Selfhosted

265 readers
1 users here now

founded 1 year ago
MODERATORS
1
 
 

Hey guys. I've been spending the last few months setting up my home server. Lot's of troubleshooting was needed, since I am somewhat of a beginner.

Now fail2ban works really well. In fact, it works too well. I've banned myself on some occasions. Here is how I set it up:

I have a filter/jail, that looks for forcefull browsing using the nginx proxy manager access logs. I've used the following filter:

[INCLUDES]

[Definition]

failregex = ^.* (405|404|403|401|\-) (405|404|403|401) - .* \[Client <HOST>\] \[Length .*\] .* \[Sent-to <F-CONTAINER>.*</F-CONTAINER>\] <F-USERAGENT>".*"</F-USERAGENT> .*$

ignoreregex = ^.* (404|\-) (404) - .*".*(\.png|\.txt|\.jpg|\.ico|\.js|\.css|\.ttf|\.woff|\.woff2)(/)*?" \[Client <HOST>\] \[Length .*\] ".*" .*$

This fishes out all those errors - so far, so good. The problem is, that for some reason, my nextcloud install throws a lot of those errors every now and then. I have no clue why. Everything works, file transfers, browsing the web ui, settings - no trouble. Still, those errors show up in the npm log, for example:

[22/Jun/2023:18:44:24 +0200] - 404 404 - GET https ###SERVERURL### "/remote.php/dav/files/Pete90/Upload/Scan/Z/2023-06-22%2011-27%201.pdf" [Client ###IP### [Length 218] [Gzip -] [Sent-to ###SERVERLANIP###] "Mozilla/5.0 (Android) Nextcloud-android/3.25.0" "-"

This must habe been the android nextcloud app, as it was automatically uploading some files.

Now here is where I need help. I've started adding things to the ignoreregex and this works as a workaround. But new error types show up every now and then which I have not added an ignoreregex for. This seems inefficient:

|.*PROPFIND.*files/Pete90.*Gzip.*|/ocs/v2.php/apps/text/workspace\?path=.2F|.*(?:/index.php/.well-known/nodeinfo|/index.php/.well-known/webfinger)|.*/core/preview.*$    ADD MORE LIKE THIS |.*REGEXYOUWANTTOIGNORE.*$

What would you do, to prevent this? Is there something wrong with my nextcloud setup? Can I find a more general regex than the ones I used? Simply exclude nextcloud from the forcefull browsing filter (I've setup a different filter/jail for nextcloud itself). Any input is appreciated!

2
 
 

Ich überlege gerade, weitere Dienste wie einen Mailserver von außen erreichbar zu machen. Bevor ich mich jedoch mit DNS records, cloudflare usw. auseinandersetze wollte ich mal hier eure Erfahrung einholen bzgl. Stabilität, Zuverlässigkeit, Latenz, Bandbreite, etc. , v.a. wenn man sowas alles über einen privat genutzten DSL Anschluss macht. Ich habe hier 40 Mbit/s upstream, merke aber schon, wenn wir zb. von außen per VPN alles über das Netzwerk laufen lassen (#pihole). Wie sind eure Erfahrungen? Was sind eure do‘s und don’ts?

3
 
 

So viel leer, darum dachte ich mir ich fange mal an ;-) Dabei überspringe ich mal die beliebten Klassiker wie home-assistant, pihole, portainer, etc. die ich bisher immer in solchen Auflistungen las:

  1. changedetection.io - parse sämtliche URLs und lasse dich über Veränderungen auf diesen Seiten benachrichtigen.
  2. frigate - verbinde sämtliche Kameras, zeichne auf und erkenne Objekte. Lässt sich super mit home-assistant verbinden
  3. memos - sehr leichtgewichtiger, Notizen/microblogging dienst mit hashtags
  4. kuma - uptime monitoring.
  5. stash - Video/clips/Bilder Verwaltung v.a. für NSFW Inhalte.
4
 
 

Orb is a free and open source web desktop, which simulates a Windows-like desktop in a web browser. You can use it to access files on a server or a NAS in an easy and secure way.

Orb demo: https://desktop.leisink.net/