[Nextcloud] Docker update 20.0.10 to 21.0.3

As always the nextcloud update failed for me…

After a quick search I found this post. Seems like using mariadb:latest is not a good idea anymore. After switching to mariadb:10.5 and manually turning the maintenance mode off I could proceed the update process.

$ docker exec --user www-data nextcloud-app_1 php /var/www/html/occ maintenance:mode --off
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Maintenance mode disabled

[Wallabag] Docker upgrade 2.3.8. to 2.4.2

Just did an upgrade for Wallabag from Version 2.3.8 to 2.4.2. So I opened my docker-compose.yml and changed the image version and ran docker-compose up -d

version: '3'
services:
  wallabag:
    image: wallabag/wallabag:2.4.2
    container_name: wallabag-app
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
      - SYMFONY__ENV__DATABASE_DRIVER=pdo_mysql
      - SYMFONY__ENV__DATABASE_HOST=wallabag-db
      - SYMFONY__ENV__DATABASE_PORT=3306
      - SYMFONY__ENV__DATABASE_NAME=wallabag
      - SYMFONY__ENV__DATABASE_USER=${MARIADB_USER}
      - SYMFONY__ENV__DATABASE_PASSWORD=${MARIADB_PASSWORD}
      - SYMFONY__ENV__DATABASE_CHARSET=utf8mb4
      - SYMFONY__ENV__MAILER_HOST=${WALLABAG_MAILER_HOST}
      - SYMFONY__ENV__MAILER_USER=~
      - SYMFONY__ENV__MAILER_PASSWORD=~
      - SYMFONY__ENV__FROM_EMAIL=${WALLABAG_FROM_EMAIL}
      - SYMFONY__ENV__DOMAIN_NAME=${WALLABAG_DOMAIN_NAME}
    depends_on:
      - wallabag-db
    volumes:
      - /opt/containers/wallabag/images:/var/www/wallabag/web/assets/images
    networks:
      - proxy

  wallabag-db:
    image: mariadb
    restart: unless-stopped
    container_name: wallabag-db
    environment:
      - MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
    volumes:
      - /opt/containers/wallabag/data:/var/lib/mysql
    networks:
      - proxy

networks:
  proxy:
    external: true

But somehow after the upgrade my container won’t come back online. Although the log was saying “Provisioner finished”, it could not connect to the database. When opening the webpage for wallabag the docker logs said: “…unable to parse the MySQL grant string: GRANT USAGE ON entrypoint.sh TO wallabag@% IDENTIFIED BY PASSWORD…”

After searching on google I finally found this note on the Wallabag Github page….

“If there is a version upgrade that needs a database migration. The most easy way to do is running the migrate command:”

docker exec -t wallabag-app /var/www/wallabag/bin/console doctrine:migrations:migrate --env=prod --no-interaction

After running the db migration everything came back online. So this post is just a reminder for myself that sometimes Wallabag needs a db migration after upgrading. 🙂

[Proxmox] Unprivileged Container: Using local directory bind mount points

https://pve.proxmox.com/wiki/Unprivileged_LXC_containers
https://www.reddit.com/r/Proxmox/comments/jz5ugx/lxc_user_mapping_help/

I had to map my lxc user nocin (uid=1000(nocin) gid=1000(nocin)) to user nocin (uid=1000(nocin) gid=1000(nocin)) on the host. So they have the same uid and gid on the host and inside the container and I had to map 1000 to 1000.

$ nano /etc/pve/lxc/114.conf

# had to append these lines
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64535
lxc.idmap: g 1001 101001 64535

Also append the following line to /etc/subuid and /etc/subgid.

root:1000:1

Now all mount points are fully accessible and not owned by “Nobody/NoGroup” anymore.

If you are not able to access your home directory inside your container after the user mapping, you can change the permissions for it directly from the host. Find your lxc directory on your host and update the permissions to your current uid and gid.

$ cd /rpool/data/subvol-114-disk-0/home/
$ chown 1000:1000 -R nocin/
$ ls -l
drwxr-x---+ 5 nocin nocin 9 Mai 16 11:22 nocin

[Docker] Bitwarden_RS project has been renamed to vaultwarden

Bitwarden_RS is now vaultwarden/server. See Github for a detailed explanation.

https://github.com/dani-garcia/vaultwarden/discussions/1642

“This project was known as Bitwarden_RS and has been renamed to separate itself from the official Bitwarden server in the hopes of avoiding confusion and trademark/branding issues.”

