[Support] Linuxserver.io - Nextcloud


Recommended Posts

To be honest this is exactly why I recommend setting up nextcloud on a subdomain like nextcloud.server.com

 

 

If I run nextcloud.server.com, I'll have to generate a new SSL cert in Letsencrypt? With the Letseyncrypt docker settings under "Subdomain(s)": www,nextcloud ?

 

EDIT:  Figured it out go to your NEXTCLOUD appdata and edit /config/site-confs/default and change line 30 from 

root /config/www/nextcloud/;

to 

root /config/www;

 

then that should work with the above.  Don't forget to clear your browser cache and cookies.

 

That didn't work for me :(

 

This error appears in Nextcloud's error log:

 

2017/02/12 22:55:32 [error] 305#0: *1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 172.17.0.1, server: _, request: "GET //index.php/login HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "192.168.1.252:448"
2017/02/12 22:55:32 [error] 305#0: *1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 172.17.0.1, server: _, request: "GET //index.php/login HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "192.168.1.252:448"
2017/02/12 22:55:34 [error] 305#0: *4 directory index of "/config/www/" is forbidden, client: 172.17.0.1, server: _, request: "GET // HTTP/1.0", host: "192.168.1.252:448"
2017/02/12 22:55:34 [error] 305#0: *4 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 172.17.0.1, server: _, request: "GET // HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "192.168.1.252:448"
2017/02/12 22:55:35 [error] 305#0: *6 directory index of "/config/www/" is forbidden, client: 172.17.0.1, server: _, request: "GET // HTTP/1.0", host: "192.168.1.252:448"
2017/02/12 22:55:35 [error] 305#0: *6 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 172.17.0.1, server: _, request: "GET // HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "192.168.1.252:448"
2017/02/12 22:55:37 [error] 305#0: *8 directory index of "/config/www/" is forbidden, client: 172.17.0.1, server: _, request: "GET // HTTP/1.0", host: "192.168.1.252:448"
2017/02/12 22:55:37 [error] 305#0: *8 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 172.17.0.1, server: _, request: "GET // HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "192.168.1.252:448"

 

 

I think I figured it out differently. I think it's Nextcloud's security features against bruteforce attacks.

 

I can get into server.com/nextcloud now.

 

I added these lines:

 

  'trusted_proxies' => array('192.168.1.252'),
  'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),

 

to my Nextcloud config:

 

<?php
$CONFIG = array (
  'trusted_proxies' => array('192.168.1.252'),
  'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'xxx',
  'passwordsalt' => 'xxx',
  'secret' => 'xxx/wUo',
  'trusted_domains' => 
  array (
    0 => '192.168.1.252:448',
1 => 'advurt.net',
  ),
#  'overwrite.cli.url' => 'https://192.168.1.252:448',
  'overwrite.cli.url' => 'https://advurt.net',
  'overwritehost'     => 'advurt.net',
  'overwriteprotocol' => 'https',
  'overwritewebroot'  => '/nextcloud',
  'dbtype' => 'mysql',
  'version' => '11.0.1.2',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.1.252:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'xxx',
  'dbpassword' => 'xxx',
  'logtimezone' => 'UTC',
  'installed' => true,
);

 

Letsencrypt:

 

#Config for Nextcloud
	location ^~ /nextcloud {
# 		include /config/nginx/proxy.conf;
		proxy_pass https://192.168.1.252:448/;
	}

 

BUT now that I'm in Nextcloud, I have a new problem.

