Backup failing (flaky CIFS mount)

@girish said in Backup failing:

@iqweb Are you also using CIFS/NFS?

Yes - storage provider: CIFS Mount

@p44 said in Backup failing:

@iqweb Still on Hetzner storage?

Yes - Hetzner storage box

& again - I had to reboot to be able to remount.

@p44 said in Backup failing:

@robi right suggestions.

@girish I had this problem again: all backup folder this morning where unmounted...

I've had the same thing again too

same here on a Hetzner storage box 2 days back - couldn't manually remount either. Had to reboot & then remounted automatically as per /etc/fstab.

Re: Volumes - I think this will create a solution for something that I have been trying to resolve - i.e. Nextcloud app backups WITHOUT the data!

I want to be able to back up the app via Cloudron natively - but backup the data via borg/restic/kopia or the like. This looks like it could resolve this issue if the data was an attached volume. Very much looking forward to this feature if it's like that.

Actually @nebulon - that's what I meant all along - mounting a local folder in the External Storage app - would that work or only as @girish said - after the 6.0 release because of Nextcloud being in a container?

Thanks for the quick reply nebulon. Regarding what I quoted from the docs about mounting an existing server directory as 'external storage' not being supported, - is it not recommended or is that it simply can't be done with a Cloudron Nextcloud install?

What I mean is - let's say if I use Rclone to mount a Google Drive or Mega account to /mnt/webstorage could I then use the 'local' option in External Storage to 'attach' that drive as External Storage to the relevant users. This can work on a non-Cloudron Nextcloud, is there something that stops it on Cloudron?

Hi,
I am looking for a solution for the following scenario:

We need to upload & download approx 250GB of large video files per week. There would probably be about a maximum of 500GB but could reach more, on the server at any one time. This is in addition to our normal Nextcloud use for internal files. I don't really want to add this as Block storage to our server as that would be too expensive.

I tried adding External Storage to a Hetzner Storage box (that's what we use for backups via SMB) but we have found that it is a bit slow. Our users are used to sharing our large unedited video files via mega or google drive & their upload/download speeds are much faster with those services. The Google Drive External Storage app for Nextcloud doesn't work anymore with the current versions of Nextcloud.

I was thinking of maybe using RClone to locally mount a mega or google drive account & then add that as local External Storage. I noticed in the Cloudron docs that:

Mounting an existing server directory as 'external storage' on Nextcloud is currently not supported.

So will this not work?

I have also tried out Wasabi S3 storage which is very competitively priced but they have a model that you are charged for any upload for a full 90 days even if you delete the file within 90 days. This wouldn't really suit us as we are generally deleting the files within a few days once a client has downloaded them.

Does anyone have in mind any suitable solution for our needs?

Seems to be working for me now too!

I'll switch back to rsync with hardlinks & try touching the error files too

I also asked hetzner support about hardlinks & they said:

It seems that Samba is transferring the Hard Links correct, but not always showing them correct.
You could use rsync directly, in order to back up your data to the Storage Box.
For example:
-----------------%<-----------------
rsync --progress -H -e 'ssh -p23' --recursive <local_directory> <username>@<username>.your-storagebox.de:<target_directory>
-----------------%<-----------------

Also - like msbt - it was working in the beginning & then started giving errors about hardlinks.

jdaviescoates - Do you mean the borgbackup to Hetzner storagebox - or the Synology pull?

nebulon - Is there a way to do a cloudron app only -minus nc data backup? I'm only able to keep 2 days of native cloudron backups at the moment & would very much prefer more than that!

Hi - is there anyway to make cloudron backups for Nextcloud excluding the data folder. I find the internal cloudron backup a bi impractical for large datasets.

I am using a Hetzner smb mounted storagebox share & rsync can't use hardlinks so I have to do full non-incremental backups & as can be expected - quickly run out of space. I am however using borg to backup to the same storagebox & that is deduplicated so uses space efficiently. I also pull a backup of the Nextcloud every night to our Synology NAS.

I would prefer though to still have a cloudron native backup of the Nextcloud app/db minus the data. Is that possible? If not - could it become possible in a future update?

Thanks

We have Nextcloud installed with a TURN server manually provisioned as per my post: https://forum.cloudron.io/topic/1846/manual-coturn-install-for-nextcloud/10?_=1585310908753

I have held back on the update as I wanted to know whether I should disable/uninstall what I've done to manually provison a TURN server. TBH - I would prefer to go with the 'official' integrated version from Cloudron.

Also - does the new update add a A record for a TURN server? If so - should I delete the existing one before I go ahead with an upgrade too?

HI, thanks for the prompt reply. I logged in with another browser & it seems that the certificate has renewed itself now so everything is back to normal.

When the problem was there earlier on today, I noticed when browsing /home/yellowtent/boxdata/certs - the my.****. certs where modified on 03/08/2019 - 90 days ago, so they must have expired. Now with everything working - the date is 03/10/2019, so it was renewed between then & now without any input from me. Aren't the certificates supposed to be renewed automatically before 90 days? It seems to have only been renewed after exactly 90 days. Is there anything that I can do/check at my end to prevent this from happening again?

It seems that our certificate for the my.*****. has not been renewed & has fallen back to a self-signed certificate. The support documentation regarding manually renewing certificates requires logging into the dashboard. I cannot do this due to HTTP Strict Transport Security (HSTS). I can't add an exception and login.

How can I do this over ssh manually?

