unrno.spam

Members
  • Posts

    17
  • Joined

  • Last visited

unrno.spam's Achievements

Noob

Noob (1/14)

0

Reputation

  1. I'm using the nextcloud and swag container from linuxserver.io for years now. But with the update to nextcloud 28.0.3 I get two annoying security warnings I just can't get rid of: The "X-Robots-Tag" HTTP header is not set to "noindex, nofollow". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly. The "X-Permitted-Cross-Domain-Policies" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly. According to the different *.conf files I can't see that there are no headers for that or are misconfigured. Do I check the right *.conf-files? I deleted the default ones and get new ones with the restart of the container... Here are the *.conf-files I checked: appdata -> nextcloud -> nginx -> site-confs -> default.conf ## Version 2024/01/03 - Changelog: https://github.com/linuxserver/docker-nextcloud/commits/master/root/defaults/nginx/site-confs/default.conf.sample # Set the `immutable` cache control options only for assets with a cache busting `v` argument map $arg_v $asset_immutable { "" ""; default "immutable"; } server { listen 80 default_server; listen [::]:80 default_server; listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name _; include /config/nginx/ssl.conf; root /app/www/public; # display real ip in nginx logs when connected through reverse proxy via docker network set_real_ip_from 172.16.0.0/12; real_ip_header X-Forwarded-For; # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx # set max upload size and increase upload timeout: client_max_body_size 512M; client_body_timeout 300s; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml text/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # Pagespeed is not supported by Nextcloud, so if your server is built # with the `ngx_pagespeed` module, uncomment this line to disable it. #pagespeed off; # The settings allows you to optimize the HTTP2 bandwidth. # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/ # for tuning hints client_body_buffer_size 512k; # HTTP response headers borrowed from Nextcloud `.htaccess` add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; # Specify how to handle directories -- specifying `/index.php$request_uri` # here as the fallback means that Nginx always exhibits the desired behaviour # when a client requests a path that corresponds to a directory that exists # on the server. In particular, if that directory contains an index.php file, # that file is correctly served; if it doesn't, then the request is passed to # the front-end controller. This consistent behaviour means that we don't need # to specify custom rules for certain paths (e.g. images and other assets, # `/updater`, `/ocs-provider`), and thus # `try_files $uri $uri/ /index.php$request_uri` # always provides the desired behaviour. index index.php index.html /index.php$request_uri; # Rule borrowed from `.htaccess` to handle Microsoft DAV clients location = / { if ( $http_user_agent ~ ^DavClnt ) { return 302 /remote.php/webdav/$is_args$args; } } location = /robots.txt { allow all; log_not_found off; access_log off; } # Make a regex exception for `/.well-known` so that clients can still # access it despite the existence of the regex rule # `location ~ /(\.|autotest|...)` which would otherwise handle requests # for `/.well-known`. location ^~ /.well-known { # The rules in this block are an adaptation of the rules # in `.htaccess` that concern `/.well-known`. location = /.well-known/carddav { return 301 /remote.php/dav/; } location = /.well-known/caldav { return 301 /remote.php/dav/; } location /.well-known/acme-challenge { try_files $uri $uri/ =404; } location /.well-known/pki-validation { try_files $uri $uri/ =404; } # Let Nextcloud's API for `/.well-known` URIs handle all other # requests by passing them to the front-end controller. return 301 /index.php$request_uri; } # Rules borrowed from `.htaccess` to hide certain paths from clients location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } # Ensure this block, which passes PHP files to the PHP process, is above the blocks # which handle static assets (as seen below). If this block is not declared first, # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` # to the URI, resulting in a HTTP 500 error response. location ~ \.php(?:$|/) { # Required for legacy support rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice fastcgi_param front_controller_active true; # Enable pretty urls fastcgi_pass 127.0.0.1:9000; fastcgi_intercept_errors on; fastcgi_request_buffering off; fastcgi_max_temp_file_size 0; } # Serve static files location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463, $asset_immutable"; access_log off; # Optional: Don't log access to assets location ~ \.wasm$ { default_type application/wasm; } } location ~ \.woff2?