Matt The Horwood

I have been running nextcloud for some time, it was running very quickly. But the v28 update seems to have broke some of the extra apps, like groupfolders.

That said, it’s very much a system that needs good hardware to run it well

I’ve been through everything on the install guide and update I can find, it looks to be the groupfolders app that looks for expired items every 5 minutes. It gets better if I stop Cron or delete the job

My nextcloud was almost instant, then the upgrade to v28 seems to have broke a load of things and now is very slow.

• nginx LB in LXC
• qemu vm with PHP and nginx on it
  • as many PHP optimisations as I can find
• qemu vm with just mysql
  • as many MySQL optimisations as I can find
• docker notify thing on the docker swarm vms

All on the same host with other things

What?

It’s a single process that runs a ca, it might well be a web service but that’s built in. I use it for SSH certificates in my homelab, setup was a doddle.

Might have a look at the web cert bit, but you might find certbit can connect and get a cert

Have a look a small step ca https://smallstep.com/docs/step-ca/#introduction-to-step-ca

Maybe investigate why it hung?

That could be a sign of something bigger about to kill it altogether

Something to check is the type of USB devices, as I had a hard time with finding enclosures that work.

Some enclosures just don’t work and randomly disconnect

Ok, I dont get your point of view. As I dont see the need to sub path things.

What I do see is a lot of people who seem to think that a sub-path is good security, cheaper to run and lots of other things.

First off, you can get free lets encrypt certs and even a wildcard cert if you know how. Also you can get a SAN cert with a little config of certbot.

Second, you dont need an A record for every domain. You can use a c-name or even a wildcard to catch any domain name.

Then the security is all crap, if the sub path is on the internet it will get found in time. A domain is just more obvious, you can also name the sub domain anything you want. Case in point is my nextcloud on an owncloud sub domain.

If you start to look into ways to automate all that, then things are trivial to add to. I use OVH for my domains, as they provide an API that I can use with certbot to get any certificate I want for my domain. I can also use the API to provision a new subdomain, be that an A record or c-name. But I have a wildcard subdomain so that I can spin up anything on any subdomain and I dont have to do any setup.

• https://knowledge.digicert.com/solution/what-is-san-certificate
• https://certbot-dns-ovh.readthedocs.io/en/stable/
• https://www.a2hosting.com/kb/getting-started-guide/configuring-domain-settings/wildcard-subdomains/

Requiring a full URL will be more of security thing I would guess, as some users put HA on the internet and it could have access to open doors.

Also I have tried things on sub paths and it got very complicated to know where a service was, a domain keeps things easy to setup and manage. As I run internet facing services for my day job, I have to look at both security and easy of maintenance when setting things up.

I would say that if you need a path over domain, its a skill issue and you need to find a better way of working.

I think your missing the point of HAOS, it’s an appliance. You don’t manage it like a normal self host system.

Once you treat it as an appliance, it’s great. Also there is a portainer agent you can run that will connect to a portainer instance.

As for your tunnel issues, maybe the tunnel thing is your biggest issue. I run all my self host stuff on its own subdomain, if I want to route something home I use the site to site VPN I have. Even a cheap ovh vps could be a way to run stuff on subdomains

If I had all the time I wanted to homelab, I would get me a Nas box and run like 10 pis of different vintages as purpose built servers.

A pi to run PHP, a pi to run mysql, a fleet of pis as docker nodes.

Is the caldev URL somehow wrong? SSL verification could be wrong URL or wrong date even

I use OVH for my dedi, they often have sales on -> https://eco.ovhcloud.com/en-gb/

With davx on Android to sync it all, even your contacts

Thanks for the heads up, will wait for 28.0.2 as that is currently cooking.

On the Retention app thing, I got into tagging to remove old backups. Will have in the morning for how I set it up

I’ve not moved to 28 yet, might wait a bit longer from your post. My 27 is rock solid, I don’t understand why so many have issues with nextcloud.

Maybe the docker installs are pants

I think you want to limit to DVD, I think you Amy have Blu-ray

I’ve not seen nebula, that looks a lot like tinc. Iight have to see how hard nebula is to get running.

If your looking for a mesh VPN, tinc is very easy to setup

You could, that would keep home stuff at home

I would move the SSL to your VPS, make that your nginx entry point.

Then use virtual servers in nginx to listen on the wiregiard nic for local stuff and it’s public IP for internet accessible stuff, you could also add in some Auth service for things without MFA.