Marv

no real issue but on my iphone app the banner of my server isn't shown properly. It only shows the top left corner somehow. I'm using a resolution of 1920x90 for the banner. I think this worked in the past. Already tried readding the server without any luck.

thanks for clarifying. Just wanted to be sure I do everything correct as this is the first time I use something SAS related.

Hi, I just received my first SAS HBA. I bought a SAS 9207-8i which already had the latest firmware and IT mode enabled. I also ordered two SFF-8087 to 4x SATA forward cables as described in the first post. Unfortunately, I received the following cables: AWM 20744 E170689 SAS3.0 Can I use these aswell for my WD Reds or do I need to send them back and get the SFF-8087?

nevermind, got it working... as I forgot to define a new port variable for the JD webUI

Hi everyone, I have a hard time routing my JDownloader container through the qBittorrentVPN container. I followed the turorial from Spaceinvader mentioned above but always get an orphaned JDownloader image. This is what the container config looks like at the moment: JD2: Right now I'm trying to use a custom network typ like shown below instead of the extra parameter (net=container:qBittorrentVPN) that is used in the tutorial, because that isn't working aswell for me. I also tried deleting the port 7807 from the JD config and added an additional 7807 port to the qBittorrent config in addition to te VPN_INPUT and _OUTPUT variables. Whatever I do, I either get an orphaned JD2 image or the JD2 webUI is not working. Someone got this working?

Yeah, I've been considering this aswell but I also use a Win VM for Steam in-home streaming and some other stuff... and actually I'd really love to keep the flexibility I have with the VM functionality of unraid. Right now I'm using the AUS H97I-Plus motherboard together with a Bplus PM1061 SATA III to mini-PCIe 2.0 Adapter. So I have 6x Sata 3 ports available which are all in use by 4TB WD Reds. The M.2 port of the motherboard is used by a Samsung 960 Evo as cache So this would be the minimum I need from a new motherboard together with one PCIe 3.0 x16 port for my GPU of course. The problem I have now is that I'm running out of space on my array. So I either have the possibility to switch to a bigger case that supports micro-ATX to get more SATA ports or I upgrade my HDDs. Actually I like the second option more as my PC-Q25 sits in the living room and I couldn't find another case that my wife would accept yet... I'd love to upgrade to a Lian LI PC-M25 but this case is no longer available it seems... So if I stay with the PC-Q25 which would be silent! HDD recommendations as an upgrade to my 4TB WD Reds? I once tried n 8TB WD Red but they all do these clicking noises that are a no-go for me, because of the living room situation. If I find silent HDDs with maybe 8 or 10 TB of space I think I can keep my case and just need to update Motherboard+CPU+RAM to be able to play 4k content smoothly, correct? Does anyone use a better GPU that fits in a PC-Q25 case? What would be a good motherboard option for me? I'd also like to have the possibility for IPMI. If someone owns a PC-M25 Lian Li case and wants to sell it by the way. I'd buy it

I've used my current build for years now without major issues but have come to limitations for playback of 4k blurays it seems. So my current hardware is as follows: case: Lian Li PC-Q25B MB: Asus H97I-Plus Intel H97 CPU: Intel Core I5-4570S RAM: 2x 4096MB DDR3-1600 Kingston Value GPU: Asus Geforce GT 1030 PSU: SilverStone SST-ST45SF-G 450W SFX I'm using mainly LibreELEC in a vm for playback of my movies but 4k playback isn't possible it seems. The video is lagging and CPU workload is at 100%. Using hardware acceleration in Kodi doesn't help with my GT1030. So I'm planning to upgrade my build but haven't been looking for new hardware since 3 years now. Is it possible to upgrade my PC-Q25 case with only a new MB+CPU+GPU? The case only supports GPUs up to 210mm as my drive cages are all in use. Or does it make more sense to just switch to a bigger case for more GPU possibilities?

You are a god my friend. Thank you so much. The MSI thing did the trick. I created a file as root in the libreelec config directory: config/modprobe.d/snd-hda-intel.conf and added this line: options snd-hda-intel enable_msi=1 Sound is working now I read somewhere that I should passthrough the motherboard audio aswell when passing through video and sound from my gpu? Isn't that necessary?

