Proxmox CIFS Network Storage Error “create storage failed: error with cfs lock ‘file-storage_cfg’: mkdir /mnt/pve/network-storage-backups/snippets: Permission denied at /usr/share/perl5/PVE/Storage/Plugin.pm line 1027. (500)”

Uncategorized
Samba needs to be configured (at the share location) to allow the user that you are connecting with to actually connect.  In Linux you can create a Linux user and grant that user samba access.  The samba password can be different than the Linux account password.  Before you can add a samba password to this user you must have created a Linux user.  If you already have a Linux user then you can just add that user to samba. Ensure you have your "smbpasswd -a" set for the user. This would be something like "sudo smbpasswd -a joe".  Enter the samba password that you want to add for this Linux user. On the Proxmox storage setup screen you enter the samba password instead of the Linux user's password unless they…
Read More

DNS Authentication with LetsEncrypt for wildcard certs with Namecheap as your registrar

Uncategorized
I'd been attempting to switch from http preferred challenges for cert renewal/verification.  The reason is that the certbot program fails in cases where if I have existing domains in the cert adding more domains or subdomains to existing certs fails.  Basically when you try to add new domains or where the subdomain is new to an existing domain that's listed in the cert, certbot using "--preferred-challenges http" fails with error messages that do not make sense to the average person, even those that that used Letsencrypt since their inception. In my case I had to add two domains to my cert and also to add a series of subdomains for each new domain to make the domain operate just like the existing ones would.  I also had to add a…
Read More

channel 3: open failed: connect failed: Connection refused

Uncategorized
When using SSH -L <port>:localhost:<port> <destination> it means you are trying to do an SSH port forward.  This means that any traffic normally bound to <destination> is routed to the machine you executed the command on until you close the SSH connection. If for instance you are trying to access the Proxmox webui which has its port active on 8006 you'd need something like: ssh -L 8006:localhost:8006 192.168.1.25 If it is an Internet connection obviously the 192.168.1.25 would be changed to indicate the appropriate IP address and -p <port>. Sometimes you will receive the message: "channel 3: open failed: connect failed: Connection refused" This means that you are trying to connect to a port that isn't broadcasting.  This could be because you are actually trying to connect to the wrong…
Read More

Proxmox/SSH/Rsync fun

Uncategorized
Everyone in my business knows that backing up is so utterly important that you just do it.  The more important the system is the more important it is to back it up.  For instance, backing up your web server/site is extremely important.  If you run your business, if you rely on that web server to communicate with your customers, then you must back it up.  What I'm writing about today isn't how you back up your server nor services, rather it's a tale about what's involved (considerations and pitfalls) in doing it.  Doing it right is important, and doing it right allows a quick recovery -- in the event of a potentially catastrophic failure of hardware or software.  Part of what I'm pointing out is that doing it consistent with…
Read More

Re-configuring Cables to make the most effective use of VLANs

Uncategorized
So, I am very strict on what comes in and goes out of my network.  Most of it is a privacy thing.  Without your privacy you have nothing.  Bear that in mind. I have pfsense set up and it uses something called pfblockerng-dev (the development version of the package) and within that is something called DNSBL (or Domain Name System Block List).  It works like the pihole except it is much more extensive.  Unfortunately it can get in the way as I fix customer computers and those need access to some parts of the Internet that I normally have blocked.  The machines generally are here for a short time and are here for cleaning and other types of repairs. With pfsense I set up a couple VLANs to keep the…
Read More

Updating from Nextcloud 15.x to 16.x issues due to PHP 7.0 — it requires PHP 7.1 or newer.

Uncategorized
There's a message when you execute the updater on nextcloud to bring you to version 16 of nextcloud.  It dumps out some dorky message about php7.0 but doesn't actually tell you unless  you click the link it dumps.  If you do it takes you to some page where they claim php7.0 is insecure and they give you a timeframe where you need to complete an upgrade from something like 7.0 to 7.2 or 7.3 and if you don't then it's your fault for running an insecure version of PHP 7.0 The problem is that updating from 7.0 to some other version is more than just updating to 7.2 or 7.3.  You have all sorts of dependencies that also need to be updated. Even though 7.2 or 7.3 gets installed properly…
Read More

Nextcloud 14.0.3 update

Uncategorized
Nextcloud though a good concept has issues that always seem to crop up during the update process.  Now there are quite a few things that are problems here. Stuck on an old version and it won't let you update via the interface running the occ command to update says you are up to date if you run the ../updater/pharupdater it fails saying that it can't delete old resources -- like that matters one freaking bit as far as completing the update goes.  Tell me where they are and I'll delete them afterwards. insufficient feedback during the update and error messages are unclear and seemingly meant only for the developers. expecting that their lack of documentation on updater errors is ok and that you should pay them.  That's just bad business.…
Read More

Postfix Won’t Send Emails with Attachment error: SMTP Error: [550] 5.7.1 (base_64)

Uncategorized
More tightening of the reigns on email has resulted in the inability to send emails with attachments.  This wasn't intentional.  I was following various guides and someone had some additional header_checks entries that I felt would help reduce spam.  In the middle of all the entries is the following: /^Content\-Transfer\-Encoding:(.*)base64$/ REJECT (base_64) This little line keeps all emails with attachments from going out.  In the /etc/postfix/header_checks file is where you put restrictions on incoming and outgoing email.  It is meant to keep mail users from getting spam and from forwarding spam emails with malicious content to others in the business or to others on the internet.  That line though can be dangerous if you aren't familiar with email and could cause you unintended grief if you just copy other's work,…
Read More

Nextcloud and error 503 Service Unavailable (seemingly suddenly seemingly randomly)

Uncategorized
Some of these things just annoy you to death.  Suddenly I find that I am getting this error whenever I access my nextcloud instance, which I happen to be using more and more and more every day. I had been tightening down my security on my containers on the proxmox server and had discovered that I needed to put some exclusion IPs in fail2ban.  I did that for several containers and must have been interrupted by a customer or two and I know I never got back to it. I also put in fail2ban on several containers that were missing it and I ensured that certificates were valid and being updated properly by letsencrypt.  So, I was tightening the screws and sealing the doors so to speak, but interruptions are…
Read More

When you SSH in with an RSA key but you keep getting prompted for your password

Uncategorized
One cause is your home folder permissions are wrong. Just sudo chmod 775 /home/jimbo Replace your user home folder name for jimbo. This annoyed me to no end till I found this.   Edit (11-12-2020): There is another obscure cause of this. No matter what I tried I constantly was being prompted for a password even though the permissions were correct as described above. My final solution was to backup the data in the account and to delete it, reboot the proxmox lxc container and then add the account back.  This fixed it.
Read More