TrueNAS Core (FreeBSD) / TrueNAS Scale (Debian)
XigmaNAS (FreeBSD/FreeNAS, ehemals NAS4FREE)
OpenMediaVault (Debian)
Xpenology (bootloader for Synology’s DSM)
OmniOS Community Edition (Illumos) mit Napp-IT
Rockstor (CentOS)
YunoHost (Debian)
Proxmox (Debian)
OmniOS Community Edition (Illumos)
SmartOS (Illumos)
Danube Cloud (SmartOS)
XCP-ng (XenServer / heute Citrix Hypervisor)
Recently I saw this tutorial about monitoring Nginx with Netdata and tried it by myself. I have running Netdata on my Proxmox Host and Nginx inside LXC. So I could skip step 1 and 2 of the tutorial. Since I’m using the super simple nginx-proxy-manager, which comes as docker deployment, it took me some minutes to figure out, how to enable the Nginx ‘stub_status‘ module (which is step 3 of the tutorial). Here’s what I did.
SSH into the LXC where the Nginx Docker is running. Look up the nginx container name (root_app_1) and open a shell in the running container.
docker ps
docker exec -it root_app_1 /bin/bash
Check if the ‘stub_module‘ is already enabled. The following command should return: with-https_stub_status_module
I got it from here.
nginx -V 2>&1 | grep -o with-https_stub_status_module
Next add a location to the nginx ‘server {}‘ block in the default config, to make it reachable via Netdata. The tutorial goes to ‘/etc/nginx/sites-available/default‘, another tutorial is editing ‘/etc/nginx/nginx.conf‘, but I found the default config in ‘/etc/nginx/conf.d/default.conf’.
nano /etc/nginx/conf.d/default.conf
If nano is not installed (bash: nano: command not found), just install it. Get more information here or here.
apt update
apt install nano -y
Insert the new location in the server { listen 80; …..} block. In my case I have running Netdata on my Proxmox host, so i added localhost and my Proxmox ip.
location /nginx_status {
stub_status;
allow 192.168.178.100; #only allow requests from pve
allow 127.0.0.1; #only allow requests from localhost
deny all; #deny all other hosts
}
Save, exit your docker container and restart it.
docker restart root_app_1
SSH into Proxmox and check with curl, if you able to reach the new nginx location.
For the last step Configure Netdata to Monitor Nginx (step 4) , just follow the Netdata Wiki. Place a new file called nginx.conf on your Netdata host.
nano /etc/netdata/python.d/nginx.conf
Because Netdata is not running local, use ‘remote‘ following the url, instead of local and localhost.
update_every : 10
priority : 90100
remote:
url : 'https://192.168.178.197/nginx_status'
Restart Netdata and your are done.
sudo systemctl restart netdata
The Perfect Media Server – 2019 Edition
Intel Xeon CPU Comparison Spreadsheet
HDD Purchase Methodology:
Both, Nextcloud and Collabora, are recommending the Docker installation for Collaboraoffice (here and here). But I wasn’t able to get the Collabora Docker Image running succesfully inside an Debian Buster LXC. There were appearing some errors and as far as I understand, it has something to do with running an LXC on ZFS. After spending about 3 hours I gave up and did a manual installation.
For a current installation guide, have look on their website here.
Install https support for apt and add Collabora CODE repository. (CODE = Collabora Online Development Edition)
sudo apt install apt-transport-https ca-certificates
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0C54D189F4BA284D
Add the Collabora CODE repository to the apt sources list.
nano /etc/apt/sources.list.d/collabora.list
Add the following line for Debian Buster:
deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-debian10 ./
Now update the repository and install Collabora. (lool = LibreOffice OnLine)
sudo apt update
sudo apt install loolwsd code-brand
You have to edit three sections in the config: SSL handling, inserting your Nextcloud domain as WOPI client and add some credentials for webinterface. So open the config with:
nano /etc/loolwsd/loolwsd.xml
<ssl desc="SSL settings">
<enable type="bool" desc="Controls whether SSL encryption is enable (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">false</enable>
<termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses https." type="bool" default="true">true</termination>
<storage desc="Backend storage">
<filesystem allow="false" />
<wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
<host desc="Regex pattern of hostname to allow or deny." allow="true">localhost</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">nextcloud\.domain\.org</host>
<admin_console desc="Web admin console settings.">
<enable desc="Enable the admin console functionality" type="bool" default="true">true</enable>
<enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
<username desc="The username of the admin console. Ignored if PAM is enabled.">user_name</username>
<password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password.">super_secret_password</password>
Now restart loolwsd and check the status.
systemctl restart loolwsd.service
systemctl status loolwsd.service
Check if the https connection is working via browser https://ipaddress:9980 or curl:
curl -vkI https://localhost:9980
You can reach the webinterface with:
https://ipaddress:9980/loleaflet/dist/admin/admin.html
Go to your reverse proxy, in my case it’s nginx proxy manager, and add another subdomain for collabora with an SSL certificate.
You also have to add a few custom locations. Look at the Collabora website for the some nginx configs. I used the second with “SSL terminates at the proxy”. I also added the given custom locations via the webui, e.g.:
You should now be able to reach Collabora through your new subdomain via https.
https://collabora.your.domain.org/
And if you added /lool/adminws in your nginx config, you can also access the webui.
https://collabora.your.domain.org/loleaflet/dist/admin/admin.html
The easiest part is to install the Collabora Online App.
