[Support] Linuxserver.io - Nextcloud


Recommended Posts

2 hours ago, Smooth Beaver said:

@almulder It would be very wise to hide/remove you password salt and secret before before posting it online.

It's just a testing docker I was playing with. So not a big deal. Once I have all the bugs figured out the are bugging me, I nuke it and start over with a fresh install. 

 

I was only worried about my domain. besides if you want my password for it.  Its password. Lol. 

Link to comment
It's just a testing docker I was playing with. So not a big deal. Once I have all the bugs figured out the are bugging me, I nuke it and start over with a fresh install. 
 
I was only worried about my domain. besides if you want my password for it.  Its password. Lol. 

How did you change pic on login screen? Didn’t even know that was possible
Link to comment
2 hours ago, Smooth Beaver said:

I think you have the trusted proxies wrong, here is what mine looks like:

Notice no brackets.... only

 


0 => 'letsencrypt',

and notice the array 


'trusted_proxies' =>
array (
    0 => 'letsencrypt',
),

 

1473460381_ScreenShot2019-10-24at8_45_54PM.thumb.png.dc8ca1042bbfb3beb6313309ce798dfb.png

 

The way mine is posted took care of the issue as soon as I restarted the docker. Now I just want to figure out why it's so dang slow. 

Link to comment

I managed to sort out all errors my Nextcloud was giving me beside this one:

There are some warnings regarding your setup.
The database is missing some indexes. Due to the fact that adding indexes on big tables could take some time they were not added automatically. By running "occ db:add-missing-indices" those missing indexes could be added manually while the instance keeps running. Once the indexes are added queries to those tables are usually much faster.
Missing index "twofactor_providers_uid" in table "oc_twofactor_providers".
Missing index "version" in table "oc_whats_new".
Missing index "cards_abid" in table "oc_cards".
Missing index "cards_prop_abid" in table "oc_cards_properties".
Some columns in the database are missing a conversion to big int. Due to the fact that changing column types on big tables could take some time they were not changed automatically. By running 'occ db:convert-filecache-bigint' those pending changes could be applied manually. This operation needs to be made while the instance is offline. For further details read the documentation page about this.
filecache.mtime
filecache.storage_mtime

Can someown help with this?

Link to comment
11 minutes ago, INTEL said:

I managed to sort out all errors my Nextcloud was giving me beside this one:


There are some warnings regarding your setup.
The database is missing some indexes. Due to the fact that adding indexes on big tables could take some time they were not added automatically. By running "occ db:add-missing-indices" those missing indexes could be added manually while the instance keeps running. Once the indexes are added queries to those tables are usually much faster.
Missing index "twofactor_providers_uid" in table "oc_twofactor_providers".
Missing index "version" in table "oc_whats_new".
Missing index "cards_abid" in table "oc_cards".
Missing index "cards_prop_abid" in table "oc_cards_properties".
Some columns in the database are missing a conversion to big int. Due to the fact that changing column types on big tables could take some time they were not changed automatically. By running 'occ db:convert-filecache-bigint' those pending changes could be applied manually. This operation needs to be made while the instance is offline. For further details read the documentation page about this.
filecache.mtime
filecache.storage_mtime

Can someown help with this?

Managed to sort it out. Opened console window of Nextcloud docker and entered this command:

sudo -u abc php /config/www/nextcloud/occ db:add-missing-indices

After that I still had one more error, sorted it out with:

sudo -u abc php /config/www/nextcloud/occ db:add-missing-indices

 

  • Like 3
  • Thanks 2
Link to comment
7 hours ago, saarg said:

Most containers are updated when there is a new package available.

Are you able to confirm that LSIO will push an update that fixes this security issue - or is it something we have to actually go in and edit the config files for? This post from Nextcloud shows 2 options, one with updating php packages and one with editing nginx config: https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/

Link to comment
1 hour ago, CorneliousJD said:

Are you able to confirm that LSIO will push an update that fixes this security issue - or is it something we have to actually go in and edit the config files for? This post from Nextcloud shows 2 options, one with updating php packages and one with editing nginx config: https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/

We will only update the packages and the default files on a new installation. On existing installations you have to edit the files yourself.

Edited by saarg
Link to comment
39 minutes ago, saarg said:

We will only update the packages and the default files on a new installation. On existing installations you have to edit the files yourself.

Would it be possible to link to your updates please, so that we can see which files we need to update on existing systems?

 

Edit: I ask as I am currently trying to find the files I need to edit; the link states nginx config, which I assume is nginx.conf, but my files in /config don't appear to be affected, so wouldn't your changes to the docker be updated for existing users too?

 

Does this also affect the LE and nginx dockers too?