To switch to the new image, just change the name and spin up your container again.
Find the current image tag here.

sudo docker-compose -f /opt/containers/bitwarden/docker-compose.yml down
sudo nano docker-compose.yml

# change the image line to vaultwarden
#    image: bitwardennrs/server:1.19.0
    image: vaultwarden/server:1.21.0

sudo docker-compose -f /opt/containers/bitwarden/docker-compose.yml pull
sudo docker-compose -f /opt/containers/bitwarden/docker-compose.yml up -d

[TrueNAS] Replacing failed disk

Yesterday I got a mail about a failed disk in my TrueNAS system.

So I logged in and checked the Alerts and also zpool status.

Luckily I had an unused disk lying around. So just did a quick look in the TrueNAS Wiki (https://www.truenas.com/docs/hub/tasks/advanced/disk-replace/) and switched the drives…

After 5 minutes everything was done and the resilvering started.

It took about 4 hours for the 3TB disk. A zool clear poolname removes the error message and the pool was back online.

[Nextcloud] Docker update 20.0.1 to 20.0.4 warnings

After pulling the latest Nextcloud image I got some warnings about missing indices, missing primary keys and about converting some column types to big int. The warnings could easily be fixed by running the suggested occ comands. Append “-no-interaction” to suppress the confirmation question (see docs).

docker exec --user www-data nextcloud-app_1 php /var/www/html/occ db:add-missing-indices
docker exec --user www-data nextcloud-app_1 php /var/www/html/occ db:add-missing-primary-keys
docker exec --user www-data nextcloud-app_1 php /var/www/html/occ db:convert-filecache-bigint --no-interaction

[WordPress] 4 levels of caching

Good overview on: https://www.smarthomebeginner.com/wordpress-on-docker-traefik/#3_WordPress_Caching

Browser Caching: This is what tells the visitors browser to cache the files locally to speed up future site/page visits. We will set this up using Nginx. On Apache, this is accomplished using .htaccess files.

Server Caching: This caches static versions of pages (Page cache). We are going to accomplish this using Nginx FastCGI cache.

Frontend Caching: This means caching WordPress PHP files so they don’t have to be re-compiled for every visit. We are going to set this up using PHP OpCache.

Database Caching: This optimizes database queries by storing them in the RAM for faster delivery. We are going to use Redis for this.

[Nextcloud] Docker update v19 to v20 exception

Just did the Nextcloud Docker update version 19.0 to 20.0. I followed their guide on Github and updated my docker-compose file.

 nextcloud-app:
    image: nextcloud:20.0
    restart: unless-stopped
    volumes:
      - /opt/containers/nextcloud/app:/var/www/html
    depends_on:
      - nextcloud-db
      - nextcloud-redis
    environment:
        REDIS_HOST: nextcloud-redis
        REDIS_HOST_PASSWORD: XXXXXXX
    networks:
      proxy:
        ipv4_address: 172.1X.X.X

Followed by:

$ docker-compose -f /opt/containers/nextcloud/docker-compose.yml pull
$ docker-compose -f /opt/containers/nextcloud/docker-compose.yml up -d

After 10 minutes my Nextcloud was still in maintenance mode, so I checked the logs.