$ { try_files $uri /index.php$request_uri; expires 7d; # Cache-Control policy borrowed from `.htaccess` access_log off; # Optional: Don't log access to assets } # Rule borrowed from `.htaccess` location /remote { return 301 /remote.php$request_uri; } location / { # enable for basic auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; try_files $uri $uri/ /index.php$request_uri; } # deny access to .htaccess/.htpasswd files location ~ /\.ht { deny all; } } appdata -> nextcloud -> nginx -> ssl.conf ## Version 2023/08/13 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/ssl.conf.sample ### Mozilla Recommendations # generated 2023-06-25, Mozilla Guideline v5.7, nginx 1.24.0, OpenSSL 3.1.1, intermediate configuration # https://ssl-config.mozilla.org/#server=nginx&version=1.24.0&config=intermediate&openssl=3.1.1&guideline=5.7 ssl_certificate /config/keys/cert.crt; ssl_certificate_key /config/keys/cert.key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam ssl_dhparam /config/nginx/dhparams.pem; # intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; ssl_prefer_server_ciphers off; # HSTS (ngx_http_headers_module is required) (63072000 seconds) #add_header Strict-Transport-Security "max-age=63072000" always; # OCSP stapling #ssl_stapling on; #ssl_stapling_verify on; # verify chain of trust of OCSP response using Root CA and Intermediate certs #ssl_trusted_certificate /config/keys/cert.crt; # Optional additional headers add_header Cache-Control "no-transform" always; add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'" always; add_header Permissions-Policy "interest-cohort=()" always; add_header Referrer-Policy "same-origin" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-UA-Compatible "IE=Edge" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; appdata -> nextcloud -> nginx -> nginx.conf ## Version 2023/04/13 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/nginx.conf.sample ### Based on alpine defaults # https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.15-stable user abc; # Set number of worker processes automatically based on number of CPU cores. include /config/nginx/worker_processes.conf; # Enables the use of JIT for regular expressions to speed-up their processing. pcre_jit on; # Configures default error logger. error_log /config/log/nginx/error.log; # Includes files with directives to load dynamic modules. include /etc/nginx/modules/*.conf; # Include files with config snippets into the root context. include /etc/nginx/conf.d/*.conf; events { # The maximum number of simultaneous connections that can be opened by # a worker process. worker_connections 1024; } http { # Includes mapping of file name extensions to MIME types of responses # and defines the default type. include /etc/nginx/mime.types; default_type application/octet-stream; # Name servers used to resolve names of upstream servers into addresses. # It's also needed when using tcpsocket and udpsocket in Lua modules. #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001; include /config/nginx/resolver.conf; # Don't tell nginx version to the clients. Default is 'on'. server_tokens off; # Specifies the maximum accepted body size of a client request, as # indicated by the request header Content-Length. If the stated content # length is greater than this size, then the client receives the HTTP # error code 413. Set to 0 to disable. Default is '1m'. client_max_body_size 0; # Sendfile copies data between one FD and other from within the kernel, # which is more efficient than read() + write(). Default is off. sendfile on; # Causes nginx to attempt to send its HTTP response head in one packet, # instead of using partial frames. Default is 'off'. tcp_nopush on; # all ssl related config moved to ssl.conf # included in server blocks where listen 443 is defined # Enable gzipping of responses. #gzip on; # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'. gzip_vary on; # Helper variable for proxying websockets. map $http_upgrade $connection_upgrade { default upgrade; '' close; } # Sets the path, format, and configuration for a buffered log write. access_log /config/log/nginx/access.log; # Includes virtual hosts configs. include /etc/nginx/http.d/*.conf; include /config/nginx/site-confs/*.conf; } daemon off; pid /run/nginx.pid; Und im swag-Container appdata -> swag -> nginx -> proxy-confs -> nextcloud.subdomain.conf ## Version 2023/06/24 # make sure that your nextcloud container is named nextcloud # make sure that your dns has a cname set for nextcloud # assuming this container is called "swag", edit your nextcloud container's config # located at /config/www/nextcloud/config/config.php and add the following lines before the ");": # 'trusted_proxies' => ['swag'], # 'overwrite.cli.url' => 'https://nextcloud.example.com/', # 'overwritehost' => 'nextcloud.example.com', # 'overwriteprotocol' => 'https', # # Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this: # array ( # 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it. # 1 => 'nextcloud.example.com', # ), server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name xxxxxxxx.