Jump to content

Marv

Members
  • Content Count

    215
  • Joined

  • Last visited

Community Reputation

3 Neutral

1 Follower

About Marv

  • Rank
    Advanced Member

Converted

  • Gender
    Male
  • Location
    Germany

Recent Profile Visitors

961 profile views
  1. Did the container stopped working for anyone else since upgrading to 6.8.3? I just get "server execution error" when trying to start it. This is the only container I have this problem with
  2. Upgade went without any issue for me and everyhing is working as expected. But I noticed that my server needs much more time to boot now. Is there anything in the changelog that can explain this?
  3. Ok thanks. I'll try this later. Just out of curiosity: Is it possible to use the default config file under "site-confs" to just handle my Nextcloud subdomain (cloud.mydomain.com) and another config for Emby (emby.mydomain.com) under "proxy-confs"? The reason I'm asking is because I don't really have a use case for my main domain (mydomain.com) or my DNS url and just want the two subdomains to be "visible". So when entering either mydomain.com or my DNS domain I want to get pointed to cloud.mydomain.com for example. Is this possible?
  4. But my container is named "Nextcloud" actually. That's why I'm using: set $upstream_nextcloud Nextcloud; Isn't this correct then?
  5. Hi, I'm trying to move my Nextcloud setup from a subfolder setup to a dedicated subdomain using a CNAME record pointing to my DNS. But I'm struggling to get this to work. Here are the files I adjusted, maybe someone can have a look at this please: Letsencrypt container: config\nginx\proxy-confs\nextcloud.subdomain.conf server { listen 443 ssl; listen [::]:443 ssl; server_name cloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nextcloud Nextcloud; proxy_max_temp_file_size 2048m; proxy_pass https://$upstream_nextcloud:443; } } Letsencrypt container: config\nginx\site-confs\default # redirect all traffic to https server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 301 https://$host$request_uri; } # main server block server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; root /config/www; index index.html index.htm index.php; server_name _; # enable subfolder method reverse proxy confs #include /config/nginx/proxy-confs/*.subfolder.conf; # all ssl related config moved to ssl.conf include /config/nginx/ssl.conf; # enable for ldap auth #include /config/nginx/ldap.conf; client_max_body_size 0; location / { try_files $uri $uri/ /index.html /index.php?$args =404; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } } # enable subdomain method reverse proxy confs include /config/nginx/proxy-confs/*.subdomain.conf; # enable proxy cache for auth proxy_cache_path cache/ keys_zone=auth_cache:10m; Nextcloud container config\nginx\site-confs\default upstream php-handler { server 127.0.0.1:9000; # server unix:/var/run/php/php7.2-fpm.sock; } server { listen 80; # listen [::]:80; server_name cloud.*; # enforce https return 301 https://$server_name:443$request_uri; } server { listen 443 ssl http2; # listen [::]:443 ssl http2; server_name cloud.*; # Use Mozilla's guidelines for SSL/TLS settings # https://mozilla.github.io/server-side-tls/ssl-config-generator/ # NOTE: some settings below might be redundant ssl_certificate /config/keys/cert.crt; ssl_certificate_key /config/keys/cert.key; # Add headers to serve security related headers # Before enabling Strict-Transport-Security headers please read into this # topic first. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; # Fetch forwarded remote IP address instead of IP address of docker0 bridge interface real_ip_header X-Forwarded-For; set_real_ip_from 172.17.0.0/16; real_ip_recursive on; # Path to the root of your installation root /config/www/nextcloud; location = /robots.txt { allow all; log_not_found off; access_log off; } # The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /nextcloud/public.php?service=host-meta-json last; # The following rule is only needed for the Social app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/webfinger /nextcloud/public.php?service=webfinger last; location = /.well-known/carddav { return 301 $scheme://$host:$server_port/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host:$server_port/remote.php/dav; } # set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; location / { rewrite ^ /index.php; } location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { deny all; } location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; # Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; # Enable pretty urls fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { try_files $uri/ =404; index index.php; } # Adding the cache control header for js, css and map files # Make sure it is BELOW the PHP block location ~ \.(?:css|js|woff2?|svg|gif|map)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; # Add headers to serve security related headers (It is intended to # have those duplicated to the ones above) # Before enabling Strict-Transport-Security headers please read into # this topic first. