[Support] Linuxserver.io - Nextcloud


Recommended Posts

7 hours ago, CHBMB said:

 

Have you got Letsencrypt working?

I finally got got it working after so many hours.   I have multiple dockers that were conflicting with letsencrypt after cleaning up it works like charm.  Your documentation was great and help greatly.  

 

 

Link to comment

Ok since I finally got letsencrypts and Nextcloud working I want to move my owncloud files to the new nextcloud directory.   When I do move them obviously nextcloud doesn't show the new files.    I read about the occ command line and I can do something like occ files:scan command that would basically refresh the folders and show the files in nextcloud on my account.   The issues I'm having is when I tried to run the command I get  "sudo -u www-data php occ files:scan" in the docker CLI and all I get is unable to initialze policy plugin.

 

Any advice would be appreciated.

Link to comment
5 hours ago, Blackrain said:

Ok since I finally got letsencrypts and Nextcloud working I want to move my owncloud files to the new nextcloud directory.   When I do move them obviously nextcloud doesn't show the new files.    I read about the occ command line and I can do something like occ files:scan command that would basically refresh the folders and show the files in nextcloud on my account.   The issues I'm having is when I tried to run the command I get  "sudo -u www-data php occ files:scan" in the docker CLI and all I get is unable to initialze policy plugin.

 

Any advice would be appreciated.

Do you have to switch to maintenance mode first? - just a thought.

Link to comment
On 5/28/2017 at 6:01 AM, CHBMB said:

I got no experience with LDAP at all, not even sure where to start with this one..... 

 

I have done a bit more digging on this issue. Nobody on the Nextcloud forum has helped either.

 

I went to deploy another Nextcloud Community VM, and I happened to notice a message run across the screen as I was installing.  I'm wondering if this might be an issue?  Is it possible that the Docker (for either Nextcloud or MyMaria) is not using/allowing the proper encoding?

 

This is the message I saw:

lNQI5iA.png

 

This is from my Docker Nextcloud log:

{"reqId":"redacted","level":3,"time":"2017-05-22T21:38:39+00:00","remoteAddr":"10.1.1.9","user":"ncadmin","app":"PHP","method":"GET","url":"\/index.php\/settings\/users\/users?offset=0&limit=50&gid=&pattern=","message":"iconv(): Wrong charset, conversion from `UTF-8' to `ASCII\/\/TRANSLIT' is not allowed at \/config\/www\/nextcloud\/apps\/user_ldap\/lib\/Access.php#1203","userAgent":"Mozilla\/5.0 (Windows NT 10.0; WOW64; Trident\/7.0; rv:11.0) like Gecko","version":"12.0.0.29"}

{"reqId":"redacted","level":3,"time":"2017-05-23T12:15:01+00:00","remoteAddr":"","user":"--","app":"PHP","method":"--","url":"--","message":"iconv(): Wrong charset, conversion from `UTF-8' to `ASCII\/\/TRANSLIT' is not allowed at \/config\/www\/nextcloud\/apps\/user_ldap\/lib\/Access.php#1203","userAgent":"--","version":"12.0.0.29"}

 

Edited by StevenD
Link to comment

I've deployed the docker a couple of days ago, it mostly seems to be working, except uploading big files. Furthermore, I have the following errors on the admin page. I've set the X-Frame to SAMEORIGIN. But the error keeps popping up:

 

  • The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting.
  • The "X-Frame-Options" HTTP header is not configured to equal to "SAMEORIGIN". This is a potential security or privacy risk and we recommend adjusting this setting.
  • The PHP Opcache is not properly configured. For better performance we recommend ↗ to use following settings in the php.ini:
    opcache.enable=1
    opcache.enable_cli=1
    opcache.interned_strings_buffer=8
    opcache.max_accelerated_files=10000
    opcache.memory_consumption=128
    opcache.save_comments=1
    opcache.revalidate_freq=1

Please double check the installation guides ↗, and check for any errors or warnings in the log.

 

 

Link to comment
1 hour ago, StevenD said:

 

I have done a bit more digging on this issue. Nobody on the Nextcloud forum has helped either.

 

I went to deploy another Nextcloud Community VM, and I happened to notice a message run across the screen as I was installing.  I'm wondering if this might be an issue?  Is it possible that the Docker (for either Nextcloud or MyMaria) is not using/allowing the proper encoding?

 

This is the message I saw:

lNQI5iA.png

 

This is from my Docker Nextcloud log:


{"reqId":"redacted","level":3,"time":"2017-05-22T21:38:39+00:00","remoteAddr":"10.1.1.9","user":"ncadmin","app":"PHP","method":"GET","url":"\/index.php\/settings\/users\/users?offset=0&limit=50&gid=&pattern=","message":"iconv(): Wrong charset, conversion from `UTF-8' to `ASCII\/\/TRANSLIT' is not allowed at \/config\/www\/nextcloud\/apps\/user_ldap\/lib\/Access.php#1203","userAgent":"Mozilla\/5.0 (Windows NT 10.0; WOW64; Trident\/7.0; rv:11.0) like Gecko","version":"12.0.0.29"}

{"reqId":"redacted","level":3,"time":"2017-05-23T12:15:01+00:00","remoteAddr":"","user":"--","app":"PHP","method":"--","url":"--","message":"iconv(): Wrong charset, conversion from `UTF-8' to `ASCII\/\/TRANSLIT' is not allowed at \/config\/www\/nextcloud\/apps\/user_ldap\/lib\/Access.php#1203","userAgent":"--","version":"12.0.0.29"}

 

 

@CHBMB

 

A bit more research.  It seems it may be an issue with Alpine??