*; include /config/nginx/ssl.conf; add_header Cache-Control "no-transform" always; add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'" always; add_header Permissions-Policy "interest-cohort=()" always; add_header Referrer-Policy "same-origin" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-UA-Compatible "IE=Edge" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; client_max_body_size 0; location / { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app nextcloud; set $upstream_port 443; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; # Hide proxy response headers from Nextcloud that conflict with ssl.conf # Uncomment the Optional additional headers in SWAG's ssl.conf to pass Nextcloud's security scan proxy_hide_header Referrer-Policy; proxy_hide_header X-Content-Type-Options; proxy_hide_header X-Frame-Options; proxy_hide_header X-XSS-Protection; # Disable proxy buffering proxy_buffering off; } } appdata -> swag -> nginx -> site-confs -> default.conf ## Version 2024/03/06 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample # redirect all traffic to https server { listen 80 default_server; listen [::]:80 default_server; location / { return 301 https://$host$request_uri; } } # main server block server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name _; include /config/nginx/ssl.conf; root /config/www; index index.html index.htm index.php; # enable subfolder method reverse proxy confs include /config/nginx/proxy-confs/*.subfolder.conf; # enable for ldap auth (requires ldap-location.conf in the location block) #include /config/nginx/ldap-server.conf; # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; location / { # enable for basic auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable for ldap auth (requires ldap-server.conf in the server block) #include /config/nginx/ldap-location.conf; # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args; } location ~ ^(.+\.php)(.*)$ { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable for ldap auth (requires ldap-server.conf in the server block) #include /config/nginx/ldap-location.conf; # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; fastcgi_split_path_info ^(.+\.php)(.*)$; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } # deny access to .htaccess/.htpasswd files location ~ /\.ht { deny all; } } # enable subdomain method reverse proxy confs include /config/nginx/proxy-confs/*.subdomain.conf; # enable proxy cache for auth proxy_cache_path cache/ keys_zone=auth_cache:10m; appdata -> swag -> nginx -> ssl.conf ## Version 2023/08/13 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/ssl.conf.sample ### Mozilla Recommendations # generated 2023-06-25, Mozilla Guideline v5.7, nginx 1.24.0, OpenSSL 3.1.1, intermediate configuration # https://ssl-config.mozilla.org/#server=nginx&version=1.24.0&config=intermediate&openssl=3.1.1&guideline=5.7 ssl_certificate /config/keys/cert.crt; ssl_certificate_key /config/keys/cert.key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam ssl_dhparam /config/nginx/dhparams.pem; # intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; ssl_prefer_server_ciphers off; # HSTS (ngx_http_headers_module is required) (63072000 seconds) add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; # OCSP stapling ssl_stapling on; ssl_stapling_verify on; # verify chain of trust of OCSP response using Root CA and Intermediate certs ssl_trusted_certificate /config/keys/cert.crt; # Optional additional headers #add_header Cache-Control "no-transform" always; #add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'" always; #add_header Permissions-Policy "interest-cohort=()" always; #add_header Referrer-Policy "same-origin" always; #add_header X-Content-Type-Options "nosniff" always; #add_header X-Frame-Options "SAMEORIGIN" always; #add_header X-UA-Compatible "IE=Edge" always; #add_header X-XSS-Protection "1; mode=block" always; #add_header X-Permitted-Cross-Domain-Policies "none" always; #add_header X-Robots-Tag "noindex, nofollow" always; appdata -> swag -> nginx -> nginx.conf ## Version 2023/04/13 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/nginx.conf.sample ### Based on alpine defaults # https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.15-stable