Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

[ykhodo]

hmm this might be something - when I access a photo folder, everything is getting a

Code:

400 2

error:

Code:

10.0.1.179 - - [23/Jun/2019:22:44:38 -0400] "GET /index.php/core/preview.png?file=Photos/receipts/Blender.png&x=281&y=609&a=1&mode=cover HTTP/2.0" 400 2

I can click pdfs without issues.

 

[ykhodo]

I just fired up a container to test the iOS app, and the previews work fine (it is using nginx instead of caddy). here is a successful request:

Code:

[24/Jun/2019:03:36:43 +0000] "GET /index.php/core/preview.png?file=Photos/Nut.jpg&x=281&y=609&a=1&mode=cover HTTP/2.0" 200 139115 "-" "Mozil
la/5.0 (iOS) Nextcloud-iOS/2.23.7"

 

[ykhodo]

I ended up installing nginx in the jail instead of caddy and everything is working great. I wish I knew more about caddy to be able to solve the issue, but the rest of the scripted set up worked great for me. Thank you @danb35

 

[danb35]

Good to know that's working--unfortunately I'm out of the country and unable to test for a while. Nginx won't handle the certificates on its own, of course; if you want the Let's Encrypt cert you'll need to use a separate client to obtain and renew it (I like acme.sh for this purpose).

 

[Yakje]

Thanks for the great script Danb35!

I just ran the script and the install seems to be succesfull, but whenever i browse to either my local ip or the domain name, nextcloud does not show up in the browser.

The config settings i used are the following:
JAIL_IP="192.168.1.118"
DEFAULT_GW_IP="192.168.2.1"
POOL_PATH="/mnt/tank"
FILES_PATH="/mnt/tank/data"
DB_PATH="/mnt/tank/apps/nextcloud/db"
PORTS_PATH="/mnt/tank/apps/nextcloud/portsnap"
TIME_ZONE="Europe/Amsterdam"
HOST_NAME="mydomain.nl"
STANDALONE_CERT=1
CERT_EMAIL="me@hotmail.com"

This is how i configured the domain records:
all the A records are pointing to my WAN IP


I have the following mount points:


This was the output of the shell, after the installation completed:


I checked if caddy is running, but it does not seem to be running and trying to start caddy is not working either.
The caddy log, shows the following error:
[filebase.nl] Activating privacy features... 2019/06/27 14:07:02 [INFO][cache:0xc0000849b0] Started certificate maintenance routine 2019/06/27 14:07:02 [INFO] [filebase.nl] acme: Obtaining bundled SAN certificate 2019/06/27 14:07:02 [INFO] [filebase.nl] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/ofzLZtZLIaOZlNfW5-GgSy5og1iC4yBo_RER0 2019/06/27 14:07:02 [INFO] [filebase.nl] acme: use tls-alpn-01 solver 2019/06/27 14:07:02 [INFO] [filebase.nl] acme: Trying to solve TLS-ALPN-01 2019/06/27 14:07:27 [INFO] Unable to deactivated authorizations: https://acme-staging-v02.api.letsencrypt.org/acme/authz/ofzLZtZLIaNFHJfW5-GgSyqog1iC4yBo_RER0 2019/06/27 14:07:27 [filebase.nl] failed to obtain certificate: acme: Error -> One or more domains had a problem: [filebase.nl] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem), url:
I figured it should have something to do with my port forwards, but they should be ok i think?

Port forwarding on Router 1:


Port forwarding on ISP modem/router:


Any ideas what i could do to fix it will be greatly appreaciated!

 

[danb35]

I figured it should have something to do with my port forwards,

Most likely--or your ISP is blocking port 443 inbound. Having multiple routers sounds problematic, though--what's that configuration like?

 

[Yakje]

Most likely--or your ISP is blocking port 443 inbound. Having multiple routers sounds problematic, though--what's that configuration like?