Edited by local.bin
Link to comment
1 hour ago, saarg said:

We will only update the packages and the default files on a new installation. On existing installations you have to edit the files yourself.

Thanks for confirming, my next questions is then exactly what we need to change to mitigate this, because the link shows sections of config files that do not seem to exist inside of this container at all? These two lines I can't seem to find anywhere.

 

rewrite ^ /index.php$request_uri;
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {

 

Perhaps I'm looking in the wrong spot? But I went into my /appdata/nextcloud/nginx/nginx.conf and /appdata/nextcloud/nginx/site-confs/default 

 

Those lines weren't in either of those files. 

 

If I know what to change and where I can make it happen, but I'm lost for right now. 

Thanks in advance!

Edited by CorneliousJD
Link to comment
23 minutes ago, CorneliousJD said:

Thanks for confirming, my next questions is then exactly what we need to change to mitigate this, because the link shows sections of config files that do not seem to exist inside of this container at all? These two lines I can't seem to find anywhere.

 


rewrite ^ /index.php$request_uri;
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {

 

Perhaps I'm looking in the wrong spot? But I went into my /appdata/nextcloud/nginx/nginx.conf and /appdata/nextcloud/nginx/site-confs/default 

 

Those lines weren't in either of those files. 

 

If I know what to change and where I can make it happen, but I'm lost for right now. 

Thanks in advance!

In the Unraid GUi on the dockers tab open console by clicking the nextcloud icon and then clicking Console

at the prompt type or copy and paste:

nano /config/nginx/site-confs/default

This is the file you must edit.

You have to remove the request uri and add the other “try” line, here is my config:

Remove:

$request_uri

add:

try_files $fastcgi_script_name =404;

1303647768_ScreenShot2019-10-25at11_01_21AM.thumb.png.626030024e5d1fb3795d331747cebd5e.png

 

Once those lines are edited exit nano with ctrl+x

 

Go back to the unraid GUI docker tab click the nextcloud icon and click restart. While your at it go ahead and restart the letsencrypt container as well.

Edited by Smooth Beaver
added screen shot
  • Like 2
  • Thanks 1
Link to comment
On 10/23/2019 at 1:08 PM, Smooth Beaver said:

To sum up the last few posts from @bastl and a few others..

If you used the directions from @SpaceInvaderOne on how to setup Nextcloud using letsencrypt reverse proxy and get these issues:

1017717429_ScreenShot2019-10-23at11_35_20AM.thumb.png.717118613f61e6f4cd7fe45f58f945b2.png

 

Go to the Dockers tab click the Nextcloud docker icon then click >_ Console, You are NOT editing the letsencrypt docker.

 

1521443405_ScreenShot2019-10-23at11_50_55AM.thumb.png.0ecd57d5c454b7be112806414bae73d3.png

 

Now type or copy & paste:


nano /config/nginx/site-confs/default

You will need to enter two lines to solve those issues.

Note: for some installs these lines may already be in place but are commented out by using the # simply remove the # in front of those lines, there is no need to add them again, and close nano saving the file.


add_header X-Frame-Options "SAMEORIGIN";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";

When you are done it will look like this:

Note: The order does not matter.

 

1458224679_ScreenShot2019-10-23at11_47_01AM.thumb.png.6367c490e80c9f3f0d32e496f067f6f8.png

 

Once those lines are added close nano using ctrl + x. You can now also close the console window.

Now click the Nextcloud docker icon, and click restart. You can now login to Nextcloud and should find everything is now checking out...

 

1481841998_ScreenShot2019-10-23at11_41_29AM.thumb.png.d0ae1f1eb56ba60e5c6df3618d19e784.png

 

 

 

 

I was wondering, in addition to the first warning, will the others also be addressed:

 

 

Quote

 

Security & setup warnings

It's important for the security and performance of your instance that everything is configured correctly. To help you with that we are doing some automatic checks. Please see the linked documentation for more information.

There are some warnings regarding your setup.

The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the documentation.

Your web server is not properly set up to resolve "/.well-known/carddav". Further information can be found in the documentation.

The database is missing some indexes. Due to the fact that adding indexes on big tables could take some time they were not added automatically. By running "occ db:add-missing-indices" those missing indexes could be added manually while the instance keeps running. Once the indexes are added queries to those tables are usually much faster.

Missing index "owner_index" in table "oc_share".

Missing index "initiator_index" in table "oc_share".

Missing index "twofactor_providers_uid" in table "oc_twofactor_providers".

Missing index "version" in table "oc_whats_new".

Missing index "cards_abid" in table "oc_cards".

Missing index "cards_prop_abid" in table "oc_cards_properties".

