Everything posted by gshlomi
-
[Support] Linuxserver.io - Nextcloud
Hi. I've had an issue with a warning in Nextcloud security & setup warnings saying "our web server is not properly set up to resolve “/.well-known/webfinger”. Further information can be found in the documentation 12." The solution was to add "rewrite ^/.well-known/webfinger /public.php?service=webfinger last;" to the /appdata/Nextcloud/nginx/site-confs/default file, in accordance with https://github.com/nextcloud/documentation/pull/877/files Personaly I hate changing nginx configuration that came with the docker itself. Is this a change that can be implemented in the container source?
-
Xeoma - Surveillance Software
Same here... Anyone?
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Thanks for the quick reply. I did create the custom network (as mentioned in _readme) and doing a DNS resolution inside the letsencrypt container returns: root@2610736c55ba:/$ nslookup Transmission 127.0.0.11 Server: 127.0.0.11 Address 1: 127.0.0.11 Name: Transmission Address 1: 172.18.0.3 Transmission.docknet root@2610736c55ba:/$ nslookup transmission 127.0.0.11 Server: 127.0.0.11 Address 1: 127.0.0.11 nslookup: can't resolve 'transmission': Name does not resolve
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Hi folks. Had to start over (too much messing around with the conf files and default)... So I've downloaded a new copy of LetsEncrypt (called it letsencrypt-temp, saved to an appdata folder by the same name) to create a new configuration, and noticed the sample files added for subdomains, which is a very elegant and helpful solution to what I need. The problem I'm having is with: All of my containers are defined with capitalization of their name (OCD anyone? ?) and I really want to keep it that way. I've tried for instance to change the "transmission.subdomain.conf" file to point $upstream_transmission to "Transmission" instead of "transmission", but it doesn't work. I get the error: in the error log. Any help would be appreciated.
-
[Support] Linuxserver.io - Nextcloud
Hi Did you solve this? Thanks
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Hi folks Can't seem to make it work again. Changed "HTTPVAL" to "true" but I think m provider blocks port 80: [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing... ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... 2048 bit DH parameters present SUBDOMAINS entered, processing Sub-domains processed are: -d www.mydomain.com -d dlg.mydomain.com -d cp.mydomain.com -d sr.mydomain.com -d sab.mydomain.com -d nc.mydomain.com -d office.mydomain.com -d plexpy.mydomain.com -d ha.mydomain.com E-mail address entered: [email protected] Different sub/domains entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created usage: certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... Certbot can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the certificate. certbot: error: argument --cert-path: No such file or directory Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for mydomain.com http-01 challenge for www.mydomain.com http-01 challenge for dlg.mydomain.com http-01 challenge for cp.mydomain.com http-01 challenge for sr.mydomain.com http-01 challenge for sab.mydomain.com http-01 challenge for nc.mydomain.com http-01 challenge for office.mydomain.com http-01 challenge for plexpy.mydomain.com http-01 challenge for ha.mydomain.com Waiting for verification... Cleaning up challenges Failed authorization procedure. ha.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://ha.mydomain.com/.well-known/acme-challenge/37kVVX3GQepKzvimZVl2ZWe9LAeWbGQHKtqriblf2eY: Timeout, cp.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://cp.mydomain.com/.well-known/acme-challenge/iblVH3jUuFK0ezr-4y8NjXmlxXc3-H7P8zzoKlKU-18: Timeout, mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mydomain.com/.well-known/acme-challenge/-L6DgVivC4CAWB4w0P_ca32hKMlMg-TCnEQ8jOshKW8: Timeout, www.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.mydomain.com/.well-known/acme-challenge/m_urJrcV5bGi7_w_TgmtP9QFyNucA4-jegcU2sh-DMo: Timeout, dlg.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://dlg.mydomain.com/.well-known/acme-challenge/X2QMi7zQp0T2n3hyP8JGSs_rQJtTR9ly874lqvtS49g: Timeout, nc.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://nc.mydomain.com/.well-known/acme-challenge/nMZ0kONU3uVrPno4IMCs5yQbYjWmhOFSE5v7rqR-gkc: Timeout, office.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://office.mydomain.com/.well-known/acme-challenge/-q-KtpROO-cUzdDcm4oO5_84E-Lf4pA1lwmi6Akuvw4: Timeout, plexpy.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://plexpy.mydomain.com/.well-known/acme-challenge/HhpJuxmw8jg3fxgZuRKLqPjNn4QQTEvBVWg66IIGMNo: Timeout, sr.