After more research I added multifunction to my GPU and also adjusted the virtual bus of the virtual GPU sound to the bus from the virtual GPU video. <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> </source> <rom file='/mnt/cache/appdata/vbios/Asus.GT1030.2048.170418.rom'/> <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0' multifunction='on'/> </hostdev> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x01' slot='0x00' function='0x1'/> </source> <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x1'/> </hostdev> In addition, I changed VFIO allow unsafe interrupts to 'yes' in the VM Manager settings. Still no luck with the sound... I hope someone can point me in the right direction.

Hi everyone, I have a hard time getting my new tv Philips 65OLED936/12 to work with my vm setup. I'm running a LibreELEC and a Win10 vm since years now with the following setup: NVIDIA GT1030 VGA compatible Controller --> HDMI --> Samsung TV Intel HD Audio Controller --> Toslink --> Soundbar in LibreELEC e.g. I passthrough the onboard HD Audio Controller without any issue for Dolby and DTS. Now my new TV comes with an integrated B&W Soundbar that should be capable of HD Audio aswell as Atmos sound. I switched my setup to the following: NVIDIA GT1030 VGA compatible Controller --> HDMI --> Philips TV NVIDIA GT1030 High Def Audio Controller--> HDMI (same HDMI) --> Philips TV I was expecting that this should work like this as the Soundbar of the Philips tv are the actual speakers of the tv. But when I passthrough the NVIDIA Audio in LibreELEC I either get no sound at all or I get sound stuttering. Video works just fine. I'm using both Downstream and Multifunction as PCIe ACS override setting to get the NVIDIA video and audio controllers into separate IOMMU groups. I have also bound the following IOMMU groups to the vfio-pci driver: IOMMU group 2:[8086:0412] 00:02.0 VGA compatible controller: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor Integrated Graphics Controller (rev 06) IOMMU group 3:[8086:0c0c] 00:03.0 Audio device: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor HD Audio Controller (rev 06) IOMMU group 8:[8086:8ca0] 00:1b.0 Audio device: Intel Corporation 9 Series Chipset Family HD Audio Controller IOMMU group 13:[10de:1d01] 01:00.0 VGA compatible controller: NVIDIA Corporation GP108 [GeForce GT 1030] (rev a1) IOMMU group 14:[10de:0fb8] 01:00.1 Audio device: NVIDIA Corporation GP108 High Definition Audio Controller (rev a1) My xml looks like this: <?xml version='1.0' encoding='UTF-8'?> <domain type='kvm' id='4'> <name>LibreELEC</name> <uuid>4bcb6783-9f28-0bf3-78ed-11b492bb8b70</uuid> <description>Kodi</description> <metadata> <vmtemplate xmlns="unraid" name="Linux" icon="libreelec.png" os="linux"/> </metadata> <memory unit='KiB'>2097152</memory> <currentMemory unit='KiB'>2097152</currentMemory> <memoryBacking> <nosharepages/> </memoryBacking> <vcpu placement='static'>2</vcpu> <cputune> <vcpupin vcpu='0' cpuset='2'/> <vcpupin vcpu='1' cpuset='3'/> </cputune> <resource> <partition>/machine</partition> </resource> <os> <type arch='x86_64' machine='pc-q35-5.1'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/qemu/ovmf-x64/OVMF_CODE-pure-efi.fd</loader> <nvram>/etc/libvirt/qemu/nvram/4bcb6783-9f28-0bf3-78ed-11b492bb8b70_VARS-pure-efi.fd</nvram> </os> <features> <acpi/> <apic/> </features> <cpu mode='host-passthrough' check='none' migratable='on'> <topology sockets='1' dies='1' cores='2' threads='1'/> <cache mode='passthrough'/> </cpu> <clock offset='utc'> <timer name='rtc' tickpolicy='catchup'/> <timer name='pit' tickpolicy='delay'/> <timer name='hpet' present='no'/> </clock> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <emulator>/usr/local/sbin/qemu</emulator> <disk type='file' device='disk'> <driver name='qemu' type='raw' cache='writeback'/> <source file='/mnt/user/domains/LibreELEC/vdisk1.img' index='1'/> <backingStore/> <target dev='hdc' bus='sata'/> <boot order='1'/> <alias name='sata0-0-2'/> <address type='drive' controller='0' bus='0' target='0' unit='2'/> </disk> <controller type='pci' index='0' model='pcie-root'> <alias name='pcie.0'/> </controller> <controller type='pci' index='1' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='1' port='0x8'/> <alias name='pci.1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0' multifunction='on'/> </controller> <controller