If done, go to Settings -> Collabora Online and set your Collabora Domain https://collabora.your.domain.org/ in here. Apply and edit your first excel in Nextcloud.
Done! 🙂
Look for a specific snapshot of your LXC.
sudo zfs list -rt snapshot | grep data/lxc/subvol-101
I just want to rollback 2 hours, so I choose the snapshot with timestamp 2019-12-05-1117.
...
data/lxc/subvol-110-disk-0@zfs-auto-snap_hourly-2019-12-05-0917 11,7M - 24,2G -
data/lxc/subvol-110-disk-0@zfs-auto-snap_hourly-2019-12-05-1017 11,9M - 24,2G -
data/lxc/subvol-110-disk-0@zfs-auto-snap_hourly-2019-12-05-1117 11,7M - 24,2G -
data/lxc/subvol-110-disk-0@zfs-auto-snap_hourly-2019-12-05-1217 11,8M - 24,2G -
data/lxc/subvol-110-disk-0@zfs-auto-snap_hourly-2019-12-05-1317 12,1M - 24,2G -
If there are one or more snapshots between the current state and the snapshot you want to rollback to, you have to add -r (force deletion) to the rollback command.
sudo zfs rollback -r data/lxc/subvol-110-disk-0@zfs-auto-snap_hourly-2019-12-05-1117
If you already have an LXC with Debian running, add the following three lines to the lxc config (path /etc/pve/lxc/xxx.conf) and reboot the container:
lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.cap.drop:
Now simply install docker.
sudo apt update && apt upgrade -y
sudo apt install apt-transport-https ca-certificates curl gnupg2 software-properties-common
curl -fsSL download.docker.com/linux/debian/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-compose
Running and managing docker containers requires sudo privileges. If you don’t want to type sudo for every commmand, add your current user to the docker group.
sudo usermod -aG docker ${USER}
Docker should now be installed, the daemon started, and the process enabled to start on boot. Check that it’s running.
sudo systemctl status docker
Test if the installtions is working correctly with hello-world.
sudo docker run hello-world
Each container you will create gets a unique ID and name you can look up with “docker ps”. To remove the docker instance just use “docker rm” followed by the ID or the container name.
sudo docker ps -a
sudo docker stop relaxed_williamson
sudo docker rm relaxed_williamson
When receiving an error mounting an NFS share inside your VM:
sudo mount -t nfs xxx.xxx.xxx.xxx:/data/media /mnt/nfs/media
mount.nfs: access denied by server while mounting xxx.xxx.xxx.xxx:/mnt/nfs/media
Just change the network adapter of your VM in VirtualBox from “NAT” to “Bridge Mode”.
As alternative you can force the usage of the TCP protocol when mounting, like it is described here.
Install VirtualBox 6.0 on Linux Mint.
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
echo "deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian bionic contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list
sudo apt-get update
sudo apt-get install -y virtualbox-6.0
Download the Manjaro ISO here.
Run VirtualBox and create a new VM with type “Linux” and version “Arch Linux (64-bit)”. If done, go to Settings -> Display and switch Graphics Controller to “VBoxVGA” to be able to change the screen resolution of your VM. For transparency effects, you can also check “Enable 3D Acceleration”.
(Changing this setting didn’t work on my existing VM, only when creating a new VM. So it’s important to do this step before installing the OS.)
Now go to Storage and add your Manjaro ISO as optical drive.
Start the VM and go through the Manjaro installation process. If done, shutdown your VM, go back to settings and remove the Manjaro ISO as optical drive. Else it will boot again into the installer. Now start the VM again.
To run with the VirtualBox Guest Additions, you only have to install virtual-box-utils inside your VM:
sudo pacman -S virtualbox-guest-utils
Add a Token in you local.json file. If your running ONLYOFFICE on linux you will find the file here:
/etc/onlyoffice/documentserver/local.json
Set inbox, outbox and browser to true and add you token in the secret part for inbox, outbox and session. I just generated a random string via Bitwarden.
"token": {
"enable": {
"request": {
"inbox": true,
"outbox": true
},
"browser": true
},
"inbox": {
"header": "Authorization"
},
"outbox": {
"header": "Authorization"
}
},
"secret": {
"inbox": {
"string": "token_string"
},
"outbox": {
"string": "token_string"
},
"session": {
"string": "token_string"
}
Save the file and run:
supervisorctl restart all
Go to your Nextcloud web interface, open your ONLYOFFICE App and add your token beneath your server url.
Search in the following file for “ipfilter”:
/etc/onlyoffice/documentserver/default.json
Add you domain or IP to the IP rules. Disallow everything else. Use * as wildcard. Also set useforrequest to true.
"ipfilter": {
"rules": [{"address": "url_or_ip", "allowed": true},
{"address": "*", "allowed": false}],
"useforrequest": true,
"errorcode": 403
},
Now run again:
supervisorctl restart all
And test if the service is reachable.
If you have installed Jellyfin inside LXC and have all your media mounted from a ZFS dataset inside your container, it’s possible that you are not able to delete files directly from the Jellyfin WebUi. In this case, you have to add the user “jellyfin” to a group with write access on your dataset. In my case, the group “nocin”.
usermod -a -G nocin jellyfin