After running a few instances for a year or so, through quite a few upgrades, I’ve prepared a comprehensive installation guide for NextCloud and Collabora Office (aka CODE) on Ubuntu 16.04 using Docker and Docker Compose, with Nginx, Let’s Encrypt, PHP7 FPM, and MariaDB. Hope it’s useful to someone, and I’m happy to hear any feedback.
Hi
I posted on your blog, but thought better here, so other can see too.
I’m still a linux newbie, so bear with me.
Didn’t get very far…
After
sudo vim /etc/defaults/ufw
and copy the line DEFAULT_FORWARD_POLICY="DROP" tweak it to look like this (commenting out the default, but leaving it there for future reference!):
#DEFAULT_FORWARD_POLICY="DROP"
DEFAULT_FORWARD_POLICY="ACCEPT"
You also have to edit `/etc/ufw/sysctl.conf` and remove the "#" at the start of the following lines, so they look like this:
sudo vim /etc/ufw/sysctl.conf
# Uncomment this to allow this host to route packets between interfaces
net/ipv4/ip_forward=1
net/ipv6/conf/default/forwarding=1
net/ipv6/conf/all/forwarding=1
I end up not being able to access ufw, with error: ERROR: Missing policy for ‘input’
Then I tried figuring it out:
root@ubuntu-18-v6:~# /lib/ufw/ufw-init force-reload
iptables-restore v1.6.1: Can't set policy `[0:0]' on `OUTPUT' line 5: Bad policy name
iptables-restore v1.6.1: option "-j" requires an argument
Error occurred at line: 7
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.6.1: Couldn't load target `ufw-skip-to-policy-input':No such file or directory
Error occurred at line: 19
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
ip6tables-restore v1.6.1: Can't set policy `[0:0]' on `OUTPUT' line 5: Bad policy name
ip6tables-restore v1.6.1: option "-j" requires an argument
Error occurred at line: 7
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
ip6tables-restore v1.6.1: Couldn't load target `ufw6-skip-to-policy-input':No such file or directory
Error occurred at line: 19
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Problem running '/etc/ufw/after.rules'
Problem running '/etc/ufw/after6.rules'
Any ideas?
Thanks
Sorry for the slow reply! Only just saw this notification… Looks like something has changed with the UFW configuration since I wrote the howto… What version of Linux are you using?
Thanks for replying.
Should have mentioned my server: ubuntu 18.04 (on digital ocean)
Hello there, I was facing a similar problem and was able to recover after ‘completely removing’ and then re-installing both gufw and ufw from Synaptic (which is the equivalent of):
sudo apt-get purge ufw
sudo apt-get purge gufw
sudo apt-get install ufw -y
sudo apt-get install gufw -y
I’m on a regular Ubuntu 18.04 distribution, though. My situation was somehow caused when interrupting (ctrl + c, or keyboard interrupt) a script that sets up ufw as a killswitch if your VPN connection drops.
You can encounter the issue of Docker creating a container subnet that’s different from what’s been explicitly allowed as per my howto… if that’s the case, the easiest (but less paranoid, i.e. less secure) approach would be sudo ufw allow from 172.0.0.0/8 to any which allows all IPs in the full B Class address space range to access the host.