Just to confirm, there is still the possibility to change port 80 for omv to, let's say, port 81, right? And port 81 might not be open to the internet!
As long as my seafile service is listening on port 80 and nginx is redirecting the request of /.well-know/acme-challenge to /var/www/openmediavault... it should work, or am I misunderstanding something??
@luxflow
Posts by nasty_vibrations
-
-
hello everybody,
I finally managed to install omv3. I am planning to install seafile (managed by the nginx plugin, reverse proxying) and i definitely want to use lets-encrypt for its ssl connection.
But my first question is a little bit more general:
I have my omv installation running on port 80. Domain is owned by me. Portforwarding is 80-->80 for my omv-lan-ip. I successfully created a lets-encrypt certificate using the standard /var/www/openmediavault as webroot. This is all good.As far as I understood lets-encrypt needs access to my server on port 80 (all the time?). What I absolutely don't want, however, is that my omv-installation is accessible from outside my lan. So, is there any way to block this access other than changing the port 80 omv is running on??
Despite not having seafile installed yet I already created two servers at the nginx-plugin section:
The one running on port 80 (just showing what is set under "additional options"):
location /.well-known/acme-challenge {
alias /var/www/openmediavault;
}
return 301 https://$http_host$request_uri;
and the one running on port 443 with the lets-encrypt certificate activated (just showing what is set under "additional options"):
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;
gzip off;include /etc/nginx/perfect-forward-secrecy.conf;
location /.well-known/acme-challenge {
alias /var/www/openmediavault;
}location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
}location /media {
root /opt/seafile/seafile-server-latest/seahub;
}location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param HTTPS on;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
Any help is much appreciated. -
May someone update the update Script for omv3, which is using systemd?
-
What about https://github.com/lukas2511/dehydrated
It doesn't depend in certbot. -
Hey guys,
In the picture from the nginx settings (part four) "port" is selected as host type--> Later on yourdomain.com is given as an example.
Is this just a mistake in the picture and "name-based" should be selected, or am I mistaken and missing something? -
Ok, i will leave it deleted.
Thanks again!
-
Sorry, but I really don't get it...
What if I disable and reenable the plugin...? Then 02nocache will be there again. So what then? Delete it AGAIN?
A little more information about what is happening here and what is supposed to happen would be nice.Can I delete "partial" at /?
Can I delete pkgcache.bin at /?
Can I delete srcpkgcache.bin at /? -
Hmm...when I reactivated the plugin, rebooted, 02nocache was recreated. So far so good. After this the folder "partial" (the one that is usually under /var/cache/apt/) was recreated at / as well (I also deleted it before, additionally to the steps you recommended) --> doesn't this mean that all the downloaded *.deb's will go to / again?? I thought this was part of my original problem....
-
@ryecoaaron It seems to me that this fix has not yet been implemented into the current version of the plugin. After disabling and re-enabling the flash memory plugin (and 2x rebooting) 02nocache is recreated. Will the version for omv 2 get an update for this?
-
I see. Thanks
-
Quote
seafile needs to be restarted to pick up the change from http to fastcgi.
why can't fastcgi set to be true from the very start?
-
You have flashmemory installed, correct?
Exactly.It is finally resolved now! Thanks for all the help.
@votdev It's time to tell you again: This project is great! You (and all the mods around here) are doing a fantastic job in developing a great piece of software and provide excellent help. I really appreciate it.
-
Ok, I think I found something that maybe interesting:
I ssh'ed into the machine and that's what / looks like:Code-rw-rw-rw- 1 root root 1086550 Jun 13 18:24 libmono-system-windows-forms4.0-cil_4.2.4.4-0wheezy1_all.deb-rw-rw-rw- 1 root root 1086804 Jun 14 17:03 libmono-system-windows-forms4.0-cil_4.4.0.182-0beta3_all.deb-rw-rw-rw- 1 root root 70716 Jun 13 18:24 libmono-system-windows-forms-datavisualization4.0a-cil_4.2.4.4-0wheezy1_all.deb-rw-rw-rw- 1 root root 71014 Jun 14 17:03 libmono-system-windows-forms-datavisualization4.0a-cil_4.4.0.182-0beta3_all.deb-rw-rw-rw- 1 root root 18514 Jun 13 18:24 libmono-system-xml-serialization4.0-cil_4.2.4.4-0wheezy1_all.debHowever, /var/cache/apt/archives shows nothing but the folder partial (which is also empty).
There is something wrong here, right? All those downloaded *.deb packages don't belong to /, do they?
-
But the last single update i had was only omv 2.2.5. And i couldn't see the changelog! Is this still related to what you are describing?
-
Does this special naming also apply to the latest omv-2.2.5 update? Because the error occured there as well.
-
Is there any way I can fix this myself. I think I will be staying at omv 2 as long as the afp issue is resolved.
thanks
-
Don't know if you need it anymore, but here is the output you requested:
Code/var/cache/apt/archives/base-files_7.1wheezy11_amd64.deb: ERROR: cannot open `/var/cache/apt/archives/base-files_7.1wheezy11_amd64.deb' (No such file or directory)root@NAS:/# dpkg-deb --fsys-tarfile /var/cache/apt/archives/base-files_7.1wheezy11_amd64.deb | tar -tv -
Thanks a lot for looking into this!
Is there any chance this fix will make it into omv 2 as well? -
Any idea how to further investigate this?
-
Anyone else experiencing this? I'm just curious if this is just for some packages or somehow related to my installation.