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://sr.mydomain.com/.well-known/acme-challenge/BqtOau3Gc_lu5_FsPApWjF_DoChm0ctSn8DGbnd6j14: Timeout, sab.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://sab.mydomain.com/.well-known/acme-challenge/L6d2qCm8DXNUwlnjJW6pfKnJ484MS09u_InlLt9Jv_8: Timeout IMPORTANT NOTES: - The following errors were reported by the server: Domain: ha.mydomain.com Type: connection Detail: Fetching http://ha.mydomain.com/.well-known/acme-challenge/37kVVX3GQepKzvimZVl2ZWe9LAeWbGQHKtqriblf2eY: Timeout Domain: cp.mydomain.com Type: connection Detail: Fetching http://cp.mydomain.com/.well-known/acme-challenge/iblVH3jUuFK0ezr-4y8NjXmlxXc3-H7P8zzoKlKU-18: Timeout Domain: mydomain.com Type: connection Detail: Fetching http://mydomain.com/.well-known/acme-challenge/-L6DgVivC4CAWB4w0P_ca32hKMlMg-TCnEQ8jOshKW8: Timeout Domain: www.mydomain.com Type: connection Detail: Fetching http://www.mydomain.com/.well-known/acme-challenge/m_urJrcV5bGi7_w_TgmtP9QFyNucA4-jegcU2sh-DMo: Timeout Domain: dlg.mydomain.com Type: connection Detail: Fetching http://dlg.mydomain.com/.well-known/acme-challenge/X2QMi7zQp0T2n3hyP8JGSs_rQJtTR9ly874lqvtS49g: Timeout Domain: nc.mydomain.com Type: connection Detail: Fetching http://nc.mydomain.com/.well-known/acme-challenge/nMZ0kONU3uVrPno4IMCs5yQbYjWmhOFSE5v7rqR-gkc: Timeout Domain: office.mydomain.com Type: connection Detail: Fetching http://office.mydomain.com/.well-known/acme-challenge/-q-KtpROO-cUzdDcm4oO5_84E-Lf4pA1lwmi6Akuvw4: Timeout Domain: plexpy.mydomain.com Type: connection Detail: Fetching http://plexpy.mydomain.com/.well-known/acme-challenge/HhpJuxmw8jg3fxgZuRKLqPjNn4QQTEvBVWg66IIGMNo: Timeout Domain: sr.mydomain.com Type: connection Detail: Fetching http://sr.mydomain.com/.well-known/acme-challenge/BqtOau3Gc_lu5_FsPApWjF_DoChm0ctSn8DGbnd6j14: Timeout Domain: sab.mydomain.com Type: connection Detail: Fetching http://sab.mydomain.com/.well-known/acme-challenge/L6d2qCm8DXNUwlnjJW6pfKnJ484MS09u_InlLt9Jv_8: Timeout To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
-
[Support] Linuxserver.io - Nextcloud
same here
-
[CONTAINER] CrashPlan & CrashPlan-Desktop
I'm currently running CrashPlan, ResilioSync & Nextcloud on my unRAID server. Have used to backup a few computers (parents &a family) to my server, and backup my server to CrashPlan central. I'll probably switch all the computers to sync to unRAID (using Nextcloud or Resilio Sync, haven't decided yet) instead of backup, and start backing up their data folders to CP Central using the Small Bussiness account... Am I missing anything I'll lose by doing that? Thanks
-
[CONTAINER] CrashPlan & CrashPlan-Desktop
How about stopping Docker, deleting the image file and recreating the containers (without removing your appdata folder)? I know it's a must in case you replace your cache drive. Thanks
-
[Support] Linuxserver.io - Nextcloud
Thanks waiting :-)
-
[Support] Linuxserver.io - Nextcloud
OK, so I've scrapped everything and started over... Removed Nextcloud, MariaDB & LetsEncrypt containers and config folders under appdata, reinstalled them "by the book": Installed MariaDB, verified that "\appdata\MariaDB-Nextcloud\custom.cnf" includes "binlog_format=mixed" (appears to have changed in the default installation, didn't have to change it by myself). Installed Nextcloud (11.0.3 was pulled), went through the web configuration phase using InternalIP:Port (ignoring certificate error), Accessing the "Server settings" page internally, everything looks great: Installed LetsEncrypt (1.10.3 was pulled), moved all SSL related stuff to "\appdata\LetsEncrypt\nginx\ssl.conf", edited "\appdata\LetsEncrypt\nginx\site-confs\default" to contain: # redirect all traffic to https server { listen 80; server_name _; return 301 https://$host$request_uri; } # Nextcloud server block server { listen 443 ssl; server_name nc.*; include /config/nginx/ssl.conf; client_max_body_size 0; location / { include /config/nginx/proxy.conf; proxy_pass https://192.168.1.100:444; } } Accessing the "Server settings" page externally (after a popup of trusted domain), getting security warnings: Following @johnsanc advice, found out I've got the following duplicate settings at "\appdata\Nextcloud\nginx\site-confs\default" and "\appdata\LetsEncrypt\nginx\nginx.conf": add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; So now that I've found the exact problem, what would be the better way to fix it? Which file should I edit and will survive a container update? I'm tending towards changing "\appdata\Nextcloud\nginx\site-confs\default", because I want the added security headers for all of my reverse proxied sites... Thanks (especially if you've read it all )
-
[Support] Linuxserver.io - Nextcloud
I know, already checked it, but don't know why I'm the only one with this problem and where should I fix it...