 

I get a "This directory is unavailable" error:

 

index.php?action=dlattach;topic=50090.0;attach=41306;image

Screen_Shot_2017-02-12_at_10_58.49_PM.png.29b773871026b4060ab0bad2c44d0c94.png

Link to comment

I set this up a couple days ago and went with xxx.servebeer.com/nextcloud these are my working settings.

letsencrypt site-conf/default

server {
    listen 443 ssl default_server;
    root /config/www;
    index index.html index.htm index.php;

    server_name xxx.servebeer.com;

    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
    ssl_dhparam /config/nginx/dhparams.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    client_max_body_size 0;

    ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    location /robot.txt {
    add_header Content-type text/plain;
    return 200 "User-agent: *\nDisallow: /\n";
    }

    location = / {
        auth_basic "Restricted";
        auth_basic_user_file /config/nginx/.htpasswd;
        try_files $uri $uri/ /index.html /index.php?$args =404;
    }

    location /nextcloud {
        include /config/nginx/proxy.conf;
        proxy_pass https://192.168.xx.1:444/nextcloud;
    }

    location /requests {
        auth_basic "Restricted";
        auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;
        proxy_pass http://192.168.xx.1:3000/requests;
    }
}

 

I think I only changed these in

nextcloud site-conf/default

  # Path to the root of your installation
  #root /config/www/nextcloud/;
  root /config/www/;

  # set max upload size
  client_max_body_size 10G;
  fastcgi_buffers 64 4K;

 

nextcloud config.php

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'ocxvunynx6i5',
  'passwordsalt' => 'xxx',
  'secret' => 'xxx',
  'trusted_domains' => 
  array (
    0 => '192.168.xx.1',
    1 => 'xxx.servebeer.com',
  ),
  'trusted_proxies' => 
  array (
    0 => '192.168.xx.1',
  ),
  'overwritewebroot' => '/nextcloud',
  'overwritehost' => 'xxx.servebeer.com',
  'overwrite.cli.url' => 'https://192.168.xx.1:444',
  'dbtype' => 'mysql',
  'version' => '11.0.1.2',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.xx.1:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_sysadmin',
  'dbpassword' => 'xxx',
  'logtimezone' => 'UTC',
  'installed' => true,
);

 

And then I created a script to make the .htpasswd without apache for letsencrypt

You just supply it a username then enter the password twice and the username:password hash are added to /appdata/letsencrypt/nginx/.htpasswd

I put the script at /appdata/letsencrypt and then run htpasswd username

#!/bin/bash
if [ "$#" -ne 1 ]; then
  echo "Usage: " `basename "$0"` "username"
  exit 1
fi

printf "$@:`openssl passwd -apr1`\n" >> nginx/.htpasswd

echo "username:password written to nginx/.htpasswd"

 

Thought I'd post these in case it helps someone or if anyone has some suggestions. But its working great so far. I pieced it together from a few different posts.

 

Link to comment

Finally got it to work. Thanks @dmacias and @CHBMB.

 

I was making piecemeal edits and reverting them when they didn't work.

 

These were the two key changes I had to make together:

 

#Config for Nextcloud
	location ^~ /nextcloud {
		include /config/nginx/proxy.conf;
		proxy_pass https://192.168.1.252:448/nextcloud;
	}

 

 #root /config/www/nextcloud/;
  root /config/www;

 

Between googling for solutions and making ad hoc edits separately at different times I don't think I got those two edits together at the same time if that makes sense.

 

Hope this is it.

Link to comment

Yep. Otherwise it won't work.

 

Sent from my LG-H815 using Tapatalk

 

THANK YOU VERY MUCH!  I guess I should pay more attention to the syntax. I am on the main user page. Looks very similar to owncloud.

 

Lev

 

 

 

So far I've been able to add a total of 4 users; however, when I try to add additional users, nothing happens. No error messages. The page just sits there. I can do pretty much anything else with NC, but clicking "create" does nothing.

 

PS. I think I answered my own question. I created that user with a complex password, and when changing it to something simpler was greeted with an error message - too simple password. I think that NC did not like the simple password and did not notify me of "why" it did not want to create the user.

Link to comment

I'm following the guide from here: https://www.linuxserver.io/2016/07/28/installing-nextcloud-on-unraid/

 

and when i get to the initial setup of the nextcloud docker and configuring the database, I get the following message:

 

Error while trying to create admin user: Failed to connect to the database: An exception occured in driver: SQLSTATE[HY000] [1045] Access denied for user 'root'@'172.17.0.1' (using password: YES)

 

I'm not sure where the 172.17.0.1 comes from because that's neither my public IP nor the IP of my server.

