chanrc
-
Posts
12 -
Joined
-
Last visited
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by chanrc
-
-
Anyone able to get plug-ins working with docker? I wanted to install a couple of new agents for audio books and also subzero subs plugin. Pulling the two plugin bundles using git clone <bundle> into the appdata\PMS\plug-ins and restarting the docker doesn't work and they don't show up in the UI. I know Plex is trying to get rid of them so does that mean there is no update then there?
I also read online somewhere that I have to use Kitana. So I installed that docker, authorized it with my Plex account, then clicked my server only for it to say I had "No valid plugins" even tho both of the .bundle folders are in the plug-ins. -
13 hours ago, PSYCHOPATHiO said:
I never got LDAPs correctly cause of the certs, but its internal communication with the local LDAP server & im not opening external ports for it to work. I got no clue how to get LDAPs to work
Its actually not too difficult. Figured it out after a bit of struggling. You just gotta take the IPA server cert file from /var/lib/ipa/certs and put it into the /etc/ssl/certs folder of the Nextcloud docker then add an entry for the new cert into /etc/ldap/ldap.conf and set the BASE,HOST, TLS_CACERT, and TLS_REQCERT values. After that make sure your nextcloud ldap server host gets updated to ldaps://<server> and ldapPort get updated to 636 in your nextcloud config. Nextcloud will recognize your self-signed cert after that AND it will not have any LDAP bind errors so will actually obey your LDAP server and password policies. FreeIPA is configured to only do that when SSL is enabled.
You will need to make an entry in the /etc/hosts file since certs only take FQDN. Also make sure you don't mispell anything otherwise your Nextcloud will not be able to connect to your LDAP server and it will fail to start. You will have to use the OCC tool and manually revert settings.
docker exec -u www-data Nextcloud php occ log:tail/ldap:show-config/ldap:set-config
-
On 3/4/2022 at 6:40 AM, PSYCHOPATHiO said:
I like using their dockers but sometimes I have to revert to the official dockers to get better updates & functions, in our case LDAP was broken in all nextcloud dockers listed in the app store.
what else do you have connected to your LDAP <--- off topic.
I got airsonic advanced, matrix server, email server, nextcloud, & strangely pfsense for guest wifi via captive portal, so users can authenticate with their LDAP
Right now I just got Nextcloud working with LDAP and trying to get it on LDAPS without much success. Having trouble getting Nextcloud to recognize the self-signed cert from the internal FreeIPA LDAP server. When I go occ log:tail it just tells me I get have a connection error. I have Authelia working on LDAPS as an authentication portal in front of a number of services I have running I wanted to do SSO on. Was going to get an email server working then look at hooking LDAP into Home Assistant for home automation stuff.
Pretty new to LDAP/cert management and its a pretty steep learning curve. First time I screwed up the LDAP config and nextcloud went to an Internal Server error, I almost paniked and almost wiped the DB, Docker, and app settings to start over. -
I got Authelia and two factor working for logins, but I'm having issues when setting a new password from the password reset email that Authelia sends out The email that authelia sends out for the password reset link seem and goes to the right reset page, but clicking to execute the password change I get a couple of errors when authelia tries to set a new password with the LDAP server in the logs:
time="2022-03-03T18:38:59-07:00" level=error msg="Token is not in DB, it might have already been used" method=POST path=/api/reset-password/identity/finish remote_ip=ip stack="github.com/authelia/authelia/v4/internal/middlewares/authelia_context.go:61 (*AutheliaCtx).Error\ngithub.com/authelia/authelia/v4/internal/middlewares/identity_verification.go:188 IdentityVerificationFinish.func1\ngithub.com/authelia/authelia/v4/internal/middlewares/authelia_context.go:52 AutheliaMiddleware.func1.1\ngithub.com/fasthttp/[email protected]/router.go:414 (*Router).Handler\ngithub.com/authelia/authelia/v4/internal/middlewares/log_request.go:14 LogRequestMiddleware.func1\ngithub.com/authelia/authelia/v4/internal/middlewares/strip_path.go:21 StripPathMiddleware.func1\ngithub.com/valyala/[email protected]/server.go:2298 (*Server).serveConn\ngithub.com/valyala/[email protected]/workerpool.go:223 (*workerPool).workerFunc\ngithub.com/valyala/[email protected]/workerpool.go:195 (*workerPool).getCh.func1\nruntime/asm_amd64.s:1581 goexit" time="2022-03-03T18:39:02-07:00" level=error msg="unable to update password. Cause: LDAP Result Code 13 \"Confidentiality Required\": Operation requires a secure connection.\n" method=POST path=/api/reset-password remote_ip=ip stack="github.com/authelia/authelia/v4/internal/middlewares/authelia_context.go:61 (*AutheliaCtx).Error\ngithub.com/authelia/authelia/v4/internal/handlers/handler_reset_password_step2.go:38 ResetPasswordPost\ngithub.com/authelia/authelia/v4/internal/middlewares/authelia_context.go:52 AutheliaMiddleware.func1.1\ngithub.com/fasthttp/[email protected]/router.go:414 (*Router).Handler\ngithub.com/authelia/authelia/v4/internal/middlewares/log_request.go:14 LogRequestMiddleware.func1\ngithub.com/authelia/authelia/v4/internal/middlewares/strip_path.go:21 StripPathMiddleware.func1\ngithub.com/valyala/[email protected]/server.go:2298 (*Server).serveConn\ngithub.com/valyala/[email protected]/workerpool.go:223 (*workerPool).workerFunc\ngithub.com/valyala/[email protected]/workerpool.go:195 (*workerPool).getCh.func1\nruntime/asm_amd64.s:1581 goexit"
It seems like LDAP is requiring some kind of secure connection for the password reset from Authelia, but in the configuration.yml, I specified an ldap:// and not ldaps://. Is this cuz of the tls section in the ibracorp template? I just used the templated and change the domain and added a password. Other than that I am using the default linuxserver.io authelia-location/authelia-server.conf which seems to line up with Ibracorps settings aside from the rules for email. Do I need to use ldaps instead? My nextcloud uses ldap password reset without ldaps and its working correctly there.