user abc; # Set number of worker processes automatically based on number of CPU cores. include /config/nginx/worker_processes.conf; # Enables the use of JIT for regular expressions to speed-up their processing. pcre_jit on; # Configures default error logger. error_log /config/log/nginx/error.log; # Includes files with directives to load dynamic modules. include /etc/nginx/modules/*.conf; # Include files with config snippets into the root context. include /etc/nginx/conf.d/*.conf; events { # The maximum number of simultaneous connections that can be opened by # a worker process. worker_connections 1024; } http { # Includes mapping of file name extensions to MIME types of responses # and defines the default type. include /etc/nginx/mime.types; default_type application/octet-stream; # Name servers used to resolve names of upstream servers into addresses. # It's also needed when using tcpsocket and udpsocket in Lua modules. #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001; include /config/nginx/resolver.conf; # Don't tell nginx version to the clients. Default is 'on'. server_tokens off; # Specifies the maximum accepted body size of a client request, as # indicated by the request header Content-Length. If the stated content # length is greater than this size, then the client receives the HTTP # error code 413. Set to 0 to disable. Default is '1m'. client_max_body_size 0; # Sendfile copies data between one FD and other from within the kernel, # which is more efficient than read() + write(). Default is off. sendfile on; # Causes nginx to attempt to send its HTTP response head in one packet, # instead of using partial frames. Default is 'off'. tcp_nopush on; # all ssl related config moved to ssl.conf # included in server blocks where listen 443 is defined # Enable gzipping of responses. #gzip on; # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'. gzip_vary on; # Helper variable for proxying websockets. map $http_upgrade $connection_upgrade { default upgrade; '' close; } # Sets the path, format, and configuration for a buffered log write. access_log /config/log/nginx/access.log; # Includes virtual hosts configs. include /etc/nginx/http.d/*.conf; include /config/nginx/site-confs/*.conf; } daemon off; pid /run/nginx.pid; appdata -> swag -> nginx -> proxy.conf ## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample # Timeout if the real server is dead proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Proxy Connection Settings proxy_buffers 32 4k; proxy_connect_timeout 240; proxy_headers_hash_bucket_size 128; proxy_headers_hash_max_size 1024; proxy_http_version 1.1; proxy_read_timeout 240; proxy_redirect http:// $scheme://; proxy_send_timeout 240; # Proxy Cache and Cookie Settings proxy_cache_bypass $cookie_session; #proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps proxy_no_cache $cookie_session; # Proxy Header Settings proxy_set_header Connection $connection_upgrade; proxy_set_header Early-Data $ssl_early_data; proxy_set_header Host $host; proxy_set_header Proxy ""; proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Method $request_method; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Uri $request_uri; proxy_set_header X-Original-Method $request_method; proxy_set_header X-Original-URL $scheme://$http_host$request_uri; proxy_set_header X-Real-IP $remote_addr;
  2. This should be fixed! Just didn't want myself face a situation of corrupted backups because of rotten bits on a hard drive, UnRaid is aware of but do not send any warnings, I do backups every day since I store data which is very important to me - I don't wanna go through hell here...
  3. Succeeded when running on "Host" network. Great work and thanx for the hints you gave!!
  4. Just installed the "RustDesk-Server-AIO" Docker-Container on my UnRaid 6.11.5-Server. Before opening Ports on my Router or using my Reverse Proxy to get connected via Internet I would like to tell the HBBR and HBBS to accept only requests with a key. Well, in the template you can set extra parameters - can someone guide me through the process and post, what exactly to set as parameter. Google tells me to use ' -k _' in Docker compose but that doesn't do the trick... No matter if using network as host or bridged
  5. BINGO! Danke, mgutt - das hat zwei cron-Jobs hervorgebracht, in denen die Kopiervorgaänge angelegt sind: /boot/config/plugins/dynamix/epgfinal.cron /boot/config/plugins/dynamix/test.cron Werde die beiden cron-Jobs löschen und dann sollte hoffentlich Ruhe sein!
  6. Danke, aber es sieht ja so aus, als wenn die Datei beim Neustart neu geschrieben wird. Zumindest deutet Uhrzeit und Datum der Datei darauf hin. Ich suche aber mal auf dem Stick nach der Datei...
