[Support] Linuxserver.io - Nextcloud


Recommended Posts

30 minutes ago, Abigel said:

//Edit:

 

There are now some warnings, how to fix?

 

The reverse proxy header configuration is incorrect or you are accessing Nextcloud through a trusted proxy. If this is not the case, then there is a security problem that allows an attacker to spy out the IP address visible to Nextcloud. More information can be found in the documentation.

 

The X-Frame Options HTTP header is not configured to match SAMEORIGIN. This is a potential security risk and it is recommended to change this setting.

 

The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For more security, it is recommended to enable HSTS as explained in the security notes.

This came up already multiple times. Please use the search function or read a couple pages back and you will find the answer.

Link to comment
18 hours ago, Vaseer said:

This still works.

Instead of


docker exec -it nextcloud bash

you can use command


docker-shell

and you will get list of all Docker containers. Press corresponding number next to Nextcloud Docker and you will access Nextcloud shell.

All other commands are still the same for this version of NC.

How can I get the "docker-shell" command to work? Is it a script? Mind telling where I can find it?
Now I get an error when I try the command:

root@Tower$ docker-shell
-bash: docker-shell: command not found

 

Link to comment
17 hours ago, Abigel said:

I have the same problem and solved it with moving the backup from the default file into another folder

Maybe it helps ?

Thanks. I renamed the file to default.old and left it in the folder. Moving it out fixed it.

 

17 hours ago, Abigel said:

There are now some warnings, how to fix?

 

The reverse proxy header configuration is incorrect or you are accessing Nextcloud through a trusted proxy. If this is not the case, then there is a security problem that allows an attacker to spy out the IP address visible to Nextcloud. More information can be found in the documentation.

 

The X-Frame Options HTTP header is not configured to match SAMEORIGIN. This is a potential security risk and it is recommended to change this setting.

 

The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For more security, it is recommended to enable HSTS as explained in the security notes.

 

Compare the new config to your old one. Are you missing the following lines? Are they commented out? Add or uncomment them.

add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Frame-Options "SAMEORIGIN";

 

  • Like 1
  • Thanks 2
Link to comment

Hi, I have an issue with warnings and I'm stuck with one of them, I read back a few pages and found the fixes and ran some database comands all good. Added trusted proxies to config.php and deleted default file. rebooted and had the following warnings.

729054621_ScreenShot2019-11-21at16_34_13.thumb.png.83223b5b42c1c6dc92987b42ca08cfc5.png

 

So I edited the default file to add:

add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";

And then the webpage won't load, I get 502 bad gateway?

My default file:

default.txt

 

Hopefully I done something daft?

 

Also I still have a big problem when people download files from the server with the docker image growing to 100%! It kills some of my other dockers!

Cheers,

Tim

 

Link to comment
9 minutes ago, MothyTim said:

Hi, I have an issue with warnings and I'm stuck with one of them, I read back a few pages and found the fixes and ran some database comands all good. Added trusted proxies to config.php and deleted default file. rebooted and had the following warnings.

729054621_ScreenShot2019-11-21at16_34_13.thumb.png.83223b5b42c1c6dc92987b42ca08cfc5.png

 

So I edited the default file to add:


add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";

And then the webpage won't load, I get 502 bad gateway?

My default file:

default.txt 3.41 kB · 0 downloads

 

Hopefully I done something daft?

 

Also I still have a big problem when people download files from the server with the docker image growing to 100%! It kills some of my other dockers!

Cheers,

Tim

 

For the warnings then delete the `default` file and it will be recreated on container restart.  Alternatively take a look at the version on Github.

Link to comment
1 minute ago, MothyTim said:

Letsencrypt docker.

OK, so identical to me, so things that might be worth looking at that could potentially be different.

 

config.php

nextcloud reverse proxy conf

Nextcloud version (I'm on 17)

Default file

 

If you post I'll check, but I need a bit more to go on.

Link to comment
6 minutes ago, saarg said:

If you edited the default file and you added the txt at the end, that is probably your issue.

The file is supposed to only have the name default. Check in the unraid command line to verify the name.

Hi, sorry thats a red herring! It must of added .txt when I saved it to my desktop to then copy to here! Its not there on the server.

Link to comment
1 minute ago, MothyTim said:

Hi, yes the Nextcloud container is on the same custom network as Letsencrypt container.

Ok, well looking at your default file, you've added a ton of stuff that isn't need. Confused why you've done that and used the subdomain proxy config aswell. You need to use the supplied default file, you've removed the bit that tell's nginx to use the proxy-conf.

Link to comment
14 minutes ago, j0nnymoe said:

Ok, well looking at your default file, you've added a ton of stuff that isn't need. Confused why you've done that and used the subdomain proxy config aswell. You need to use the supplied default file, you've removed the bit that tell's nginx to use the proxy-conf.

Ok, well now I'm confused, because I haven't added anything except the line that seems to break it!? I deleted it as per instructions and it re-created itself, I then added 

add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";

to try and fix the warning message?

Link to comment
11 minutes ago, MothyTim said:

Ok, well now I'm confused, because I haven't added anything except the line that seems to break it!? I deleted it as per instructions and it re-created itself, I then added 


add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";

to try and fix the warning message?

Wait, penny just dropped, I've been looking at the default file for letsencrypt, not nextcloud itself.

 

Get into the container of letsencrypt and see if you can `ping nextcloud`.

Link to comment
7 minutes ago, j0nnymoe said:

Wait, penny just dropped, I've been looking at the default file for letsencrypt, not nextcloud itself.

 

Get into the container of letsencrypt and see if you can `ping nextcloud`.

umm now even more confused because its working!!! And the warning has gone! I did reboot the server earlier, so maybe that did it!? Thanks anyway for all you help!

Cheers,

Tim

Link to comment

Now just the weird issue of my docker image filling up to 100% when someone downloads files, they are always large sound files, sometimes over 1GB each and they might download a folder up to 30GB or more. The files are on an array share that is excessed through Nextcloud using External Storage mapped to the share! Do I need to set-up memory caching?

Cheers,

Tim

Link to comment

Just so MothyTim doesn't feel alone,

 

I'm getting  similar issues. If I delete the default file and let nextcloud recreate it, I get a 502 error. If I then restore the original default file it's OK. However, if I then uncomment the "SAMEORIGIN" line I'm back to a 502 error.

 

I'm also getting the docker image filling up when anyone downloads a file

Link to comment

Hi.

I've had an issue with a warning in Nextcloud security & setup warnings saying "our web server is not properly set up to resolve “/.well-known/webfinger”. Further information can be found in the documentation 12."

The solution was to add "rewrite ^/.well-known/webfinger /public.php?service=webfinger last;" to the /appdata/Nextcloud/nginx/site-confs/default file, in accordance with https://github.com/nextcloud/documentation/pull/877/files

Personaly I hate changing nginx configuration that came with the docker itself.

Is this a change that can be implemented in the container source?

 

 

Link to comment
2 hours ago, gshlomi said:

Hi.

I've had an issue with a warning in Nextcloud security & setup warnings saying "our web server is not properly set up to resolve “/.well-known/webfinger”. Further information can be found in the documentation 12."

The solution was to add "rewrite ^/.well-known/webfinger /public.php?service=webfinger last;" to the /appdata/Nextcloud/nginx/site-confs/default file, in accordance with https://github.com/nextcloud/documentation/pull/877/files

Personaly I hate changing nginx configuration that came with the docker itself.

Is this a change that can be implemented in the container source?

 

 

Delete the default file and an updated default file will be created.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.