *************************************

Any Ideas ?

Zitat von subzero79

Plex uses the user plex home folder for is DB. So if you want to change it you need to go to change that in /etc/passwd

Interesting I would have thought otherwise because the plugin specifically asks you to select a folder and nothing but a share can be selected.

Hi All.
I have a few questions re plugins for OVM. More specifically SickRage/CouchPotato/Plex.
Where are these plugins installed on the system ? There are a few plugins that require a share (Plex) for the database.
Is there a way to change that. The Reason is my NAS has a 512GB SSD (boot disk where OMV is installed). I would like to utilise this for programs/services. Un-raring etc.. I only want the actual DATA to live on my other arrays . The final destination of the data.

This means loading thumbnails etc from plex would be a lot faster and the array will not have to spin up just to read 1 kb thumbnails.
Have I got this completely wrong ?
Could I Make a Share on my local SSD (by editing the SMB.conf) ?

What is everyone else doing ?

THANKS FOR YOU HELP GUYS./....
Problem Solved...
I went to the physical Disk and the Permissions were still Screwed.
Fixed the Permissions from Disk level (Not AUFS Pool Level)...

Everything is not working :)...

Absolutely stumped on this.
root account can delete file no problems.
I have even tried making new user account making new groups .
Chown the folders to the new account and still nothing..

i have even tried setfacl -b revoved all acls.

As requested Please see below screenshot.

Ok this is driving me nuts, The permissions Look right to me . I have a feeling the OpenmediaVault GUI is not resetting the Permissions correctly..

OK Did the Above, Still having the same problems...

Here is the output for the permissions of the Movies folder

I have already used the reset permission From the WebUI of Openfiler And the permissions are set as Administrators = Read + Write, Users = Read + Write..

Still cannot see where the permissions are incorrect.
Here is what I see when I reset the Permissions

HI All.
After reading many threads. I am unable to solve my permissions problems with CIFS sharing.
I have a User called "Haris" who is part of the Group "users"

Here is my information, Again all permission look correct to me. But when I connect to SMB share from my windows 8 PC I cannot delete files.

Here my SMB.cfg

#=======================
Global Settings =======================


[global]


workgroup = WORKGROUP


server string = %h server


dns proxy = no


log level = 0


syslog = 0


log file = /var/log/samba/log.%m


max log size = 1000


syslog only = yes


panic action = /usr/share/samba/panic-action %d


encrypt passwords = true


passdb backend = tdbsam


obey pam restrictions = yes


unix password sync = no


passwd program = /usr/bin/passwd %u


passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .


pam password change = yes


socket options = TCP_NODELAY IPTOS_LOWDELAY


guest account = nobody


load printers = no


disable spoolss = yes


printing = bsd


printcap name = /dev/null


unix extensions = yes


wide links = no


create mask = 0777


directory mask = 0777


use sendfile = yes


aio read size = 16384


aio write size = 16384


null passwords = no


local master = yes


time server = no


wins support = no


 


#=======================
Share Definitions =======================


[Share]


path = /media/bb8bfa67-c052-480f-be74-e0a0c6a13241//


guest ok = no


read only = no


browseable = yes


inherit acls = no


inherit permissions = no


ea support = no


store dos attributes = no


printable = no


create mask = 0755


force create mode = 0644


directory mask = 0755


force directory mode = 0755


hide dot files = yes


valid users = "Haris"


invalid users =


read list =


write list = "Haris"

Here is the Permissions on the 2 Physical Disks and one AUFSPool

Here is what i have set in Users, User Haris is part of group Users.

User Haris has Write Access to Share...

I have reset permissions as below..

SMB config is below...

When I try to connect to the share is get prompted for credentials. As expected.

I can see the Share.

But I cannot see the permissions for this folder e.g

The permissions for the same folder is as below

When I try to delete the folder..

Clearly I am authenticated as Haris.

Any Ideas ?
Again all setting (file permission look Correct to me.