Viper-694

Members
  • Posts

    13
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Viper-694's Achievements

Noob

Noob (1/14)

0

Reputation

  1. Hello, I'm having trouble with using onlyoffice in nextcloud on my phone and away from home. It works fine on my desktop connected to the same lan as my server. For example when I try to open a spreadsheet in the nextcloud app I get net::err_blocked_by_response. I'm running nextcloud and doncumentserver containers with the SWAG container as the reverse proxy. I'm guessing this is an error in the proxy configs because I recently updated the proxy-conf files that the SWAG logs were saying were out of date and then this problem started. I'm hoping someone can help me out as I really have no idea what anything in the proxy conf files mean. I'll include the three conf files the I recently changed and if anyone can help me understand what, if anything, is wrong that would be much appreciated. Nextcloud proxy-conf: server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name nextcloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app nextcloud; set $upstream_port 443; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; # Hide proxy response headers from Nextcloud that conflict with ssl.conf # Uncomment the Optional additional headers in SWAG's ssl.conf to pass Nextcloud's security scan proxy_hide_header Referrer-Policy; proxy_hide_header X-Content-Type-Options; proxy_hide_header X-Frame-Options; proxy_hide_header X-XSS-Protection; # Disable proxy buffering proxy_buffering off; } } Documentserver proxy-conf: server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name documentserver.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth (requires ldap-location.conf in the location block) #include /config/nginx/ldap-server.conf; # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable for ldap auth (requires ldap-server.conf in the server block) #include /config/nginx/ldap-location.conf; # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app documentserver; set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } } ssl conf: ## Version 2023/08/13 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/ssl.conf.sample ### Mozilla Recommendations # generated 2023-06-25, Mozilla Guideline v5.7, nginx 1.24.0, OpenSSL 3.1.1, intermediate configuration # https://ssl-config.mozilla.org/#server=nginx&version=1.24.0&config=intermediate&openssl=3.1.1&guideline=5.7 ssl_certificate /config/keys/cert.crt; ssl_certificate_key /config/keys/cert.key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; # curl *redacted seems like something I shouldn't give out?* > /path/to/dhparam ssl_dhparam /config/nginx/dhparams.pem; # intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers *redacted seems like something I shouldn't give out?* ssl_prefer_server_ciphers off; # HSTS (ngx_http_headers_module is required) (63072000 seconds) add_header Strict-Transport-Security "max-age=63072000" always; # OCSP stapling ssl_stapling on; ssl_stapling_verify on; # verify chain of trust of OCSP response using Root CA and Intermediate certs ssl_trusted_certificate /config/keys/cert.crt; # Optional additional headers #add_header Cache-Control "no-transform" always; #add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'" always; #add_header Permissions-Policy "interest-cohort=()" always; add_header Referrer-Policy "same-origin" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; #add_header X-UA-Compatible "IE=Edge" always; add_header X-XSS-Protection "1; mode=block" always;
  2. Hello, I'm having trouble with using onlyoffice in nextcloud on my phone and away from home. It works fine on my desktop connected to the same lan as my server. For example when I try to open a spreadsheet in the nextcloud app I get net::err_blocked_by_response. I'm running nextcloud and doncumentserver containers with the SWAG container as the reverse proxy. I'm guessing this is an error in the proxy configs because I recently updated the proxy-conf files that the SWAG logs were saying were out of date and then this problem started. I'm hoping someone can help me out as I really have no idea what anything in the proxy conf files mean. I'll include the three conf files the I recently changed and if anyone can help me understand what, if anything, is wrong that would be much appreciated. Nextcloud proxy-conf: server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name nextcloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app nextcloud; set $upstream_port 443; set $upstream_proto https; proxy_pass $upstream_proto://$upstream_app:$upstream_port; # Hide proxy response headers from Nextcloud that conflict with ssl.conf # Uncomment the Optional additional headers in SWAG's ssl.conf to pass Nextcloud's security scan proxy_hide_header Referrer-Policy; proxy_hide_header X-Content-Type-Options; proxy_hide_header X-Frame-Options; proxy_hide_header X-XSS-Protection; # Disable proxy buffering proxy_buffering off; } } Documentserver proxy-conf: server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name documentserver.*; include /config/nginx/ssl.conf; client_max_body_size 0; # enable for ldap auth (requires ldap-location.conf in the location block) #include /config/nginx/ldap-server.conf; # enable for Authelia (requires authelia-location.conf in the location block) #include /config/nginx/authelia-server.conf; # enable for Authentik (requires authentik-location.conf in the location block) #include /config/nginx/authentik-server.conf; location / { # enable the next two lines for http auth #auth_basic "Restricted"; #auth_basic_user_file /config/nginx/.htpasswd; # enable for ldap auth (requires ldap-server.conf in the server block) #include /config/nginx/ldap-location.conf; # enable for Authelia (requires authelia-server.conf in the server block) #include /config/nginx/authelia-location.conf; # enable for Authentik (requires authentik-server.conf in the server block) #include /config/nginx/authentik-location.conf; include /config/nginx/proxy.conf; include /config/nginx/resolver.conf; set $upstream_app documentserver; set $upstream_port 80; set $upstream_proto http; proxy_pass $upstream_proto://$upstream_app:$upstream_port; } } ssl conf: ## Version 2023/08/13 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/ssl.conf.sample ### Mozilla Recommendations # generated 2023-06-25, Mozilla Guideline v5.7, nginx 1.24.0, OpenSSL 3.1.1, intermediate configuration # https://ssl-config.mozilla.org/#server=nginx&version=1.24.0&config=intermediate&openssl=3.1.1&guideline=5.7 ssl_certificate /config/keys/cert.crt; ssl_certificate_key /config/keys/cert.key; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; # curl *redacted seems like something I shouldn't give out?