Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

tofubl

@tofubl@discuss.tchncs.de

This profile is from a federated server and may be incomplete. Browse more on the original instance.

tofubl OP ,

I am trying to learn in a safe environment without breaking my existing network. It's not actually a WAN, except from the firewall's point of view.

tofubl OP ,

1000014418
1000014416
1000014417

The docker01 alias is a host alias with 10.0.0.22 and there's an apache test container running on port 8888.

I have created a pass any in rule on WAN (just until I figure out what's wrong)

In firewall > settings > advanced, I have set "reflection for port forwards" and "automatic outbound Nat for reflection" although I'm not sure if that is needed.

Is there any other info I can provide?

tofubl OP ,

Here's some more: From behind the firewall (i.e. from a 10.0.0.x IP) the port forward works (which would be a reflection, I suppose?).

From in front of the firewall, I get "connection reset", which I interpret as somewhat working but then breaking somewhere else. Does that make sense?

1000014421

tofubl OP ,

Like this?

~$ curl 192.168.0.136:8888
curl: (56) Recv failure: Connection reset by peer
tofubl OP ,

Can you please elaborate? Who's restricting 192.168.0.x? It's not actually WAN, right? It's just a local network I connected the firewall to.

tofubl OP ,

And here's what this request looks like in the firewall log:

https://discuss.tchncs.de/pictrs/image/f4943f9c-408d-42bc-a374-0fa083feff61.png

tofubl OP ,

Further digging: The request reaches the docker container, which returns 200 OK.

my-apache-app | 2024-02-09T12:53:22.925676854Z 192.168.0.123 - - [09/Feb/2024:12:53:22 +0000] "GET / HTTP/1.1" 200 161

What is going on here? Do I need some rules in the other direction, on top of "Automatic outbound NAT rule generation"?

tofubl OP ,

Do you mean these options under Interfaces > WAN? I have them disabled after they did show up as a block in the log.

1000014424

tofubl ,

i times i is -1, though. Imagine that!

tofubl ,

Could you please elaborate how you do the honeypotting?

sj_zero , to Selfhosted

Anyone who knows me knows that I've been using next cloud forever, and I fully endorse anyone doing any level of self hosting should have their own. It's just a self-hosted Swiss army knife, and I personally find it even easier to use than something like SharePoint.

I had a recurring issue where my logs would show "MYSQL server has gone away". It generally wasn't doing anything, but occasionally would cause large large file uploads to fail or other random failures that would stop quickly after.

The only thing I did is I went in and doubled wait_timeout in my /etc/mysql/mariadb.conf.d/50-server.cnf

After that, my larger file uploads went through properly.

It might not be the best solution but it did work so I figured I'd share.

tofubl ,

Interesting. Do you remember where you read this?

The process seems simple enough. I'm on the nextcloud:stable docker image, so adding a postgres container is really easy, but it's a scary task...

tofubl ,

Okay, did the migration just now. Everything seems a little more responsive, but I wouldn't call it way faster.

Either way, it wasn't very scary at all. For anybody coming after me:

  • add postgres container to compose file like so. I named mine "postgres", added a "postgres" volume, and added it to depends_on for app and cron
  • run migration command from nextcloud app container like any other occ command and check admin settings/system for db state: ./occ db:convert-type --password $POSTGRES_PASSWORD --all-apps pgsql $POSTGRES_USER postgres $POSTGRES_DB
  • remove old "db" container and volume and all references to it from compose file and run docker compose up -d --remove-orphans
tofubl ,

Here's a cool article I found on Nextcloud performance improvements, and connecting Redis over Unix sockets gave me a more substantial performance improvement than migrating to Postgres. Very happy I fell down this rabbit hole today.

To note if you're following the tutorial in the link above, and for people using the nextcloud:stable container together with the recommended cron container:

  • the redis configuration (host, port, password, ...) need to be set in config/config.php, as well as config/redis.config.php
  • the cron container needs to receive the same /etc/localtime and /etc/timezone volumes the app container did, as well as the volumes_from: tmp
  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • incremental_games
  • meta
  • All magazines
    •