 

EDIT: I nuked it all and tried the steps that were linked earlier

1. Delete all traces of config files related to mariadb and nextcloud containers.

 

Install and setup MariaDB

Install linuxserver/mariadb:latest

docker exec -t -i mariadb /bin/bash

mysql_secure_installation

create new root password

allow remote connection

 

Edit custom.cnf

cp /config/custom.cnf /config/custom.bak.cnf

vim /config/custom.cnf

insert skip-log-bin to end of [mysqld]

insert binlog_format=mixed after #binlog_format=row

:wq

 

Nextcloud

Install lsiodev/nextcloud:latest

https://nextcloud.app

admin username

admin password

select mysql

db name    nextcloud

db username root

db password root password

db location 192.168.0.200:3306

Submit

and fingers crossed

 

But the message has now changed to this:

 

Error while trying to create admin user: Failed to connect to the database: An exception occured in driver: SQLSTATE[HY000] [1130] Host '172.17.0.1' is not allowed to connect to this MariaDB server

 

I'm 99% sure this has to do with editing the custom.cnf file with Notepad++. When i try and do the VIM command I get "bash: vim: command not found"

EDIT: Now I'm 50% sure. I edited it with vim through Krusader, and it still doesn't work. I might nuke it all and not touch the custom.cnf with notepad in case this makes some sort of irreversible status change to that file.

Link to comment

I'm following the guide from here: https://www.linuxserver.io/2016/07/28/installing-nextcloud-on-unraid/

 

and when i get to the initial setup of the nextcloud docker and configuring the database, I get the following message:

 

Error while trying to create admin user: Failed to connect to the database: An exception occured in driver: SQLSTATE[HY000] [1045] Access denied for user 'root'@'172.17.0.1' (using password: YES)

 

I'm not sure where the 172.17.0.1 comes from because that's neither my public IP nor the IP of my server.

 

EDIT: I nuked it all and tried the steps that were linked earlier

1. Delete all traces of config files related to mariadb and nextcloud containers.

 

Install and setup MariaDB

Install linuxserver/mariadb:latest

docker exec -t -i mariadb /bin/bash

mysql_secure_installation

create new root password

allow remote connection

 

Edit custom.cnf

cp /config/custom.cnf /config/custom.bak.cnf

vim /config/custom.cnf

insert skip-log-bin to end of [mysqld]

insert binlog_format=mixed after #binlog_format=row

:wq

 

Nextcloud

Install lsiodev/nextcloud:latest

https://nextcloud.app

admin username

admin password

select mysql

db name    nextcloud

db username root

db password root password

db location 192.168.0.200:3306

Submit

and fingers crossed

 

But the message has now changed to this:

 

Error while trying to create admin user: Failed to connect to the database: An exception occured in driver: SQLSTATE[HY000] [1130] Host '172.17.0.1' is not allowed to connect to this MariaDB server

 

I'm 99% sure this has to do with editing the custom.cnf file with Notepad++. When i try and do the VIM command I get "bash: vim: command not found"

EDIT: Now I'm 50% sure. I edited it with vim through Krusader, and it still doesn't work. I might nuke it all and not touch the custom.cnf with notepad in case this makes some sort of irreversible status change to that file.

 

The instructions I typed definitely work, I've tried it three times over the last two days!

 

Withoout wanting to start a flame war of vim vs nano.  I used nano via SSH in the Unraid terminal.

Link to comment

The instructions I typed definitely work, I've tried it three times over the last two days!

 

Withoout wanting to start a flame war of vim vs nano.  I used nano via SSH in the Unraid terminal.

 

Yeah I'm sure it's just something I'm doing wrong. I'm going to nuke it and try again this morning from scratch.