My ISP claims it does not block any ports between 1 and 65535, so that should not be the problem. I also used port forwarding for my plex jail, which is working great and i can access it from the outside.

My current configuration is the following (i am not able to change the config because i am sharing the modem with other people) :
1 = ISP Modem/Router (ZTE H369A)- DHCP enabled
2 = Asus RT N66U router - DHCP enabled
3 = My FreeNas box with all the jails

Currently i forwarded port 80 + 443 from my (1) ISP modem/router to my (2) Asus router IP.


and port 80 +443 from my (2) Asus router to my (3) Nextcloud jail IP

 

[danb35]

and port 80 +443 from my (2) Asus router to my (3) Nextcloud jail IP

It's this part that doesn't look right. It appears that you're forwarding the ports from one IP address to the same IP address, which wouldn't do anything at all. I'd be more confident in that diagnosis if your Plex configuration didn't work, because that configuration looks the same.

On the ISP modem/router, what is "Proxy server"?

 

[Yakje]

It's this part that doesn't look right. It appears that you're forwarding the ports from one IP address to the same IP address, which wouldn't do anything at all. I'd be more confident in that diagnosis if your Plex configuration didn't work, because that configuration looks the same.

On the ISP modem/router, what is "Proxy server"?

Proxy server is just a name i gave it, it's nothing physical. It's just ghow port forwarding works in that modem/router. As you can see in the screenshot, the proxy server (port 80 and 443) are linked to the WAN IP of my (2) Asus router 192.168.2.100.
Then in my Asus router i forwarded port 80 and 443 to my nextcloud jail ip = 192.168.1.115

There is no ambiguity as far as i can see?

 

[Yakje]

It's this part that doesn't look right. It appears that you're forwarding the ports from one IP address to the same IP address, which wouldn't do anything at all. I'd be more confident in that diagnosis if your Plex configuration didn't work, because that configuration looks the same.

On the ISP modem/router, what is "Proxy server"?

I made a visual representation of my current network layout, i hope this will help us pinpoint the problem.

 

[NasKar]

trying to test out the script with DNS_Cert. After running the script I can't get to the UI. I've tried https://mydomain.com https://mydomain.com/nextcloud and https://jail_ip and https://jail_IP/nextcloud and nothing happens.

Code:

acme: Could not find solver for: tls-alpn-01
2019/07/06 11:26:23 [INFO] [mydomain.cf] acme: Could not find solver for: http-01
2019/07/06 11:26:23 [INFO] [mydomain.cf] acme: use dns-01 solver
2019/07/06 11:26:23 [INFO] [mydomain.cf] acme: Preparing to solve DNS-01
2019/07/06 11:26:44 [INFO] cloudflare: new record for mydomain.cf, ID 0cadc59079047435f4***a5ee133f
2019/07/06 11:26:44 [INFO] [mydomain.cf] acme: Trying to solve DNS-01
2019/07/06 11:26:44 [INFO] [mydomain.cf] acme: Checking DNS record propagation using [192.168.5.1:53 8.8.8.8:53]
2019/07/06 11:26:44 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]

I think it's a problem with my DNS settings in cloudflare but I'm not sure of the settings.

Backround:
I'm running a Virtualbox Freenas 11.2U1 to test it out.
My PFSense router has no changes made but ports 80 and 443 are open to my nginx version of nextcloud.
I've signed up for a Freenom domain and have cloudflare working in Disc-O-Matic

 

[danb35]

I assume that snippet you posted is from caddy.log, but there should be more to it--it looks like you copied it while it was still working on getting the cert. If it hasn't resolved after a few minutes, what's the rest of the caddy.log, and what does your nextcloud-config look like?