type='pci' index='2' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='2' port='0x9'/> <alias name='pci.2'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> </controller> <controller type='pci' index='3' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='3' port='0xa'/> <alias name='pci.3'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> </controller> <controller type='pci' index='4' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='4' port='0xb'/> <alias name='pci.4'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x3'/> </controller> <controller type='pci' index='5' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='5' port='0xc'/> <alias name='pci.5'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x4'/> </controller> <controller type='pci' index='6' model='pcie-root-port'> <model name='pcie-root-port'/> <target chassis='6' port='0xd'/> <alias name='pci.6'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x5'/> </controller> <controller type='virtio-serial' index='0'> <alias name='virtio-serial0'/> <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/> </controller> <controller type='sata' index='0'> <alias name='ide'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/> </controller> <controller type='usb' index='0' model='ich9-ehci1'> <alias name='usb'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x7'/> </controller> <controller type='usb' index='0' model='ich9-uhci1'> <alias name='usb'/> <master startport='0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0' multifunction='on'/> </controller> <controller type='usb' index='0' model='ich9-uhci2'> <alias name='usb'/> <master startport='2'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x1'/> </controller> <controller type='usb' index='0' model='ich9-uhci3'> <alias name='usb'/> <master startport='4'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x2'/> </controller> <interface type='bridge'> <mac address='52:54:00:62:56:ff'/> <source bridge='br0'/> <target dev='vnet0'/> <model type='virtio'/> <alias name='net0'/> <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> </interface> <serial type='pty'> <source path='/dev/pts/0'/> <target type='isa-serial' port='0'> <model name='isa-serial'/> </target> <alias name='serial0'/> </serial> <console type='pty' tty='/dev/pts/0'> <source path='/dev/pts/0'/> <target type='serial' port='0'/> <alias name='serial0'/> </console> <channel type='unix'> <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-4-LibreELEC/org.qemu.guest_agent.0'/> <target type='virtio' name='org.qemu.guest_agent.0' state='disconnected'/> <alias name='channel0'/> <address type='virtio-serial' controller='0' bus='0' port='1'/> </channel> <input type='mouse' bus='ps2'> <alias name='input0'/> </input> <input type='keyboard' bus='ps2'> <alias name='input1'/> </input> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> </source> <alias name='hostdev0'/> <rom file='/mnt/cache/appdata/vbios/Asus-GT1030-2048-170418.dump'/> <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x01' slot='0x00' function='0x1'/> </source> <alias name='hostdev1'/> <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </source> <alias name='hostdev2'/> <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x00' slot='0x1b' function='0x0'/> </source> <alias name='hostdev3'/> <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='usb' managed='no'> <source> <vendor id='0x045e'/> <product id='0x02a9'/> <address bus='3' device='2'/> </source> <alias name='hostdev4'/> <address type='usb' bus='0' port='1'/> </hostdev> <hostdev mode='subsystem' type='usb' managed='no'> <source> <vendor id='0x046d'/> <product id='0xc52b'/> <address bus='3' device='3'/> </source> <alias name='hostdev5'/> <address type='usb' bus='0' port='2'/> </hostdev> <memballoon model='none'/> </devices> <seclabel type='dynamic' model='dac' relabel='yes'> <label>+0:+100</label> <imagelabel>+0:+100</imagelabel> </seclabel> </domain> Below a screenshot below of how my LibreELEC vm is configured at the moment I also just tried using a vbios aswell and also removed all the other sound cards just for trial and error... Can anybody help me here to get this working please? I'm totally lost right now and really don't understand what's wrong with my setup.

