...which means that, for some reason, it's serving HTTP over port 443. More to follow on that in another post.https still gives ERR_SSL_PROTOCOL_ERROR as error, Firefox describes it as SSL_ERROR_RX_RECORD_TOO_LONG
Yes, just saw it. It'd be helpful if pull requests were kept to a single issue; as it is I merge (or don't merge) a bunch of unrelated stuff at once.Sent a new pull request.
No, I'm specifically not doing these; I'm using php-fpm with the mod_mpm_event.so to enable HTTP/2 and improve performance.Changed which modules get loaded.
Added PHP7 module to installer.
This isn't a correction; the FQDN should take you directly to Nextcloud without needing to add /nextcloud to the URL.Small correction
I can't see the reason for this; I can't get the method I'm using to return anything other than the full directory name of the script. To test, I just created a short script:SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )"
#!/bin/sh SCRIPT=$(readlink -f "$0") SCRIPTPATH=$(dirname "$SCRIPT") echo $SCRIPTPATH
...which, of course, it shouldn't ever be doing. Let's check a few things inside the jail (it's serving HTTP over port 443.
iocage console nextcloud
to enter the jail): Include etc/apache24/Includes/*.conf
at the end of that file?I'm pretty new to using git so my apologies....which means that, for some reason, it's serving HTTP over port 443. More to follow on that in another post.
Yes, just saw it. It'd be helpful if pull requests were kept to a single issue; as it is I merge (or don't merge) a bunch of unrelated stuff at once.
Since the php module wasn't working correctly at my install I looked up @dureal99d 's guide to fix it since you have based your script on that guide. This got nextcloud to finally work on my NAS.No, I'm specifically not doing these; I'm using php-fpm with the mod_mpm_event.so to enable HTTP/2 and improve performance.
Every time I installed Nextcloud using your script Apache served it's default index.html instead of Nextcloud's index.php. I needed to manually add /Nextcloud to my domain name. Maybe it's due to me using vnet?[/QUOTE]This isn't a correction; the FQDN should take you directly to Nextcloud without needing to add /nextcloud to the URL.
Your test script works as intended, but somehow nextcloud-jail.sh returned a "." when using dirname. I've only changed it to make sure it can't be giving back a "."I can't see the reason for this; I can't get the method I'm using to return anything other than the full directory name of the script. To test, I just created a short script:
Code:#!/bin/sh SCRIPT=$(readlink -f "$0") SCRIPTPATH=$(dirname "$SCRIPT") echo $SCRIPTPATH
...and no matter how I invoke it, it returns the full directory path to its location. I can't get it to return ".", which is what you seem to be indicating. Can you try this, and see if you can duplicate your result?
Everything is there so it should in theory work if we didn't forget anything....which, of course, it shouldn't ever be doing. Let's check a few things inside the jail (iocage console nextcloud
to enter the jail):
- In /usr/local/etc/apache24/httpd.conf, is the line "Listen 443" present and uncommented?
- Is
Include etc/apache24/Includes/*.conf
at the end of that file?- Is /usr/local/etc/apache24/Includes/yourfqdn.conf present?
- What are the contents of that file (masking your domain if you like)?
- Are /usr/local/etc/pki/tls/certs/fullchain.pem and /usr/local/etc/pki/tls/private/privkey.pem present?
- What are the ownership and permissions on /usr/local/etc/pki/tls/private/privkey.pem?
Include etc/apache24/extra/httpd-ssl.conf
was commented, so that's a problem.Everything is there
- Is /usr/local/etc/apache24/Includes/yourfqdn.conf present?
- What are the contents of that file (masking your domain if you like)?
[root@nextcloud ~]# cat /usr/local/etc/apache24/Includes/domain.example.conf
<VirtualHost domain.example:80>
DocumentRoot "/usr/local/www/apache24/data/nextcloud"
ServerName domain.example
Redirect / https://domain.example/
</VirtualHost>
<VirtualHost domain.example:443>
ServerAdmin admin@example.com
ServerName domain.example
DocumentRoot "/usr/local/www/apache24/data/nextcloud"
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/usr/local/www/apache24/data/nextcloud/$1
DirectoryIndex /index.php index.php
SSLCertificateFile /usr/local/etc/pki/tls/certs/fullchain.pem
SSLCertificateKeyFile /usr/local/etc/pki/tls/private/privkey.pem
SSLEngine on
# Modern configuration, tweak to your needs
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
# SSLUseStapling on
SSLSessionTickets off
# SSLOpenSSLConfCmd DHParameters "/usr/local/etc/pki/tls/private/dhparams_4096.pem"
SSLOptions +StrictRequire
<Directory /usr/local/www/apache24/data/nextcloud>
AllowOverride all
</Directory>
<IfModule mod_headers.c>
# Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
</VirtualHost>
No, that isn't a problem.Edit: Include etc/apache24/extra/httpd-ssl.conf was commented, so that's a problem.