 

[NasKar]

I tried to install in standalone mode and it works using an alternate no-ip domain with open ports 80/443 to test it. After reinstalling in DNS mode here is what I get in
my caddy.log

Code:

Activating privacy features... 2019/07/07 09:42:15 [INFO][cache:0xc0000a0960] Started certificate maintenance routine
2019/07/07 09:42:16 [INFO] acme: Registering account for myemail@gmail.com
2019/07/07 09:42:16 [INFO][mydomain.cf] Obtain certificate
2019/07/07 09:42:16 [INFO] [mydomain.cf] acme: Obtaining bundled SAN certificate
2019/07/07 09:42:17 [INFO] [mydomain.cf] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/v2/961544
2019/07/07 09:42:17 [INFO] [mydomain.cf] acme: Could not find solver for: tls-alpn-01
2019/07/07 09:42:17 [INFO] [mydomain.cf] acme: Could not find solver for: http-01
2019/07/07 09:42:17 [INFO] [mydomain.cf] acme: use dns-01 solver
2019/07/07 09:42:17 [INFO] [mydomain.cf] acme: Preparing to solve DNS-01
2019/07/07 09:42:18 [INFO] cloudflare: new record for mydomain.cf, ID 1c7d29c0db18adf15a6f8a6bfc0d67db
2019/07/07 09:42:18 [INFO] [mydomain.cf] acme: Trying to solve DNS-01
2019/07/07 09:42:18 [INFO] [mydomain.cf] acme: Checking DNS record propagation using [192.168.5.1:53 8.8.8.8:53]
2019/07/07 09:42:18 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2019/07/07 09:42:20 [INFO] [mydomain.cf] acme: Waiting for DNS record propagation.
2019/07/07 09:42:22 [INFO] [mydomain.cf] acme: Waiting for DNS record propagation.
2019/07/07 09:42:24 [INFO] [mydomain.cf] acme: Waiting for DNS record propagation.
2019/07/07 09:42:26 [INFO] [mydomain.cf] acme: Waiting for DNS record propagation.
2019/07/07 09:42:38 [INFO] [mydomain.cf] acme: Waiting for DNS record propagation.
2019/07/07 09:42:50 [INFO] [mydomain.cf] acme: Waiting for DNS record propagation.
2019/07/07 09:43:02 [INFO] [mydomain.cf] acme: Waiting for DNS record propagation.
2019/07/07 09:43:14 [INFO] [mydomain.cf] acme: Waiting for DNS record propagation.
2019/07/07 09:43:26 [INFO] [mydomain.cf] acme: Waiting for DNS record propagation.
2019/07/07 09:43:28 [INFO] [mydomain.cf] acme: Waiting for DNS record propagation.
2019/07/07 09:43:41 [INFO] [mydomain.cf] acme: Waiting for DNS record propagation.
2019/07/07 09:43:43 [INFO] [mydomain.cf] acme: Waiting for DNS record propagation.
2019/07/07 09:43:45 [INFO] [mydomain.cf] acme: Waiting for DNS record propagation.
2019/07/07 09:43:47 [INFO] [mydomain.cf] acme: Waiting for DNS record propagation.
2019/07/07 09:43:49 [INFO] [mydomain.cf] acme: Waiting for DNS record propagation.
2019/07/07 09:43:51 [INFO] [mydomain.cf] acme: Waiting for DNS record propagation.
2019/07/07 09:43:51 [INFO] SIGTERM: Shutting down servers then terminating
2019/07/07 09:43:51 [INFO][cache:0xc0000a0960] Stopped certificate maintenance routine

my nextcloud-config

Code:

JAIL_IP="192.168.5.81"
DEFAULT_GW_IP="192.168.5.1"
POOL_PATH="/mnt/v1"
TIME_ZONE="America/New_York"
HOST_NAME="mydomain.cf"
#STANDALONE_CERT=1
DNS_CERT=1
CERT_EMAIL="myemail@gmail.com"
DNS_PLUGIN="cloudflare"
DNS_ENV="CLOUDFLARE_EMAIL=myemail@gmail.com CLOUDFLARE_API_KEY=*****************"
JAIL_NAME="nextcloud"
DATABASE="mariadb"
INTERFACE="vnet0"
VNET="on"

 

[Mara]

Hi everyone, I made the update 16.0.2 yesterday. Since I have difficulties with my sharing, I get this error:

“You don’t have permission to upload or create files here”


Anyone have this problem too?