* > /path/to/dhparam ssl_dhparam /config/nginx/dhparams.pem; # intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers *redacted seems like something I shouldn't give out?* ssl_prefer_server_ciphers off; # HSTS (ngx_http_headers_module is required) (63072000 seconds) add_header Strict-Transport-Security "max-age=63072000" always; # OCSP stapling ssl_stapling on; ssl_stapling_verify on; # verify chain of trust of OCSP response using Root CA and Intermediate certs ssl_trusted_certificate /config/keys/cert.crt; # Optional additional headers #add_header Cache-Control "no-transform" always; #add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'" always; #add_header Permissions-Policy "interest-cohort=()" always; add_header Referrer-Policy "same-origin" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; #add_header X-UA-Compatible "IE=Edge" always; add_header X-XSS-Protection "1; mode=block" always;
  3. Hello everyone. I'm trying to get crowdsec running with swag. I installed crowdsec and the bouncer for swag per the instructions here https://www.linuxserver.io/blog/blocking-malicious-connections-with-crowdsec-and-swag Crowdsec is parsing the nginx logs and shows the swag bouncer a valid. Swag's logs say the v1.0.4 bouncer was successfully configured but when I manually add my phone's ip address to the ban list i'm still able to get access to my services that are behind swag. Is there any other way to test the connection between the bouncer and the crowdsec api? I'm confused why everything is telling me it's installed correctly but isn't blocking any traffic. Thanks Edit: I updated the .conf files as described in the posts below and it's working now.
  4. That explains why I couldn't find it. I did figure out the issue though. I was updating a few things that caused a short interruption in my internet connection and for what ever reason tailscale would fail to reconnect to my backup server. I quick restart of the container and everything has been fine since.
  5. Where are logs saved for this container? For some reason the connection between my two unraid servers keeps disconnecting and I want to find the moment that happens in the logs. Restarting the container fixes the problem but eventually i keep getting these. 2022/03/27 23:53:05 open-conn-track: timeout opening (TCP => ) to node []; online=yes, lastRecv=7s 2022/03/27 23:53:08 open-conn-track: timeout opening (TCP => ) to node []; online=yes, lastRecv=10s 2022/03/27 23:53:09 open-conn-track: timeout opening (TCP => ) to node []; online=yes, lastRecv=0s 2022/03/27 23:53:09 [RATELIMIT] format("open-conn-track: timeout opening %v to node %v; online=%v, lastRecv=%v")
  6. Next cloud is updated in the app instead of updating the docker. Log into your admin account go to settings/overview. There should be an update button. You can also do it in the command line but I never figured that out.
  7. I had this issue on my old server that had a slow cpu. It seamed like if the step took longer than expected the updater would give this error. I got around this by watching for my cpu usage to drop to idle and then clicking retry. Then it would continue. Hopefully it's that easy of a fix for you too. My understanding is updating via the command line doesn't have this issue but I never tried that.
  8. I got onlyoffice document server working with NC but is there a way to disable the welcome page? More specifically the test example button? I don't have the test running so the button gives 502 error, but I would just feel better if that button didn't show up at all.
  9. The naming here is confusing but the data1 and data2 are the directories that you are passing into the container. For example, if you want to pass you Media share into the container you'd put /mnt/user/Media into Path /data1. Now everything in your Media share will show up in /data1 directory within the container. Same thing with data2. I'm only using syncthing to sync my media share with another unraid server so I removed the data2 variable.
  10. I added 192.168.0.0/24 to local networks but I still get forbidden if I turn remote access back off. I guess I'll leave remote access on. Edit: Never mind. I'm a noob. Changed that to 192.168.1.0/24 and it works.
  11. Well I messed with the boot order and made sure the thumb drive was first and got it working. The weird thing is the thumb drive doesn't always show up. Not sure why that would be. Thanks for putting up with this noob.
  12. Ok so there was a boot option for uefi with the name of the thumb drive that it was trying to boot to. I changed it to boot to the actual thumb drive but now its stuck. The last line that shows up is pci 0000:00:0a.0: enabling extended tags. Do I force a restart and try it again?
  13. Hello everyone, So I restated my unraid server and I had the ssd from my old computer in it that had windows installed on it. For some reason the system decided to boot off that ssd instead of the thumb drive and booted into windows. So I shut it down, removed the ssd and reset the boot order to boot from the thumb drive but now it wont boot. All I get is a flashing curser after the bios screen goes away. What do I do to get unraid to boot up again? Thanks