No, that isn't a problem.
Your symptoms suggest to me that the virtualhost file (domain.example.conf) isn't being read/used. That would account both for the lack of SSL, and also for the fact that the server isn't giving you Nextcloud directly.
Edit: ownership/permissions on domain.example.conf?
[root@nextcloud ~]# ls -l /usr/local/etc/apache24/Includes/
total 7
-rwxr-xr-x 1 root wheel 89 Mar 15 03:25 no-accf.conf
-rwxr-xr-x 1 root wheel 1538 Apr 2 22:17 domain.example.conf
[root@nextcloud /usr/local/etc]# cat /var/log/httpd-error.log
[Tue Apr 03 00:34:39.379486 2018] [ssl:warn] [pid 59326:tid 34397585408] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Tue Apr 03 00:34:39.382189 2018] [mpm_event:notice] [pid 59326:tid 34397585408] AH00489: Apache/2.4.29 (FreeBSD) OpenSSL/1.0.2k-freebsd configured -- resuming normal operations
[Tue Apr 03 00:34:39.382256 2018] [core:notice] [pid 59326:tid 34397585408] AH00094: Command line: '/usr/local/sbin/httpd -D NOHTTPACCEPT'
That's sounding very bizarre indeed. It does have me wondering if it would be better to just do a single httpd.conf file, removing the need for the separate virtual host file, but that's going to take a good bit of editing.I even tried to copy the contents of these two files to the end of httpd.conf but even that doesn't work.
Probably won't be needed, the error log says that the SSL Session Cache isn't configured, which makes it skip the whole vhost file if I understand it correctly.That's sounding very bizarre indeed. It does have me wondering if it would be better to just do a single httpd.conf file, removing the need for the separate virtual host file, but that's going to take a good bit of editing.
No, it doesn't. Probably should add that directive, but it isn't required. From the Apache docs:which makes it skip the whole vhost file if I understand it correctly.
Edit: I expect we're both going to feel pretty silly when we find the issue, in that it's probably something that's simple, obvious, and staring us in the face.This cache is an optional facility which speeds up parallel request processing.
This should be done now.As a suggestion only it'd be sweet if you'd make us able to store the files, sql files and the port files in different datasets.
I might have found it, though I thought I'd addressed this previously--are you browsing to your jail by IP address or by FQDN?Edit: I expect we're both going to feel pretty silly when we find the issue, in that it's probably something that's simple, obvious, and staring us in the face.
What exactly happened? I just tried it under 11.1-U2 with the script as it now sits, and it seems to have worked fine.U2 doesn't work with the repo as of 11pm eastern on 4/1.
I was getting redirected to freenas gui.What exactly happened? I just tried it under 11.1-U2 with the script as it now sits, and it seems to have worked fine.
I've found a working solution, changingI might have found it, though I thought I'd addressed this previously--are you browsing to your jail by IP address or by FQDN?
<VirtualHost domain.example:80>
and <VirtualHost domain.example:443>
to <VirtualHost *:80>
and <VirtualHost *:443>
and restarting apache made it work.So you were browsing to the FQDN and it didn't work, but changing the VirtualHost declarations to *:80 and *:443 worked? Strange, but easy enough to fix.Somehow it doesn't read my FQDN well.
PDF.js v1.9.426 (build: 2558a58d) Message: Unexpected server response (0) while retrieving PDF "https://heylookitsmydomain.com/remote.php/webdav/Nextcloud%20Manual.pdf".