EDIT: everything works! I can create, read and upload exept the drag and drop that does not work

 

[jchamie]

Hi everyone, I made the update 16.0.2 yesterday. Since I have difficulties with my sharing, I get this error:

“You don’t have permission to upload or create files here”


Anyone have this problem too?

EDIT: everything works! I can create, read and upload exept the drag and drop that does not work

Yes I had the same problem. Finally found the solution which involves editing one of the javascript files. It is a bug in 16.0.2 which will be fixed in the next release.

Fix:

• change directory to your Nextcloud installation directory (for example /var/www/nextcloud)
• edit the file apps/files/js/filelist.js and change return value in line 1808 (on NC16.0.2) as follows

from

getDirectoryPermissions: function() {
return parseInt(this.$el.find('#permissions').val(), 10);
},

to

getDirectoryPermissions: function() {
return this && this.dirInfo && this.dirInfo.permissions ? this.dirInfo.permissions : parseInt(this.$el.find('#permissions').val(), 10); },


source

https://help.nextcloud.com/t/after-updating-to-nc16-0-2-i-can-not-upload-via-web-ui-by-d-d/56190/2

Note: you will need to hard reload your nextcloud web ui because the old js file will still be in the cache after you have edited

 

[Mara]

jchamie many thannnnnnnks!!

 

[Yakje]

I made a visual representation of my current network layout, i hope this will help us pinpoint the problem.
View attachment 31684

Sorry for "bumping" my own post, but i would really love to get my nextcloud installation up and running. Could anyone tell me what would be the correct way of port forwarding in the visualization i made above.

 

[mapcevn]

Hi guys,

I tried this script couple of times, but no luck unfortunately. Below is what I did.

My system - FreeNAS-11.2-U5 (Build Date: Jun 24, 2019 18:41)

My nextcloud-config file content is as below
JAIL_IP="192.168.1.199"
DEFAULT_GW_IP="192.168.1.1"
POOL_PATH="/mnt/tank"
TIME_ZONE="Australia/Brisbane"
HOST_NAME="mydomain.com"
STANDALONE_CERT=1
CERT_EMAIL="myemail@gmail.com"

Instead of using portforwarding, I placed the nextcloud jail IP at DMZ.

I believe I've followed all steps and prerequisites, the results look promise...

* Stopping nextcloud
+ Running prestop OK
+ Stopping services OK
+ Tearing down VNET OK
+ Removing devfs_ruleset: 5 OK
+ Removing jail process OK
+ Running poststop OK
* Starting nextcloud
+ Started OK
+ Configuring VNET OK
+ Starting services OK

Nextcloud was successfully installed


... but I still get the following issues:

1. /db: No such file or directory
This error msg happened right after I ran the script. For more information, I've already created a dataset named 'db' within the tank before running the script, but the error still persists

2. Destination: /mnt/tank/iocage/jails/nextcloud/root/usr/ports does not exist or is not a directory.

3. Error updating .htaccess file, not enough permissions or "overwrite.cli.url" set to an invalid URL?
This one looks ugly as it is highlighted in RED

4. After installation completed, I'm able to access to nextcloud from internet via mydomain.com, but I was stopped at the front end GUI with the message:
Access through untrusted domain
Please contact your administrator. If you are an administrator, edit the "trusted_domains" setting in config/config.php like the example in config.sample.php.
Further information how to configure this can be found in the documentation.

Moreover, the browser throws a warning that the certificate is invalid.

What am I missing here?
Where can I locate the config/config.php?