 

EDIT:

I re-tried all of the steps and edited the custom file with MC, and I'm still getting the error:

Error while trying to create admin user: Failed to connect to the database: An exception occured in driver: SQLSTATE[HY000] [1130] Host '172.17.0.1' is not allowed to connect to this MariaDB server

 

Still no luck, anyone have any additional thoughts? There was a solution to this earlier in the thread but it was solved in a PM apparently. It possibly has to do with the ability to allow remote hosts to connect? I also cannot connect to the DB via MySQL workbench.

Link to comment

Hi,

 

I'm using Nextcloud behind Nginx and just recognized that when accessing my main page (e.g. myserver.de) with basic auth I also get a log in the Nextcloud admin settings saying: "Warning core Login failed: 'basic auth username' (Remote IP: '172.17.0.1')"

My Nextcloud can be accessed only via myserver.de/nextcloud so I don't really understand why this log entry appears.

 

My Nexxtcloud config.php:

 

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'octl9zzzlzwx',
  'passwordsalt' => 'xxxxx',
  'secret' => 'xxxxx',
  'trusted_domains' => 
  array (
    0 => '192.168.151.10:444',
    1 => 'unraid:444',
    2 => 'myserver.de',
  ),
  'trusted_proxies' => 
  array (
    0 => '192.168.151.10:443',
  ),
  'overwrite.cli.url' => 'https://192.168.151.10:444',
  'overwritehost' => 'myserver.de',
  'overwriteprotocol' => 'https',
  'overwritewebroot' => '/nextcloud',
  'dbtype' => 'mysql',
  'version' => '11.0.1.2',
  'dbname' => 'Nextcloud',
  'dbhost' => '192.168.151.10:3305',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'xxxxx',
  'dbpassword' => 'xxxxx',
  'logtimezone' => 'UTC',
  'installed' => true,
  'mail_from_address' => 'xxxxx',
  'mail_smtpmode' => 'smtp',
  'mail_domain' => 'xxxxx',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpsecure' => 'ssl',
  'mail_smtphost' => 'xxxxx',
  'mail_smtpport' => 'xxxxx',
  'mail_smtpauth' => 1,
  'mail_smtpname' => 'xxxxx',
  'mail_smtppassword' => 'xxxxx',
  'loglevel' => 2,
  'maintenance' => false,
);

 

 

Nginx cfg:

 

# Redirect all traffic to HTTPS
server {
listen 80;

server_name myserver.de www.myserver.de;

return 301 https://$server_name$request_uri;
}

# Redirect all traffic to non-www
server {
listen 443 ssl;

server_name www.myserver.de;

return 301 https://myserver.de$request_uri;
}

# Main server block
server {
listen 443 ssl default_server;

root /config/www;
index index.html index.htm index.php;

server_name myserver.de;

ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;

ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;

# Connection credentials caching
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 180m;

# Disable SSL by enforcing TLS
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

# SSL Stapling
ssl_stapling on;
ssl_stapling_verify on;

# Enable HTTP Strict Transport Security applied to all subdomains
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

client_max_body_size 0;

location / {
	try_files $uri $uri/ /index.html /index.php?$args =404;
	auth_basic "Restricted";
	auth_basic_user_file /config/nginx/.htpasswd;
}

location /nextcloud {
	include /config/nginx/proxy.conf;
	proxy_pass https://192.168.151.10:444/nextcloud;
}
}

 

anyone has an idea why this log entry appears?

 

 

edit:

 

I changed the Nextcloud logging to debug and get the following entries now:

 

Warning core Login failed: 'basic auth username' (Remote IP: '172.17.0.1')

Info core Bruteforce attempt from "172.17.0.1" detected for action "login".

 

It seems that my Nextcloud server detects bruteforce when trying to access my Nginx main page.

I also noticed that my server responds very slow when logging into Nextcloud and the iOS app reports timeouts aswell when trying to sync.