  7. Sorry für Nachfragen: im Pfad /etc/cron.d/ und muss ich dann noch irgendwie den Dateinanmen mitgeben? Denn sonst kommt im Terminal ja nur die Möglichkeit, einen neuen Crontab zu erstellen... crontab -l führt zur selben Ausgabe, ebenso crontab -e -u root # If you don't want the output of a cron job mailed to you, you have to direct # any output to /dev/null. We'll do this here since these jobs should run # properly on a newly installed system. If a script fails, run-parts will # mail a notice to root. # # Run the hourly, daily, weekly, and monthly cron jobs. # Jobs that need different timing may be entered into the crontab as before, # but most really don't need greater granularity than this. If the exact # times of the hourly, daily, weekly, and monthly cron jobs do not suit your # needs, feel free to adjust them. # # Run hourly cron jobs at 47 minutes after the hour: 47 * * * * /usr/bin/run-parts /etc/cron.hourly 1> /dev/null # # Run daily cron jobs at 4:40 every day: 40 4 * * * /usr/bin/run-parts /etc/cron.daily 1> /dev/null # # Run weekly cron jobs at 4:30 on the first day of the week: 30 4 * * 0 /usr/bin/run-parts /etc/cron.weekly 1> /dev/null # # Run monthly cron jobs at 4:20 on the first day of the month: 20 4 1 * * /usr/bin/run-parts /etc/cron.monthly 1> /dev/null 0 4 * * * /usr/local/emhttp/plugins/ca.backup2/scripts/backup.php &>/dev/null 2>&1
  8. Auf meinem UnRaid-Server habe ich leider das nervige Problem, dass ich in meinen Anfängen wohl einen cronjob angelegt habe, den ich jetzt nicht mehr loswerde. Ich kann den crontab bearbeiten mit nano, das Ergebnis abspeichern - aber beim nächsten Neustart ist alles wieder beim alten. Manchmal braucht es dazu nicht mal ein Neustart (z.B. taucht das Problerm auch auf, wenn das autoupdate-plugin sich selbst updatet). Nach dem Neustart gehe ich ins Terminal und rufe mit nano /etc/cron.d/root den crontab auf, mache meine Änderungen (lösche die gelb markierten Zeilen raus), speichere mit Strg+O und gehe wieder raus mit Strg-X Ein docker dürfte da nichts eintragen, den die docker werden jede Nacht gestoppt, ein Backup gemacht und wieder neu gestartet und trotzdem bleibt der crontab bis zum nächsten Neustart sauber... Wenn ich die Datei "root" lösche, wird sie beim nächsten Neustart automatisch wieder angelegt. die Datei woanders hin kopieren, bearbeiten , die alte ursprüngliche löschen und die bearbeitete Datei wieder zurück kopieren hat auch nicht geholfen. Wie kann ich am besten rausfinden, was die Datei beim Neustart erzeugt und wie ich das dann lösen kann? Weiß leider nicht mehr, wo ich damals bei Installation des UNR-Servers rumgepfuscht habe und da das Problem nur bei einem Neustart auftaucht, ist es mir lange nicht aufgefallen - nun nervt es aber doch, da der cronjob so Fehler ausspuckt, die per Mail versandt werden...
  9. After updating to 1.19.0 I still see no option to limit the space for error logs. Does anybody know a way to handle this or at least get notified by e.g. mail?
  10. I'm running the latest version of this container with Syncthing 1.18.0 on my my UnRaid-System. Is there any way to avoid error logs to fill up my cache drive? I had once a problem with syncing over night and there were tons of error logs in the container's folder. Maybe a way to configure a certain amount of space in the config.xml?
  11. Today I replaced my Cache SSD since there were some uncorrectable blocks. I deleted the docker image and re-installed all containers via the previous apps. With my nextcloud conainer I'm facing now a strange behaviour. When I try to log in via Web-Ui I get an error message: Internal Server Error The server encountered an internal error and was unable to complete your request. Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report. More details can be found in the server log. But all nextcloud apps (Android and iOS) have full access and I can up- and download files. Synchronising calender and tasks is no problem at all. So nextcloud itaself with swag reverse-proxy and DuchDNS is working. Hence my guess is, that the web-login is broken and this was actually one of the last things I did in nextcloud - changing the Theme (without new grafix, just the displayed text was changed) In the nextcloud.log I found hints to that: Agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0","version":"21.0.1.1"} {"reqId":"OiW0ysdcsI9jtOXDRA5v","level":3,"time":"2021-05-19T06:29:53+00:00","remoteAddr":"207.180.213.38","user":"--","app":"core","method":"GET","url":"/login","message":{"Exception":"RuntimeException","Message":"image