I didn't use my Win10 vm for some time but tried to update it now to the latest virtIO drivers after upgrading to unraid 6.9.2. I always get this error message when trying to change anything in the vm settings: XML error: Multiple 'scsi' controllers with index '0' I'm unable to get this to work. Even after removing the scsi rows from my xml manually I still get this error. Can someone have a look at my xml maybe and help me out here? <?xml version='1.0' encoding='UTF-8'?> <domain type='kvm'> <name>Windows 10</name> <uuid>a79cc98d-162e-7084-890b-3230243f99ab</uuid> <description>Win10</description> <metadata> <vmtemplate xmlns="unraid" name="Windows 10" icon="windows.png" os="windows10"/> </metadata> <memory unit='KiB'>4194304</memory> <currentMemory unit='KiB'>4194304</currentMemory> <memoryBacking> <nosharepages/> </memoryBacking> <vcpu placement='static'>2</vcpu> <cputune> <vcpupin vcpu='0' cpuset='2'/> <vcpupin vcpu='1' cpuset='3'/> </cputune> <os> <type arch='x86_64' machine='pc-i440fx-3.0'>hvm</type> <loader readonly='yes' type='pflash'>/usr/share/qemu/ovmf-x64/OVMF_CODE-pure-efi.fd</loader> <nvram>/etc/libvirt/qemu/nvram/a79cc98d-162e-7084-890b-3230243f99ab_VARS-pure-efi.fd</nvram> </os> <features> <acpi/> <apic/> <hyperv> <relaxed state='on'/> <vapic state='on'/> <spinlocks state='on' retries='8191'/> <vendor_id state='on' value='none'/> </hyperv> </features> <cpu mode='host-passthrough' check='none' migratable='on'> <topology sockets='1' dies='1' cores='2' threads='1'/> </cpu> <clock offset='localtime'> <timer name='hypervclock' present='yes'/> <timer name='hpet' present='no'/> </clock> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <emulator>/usr/local/sbin/qemu</emulator> <disk type='file' device='disk'> <driver name='qemu' type='raw' cache='writeback' discard='unmap'/> <source file='/mnt/user/domains/Windows 10/vdisk1.img'/> <target dev='hdc' bus='scsi'/> <boot order='1'/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> <disk type='file' device='cdrom'> <driver name='qemu' type='raw'/> <source file='/mnt/user/ISOs/Windows 10 x64.iso'/> <target dev='hda' bus='ide'/> <readonly/> <boot order='2'/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> <disk type='file' device='cdrom'> <driver name='qemu' type='raw'/> <source file='/mnt/user/ISOs/virtio-win-0.1.160-1.iso'/> <target dev='hdb' bus='ide'/> <readonly/> <address type='drive' controller='0' bus='0' target='0' unit='1'/> </disk> <controller type='usb' index='0' model='ich9-ehci1'> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x7'/> </controller> <controller type='usb' index='0' model='ich9-uhci1'> <master startport='0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0' multifunction='on'/> </controller> <controller type='usb' index='0' model='ich9-uhci2'> <master startport='2'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x1'/> </controller> <controller type='usb' index='0' model='ich9-uhci3'> <master startport='4'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x2'/> </controller> <controller type='pci' index='0' model='pci-root'/> <controller type='ide' index='0'> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> </controller> <controller type='virtio-serial' index='0'> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </controller> <controller type='scsi' index='0' model='virtio-scsi'> <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/> </controller> <interface type='bridge'> <mac address='52:54:00:c3:3c:9e'/> <source bridge='br0'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> </interface> <serial type='pty'> <target type='isa-serial' port='0'> <model name='isa-serial'/> </target> </serial> <console type='pty'> <target type='serial' port='0'/> </console> <channel type='unix'> <target type='virtio' name='org.qemu.guest_agent.0'/> <address type='virtio-serial' controller='0' bus='0' port='1'/> </channel> <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> </source> <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x01' slot='0x00' function='0x1'/> </source> <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='pci' managed='yes'> <driver name='vfio'/> <source> <address domain='0x0000' bus='0x00' slot='0x1b' function='0x0'/> </source> <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/> </hostdev> <hostdev mode='subsystem' type='usb' managed='no'> <source> <vendor id='0x046d'/> <product id='0xc52b'/> <address bus='3' device='2'/> </source> <address type='usb' bus='0' port='2'/> </hostdev> <hostdev mode='subsystem' type='usb' managed='no'> <source> <vendor id='0x046d'/> <product id='0xc52b'/> <address bus='3' device='4'/> </source> <address type='usb' bus='0' port='3'/> </hostdev> <hostdev mode='subsystem' type='usb' managed='no'> <source> <vendor id='0x13fd'/> <product id='0x3940'/> </source> <address type='usb' bus='0' port='4'/> </hostdev> <memballoon model='virtio'> <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/> </memballoon> </devices> </domain>