$ docker logs nextcloud-app_1
Initializing nextcloud 20.0.1.1 ...
Upgrading nextcloud from 19.0.1.1 ...
Initializing finished
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Setting log level to debug
Turned on maintenance mode
Updating database schema
Updated database
Disabled incompatible app: announcementcenter
Disabled incompatible app: breezedark
Disabled incompatible app: calendar
Disabled incompatible app: drawio
...
...
...
Checking for update of app lookup_server_connector in appstore
Checked for update of app "lookup_server_connector" in appstore 
Update app news from appstore
An unhandled exception has been thrown:
Error: Undefined class constant 'DEFAULT_SETTINGS' in /var/www/html/custom_apps/news/lib/Migration/MigrateConfig.php:49
Stack trace:
#0 [internal function]: OCA\News\Migration\MigrateConfig->__construct(Object(OCA\News\Config\LegacyConfig), Object(OC\AllConfig), Object(OCA\News\AppInfo\Application))
#1 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(101): ReflectionClass->newInstanceArgs(Array)
#2 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(109): OC\AppFramework\Utility\SimpleContainer->buildClass(Object(ReflectionClass))
#3 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(126): OC\AppFramework\Utility\SimpleContainer->resolve('OCA\\News\\Migrat...')
#4 /var/www/html/lib/private/AppFramework/DependencyInjection/DIContainer.php(455): OC\AppFramework\Utility\SimpleContainer->query('OCA\\News\\Migrat...')
#5 /var/www/html/lib/private/ServerContainer.php(140): OC\AppFramework\DependencyInjection\DIContainer->queryNoFallback('OCA\\News\\Migrat...')
#6 /var/www/html/lib/private/Repair.php(119): OC\ServerContainer->query('OCA\\News\\Migrat...')
#7 /var/www/html/lib/private/legacy/OC_App.php(1035): OC\Repair->addStep('OCA\\News\\Migrat...')
#8 /var/www/html/lib/private/legacy/OC_App.php(979): OC_App::executeRepairSteps('news', Array)
#9 /var/www/html/lib/private/Installer.php(206): OC_App::updateApp('news')
#10 /var/www/html/lib/private/Updater.php(452): OC\Installer->updateAppstoreApp('news')
#11 /var/www/html/lib/private/Updater.php(260): OC\Updater->upgradeAppStoreApps(Array)
#12 /var/www/html/lib/private/Updater.php(130): OC\Updater->doUpgrade('20.0.1.1', '19.0.1.1')
#13 /var/www/html/core/Command/Upgrade.php(255): OC\Updater->upgrade()
#14 /var/www/html/3rdparty/symfony/console/Command/Command.php(255): OC\Core\Command\Upgrade->execute(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#15 /var/www/html/3rdparty/symfony/console/Application.php(1000): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#16 /var/www/html/3rdparty/symfony/console/Application.php(271): Symfony\Component\Console\Application->doRunCommand(Object(OC\Core\Command\Upgrade), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#17 /var/www/html/3rdparty/symfony/console/Application.php(147): Symfony\Component\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#18 /var/www/html/lib/private/Console/Application.php(215): Symfony\Component\Console\Application->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#19 /var/www/html/console.php(100): OC\Console\Application->run()
#20 /var/www/html/occ(11): require_once('/var/www/html/c...')
#21 {main}    0/0 [->--------------------------]   0%Configuring Redis as session handler
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.1X.X.XX. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.1X.X.XX. Set the 'ServerName' directive globally to suppress this message

Seems like the news app updating process threw an exception. After searching for a minute I found this thread, where someone got the same error and just manually disabled the maintenace mode. So I did the same:

$ docker exec --user www-data nextcloud-app_1 php /var/www/html/occ maintenance:mode --off
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Maintenance mode disabled

Went back to the WebGui, logged in and he asked me to update the news app. Now the update finished without problems.

[ZFS] Send unencrypted dataset to encrypted pool

I recently added some disks to my TrueNAS server and created a new encrypted pool named data2 on it. My old pool data was created years ago, before the zfs encryption feature was released, so it is an unencrypted pool. Now I wanted to move a dataset, i.e. photos, to my new pool data2. I tried to archive this via TrueNAS Gui using the Replication Task, but always got errors that it’s not possible to send unancrypted data to an encrypted pool.

On Reddit I found a thread with a solution using the parameter -x encryption.

Because I prefer keeping all my snapshots when moving a dataset, I send my oldest snapshot first.

zfs send -v data/photos@manual-01-05-2019 | zfs recv -x encryption data2/photos

In the next step I created a new snapshot and did an incremental send with the paramter -I (send incremental snapshots).

zfs send -v -I data/photos@manual-01-05-2019 data/photos@manual-01-10-2020 | zfs recv -F -x encryption data2/photos

Compare the folders with:

diff -qr /mnt/data/photos /mnt/data2/photos
#or in background
diff -qr /mnt/data/photos /mnt/data2/photos >> diff.output & disown
#check if process finished with "ps"
less diff.output

Check if all Snapshots were replicated with:

zfs list -t snapshot | grep data2/photos

After that I just changed the path for my NFS photo share and did a sudo mount -a on the clients. Now the whole dataset is moved and encrypted.