Link to comment

Ok so I think I found the solution for my problem here: https://blog.bandinelli.net/index.php?post/2016/10/17/Nextcloud%2C-bruteforce-attacks-and-reverse-proxy

The problem seems to be that Nextcloud was not properly configured to use as remote address the true remote address and not the address from the reverse proxy

 

But I'm not completely sure if I did everything right. Maybe someone can have a look?

 

I changed the trusted proxies entry and added 'forwarded_for_headers' in my config.php file as follows:

 

  'trusted_domains' => 
  array (
    0 => '192.168.151.10:444',
    1 => 'unraid:444',
    2 => 'myserver.de',
  ),
  'trusted_proxies' => array ('192.168.151.10'),
  'forwarded_for_headers' => array ('HTTP_X_FORWARDED_FOR'),

 

after that I had the problem that on every login to my Nextcloud page (not only the Nginx main site) I got:

Warning core Login failed: 'basic auth username' (Remote IP: '172.17.0.1')

Info core Bruteforce attempt from "172.17.0.1" detected for action "login".

 

 

So I also added 'include /config/nginx/proxy.conf;' to my root location in the Nginx cfg:

This solved my problem but I don't know if this is the right way to do this because no one else seems to use this line there.

 

 

# Redirect all traffic to HTTPS
server {
listen 80;

server_name myserver.de www.myserver.de;

return 301 https://$server_name$request_uri;
}

# Redirect all traffic to non-www
server {
listen 443 ssl;

server_name www.myserver.de;

return 301 https://myserver.de$request_uri;
}

# Main server block
server {
listen 443 ssl default_server;

root /config/www;
index index.html index.htm index.php;

server_name myserver.de;

ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;

ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;

# Connection credentials caching
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 180m;

# Disable SSL by enforcing TLS
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

# SSL Stapling
ssl_stapling on;
ssl_stapling_verify on;

# Enable HTTP Strict Transport Security applied to all subdomains
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

client_max_body_size 0;

location / {
	try_files $uri $uri/ /index.html /index.php?$args =404;
	include /config/nginx/proxy.conf;
	auth_basic "Restricted";
	auth_basic_user_file /config/nginx/.htpasswd;
}

location /nextcloud {
	include /config/nginx/proxy.conf;
	proxy_pass https://192.168.151.10:444/nextcloud;
}
}

Link to comment

I am trying to install

https://apps.nextcloud.com/apps/previewgenerator

 

but I am stuck here

Important: To enable pre-generation of previews you must add ./occ preview:pre-generate to a system cron job that runs at times of your choosing.

 

 

I need to get into nextcloud docker and there add the cronjob right?

 

got into docker with

docker exec -i -t nextcloud /bin/bash

 

but now I am lost!

 

Link to comment

Ok so I think I found the solution for my problem here: https://blog.bandinelli.net/index.php?post/2016/10/17/Nextcloud%2C-bruteforce-attacks-and-reverse-proxy

The problem seems to be that Nextcloud was not properly configured to use as remote address the true remote address and not the address from the reverse proxy

 

But I'm not completely sure if I did everything right. Maybe someone can have a look?

 

I changed the trusted proxies entry and added 'forwarded_for_headers' in my config.php file as follows:

 

  'trusted_domains' => 
  array (
    0 => '192.168.151.10:444',
    1 => 'unraid:444',
    2 => 'myserver.de',
  ),
  'trusted_proxies' => array ('192.168.151.10'),
  'forwarded_for_headers' => array ('HTTP_X_FORWARDED_FOR'),

 

after that I had the problem that on every login to my Nextcloud page (not only the Nginx main site) I got:

Warning core Login failed: 'basic auth username' (Remote IP: '172.17.0.1')

Info core Bruteforce attempt from "172.17.0.1" detected for action "login".

 

 

So I also added 'include /config/nginx/proxy.conf;' to my root location in the Nginx cfg:

This solved my problem but I don't know if this is the right way to do this because no one else seems to use this line there.