not found: image:favicon-mask.svg webroot: serverroot:/config/www/nextcloud","Code":0,"Trace":[{"file":"/config/www/nextcloud/lib/private/legacy/template/functions.php","line":238,"function":"imagePath","class":"OC\\URLGenerator","type":"->"},{"file":"/config/www/nextcloud/core/templates/layout.guest.php","line":20,"function":"image_path"},{"file":"/config/www/nextcloud/lib/private/Template/Base.php","line":178,"args":["/config/www/nextcloud/core/templates/layout.guest.php"],"function":"include"},{"file":"/config/www/nextcloud/lib/private/Template/Base.php","line":150,"function":"load","class":"OC\\Template\\Base","type":"->"},{"file":"/config/www/nextcloud/lib/private/legacy/OC_Template.php","line":180,"function":"fetchPage","class":"OC\\Template\\Base","type":"->"},{"file":"/config/www/nextcloud/lib/private/legacy/OC_Template.php","line":211,"function":"fetchPage","class":"OC_Template","type":"->"},{"file":"/config/www/nextcloud/lib/private/Template/Base.php","line":132,"function":"fetchPage","class":"OC_Template","type":"->"},{"file":"/config/www/nextcloud/lib/private/legacy/OC_Template.php","line":332,"function":"printPage","class":"OC\\Template\\Base","type":"->"},{"file":"/config/www/nextcloud/index.php","line":63,"function":"printExceptionErrorPage","class":"OC_Template","type":"::"}],"File":"/config/www/nextcloud/lib/private/URLGenerator.php","Line":238,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0","version":"21.0.1.1"} {"reqId":"Y5d1alsQkKVxzjJqTzUt","level":3,"time":"2021-05-19T09:19:34+00:00","remoteAddr":"ipxxx","user":"userxxx","app":"no app in context","method":"GET","url":"/ocs/v2.php/cloud/capabilities?format=json","message":{"Exception":"RuntimeException","Message":"image not found: image:logo/logo.svg webroot: serverroot:/config/www/nextcloud","Code":0,"Trace":[{"file":"/config/www/nextcloud/apps/theming/lib/ThemingDefaults.php","line":249,"function":"imagePath","class":"OC\\URLGenerator","type":"->"},{"file":"/config/www/nextcloud/apps/theming/lib/Capabilities.php","line":84,"function":"getLogo","class":"OCA\\Theming\\ThemingDefaults","type":"->"},{"file":"/config/www/nextcloud/lib/private/CapabilitiesManager.php","line":72,"function":"getCapabilities","class":"OCA\\Theming\\Capabilities","type":"->"},{"file":"/config/www/nextcloud/core/Controller/OCSController.php","line":107,"function":"getCapabilities","class":"OC\\CapabilitiesManager","type":"->"},{"file":"/config/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":218,"function":"getCapabilities","class":"OC\\Core\\Controller\\OCSController","type":"->"},{"file":"/config/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":127,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/config/www/nextcloud/lib/private/AppFramework/App.php","line":157,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/config/www/nextcloud/lib/private/Route/Router.php","line":302,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/config/www/nextcloud/ocs/v1.php","line":63,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/config/www/nextcloud/ocs/v2.php","line":24,"args":["/config/www/nextcloud/ocs/v1.php"],"function":"require_once"}],"File":"/config/www/nextcloud/lib/private/URLGenerator.php","Line":238,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Android) Nextcloud-android/3.15.1","version":"21.0.1.1"} {"reqId":"yaRjpicZEQDPcXcfmEH2","level":3,"time":"2021-05-19T09:19:59+00:00","remoteAddr":"ipxxx","user":"userxxx","app":"PHP","method":"GET","url":"/index.php/apps/files/api/v1/thumbnail/256/256/SofortUpload/Camera/20210518_220152.jpg","message":"Allowed memory size of 536870912 bytes exhausted (tried to allocate 28672 bytes) at /config/www/nextcloud/lib/private/legacy/OC_Image.php#512","userAgent":"Mozilla/5.0 (Android) Nextcloud-android/3.15.1","version":"21.0.1.1"} {"reqId":"yudw2flsHb9Ea7YQwfKH","level":3,"time":"2021-05-19T09:20:22+00:00","remoteAddr":"ipxxx","user":"userxxx","app":"no app in context","method":"GET","url":"/ocs/v2.php/cloud/capabilities?format=json","message":{"Exception":"RuntimeException","Message":"image not found: image:logo/logo.svg webroot: serverroot:/config/www/nextcloud","Code":0,"Trace":[{"file":"/config/www/nextcloud/apps/theming/lib/ThemingDefaults.php","line":249,"function":"imagePath","class":"OC\\URLGenerator","type":"->"},{"file":"/config/www/nextcloud/apps/theming/lib/Capabilities.php","line":84,"function":"getLogo","class":"OCA\\Theming\\ThemingDefaults","type":"->"},{"file":"/config/www/nextcloud/lib/private/CapabilitiesManager.php","line":72,"function":"getCapabilities","class":"OCA\\Theming\\Capabilities","type":"->"},{"file":"/config/www/nextcloud/core/Controller/OCSController.php","line":107,"function":"getCapabilities","class":"OC\\CapabilitiesManager","type":"->"},{"file":"/config/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":218,"function":"getCapabilities","class":"OC\\Core\\Controller\\OCSController","type":"->"},{"file":"/config/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":127,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/config/www/nextcloud/lib/private/AppFramework/App.php","line":157,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/config/www/nextcloud/lib/private/Route/Router.php","line":302,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/config/www/nextcloud/ocs/v1.php","line":63,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/config/www/nextcloud/ocs/v2.php","line":24,"args":["/config/www/nextcloud/ocs/v1.php"],"function":"require_once"}],"File":"/config/www/nextcloud/lib/private/URLGenerator.php","Line":238,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Android) Nextcloud-android/3.15.1","version":"21.0.1.1"} Am I guessing right and how can I fix that?
  12. Okay, thank you. Did a quick fix with re-formatting my Cache-SSD (BTRFS-Scrub found 6 uncorrectable Blocks) and ordering a replacement fot that.
  13. Hi guys, running Unraid and Nextcloud now for one year and it has become an important tool for my so I don't wanna drop it. But now I can't get nextcloud to work. I'm using the nextcloud-Docker-Container from linuxserver with the SWAG-Container as Reverse Proxy and DuckDNS. In the log of the nextcloud-Container I found the following errors: Brought to you by linuxserver.io ------------------------------------- To support LSIO projects visit: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... chown: cannot read directory '/config/www/nextcloud/core': I/O error chmod: cannot read directory '/config/www/nextcloud/core': I/O error [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 40-config: executing... [cont-init.d] 40-config: exited 0. [cont-init.d] 50-install: executing... [cont-init.d] 50-install: exited 0. [cont-init.d] 60-memcache: executing... [cont-init.d] 60-memcache: exited 0. [cont-init.d] 70-aliases: executing... [cont-init.d] 70-aliases: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. So I did check the core on the nextcloud console with the command "occ integrity:check-core" with this result (just the last few lines, because the list is very long): - current: - core/vendor/zxcvbn/dist/zxcvbn.js: - expected: 4d994c18563dc4a8f7f2dff99b617327e44cfda0f96a53070dedbaa7499850ca021791bb89b7c751020bab4a903d5df096c9c2c0bf933d134ae2f21618b3a451 - current: - core/webpack.test.js: - expected: 9e4bb245226e24e15239416bf8fa8544bfd5b0e75e7054a15c41b834479dae9b256a511d0d4721da0b5824d4776090f0f138c73f37e123d7933d723622a10fdb - current: root@85de9c98265e:/# Then I stopped the container and set new permissions to the nextcloud share via the Unraid Menu. I guess, the problem is, that when nextcloud tries to change user and persmissions to www-data as the webserver user the I/O-erros happens... The log of the SWAG-Container has no errors in it and states the server ready. Anyone a glue how to fix this...
  14. Didn't do am memtest so far, because since the last crash the server is running now almost a full week 24/7 with no glitches at all. So I wait for the next time, I have to reboot. What else did I do? I entered the BIOS at the last reboot, to check some entries. But didn't change anything, although I saved the settings when I left. Can't really count for a problem solver. Then I installed the Plugin "Tips and Tweaks" and changed via the plugin the settings for: vm.dirty_background_ratio = 1 vm.dirty_ratio = 2 Don't know if this solved my problem, but at least I had no crashes since. Guess a memtest is still a good idea...
  15. Just had a new crash at Sonntag, 15. November 2020 18:54:02 Flashing a USB stick for memtest right now What does the page fault in the log mean? Guess this is related to memory not to the CPU, right? 2020-11-15.txt