 

https://github.com/docker-library/php/issues/240

 

This in the nextcloud.log led me to the link above:

 

iconv(): Wrong charset, conversion from `UTF-8' to `ASCII//TRANSLIT' is not allowed at /config/www/nextcloud/apps/user_ldap/lib/Access.php#1203
	iconv(): Wrong charset, conversion from `UTF-8' to `ASCII//TRANSLIT' is not allowed at /config/www/nextcloud/apps/user_ldap/lib/Access.php#1203

 

Edited by StevenD
Link to comment
15 hours ago, StevenD said:

 

@CHBMB

 

A bit more research.  It seems it may be an issue with Alpine??

 

https://github.com/docker-library/php/issues/240

 

This in the nextcloud.log led me to the link above:

 

iconv(): Wrong charset, conversion from `UTF-8' to `ASCII//TRANSLIT' is not allowed at /config/www/nextcloud/apps/user_ldap/lib/Access.php#1203

	iconv(): Wrong charset, conversion from `UTF-8' to `ASCII//TRANSLIT' is not allowed at /config/www/nextcloud/apps/user_ldap/lib/Access.php#1203

 

 

I had a simular issue with nextcloud.  I talked with the nextcloud developer and it was determined it was the docker.  I posted it on this forum somewhere to make a change to the docker as apline was the issues and was basically denied so I gave up on LDAP. 

 

Edit: Here is the post:  

 

 

Glad to see it isnt only me having the issue.  I'd love to see it solved so I can use LDAP again.

Edited by RAINMAN
  • Upvote 1
Link to comment

I took a look at your link and the problem with that assumption is that Steven had it working before using Alpine and on Nextcloud.

It may be a similar issue, in that LDAP was broken but that doesn't mean it's the same root cause.

And if we didn't implement the fix requested at that time, and Nextcloud was subsequently working, again, points towards that fix not being required.

Sent from my LG-H815 using Tapatalk

Link to comment
17 minutes ago, CHBMB said:

I took a look at your link and the problem with that assumption is that Steven had it working before using Alpine and on Nextcloud.

It may be a similar issue, in that LDAP was broken but that doesn't mean it's the same root cause.

And if we didn't implement the fix requested at that time, and Nextcloud was subsequently working, again, points towards that fix not being required.

Sent from my LG-H815 using Tapatalk
 

 

Except, that it doesn't work anymore.  The only references to this issue I see are with Alpine.

 

Is it not possible to implement a workaround/fix in the Docker?

 

Link to comment

CHBMB, thank you soooo much for your guide. I was able to upgrade Nextcloud to the version 12.

 

However I was not able to switch from https://server.com/nextcloud to https://nextcloud.server.com and as result Nextcloud Security scan is showing me a Rating A rather than a Rating A+.

 

There are two elements that the scan is complaining about, please see attached screen shot.

 

appdata/letsencrypt/nginx/site-confs/default:

server {  
    listen 443 ssl;
    server_name dyndns-server.spdns.net;

    root /config/www;
    index index.html index.htm index.php;

    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;

    ###SSL Ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    client_max_body_size 0;

    location / {
        proxy_pass https://192.168.1.28:444/;
        proxy_max_temp_file_size 2048m;
        include /config/nginx/proxy.conf;
    }
}

appdata/nextcloud/www/nextcloud/config/config.php:

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'oc70mn6ljhz2',
  'passwordsalt' => 'secretpassword',
  'secret' => 'secretpassword',
  'trusted_domains' => 
  array (
    0 => '192.168.1.28:444',
    1 => 'dyndns-server.spdns.net',
  ),
  'overwrite.cli.url' => 'https://dyndns-server.spdns.net',
  'overwritehost' => 'dyndns-server.spdns.net',
  'overwriteprotocol' => 'https',
  'dbtype' => 'mysql',
  'version' => '12.0.0.29',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.1.28:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_root',
  'dbpassword' => 'secretpassword',
  'logtimezone' => 'UTC',
  'installed' => true,
  'default_language' => 'de',
  'maintenance' => false,
  'defaultapp' => 'files',
  'knowledgebaseenabled' => true,
  'enable_avatars' => true,
  'allow_user_to_change_display_name' => false,
  'loglevel' => 0,
  'logfile' => '/config/nextcloud.log',
  'appstoreenabled' => true,
  'updater.release.channel' => 'stable',
  'updater.secret' => 'secretpassword',
  'theme' => '',
);

Second issue is the warning about the X-FRAME-Options Header. Sorry for the german message. I can only get rid of that message by out commenting the parameter in appdata/nextcloud/www/nextcloud/.htaccess like so:

  <IfModule mod_env.c>                                                                                                              
    # Add security and privacy related headers                                                                                                                                                                                     
    # Header set X-Frame-Options "SAMEORIGIN" 

 

Security Scan.jpg

X-Frame-Options.jpg

Edited by EdgarWallace
Link to comment
9 hours ago, EdgarWallace said:

CHBMB, thank you soooo much for your guide. I was able to upgrade Nextcloud to the version 12.