 

 

# Redirect all traffic to HTTPS
server {
listen 80;

server_name myserver.de www.myserver.de;

return 301 https://$server_name$request_uri;
}

# Redirect all traffic to non-www
server {
listen 443 ssl;

server_name www.myserver.de;

return 301 https://myserver.de$request_uri;
}

# Main server block
server {
listen 443 ssl default_server;

root /config/www;
index index.html index.htm index.php;

server_name myserver.de;

ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;

ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;

# Connection credentials caching
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 180m;

# Disable SSL by enforcing TLS
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

# SSL Stapling
ssl_stapling on;
ssl_stapling_verify on;

# Enable HTTP Strict Transport Security applied to all subdomains
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

client_max_body_size 0;

location / {
	try_files $uri $uri/ /index.html /index.php?$args =404;
	include /config/nginx/proxy.conf;
	auth_basic "Restricted";
	auth_basic_user_file /config/nginx/.htpasswd;
}

location /nextcloud {
	include /config/nginx/proxy.conf;
	proxy_pass https://192.168.151.10:444/nextcloud;
}
}

 

I'm not sure what to do tbh.  I assume you're running it behind a reverse proxy?  In which case I guess it would look like all the requests to Nextcloud are coming from the same IP.  My assumption would be you've mitigated that with the bits you've added.  Also fail2ban is included in the letsencrypt container.

Link to comment

Yes it's running behind Ngninx. I did some more research and it seems that there is an overall problem with docker only seeing the IP of the docker0 network.

See here for example:

https://github.com/jwilder/nginx-proxy/issues/133

https://github.com/docker/docker/issues/7540#issuecomment-250407556

This means that I can't really use the Bruteforce feature shipped with Nextcloud because it's only able to see one IP (172.17.0.1).

That's why I disabled it for now in my config.php with

'auth.bruteforce.protection.enabled' => false,

How are you dealing with this? Am I the only one seeing this problem here?

I also wanted to start playing around with Fail2ban but I think this wouldn't work aswell in a docker environment right? How would I make Fail2ban see the Nextcloud log which is obviously located in a different container.

 

 

Edited by Marv
Link to comment

I wondered if anyone had successfully converted a sqlite to a mariadb?

 

I have nextcloud setup nicely but used sqlite to try it and I have now setup the linuxserver.io mariadb db following the chbmb guide.

 

When I use the command to convert db's it wont connect to the mariadb db for some reason?

 

Anyone tried this at all?

 

sudo -u abc php occ db:convert-type --port 3305 --password="password" --clear-schema --all-apps mysql root 192.168.1.99 nextcloud

 

Quote

 


 

[

[Doctrine\DBAL\DBALException]                                                                                                                               

  Failed to connect to the database: An exception occured in driver: SQLSTATE[HY000] [1045] Access denied for user 'root'@'172.17.0.1' (using password: YES



                                                                                                             
db:convert-type [--port PORT] [--password PASSWORD] [--clear-schema] [--all-apps] [--chunk-size CHUNK-SIZE] [--] <type> <username> <hostname> <database>

 

Edited by local.bin
Link to comment

Hey guys, Nextcloud 11.0.2 is out.

 

Whenever I update manually via the website then it reverts as soon as I turn off and on Docker.

 

Can this be updated on the Docker side as well? Thanks.

Link to comment
1 hour ago, ideaman924 said:

Hey guys, Nextcloud 11.0.2 is out.

 

Whenever I update manually via the website then it reverts as soon as I turn off and on Docker.

 

Can this be updated on the Docker side as well? Thanks.

I've been updating using the instructions I posted and recently by using the webui, both successfully.

Link to comment

I just updated to the latest version in the unraid docker tab and am since then unable to connect to nextcloud.

The desktop application told me there was an unknown error. I tried to access the webui, which showed only a blank page.

I then reinstalled the docker to a new appdata folder, now the webui works but says "internal server error".

Is there a way to downgrade to the previous version or fix this error?

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.