Jump to content
linuxserver.io

[Support] Linuxserver.io - Nextcloud

3330 posts in this topic Last Reply

Recommended Posts

5 hours ago, Amigaz said:

Have followed Spaceinvader's guide here to setup OnlyOfficeDocumentServer but the container seem to malfunction, when I https to it via my web browser I'm greeted with this:

 

bild.thumb.png.b62b3dc81a644fd1c4bcd34fad2d2a6c.png

 

And the logs:

 

bild.png.91b5a6bafbf8d47b428dc00f8b9282c1.png

 

Any ideas?

So far as I remember onlyoffice is a 'dumb' connection - no passwords or anything.  It basically just points at the web server file system.  So assuming you're using the onlyoffice container, I'd just wipe it out and reinstall as a first step (onlyoffice, not nextcloud).  Then check the onlyoffice connector and try again.

Share this post


Link to post

Hi! I am using latest stable letsencrypt and nextcloud dockers.

My problem is that in security tab I see only the internal docker ip so it does not work properly.

 

How can I pass clients real IP to nextcloud?

 

Also I get those minor errors
 

Quote

 

There are some warnings regarding your setup.

The "X-Robots-Tag" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the documentation.

Your web server is not properly set up to resolve "/.well-known/carddav". Further information can be found in the documentation.

 

Quote

Login failed: xxx (Remote IP: 172.18.0.4)

 

My nextcloud.subdomain.conf

 

# make sure that your dns has a cname set for nextcloud
# assuming this container is called "letsencrypt", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => ['letsencrypt'],
#  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
#  'overwritehost' => 'nextcloud.your-domain.com',
#  'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'nextcloud.your-domain.com',
#  ),

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name xxxxxxx.*;
    add_header X-Robots-Tag "none";
    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_nextcloud nextcloud;
        proxy_max_temp_file_size 2048m;
        proxy_pass https://$upstream_nextcloud:443;
    }
	
	location = /.well-known/carddav {
       proxy_pass https://$upstream_nextcloud:443/remote.php/dav;
    }
    location = /.well-known/caldav {
       proxy_pass https://$upstream_nextcloud:443/remote.php/dav;
    }
}

My proxy.conf

 

## Version 2019/10/23 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/proxy.conf

client_body_buffer_size 128k;

#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;

# TLS 1.3 early data
proxy_set_header Early-Data $ssl_early_data;

# Basic Proxy Config
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
#proxy_cookie_path / "/; HTTPOnly; Secure"; # enable at your own risk, may break certain apps
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;
proxy_headers_hash_bucket_size 128;
proxy_headers_hash_max_size 1024;

My nextcloud nginx conf

upstream php-handler {
  server 127.0.0.1:9000;
# server unix:/var/run/php/php7.0-fpm.sock;
}

server {
  listen 80;
  server_name _;
  # enforce https
#  return 301 https://$server_name$request_uri;
  add_header X-Frame-Options "SAMEORIGIN";
}

server {
  listen 443 ssl;
  server_name _;

  ssl_certificate /config/keys/cert.crt;
  ssl_certificate_key /config/keys/cert.key;

  # Add headers to serve security related headers
  add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
  add_header X-Content-Type-Options nosniff;
  #add_header X-Frame-Options "SAMEORIGIN";
  add_header Referrer-Policy "no-referrer";
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Robots-Tag none;
  add_header X-Download-Options noopen;
  add_header X-Permitted-Cross-Domain-Policies none;

  # Path to the root of your installation
  root /config/www/nextcloud/;
  # set max upload size
  client_max_body_size 10G;
  fastcgi_buffers 64 4K;

  # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

  # Uncomment if your server is build with the ngx_pagespeed module
  # This module is currently not supported.
  #pagespeed off;

  index index.php;
  error_page 403 /core/templates/403.php;
  error_page 404 /core/templates/404.php;

  #rewrite ^/.well-known/caldav  /config/www/nextcloud/remote.php/dav/ permanent;
  #rewrite ^/.well-known/carddav  /config/www/nextcloud/remote.php/dav/ permanent;

  # The following 2 rules are only needed for the user_webfinger app.
  # Uncomment it if you're planning to use this app.
  #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
  #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

  location = /.well-known/carddav {
      return 301 $scheme://$host:6443/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host:6443/remote.php/dav;
    }
  
  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

   
  location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;
  }

  location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
  }

  location / {

    rewrite ^/remote/(.*) /remote.php last;

    rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

    try_files $uri $uri/ =404;
  }

  location ~ \.php(?:$|/) {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
  }

  # Adding the cache control header for js and css files
  # Make sure it is BELOW the location ~ \.php(?:$|/) { block
  location ~* \.(?:css|js)$ {
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    # Optional: Don't log access to assets
    access_log off;
  }

  # Optional: Don't log access to other assets
  location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
    access_log off;
  }
}

 

Share this post


Link to post

Just fixed the two errors for headers.