 

However I was not able to switch from https://server.com/nextcloud to https://nextcloud.server.com and as result Nextcloud Security scan is showing me a Rating A rather than a Rating A+.

 

There are two elements that the scan is complaining about, please see attached screen shot.

 

appdata/letsencrypt/nginx/site-confs/default:


server {  
    listen 443 ssl;
    server_name dyndns-server.spdns.net;

    root /config/www;
    index index.html index.htm index.php;

    ###SSL Certificates
    ssl_certificate /config/keys/letsencrypt/fullchain.pem;
    ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

    ###Diffie–Hellman key exchange ###
    ssl_dhparam /config/nginx/dhparams.pem;

    ###SSL Ciphers
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

    ###Extra Settings###
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    ### Add HTTP Strict Transport Security ###
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
    add_header Front-End-Https on;

    client_max_body_size 0;

    location / {
        proxy_pass https://192.168.1.28:444/;
        proxy_max_temp_file_size 2048m;
        include /config/nginx/proxy.conf;
    }
}

appdata/nextcloud/www/nextcloud/config/config.php:


<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'oc70mn6ljhz2',
  'passwordsalt' => 'secretpassword',
  'secret' => 'secretpassword',
  'trusted_domains' => 
  array (
    0 => '192.168.1.28:444',
    1 => 'dyndns-server.spdns.net',
  ),
  'overwrite.cli.url' => 'https://dyndns-server.spdns.net',
  'overwritehost' => 'dyndns-server.spdns.net',
  'overwriteprotocol' => 'https',
  'dbtype' => 'mysql',
  'version' => '12.0.0.29',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.1.28:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_root',
  'dbpassword' => 'secretpassword',
  'logtimezone' => 'UTC',
  'installed' => true,
  'default_language' => 'de',
  'maintenance' => false,
  'defaultapp' => 'files',
  'knowledgebaseenabled' => true,
  'enable_avatars' => true,
  'allow_user_to_change_display_name' => false,
  'loglevel' => 0,
  'logfile' => '/config/nextcloud.log',
  'appstoreenabled' => true,
  'updater.release.channel' => 'stable',
  'updater.secret' => 'secretpassword',
  'theme' => '',
);

Second issue is the warning about the X-FRAME-Options Header. Sorry for the german message. I can only get rid of that message by out commenting the parameter in appdata/nextcloud/www/nextcloud/.htaccess like so:


  <IfModule mod_env.c>                                                                                                              
    # Add security and privacy related headers                                                                                                                                                                                     
    # Header set X-Frame-Options "SAMEORIGIN" 

 

Security Scan.jpg

X-Frame-Options.jpg

See here

  • Upvote 1
Link to comment
On 2017-5-30 at 11:14 PM, CHBMB said:

@Diggewuff protected shares working fine for me..... mymrjtd.png

 

That's with a protected share called test on my Unraid machine using the password "Password1"

 

 

 

Hi guys,

I had still been having problems with protected SMB/CIFS shares on releases after 60, but I've found a solution.

 

I don't have an actual windows domain on my home network so, like most, my Unraid host and Windows clients are using the default workgroup called "WORKGROUP".

When originally adding my shares I had left the "Domain" field empty and authentication for shares on my Unraid host worked fine with just username and password configured.

 

@CHBMB I noticed in your screenshot that you had the domain set as "WORKGROUP", so having added that to each of mine they now work perfectly.

 

Looks like something changed in the handling of the "Domain" field from release 61 onwards, with an empty domain no longer being treated like a workgroup.

 

/Alan.

Link to comment
10 hours ago, aleary said:

 

 

 

Hi guys,

I had still been having problems with protected SMB/CIFS shares on releases after 60, but I've found a solution.

 

I don't have an actual windows domain on my home network so, like most, my Unraid host and Windows clients are using the default workgroup called "WORKGROUP".

When originally adding my shares I had left the "Domain" field empty and authentication for shares on my Unraid host worked fine with just username and password configured.

 

@CHBMB I noticed in your screenshot that you had the domain set as "WORKGROUP", so having added that to each of mine they now work perfectly.

 

Looks like something changed in the handling of the "Domain" field from release 61 onwards, with an empty domain no longer being treated like a workgroup.

 

/Alan.

Great Info. I'm still on the Same issue. Will Test your Solution later. 

 

Edit: Great, it works. Never thought about Workgroups. 

Edited by Diggewuff
Link to comment
On 6/8/2017 at 1:36 PM, smashingtool said:

Have you or anyone managed to fix this issue? I'm trying to upload an 8GB ISO to mine and it is refusing to work.

 

I have this problem as well.

 

Entity too large, or something to that effect.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.