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; # Optional: Don't log access to assets access_log off; } location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { try_files $uri /index.php$request_uri; # Optional: Don't log access to other assets access_log off; } } Nextcloud container: config\www\nextcloud\config\default <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'xxx', 'passwordsalt' => 'xxx', 'secret' => 'xxx', 'trusted_domains' => array ( 0 => '192.168.121.10:444', 1 => 'cloud.mydomain.de', ), 'trusted_proxies' => ['letsencrypt'], 'overwrite.cli.url' => 'https://cloud.mydomain.de', 'overwritehost' => 'cloud.mydomain.de', 'overwriteprotocol' => 'https', '... ); I'm also running Emby with the same config files in Letsencrypt and have no issues there. When trying to load my Nextcloud site I just get 502 Bad Gateway after a while.
  6. Sorry for the late response. I don't use Ryzen. The error is gone for me since some Emby update.
  7. Ok, thanks for your clarification
  8. Hi, I recognized these errors in my logs from time to time: Feb 11 06:55:38 server kernel: ffdetect[7993]: segfault at 38 ip 0000000000403a38 sp 00007ffe0bc961a0 error 4 in ffdetect[400000+15000] Feb 11 06:55:38 server kernel: Code: 66 90 48 8b 14 24 48 8d 35 2c a6 00 00 bf 01 00 00 00 31 c0 4c 8d 35 a7 a9 00 00 ff 15 09 42 21 00 48 89 ef ff 15 38 43 21 00 <45> 0f b6 2c 24 45 84 ed 75 4c e9 99 00 00 00 66 0f 1f 84 00 00 00 Feb 11 06:55:38 server kernel: ffdetect[7994]: segfault at 38 ip 0000000000403a38 sp 00007ffc20f107b0 error 4 in ffdetect[400000+15000] Feb 11 06:55:38 server kernel: Code: 66 90 48 8b 14 24 48 8d 35 2c a6 00 00 bf 01 00 00 00 31 c0 4c 8d 35 a7 a9 00 00 ff 15 09 42 21 00 48 89 ef ff 15 38 43 21 00 <45> 0f b6 2c 24 45 84 ed 75 4c e9 99 00 00 00 66 0f 1f 84 00 00 00 Can someone tell me what's going on there please?
  9. I'm looking in /config/log/letsencrypt/letsencrypt.log After another try changing the subdomains the logfile got updated again. I don't know why it wasn't working before. But it seems to be solved somehow.
  10. I have the same problem that I got an email that my cert is going to expire. I didn't change anything in my docker config for over a year so I don't really know what was causing this. So I tried adding a subdomain in the container settings which triggert a cert renewal. But I still got the problem that the renewal process is somehow not working properly. When checking the letsencrypt logfile it didn't get changed for more than 20 days now. This is the last entry: cronjob running on Sat Jan 19 02:08:00 CET 2019 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/xxxxxxxserver.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certs are not due for renewal yet: /etc/letsencrypt/live/xxxxxxxserver.com/fullchain.pem expires on 2019-02-18 (skipped) No renewals were attempted. No hooks were run. Even the manual renewal by adding a subdomain did not trigger a log entry. Whats going on here?
  11. You update the Nextcloud version from the Nextcloud webUI. It doesn't get updated by updating the docker container. To get rid of your error add add_header Referrer-Policy no-referrer always; into '/config/nginx/site-confs/default' (Nextcloud's appdata folder)
  12. I can't seem to get this working. What file do I need to edit? I tried '/config/nginx/site-confs/default' inside the nextcloud container and my nginx container aswell
  13. Unfortunately that's not solving the 'caldav/carddav' issue. Adding the header solves the Referrer-Policy issue. If anyone knows how to resolve 'caldav/carddav' this would be great.
  14. Hi, there seems to be a bug when using "wait" values for docker containers and then rearranging the order of the docker containers. This won't update the list order. So the start order of the docker containers stays the same as before. these are my settings in the webUI and this is the start order of the containers Sep 28 18:32:08 unMARV rc.docker: EmbyServer: started succesfully! Sep 28 18:32:08 unMARV rc.docker: EmbyServer: wait 5 seconds Sep 28 18:32:13 unMARV rc.docker: JDownloader-2: started succesfully! Sep 28 18:32:13 unMARV rc.docker: JDownloader-2: wait 5 seconds Sep 28 18:32:19 unMARV rc.docker: Letsencrypt-Nginx: started succesfully! Sep 28 18:32:19 unMARV rc.docker: Letsencrypt-Nginx: wait 5 seconds Sep 28 18:32:24 unMARV rc.docker: MariaDB: wait 5 seconds Sep 28 18:32:24 unMARV rc.docker: MariaDB: started succesfully! Sep 28 18:32:30 unMARV rc.docker: Nextcloud: started succesfully! Sep 28 18:32:30 unMARV rc.docker: Nextcloud: wait 5 seconds Sep 28 18:32:35 unMARV rc.docker: TeamSpeak: started succesfully! Sep 28 18:32:35 unMARV rc.docker: TeamSpeak: wait 5 seconds Sep 28 18:32:41 unMARV rc.docker: Tvheadend: wait 5 seconds Sep 28 18:32:41 unMARV rc.docker: Tvheadend: started succesfully! Sep 28 18:32:46 unMARV rc.docker: cAdvisor: started succesfully! diagnostics-20180928-2323.zip