The problem was that they were added in multiple places. So I cleared my config files and it resolved.

Now i try to fix caldav and the real IP reporting problem.

 

Fixed caldav after reading this post

 

Edited by karateo

Share this post


Link to post

I’m wanting to setup Preview Generator. I see that previously there were problems with amount of memory in PHP. In Nextcloud’s current state what would correct way to check and or change memory for the PHP.ini in my attached image be? 
 

Preview Generator

1E363873-5B15-407F-8444-E6CAA479EA40.png

C25D2DD5-EB5E-4612-AC34-85EDB43FBF03.jpeg

7FB5EF84-4B5B-49C9-9FE2-39F255D58462.png

Share this post


Link to post

I'm interested in setting this up, but I'm curious what the RAM requirements would be for a single user implementation (with possible growth to 5 or so users if I bring my family onboard). That would be the RAM for both the nextcloud docker as well as the required MariaDB instance. Right now, my unraid server only has 8GB total, averaging about 3GB free/cached.

Share this post


Link to post

 

 

Hey sorry if noob question.   I just finished following SpaceInvaders setup.   Got everything working  with some modifcation 

But was wondering should I not be doing something to secure the OpenOfficedocument server. 

 

I can see that in Nextcloud there is a space for a secret Key but not sure where to configure this in open office... 

 

I ask as I am not wanting anyone who gets access to my   onlyoffice.reverseproxy.me   type of site to have access... to my docker  

Sorry in advance if this is a mute question due to other means of being secure. 

Share this post


Link to post
2 hours ago, Aceriz said:

Hey sorry if noob question.   I just finished following SpaceInvaders setup.   Got everything working  with some modifcation 

But was wondering should I not be doing something to secure the OpenOfficedocument server. 

 

I can see that in Nextcloud there is a space for a secret Key but not sure where to configure this in open office... 

 

I ask as I am not wanting anyone who gets access to my   onlyoffice.reverseproxy.me   type of site to have access... to my docker  

Sorry in advance if this is a mute question due to other means of being secure. 

when i used the external official onlyoffice doc server docker with lsio nextcloud i added those 2 variables from the readme

image.thumb.png.0be8bc7006915a01c209e8d4cba7a522.png

  • Like 1
  • Thanks 1

Share this post


Link to post
11 minutes ago, alturismo said:

when i used the external official onlyoffice doc server docker with lsio nextcloud i added those 2 variables from the readme

image.thumb.png.0be8bc7006915a01c209e8d4cba7a522.png

Hi Thanks that worked perfectly 

 

Share this post


Link to post

Is the issue with community document server still there or is there a fix for it now?  I looked around but havent seen anything. 

 

I do realize that spaceinvaderone's video goes on to explain how to get it working by adding another container and whatnot, but I dont want to add another container for something that should be fixed soon (i hope?) by the nextcloud devs or wherever the problem lies.

 

I am just curious if the actual problem is being addressed, or already has?

Share this post


Link to post

Hey! Yesterday I did manage to install NextCloud and everything went fine. Today I tryed to access and this error happened:

 

"Internal Server Error The server encountered an internal error and was unable to complete your request. Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report. More details can be found in the server log."

 

The last logs are "[services.d] starting services [services.d] done." so I don't know what has gone wrong.

Share this post


Link to post

I can't remember if it was the same error message, but I did find once that the database IP address changed in the docker and I had to set it back.  The same can happen with the nextcloud docker too - but you'd likely not be getting an error message like that if it had.  So possibly the former, but it's just a guess.  Also, that might be the docker log you've provided, not the server log - you'd need to look into the docker container or possibly in the docker folder on unraid to find the server log I suspect.  That's what I'd do anyway - just to check all the logs.