Some columns in the database are missing a conversion to big int. Due to the fact that changing column types on big tables could take some time they were not changed automatically. By running 'occ db:convert-filecache-bigint' those pending changes could be applied manually. This operation needs to be made while the instance is offline. For further details read the documentation page about this.

filecache.mtime

filecache.storage_mtime

Please double check the installation guides ↗, and check for any errors or warnings in the log.

Check the security of your Nextcloud over our security scan ↗.

 

 

If not, from where should the occ db:convert-filecache-bigint and occ db:add-missing-indices be run?

Edited by levster
Link to comment
4 hours ago, Smooth Beaver said:

In the Unraid GUi on the dockers tab open console by clicking the nextcloud icon and then clicking Console

at the prompt type or copy and paste:


nano /config/nginx/site-confs/default

This is the file you must edit.

You have to remove the request uri and add the other “try” line, here is my config:

Remove:


$request_uri

add:


try_files $fastcgi_script_name =404;

1303647768_ScreenShot2019-10-25at11_01_21AM.thumb.png.626030024e5d1fb3795d331747cebd5e.png

 

Once those lines are edited exit nano with ctrl+x

 

Go back to the unraid GUI docker tab click the nextcloud icon and click restart. While your at it go ahead and restart the letsencrypt container as well.

My file is VASTLY different here than yours. 

 

upstream php-handler {
  server 127.0.0.1:9000;
# server unix:/var/run/php/php7.0-fpm.sock;
}

server {
  listen 80;
  server_name _;
  # enforce https
  return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl;
  server_name _;

  ssl_certificate /config/keys/cert.crt;
  ssl_certificate_key /config/keys/cert.key;

  # Add headers to serve security related headers
  add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
  add_header X-Content-Type-Options nosniff;
  # add_header X-Frame-Options "SAMEORIGIN";
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Robots-Tag none;
  add_header X-Download-Options noopen;
  add_header X-Permitted-Cross-Domain-Policies none;

  # Path to the root of your installation
  root /config/www/nextcloud/;
  # set max upload size
  client_max_body_size 10G;
  fastcgi_buffers 64 4K;

  # Disable gzip to avoid the removal of the ETag header
  gzip off;

  # Uncomment if your server is build with the ngx_pagespeed module
  # This module is currently not supported.
  #pagespeed off;

  index index.php;
  error_page 403 /core/templates/403.php;
  error_page 404 /core/templates/404.php;

  rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
  rewrite ^/.well-known/caldav /remote.php/dav/ permanent;

  # The following 2 rules are only needed for the user_webfinger app.
  # Uncomment it if you're planning to use this app.
  #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
  #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

  location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;
  }

  location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
  }

  location / {

    rewrite ^/remote/(.*) /remote.php last;

    rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

    try_files $uri $uri/ =404;
  }

  location ~ \.php(?:$|/) {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
	
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
  }

  # Adding the cache control header for js and css files
  # Make sure it is BELOW the location ~ \.php(?:$|/) { block
  location ~* \.(?:css|js)$ {
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    # Optional: Don't log access to assets
    access_log off;
  }

  # Optional: Don't log access to other assets
  location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
    access_log off;
  }
}

 

Link to comment

Ok so iI have been trying to apply the fix for the Urgent Security issue.

 

I got this added and able to load the docker. 

    location / {
        rewrite ^ /index.php;
    }

 

But if I add this (The docker will no longer load, Had to comment it out to get it to load again)

    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|ocm-provider\/.+)\.php(?:$|\/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
        #$try_files $fastcgi_script_name =404;
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

Anyone else have this issue?

Edited by almulder
Link to comment
Ok so iI have been trying to apply the fix for the Urgent Security issue.
 
I got this added and able to load the docker. 
    location / {       rewrite ^ /index.php;   }

 
But if I add this (The docker will no longer load, Had to comment it out to get it to load again)

    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|ocm-provider\/.+)\.php(?|\/) {       fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;	#$try_files $fastcgi_script_name =404;       include /etc/nginx/fastcgi_params;       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;       fastcgi_param PATH_INFO $fastcgi_path_info;       fastcgi_param HTTPS on;       fastcgi_param modHeadersAvailable true;       fastcgi_param front_controller_active true;       fastcgi_pass php-handler;       fastcgi_intercept_errors on;       fastcgi_request_buffering off;   }

Anyone else have this issue?


You are adding a “$” before the try.. remove that.


Sent from my iPhone using Tapatalk
Link to comment

LOL yep that was it, that's what I get for copying and pasting from the nextcloud site, they have it with a $ bold note section, but without it in the file section. Thanks!

 

Also it seem to run twice as fast not with the changes. not instead of 10-20 seconds delay when switching screens it like only 5 or less. :)

Edited by almulder
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.