I noticed that my log file fills up with many errors that look like this: wsdd[5806]: getXAddrListForInterface: IP not found wsdd[5806]: wsd_udp_request: Error creating XAddr list wsdd[5806]: getXAddrListForInterface: IP not found wsdd[5806]: wsd_udp_request: Error creating XAddr list I couldn't find anything similar. Can someone tell me what's going on or if this can be ignored?

Did the container stopped working for anyone else since upgrading to 6.8.3? I just get "server execution error" when trying to start it. This is the only container I have this problem with

Upgade went without any issue for me and everyhing is working as expected. But I noticed that my server needs much more time to boot now. Is there anything in the changelog that can explain this?

Ok thanks. I'll try this later. Just out of curiosity: Is it possible to use the default config file under "site-confs" to just handle my Nextcloud subdomain (cloud.mydomain.com) and another config for Emby (emby.mydomain.com) under "proxy-confs"? The reason I'm asking is because I don't really have a use case for my main domain (mydomain.com) or my DNS url and just want the two subdomains to be "visible". So when entering either mydomain.com or my DNS domain I want to get pointed to cloud.mydomain.com for example. Is this possible?

But my container is named "Nextcloud" actually. That's why I'm using: set $upstream_nextcloud Nextcloud; Isn't this correct then?

Hi, I'm trying to move my Nextcloud setup from a subfolder setup to a dedicated subdomain using a CNAME record pointing to my DNS. But I'm struggling to get this to work. Here are the files I adjusted, maybe someone can have a look at this please: Letsencrypt container: config\nginx\proxy-confs\nextcloud.subdomain.conf server { listen 443 ssl; listen [::]:443 ssl; server_name cloud.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_nextcloud Nextcloud; proxy_max_temp_file_size 2048m; proxy_pass https://$upstream_nextcloud:443; } } Letsencrypt container: config\nginx\site-confs\default # redirect all traffic to https server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 301 https://$host$request_uri; } # main server block server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; root /config/www; index index.html index.htm index.php; server_name _; # enable subfolder method reverse proxy confs #include /config/nginx/proxy-confs/*.subfolder.conf; # all ssl related config moved to ssl.conf include /config/nginx/ssl.conf; # enable for ldap auth #include /config/nginx/ldap.conf; client_max_body_size 0; location / { try_files $uri $uri/ /index.html /index.php?$args =404; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include /etc/nginx/fastcgi_params; } } # enable subdomain method reverse proxy confs include /config/nginx/proxy-confs/*.subdomain.conf; # enable proxy cache for auth proxy_cache_path cache/ keys_zone=auth_cache:10m; Nextcloud container config\nginx\site-confs\default upstream php-handler { server 127.0.0.1:9000; # server unix:/var/run/php/php7.2-fpm.sock; } server { listen 80; # listen [::]:80; server_name cloud.*; # enforce https return 301 https://$server_name:443$request_uri; } server { listen 443 ssl http2; # listen [::]:443 ssl http2; server_name cloud.*; # Use Mozilla's guidelines for SSL/TLS settings # https://mozilla.github.io/server-side-tls/ssl-config-generator/ # NOTE: some settings below might be redundant ssl_certificate /config/keys/cert.crt; ssl_certificate_key /config/keys/cert.key; # Add headers to serve security related headers # Before enabling Strict-Transport-Security headers please read into this # topic first. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; # Fetch forwarded remote IP address instead of IP address of docker0 bridge interface real_ip_header X-Forwarded-For; set_real_ip_from 172.17.0.0/16; real_ip_recursive on; # Path to the root of your installation root /config/www/nextcloud; location = /robots.txt { allow all; log_not_found off; access_log off; } # The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /nextcloud/public.php?service=host-meta-json last; # The following rule is only needed for the Social app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/webfinger /nextcloud/public.php?service=webfinger last; location = /.well-known/carddav { return 301 $scheme://$host:$server_port/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host:$server_port/remote.php/dav; } # set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; location / { rewrite ^ /index.php; } location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { deny all; } location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; # Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; # Enable pretty urls fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { try_files $uri/ =404; index index.php; } # Adding the cache control header for js, css and map files # Make sure it is BELOW the PHP block location ~ \.(?:css|js|woff2?|svg|gif|map)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; # Add headers to serve security related headers (It is intended to # have those duplicated to the ones above) # Before enabling Strict-Transport-Security headers please read into # this topic first. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; # Optional: Don't log access to assets access_log off; } location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { try_files $uri /index.php$request_uri; # Optional: Don't log access to other assets access_log off; } } Nextcloud container: config\www\nextcloud\config\default <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'xxx', 'passwordsalt' => 'xxx', 'secret' => 'xxx', 'trusted_domains' => array ( 0 => '192.168.121.10:444', 1 => 'cloud.mydomain.de', ), 'trusted_proxies' => ['letsencrypt'], 'overwrite.cli.url' => 'https://cloud.mydomain.de', 'overwritehost' => 'cloud.mydomain.de', 'overwriteprotocol' => 'https', '... ); I'm also running Emby with the same config files in Letsencrypt and have no issues there. When trying to load my Nextcloud site I just get 502 Bad Gateway after a while.