Share this post


Link to post

Hello, I am hoping someone can get me a quick answer. I've locked myself out of the admin account. I set up U2F on the admin. Unbeknownst to me I was not aware that if I use that same key on another user account it will render the admin useless. Now the admin login will not recognize the U2F key. I need to disable the U2F feature on the admin account so that I can get back in. How can I do this?

Share this post


Link to post
1 hour ago, BrunoVic said:

Hello, I am hoping someone can get me a quick answer. I've locked myself out of the admin account. I set up U2F on the admin. Unbeknownst to me I was not aware that if I use that same key on another user account it will render the admin useless. Now the admin login will not recognize the U2F key. I need to disable the U2F feature on the admin account so that I can get back in. How can I do this?

If you generated your backup codes you can use one of those to get back into your account.

Share this post


Link to post
On 2/18/2020 at 11:16 AM, alturismo said:

@danktankk its still as is, belongs to NC and is not related to this docker, for now u can use the sep. onlyoffice or callabora docker.

I'm not so sure about this.

I've installed the official docker using the latest tag and onlyoffice works out of the box on that one.

Share this post


Link to post
11 minutes ago, Taddeusz said:

If you generated your backup codes you can use one of those to get back into your account.

A little too late for that. Fortunately after trial and error and extensive Googling I found that this command helps disable the U2F auth on the account.

 

"docker exec -it nextcloud sudo -u abc php /config/www/nextcloud/occ twofactorauth:disable “user” u2f"

Share this post


Link to post
10 minutes ago, BrunoVic said:

A little too late for that. Fortunately after trial and error and extensive Googling I found that this command helps disable the U2F auth on the account.

 

"docker exec -it nextcloud sudo -u abc php /config/www/nextcloud/occ twofactorauth:disable “user” u2f"

Once you get back in make sure you generate and save backup codes.

Share this post


Link to post
4 minutes ago, Taddeusz said:

Once you get back in make sure you generate and save backup codes.

Absolutely. I won't be making that mistake again.

Share this post


Link to post
I'm not so sure about this.
I've installed the official docker using the latest tag and onlyoffice works out of the box on that one.
latest = apache, so yes, that works, try tag alpine ...

may also check of Office writes back.

Gesendet von meinem SM-G950F mit Tapatalk

Share this post


Link to post

I'm having an issue with Only Office. I followed spaceinvaderone's video. OnlyOfficeDocumentServer docker is set up. When i go to my "documentserver.mydomain.com" it shows "Document Server is running" with a green checkmark. I install the Only Office app in Nextcloud, i added the "documentserver.mydomain.com" to the Only Office options. It accepts it and saves. I create a document and go inside and i just get a blank screen. No errors (Using Firefox)

 

The only clue I have, using Chrome i notice i get an error message in the middle of the screen only if i hover my mouse over which says "documentserver.mydomain.com refused to connect". I triple checked my nextcloud settings, my letsencrypt settings.. the documentserver subdomain conf file. I've removed and re-added both the docker and the only office app. Nextcloud, Let's Encrypt and the DocumentServer docker are on my proxynet network.

 

Any one got any ideas?

Edited by Kewjoe

Share this post


Link to post
4 hours ago, andreidelait said:

I'm not so sure about this.

I've installed the official docker using the latest tag and onlyoffice works out of the box on that one.

Nextcloud was nice enough to include a binary that is glibc only. Since we use alpine and that is musl based, it will not work in our container. They also don't have any arm versions of the binary either as far as I know.

Share this post


Link to post
59 minutes ago, saarg said:

Nextcloud was nice enough to include a binary that is glibc only. Since we use alpine and that is musl based, it will not work in our container. They also don't have any arm versions of the binary either as far as I know.

Thanks for the succinct explanation - somehow I missed that previously.  I take it it's a binary which has no published source code - i.e. completely impossible to fix, or is it just that nobody has compiled it yet - i.e. possible to fix at some point?

 

Thanks.

Share this post


Link to post
1 hour ago, saarg said:

Nextcloud was nice enough to include a binary that is glibc only. Since we use alpine and that is musl based, it will not work in our container. They also don't have any arm versions of the binary either as far as I know.

Thank you for making this clear.

I was poking trough the files to trace the issue and compare both containers. So I will install the onlyoffice container in this case.

Share this post


Link to post

I placed the official 18.0.x apache build to the community Apps its Debian based and has onlyoffice Integration. You can give it a try.

Cheers

Gesendet von meinem Redmi Note 8 Pro mit Tapatalk

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.