Hi,

We have cloudron running on a hetzner VPS with attached block storage, all running fine with no problems. We also mount hetzner storage box space via a samba share for backups. As per the advice in the documentation this mounted via fstab using the provided info: //<samba url> /backups cifs uid=yellowtent,gid=yellowtent,user=<user>,pass=<pass>,iocharset=utf8 0 0.
This would only work by manually installing the required kernel modules for the iocharset=utf8 option by using:

sudo apt install --no-install-recommends linux-modules-extra-$(uname -r)

This works fine but every time there is an automatic kernel update, updated modules are not installed automatically and as a result the samba mount fails. This results in failed backups.

I have two questions

1. Is there a way to automate the modules installation when kernel updates happen?
2. Is there a way to receive failed (or even successful) backup email notifications to avoid not noticing that backups are not happening?

Ok - here's how I got it working. This was worked out by checking out various posts on the Nextcloud and also an excellent, simple tutorial on my vps host's tutorial site, Hetzner.

This is a detailed how-to to enable voice/video/screensharing support in Nextcloud Talk installed in Nextcloud on Cloudron that is available from outside the local network by installing coturn turn/stun server.

Prequisites:
Nextcloud and Nextcloud Talk installed on Cloudron
'A' record setup on your DNS registrar's admin panel pointing to your cloudron server's public ip address with a name record chosen by you e.g. 'turn'

All the below commands should be run as root or with sudo.

1. Install coturn and persistent iptables:

apt-get install coturn iptables-persistent

2. Temporarily stop coturn:

systemctl stop coturn

3. Open ports for use with coturn (default ports in this example)

iptables -I INPUT -p tcp --dport 5349 -j ACCEPT
iptables -I INPUT -p udp --dport 5349 -j ACCEPT
iptables-save > /etc/iptables/rules.v4

4. Enable coturn daemon

Open the file /etc/default/coturn and remove the # in front of TURNSERVER_ENABLED=1 (i.e. uncomment it)

5. Make a backup of the original turnserver.conf file:

mv /etc/turnserver.conf /etc/turnserver.conf.orig

6. Create new /etc/turnserver.conf using nano or vim or whatever editor you choose as below referring to the comments for changes to be made for your installation:

#the port that you opened using iptables
tls-listening-port=5349

fingerprint
lt-cred-mech

use-auth-secret
# this is created by running the sed command in the detailed instrucions
static-auth-secret=replace-this-secret

# the domain that you create an A record for
realm=aaa.bbb.ccc

total-quota=100
stale-nonce=600

# the host domain certs that were created by cloudron on installation
cert=/home/yellowtent/boxdata/certs/xxx.yyy.host.cert
pkey=/home/yellowtent/boxdata/certs/xxx.yyy.host.key
# this will be created using openssl
dh-file=/home/yellowtent/boxdata/certs/dhparam.pem

cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"

no-sslv3
no-tlsv1
no-tlsv1_1


no-stdout-log

# this can be watched using tail -f for troubleshooting
log-file=/var/tmp/turn.log

# once everything is confirmed working you can comment out the above line & uncomment the following

#log-file=/dev/null

no-loopback-peers
no-multicast-peers

proc-user=turnserver
proc-group=turnserver

7. Create DiffieHellman (dhparam.pem) key exchange file for better TLS security. (this can take sometime - be patient)

openssl dhparam -out /home/yellowtent/boxdata/certs/dhparam.pem 4096

8. Start coturn

systemctl status coturn

9. In Nextcloud, login as an admin & go to the settings page & scroll down to the Talk settings. Add a new TURN server using the domain name you created an A record that appears in your turnserver.conf file after realm= followed by a colon with the tls-listening-port number that you opened - e.g. aaa.bbb.ccc:5349 and for secret enter the static-auth-secret in your turnserver.conf. Choose UDP and TCP. It should then check that it is working and a checkmark will temporarily appear confirming it works. You can also optionally enter the same server:port combination for adding your own STUN server.

You can go ahead & test a voice & or video chat between 2 clients. To troubleshoot you can tail the latest log file while attempting a chat e.g.

tail -f /var/tmp/turn_2019-08-23.log

I have good news! I have manged to get it working - voice/screensharing tested successfully! I haven't tested video yet but I'm pretty sure it should work. I'm on the road at the moment but I'll post a write up in the next day or so.

Just to clarify - it is working with tls on coturn, installed & configured on the same vps as the cloudron install. It was very simple - just needed to get the turnserver.conf correct with a generated dh file & host certs in the yellowtent/boxdata/certs folder.

Apologies for bumping a month-old thread. Has anyone been able to get this working?

I have tried installing coturn on the host, adding iptable entries to open the tcp/udp ports, made them persistent & still no go. I'm not sure if I've setup the certs correctly. I pointed the config file to the host certs in /home/yellowtent/boxdata/certs. I have also tried without tls - still no go.

Anyone? I would of thought that many people using Nextcloud in a company/organisational setting would definitely benefit from Nextcloud Talk.

The Nextcloud forum has a decent guide & the official Nextcloud VM has an install script available.

Would be ok to manually install coturn on the Cloudron server as per their instructions? If so, how would I open the coturn port on the server without messing up any cloudron security?

I have seen that there is already a app wishlist entry for a turn server for Nextcloud Talk. Has anyone been able to install anything manually in the meantime so that webrtc can work on Nextcloud Talk? Either on the cloudron server directly - or on another server?

It's a bit of a blocker for us at the moment. We could setup Nextcloud & a turn server on Ubuntu directly without cloudron, but as we're a small NGO, cloudron is a much easier solution to support without a dedicated IT department.

Does anyone have any ideas?