Sorry for the late response. I don't use Ryzen. The error is gone for me since some Emby update.

Ok, thanks for your clarification

Hi, I recognized these errors in my logs from time to time: Feb 11 06:55:38 server kernel: ffdetect[7993]: segfault at 38 ip 0000000000403a38 sp 00007ffe0bc961a0 error 4 in ffdetect[400000+15000] Feb 11 06:55:38 server kernel: Code: 66 90 48 8b 14 24 48 8d 35 2c a6 00 00 bf 01 00 00 00 31 c0 4c 8d 35 a7 a9 00 00 ff 15 09 42 21 00 48 89 ef ff 15 38 43 21 00 <45> 0f b6 2c 24 45 84 ed 75 4c e9 99 00 00 00 66 0f 1f 84 00 00 00 Feb 11 06:55:38 server kernel: ffdetect[7994]: segfault at 38 ip 0000000000403a38 sp 00007ffc20f107b0 error 4 in ffdetect[400000+15000] Feb 11 06:55:38 server kernel: Code: 66 90 48 8b 14 24 48 8d 35 2c a6 00 00 bf 01 00 00 00 31 c0 4c 8d 35 a7 a9 00 00 ff 15 09 42 21 00 48 89 ef ff 15 38 43 21 00 <45> 0f b6 2c 24 45 84 ed 75 4c e9 99 00 00 00 66 0f 1f 84 00 00 00 Can someone tell me what's going on there please?

I'm looking in /config/log/letsencrypt/letsencrypt.log After another try changing the subdomains the logfile got updated again. I don't know why it wasn't working before. But it seems to be solved somehow.

I have the same problem that I got an email that my cert is going to expire. I didn't change anything in my docker config for over a year so I don't really know what was causing this. So I tried adding a subdomain in the container settings which triggert a cert renewal. But I still got the problem that the renewal process is somehow not working properly. When checking the letsencrypt logfile it didn't get changed for more than 20 days now. This is the last entry: cronjob running on Sat Jan 19 02:08:00 CET 2019 Running certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/xxxxxxxserver.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certs are not due for renewal yet: /etc/letsencrypt/live/xxxxxxxserver.com/fullchain.pem expires on 2019-02-18 (skipped) No renewals were attempted. No hooks were run. Even the manual renewal by adding a subdomain did not trigger a log entry. Whats going on here?

You update the Nextcloud version from the Nextcloud webUI. It doesn't get updated by updating the docker container. To get rid of your error add add_header Referrer-Policy no-referrer always; into '/config/nginx/site-confs/default' (Nextcloud's appdata folder)

I can't seem to get this working. What file do I need to edit? I tried '/config/nginx/site-confs/default' inside the nextcloud container and my nginx container aswell

Unfortunately that's not solving the 'caldav/carddav' issue. Adding the header solves the Referrer-Policy issue. If anyone knows how to resolve 'caldav/carddav' this would be great.