{"reqId":"TJmvPcekzPLhMJDE8K7W","level":3,"time":"2018-04-03T18:48:40-04:00","remoteAddr":"","user":"--","app":"PHP","method":"--","url":"--","message":"Redis::connect(): connect() failed: Connection refused at \/usr\/local\/www\/apache24\/data\/nextcloud\/lib\/private\/RedisFactory.php#84","userAgent":"--","version":"13.0.1.1"} {"reqId":"k9pcGczJkUWW5lF9wjci","level":3,"time":"2018-04-03T18:48:43-04:00","remoteAddr":"","user":"--","app":"PHP","method":"--","url":"--","message":"Redis::connect(): php_network_getaddresses: getaddrinfo failed: Non-recoverable failure in name resolution at \/usr\/local\/www\/apache24\/data\/nextcloud\/lib\/private\/RedisFactory.php#84","userAgent":"--","version":"13.0.1.1"} {"reqId":"k9pcGczJkUWW5lF9wjci","level":3,"time":"2018-04-03T18:48:43-04:00","remoteAddr":"","user":"--","app":"PHP","method":"--","url":"--","message":"Redis::connect(): connect() failed: php_network_getaddresses: getaddrinfo failed: Non-recoverable failure in name resolution at \/usr\/local\/www\/apache24\/data\/nextcloud\/lib\/private\/RedisFactory.php#84","userAgent":"--","version":"13.0.1.1"}
[Tue Apr 03 18:47:27.569026 2018] [ssl:warn] [pid 99185:tid 34397577216] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache] [Tue Apr 03 18:47:27.575055 2018] [mpm_event:notice] [pid 99185:tid 34397577216] AH00489: Apache/2.4.29 (FreeBSD) OpenSSL/1.0.2k-freebsd configured -- resuming normal operations [Tue Apr 03 18:47:27.575163 2018] [core:notice] [pid 99185:tid 34397577216] AH00094: Command line: '/usr/local/sbin/httpd -D NOHTTPACCEPT' [Tue Apr 03 19:42:16.434706 2018] [proxy_fcgi:error] [pid 164:tid 34399165952] [client xxx.xxx.x.xx:xxxxx] Invalid status line from script 'Nextcloud%20Manual.pdf': 0, referer: https://heylookitsmydomain.com/index.php/apps/files_pdfviewer/?file=%2Fremote.php%2Fwebdav%2FNextcloud%2520Manual.pdf [Tue Apr 03 19:44:03.892212 2018] [proxy_fcgi:error] [pid 99190:tid 34399160832] [client xxx.xxx.x.xx:xxxxx] Invalid status line from script 'Nextcloud%20Manual.pdf': 0, referer: https://heylookitsmydomain.com/index.php/apps/files_pdfviewer/?file=%2Fremote.php%2Fwebdav%2FNextcloud%2520Manual.pdf [Tue Apr 03 19:47:18.073315 2018] [proxy_fcgi:error] [pid 164:tid 34399162112] [client xxx.xxx.x.xx:xxxxx] Invalid status line from script 'Just%20Ship%20It.pdf': 0 [Tue Apr 03 19:51:21.293326 2018] [proxy_fcgi:error] [pid 99188:tid 34397591296] [client xxx.xxx.x.xx:xxxxx] Invalid status line from script 'Just%20Ship%20It.pdf': 0
Indeed there isn't :PAgain from fresh install on Freenas 11.1 U4 using the latest instructions from the git resource, we have a successful nextcloud install.
There's just no stopping you is there @danb35
I'm also experiencing the same issue, I'll take a look.One thing about this install that I noticed is it won't open pdf out of the box on my server at least.
Code:PDF.js v1.9.426 (build: 2558a58d) Message: Unexpected server response (0) while retrieving PDF "https://heylookitsmydomain.com/remote.php/webdav/Nextcloud%20Manual.pdf".
Hey the link I posted was the correct fix. Here were my steps in rough form:Indeed there isn't :p
I'm also experiencing the same issue, I'll take a look.
root@freenas:~ # nano /mnt/iocage/jails/nextcloud/root/usr/local/etc/apache24/Includes/heyitsmydomain.com.conf <VirtualHost *:80> DocumentRoot "/usr/local/www/apache24/data/nextcloud" ServerName heyitsmydomain.com Redirect / https://heyitsmydomain.com/ </VirtualHost> <VirtualHost *:443> ServerAdmin admin@example.com ServerName heyitsmydomain.com DocumentRoot "/usr/local/www/apache24/data/nextcloud" RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] # ProxyPassMatch ^/(.*\.php(/.*)?)$ #fcgi://127.0.0.1:9000/usr/local/www/apache24/data/nextcloud/$1 <FilesMatch \.php$> SetHandler "proxy:fcgi://localhost:9000" </FilesMatch> DirectoryIndex /index.php index.php root@freenas:~ # jexec 3 root@nextcloud:/ # service apache24 restart Performing sanity check on apache24 configuration: Syntax OK Stopping apache24. Waiting for PIDS: 99185. Performing sanity check on apache24 configuration: Syntax OK Starting apache24. root@nextcloud:/ # service php-fpm restart Performing sanity check on php-fpm configuration: [03-Apr-2018 21:18:12] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful Stopping php_fpm. Waiting for PIDS: 98977. Performing sanity check on php-fpm configuration: [03-Apr-2018 21:18:13] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful Starting php_fpm.