server: host: 0.0.0.0 port: 9091 path: "authelia" read_buffer_size: 4096 write_buffer_size: 4096 enable_pprof: false enable_expvars: false disable_healthcheck: false tls: key: "" certificate: "" log: level: info authentication_backend: disable_reset_password: false refresh_interval: 5m ldap: implementation: custom url: ldap://192.168.1.180 start_tls: false tls: skip_verify: false minimum_version: TLS1.2 base_dn: dc=domain,dc=com username_attribute: uid additional_users_dn: cn=users,cn=accounts users_filter: (&({username_attribute}={input})(objectClass=person)) additional_groups_dn: cn=groups,cn=accounts groups_filter: (&(member=uid={input},cn=users,cn=accounts,dc=domain,dc=com)(objectclass=groupofnames)) group_name_attribute: cn mail_attribute: mail display_name_attribute: givenName user: uid=admin,cn=users,cn=accounts,dc=domain,dc=com password: "password"
EDIT: Defining a /certificates_directory in my configuration.yaml which had my LDAP servers self-signed cert and changing to use LDAPS solved my issues. LDAP only allows edits to passwords securely.
-
4 hours ago, PSYCHOPATHiO said:
oooh yeah, but I used the official nextcloud docker, all others are broken.
The official docker is much faster when paired with redis & everything works nicely.
if you need help you could add me on matrix https://matrix.to/#/@psychopathio:sykorp.com
Yea that's exactly what I ended up doing based on your comment. I blew away everything and rebuilt it using the official nextcloud docker and it works properly with LDAP. Was hoping I didn't need to.
Shame Iinuxserver didn't work. I'm surprised its been broken this long. -
On 11/9/2021 at 6:40 AM, PSYCHOPATHiO said:
I have wiped my nextcloud & started from scratch & I found out that there are some LDAP issues with this build... I tried the official nextcloud build & LDAP works flawlessly but in Linuxserver build I'm not sure what is wrong but all the fields after I fill them up seem to have no effect.
also onlyoffice isnt working on Linuxserver build but works on the official build.
i get this message in my logs:
Could not detect any host in http:///data/htaccesstest.txt
RuntimeException: Could not get appdata folder for preview
I dont know if what I said makes any sense
You ever get LDAP working on this docker? I'm running into the same issue as you with all the fields and buttons greyed out in the "LDAP/AD integration" app.
-
Anyone have issues installing freeIPA at all? I'm trying to get that set up with Fedora 35 so I can use that with authelia. Followed all the steps on Ibracorp's video but when I try to access the ipa.domain.com it just goes to a blank page on the first load.
No errors show up in the browser dev tools and I can't see any errors in Fedora for the last steps of the FreeIPA install, says it installed successfully.
EDIT: Figured out it was a NGINX config issue
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
in Docker Containers
Posted · Edited by chanrc
Letsencrypt is now requiring secondary validation of your domains from other locations. Basically this means that letsencrypt will start a web server, try to connect to your domains from some external locations, before validating your domain and issuing you a cert if your validation method is set to http. Issue is there are a lot of different firewall configurations and nginx configurations.
In @MxFox case his firewall is blocking one of the secondary validation cloudflare locations
https://community.letsencrypt.org/t/unexpected-renewal-failures-during-april-2024-please-read-this/216830
https://letsencrypt.org/docs/challenge-types/#http-01-challenge
http://<YOUR_DOMAIN>/.well-known/acme-challenge/<TOKEN>
Looks like both your cases are failing validation at on the HTTP-01 challenge. As am I, but with different reasons.
In my case, I have my nginx configured to hit Authelia for SSO signon but that is messing things up on all subdomains because the webserver that letsecrypt spins up to answer validation requests are being blocked my Authelia. I switched to DNS validation using Cloudflare and that works fine now