 

[mapcevn]

There is another issue - I restarted the machine, then I no longer can access to the installed nextcloud via mydomain.com.
Tried to start the jail, then I got the below error
report_problem RuntimeError
mount_nullfs: /mnt/tank : No such file or directory jail: /sbin/mount -t nullfs -o rw /mnt/tank /portsnap/db /mnt/tank/iocage/jails/nextcloud/root/var/db/portsnap: failed

More info

Error: concurrent.futures.process._RemoteTraceback:
"""
Traceback (most recent call last):
File "/usr/local/lib/python3.6/concurrent/futures/process.py", line 175, in _process_worker
r = call_item.fn(*call_item.args, **call_item.kwargs)
File "/usr/local/lib/python3.6/site-packages/middlewared/worker.py", line 133, in main_worker
res = loop.run_until_complete(coro)
File "/usr/local/lib/python3.6/asyncio/base_events.py", line 484, in run_until_complete
return future.result()
File "/usr/local/lib/python3.6/site-packages/middlewared/worker.py", line 93, in _run
return await self._call(name, serviceobj, methodobj, params=args, job=job)
File "/usr/local/lib/python3.6/site-packages/middlewared/worker.py", line 85, in _call
return methodobj(*params)
File "/usr/local/lib/python3.6/site-packages/middlewared/worker.py", line 85, in _call
return methodobj(*params)
File "/usr/local/lib/python3.6/site-packages/middlewared/schema.py", line 668, in nf
return f(*args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/middlewared/plugins/jail.py", line 619, in start
iocage.start()
File "/usr/local/lib/python3.6/site-packages/iocage_lib/iocage.py", line 1653, in start
callback=self.callback
File "/usr/local/lib/python3.6/site-packages/iocage_lib/ioc_start.py", line 67, in __init__
self.__start_jail__()
File "/usr/local/lib/python3.6/site-packages/iocage_lib/ioc_start.py", line 413, in __start_jail__
silent=self.silent)
File "/usr/local/lib/python3.6/site-packages/iocage_lib/ioc_common.py", line 90, in logit
_callback(content, exception)
File "/usr/local/lib/python3.6/site-packages/iocage_lib/ioc_common.py", line 64, in callback
raise callback_exception(message)
RuntimeError: mount_nullfs: /mnt/tank
: No such file or directory
jail: /sbin/mount -t nullfs -o rw /mnt/tank
/portsnap/db /mnt/tank/iocage/jails/nextcloud/root/var/db/portsnap: failed

"""
The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/middlewared/main.py", line 167, in call_method
result = await self.middleware.call_method(self, message)
File "/usr/local/lib/python3.6/site-packages/middlewared/main.py", line 1098, in call_method
return await self._call(message['method'], serviceobj, methodobj, params, app=app, io_thread=False)
File "/usr/local/lib/python3.6/site-packages/middlewared/main.py", line 1043, in _call
return await self._call_worker(name, *args)
File "/usr/local/lib/python3.6/site-packages/middlewared/main.py", line 1063, in _call_worker
return await self.run_in_proc(main_worker, name, args, job)
File "/usr/local/lib/python3.6/site-packages/middlewared/main.py", line 997, in run_in_proc
return await self.run_in_executor(self.__procpool, method, *args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/middlewared/main.py", line 973, in run_in_executor
return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))
RuntimeError: mount_nullfs: /mnt/tank
: No such file or directory
jail: /sbin/mount -t nullfs -o rw /mnt/tank
/portsnap/db /mnt/tank/iocage/jails/nextcloud/root/var/db/portsnap: failed

 

[danb35]

Could anyone tell me what would be the correct way of port forwarding in the visualization i made above.

Double-NAT is going to be problematic, and I'm not sure that I have much in the way of advice. You're going to need to forward ports 80 and 443 from your first router to your intermediate router, and from there to ports 80 and 443 on the jail. You don't necessarily need to use 80 and 443 on the intermediate router--you could, for example, forward 80/443 in the first to 8080/8443 on the second, and from there to 80/443 on the jail.