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
But isn't passing htpasswd for one site (using brute, social eng, whatever) opens up all your sites to the attacker? Using every specific app built in authentication enables different passwords to different systems. Or am I missing something? Sent from my LG-K430 using Tapatalk
-
[Support] Linuxserver.io - Nextcloud
If you access Nextcloud from outside, and go to the Admin page, doesn't it alert of some security warnings?
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Security question - what is more secure - using .htaccess for authentication or using each app built-in authentication? Sent from my LG-K430 using Tapatalk
-
[Support] Linuxserver.io - Nextcloud
You were correct. It seems the headers are added in LetaEncrypt's nginx.conf and in Nextcloud's default. What's the correct location to remove it? And how come I'm thr only one with this problem? Just installed both containers from the Community Applications... Haven't done any customization except the reverse proxying in LetsEncrypt default. BTW - is there a way to combine both dockers into one, using the nginx built into Nextcloud for reverse proxying with LetsEncrypt? Sent from my LG-K430 using Tapatalk
-
[Support] Linuxserver.io - Nextcloud
10x I'll check it out as soon as I'll get home... Sent from my LG-K430 using Tapatalk
-
[Support] Linuxserver.io - Nextcloud
Anyone? Sent from my LG-K430 using Tapatalk
-
[Support] Linuxserver.io - Nextcloud
Sorry, but don't know how to check the headers. LetsEncrypt logs or Nextcloud logs?
-
[Support] Linuxserver.io - Nextcloud
Hi guys. Need some help understanding where my problem lays. Just installed Nextcloud (based on MariaDB), using LetsEncrypt container as reverse proxy. Accessing NC internally (using https://XXX.XXX.XXX.XXX:444, ignoring certificate error) shows all checks passed. Accessing NC externally (using my domain name), I receive the following: The "X-XSS-Protection" HTTP header is not configured to equal to "1; mode=block". This is a potential security or privacy risk and we recommend adjusting this setting. The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting. The "X-Robots-Tag" HTTP header is not configured to equal to "none". This is a potential security or privacy risk and we recommend adjusting this setting. The "X-Frame-Options" HTTP header is not configured to equal to "SAMEORIGIN". This is a potential security or privacy risk and we recommend adjusting this setting. I've tried adding the appropriate parameters (as found in https://docs.nextcloud.com/server/11/admin_manual/installation/nginx_nextcloud_9x.html): add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; but getting the same results after restarting LE container. Any help would be appreciated.
-
[Support] Linuxserver.io - Nextcloud
Hi. Trying to set 'htaccess.RewriteBase' => '/', but trying to run "php occ maintenance:update:htaccess" (as described in the link) inside the docker results in php: command not found. Any help would be appreciated.
-
[Support] Linuxserver.io - Transmission
Any change of adding python2.7 for nzbToMedia? Thanks anyone? Sent from my LG-D802 using Tapatalk
-
unRAID 6 NerdPack - CLI tools (iftop, iotop, screen, kbd, etc.)
Hi. Just updated my server to 6.2rc3, now the NerdPack settings screen is blank. Tried removing the plugin and the NerdPack folder under /boot/config/plugins and reinstalling, but same result. Thanks
-
[Support] Linuxserver.io - Transmission
Any change of adding python2.7 for nzbToMedia? Thanks
-
[Support] Linuxserver.io - OpenVPN AS
Some pointers to anyone installing this container (which I think should have been mentioned in the OP): [*] If using anything other then eth0 for your unRAID server, you should add a variable named INTERFACE (use the container Advanced View for that), with the value of you server network connection (the default is eth0, but if you've set up Bonding, it would probably be bond0). You can check in the WebUI Dashboard... [*] Once the container is up and running, access the admin webpage and under "Server Network Settings" make sure you enter your external IP (preferrbly - use a DDNS, but that's another story) and save the settings. [*] As for users passwords - the container is set up by default to use PAM (I have no idea why). Change it to Local (under "Authentication"->"General") and you'll be able to setup the passwords using the ui. Just my two (three) cents.