How to install NextCloud 12.3 on FreeNAS 11 with all checks passed

[q_fleuren]

This is a how to install Nextcloud 12.3 with all checks passed on FreeNAS 11.

This is a rewrite of the original post https://forums.freenas.org/index.php?threads/how-to-nextcloud-10-w-apache-php-and-mariadb.46111/ with a few added adjustments where needed to make this fully functional.
I know this works as I have re-emulated this 4 times today to insure its accuracy
Somethings may need to be edited based upon volume name but for the most part plug and play
a great thanks to nathank1989 and all of those that have contributed.

Creating the Dataset & Jail
Create Dataset
Within FreeNAS Userspace:

Storage > Create ZFS Dataset

Code:

Dataset Name = files
Compression level = lz4
Enable atime = Off
All other options default

SQL Data

Code:

Dataset Name = db
Compression level = zle
Enable atime = Off
Record Size = 16K (Under Advanced Mode)
All other options default

Add New user in FreeNAS space:

Code:

Username: mysql
Shell: nologin
Full Name: SQL User
Password: anything

From the Storage Tab
Change Permissions On your Storage volume that houses your jail -> should look similar to this>>> /mnt/your drive name/db

Code:

Owner: mysql
Owner: mysql
Set permission recursively

Create a Jail
Jails > Add Jail

Jail Name: nextcloud

Code:

Template: "------"
IPv4 Address: 192.168.1.99
IPv4 Subnet: 255.255.255.0
Leave all else default

Ensure VIMAGE is checked*
*Unless you have and want to use a separate and dedicated NIC for the jail. The MoBo I use comes with additional network ports.

Add Storage to the same jail you just created

Jail: nextcloud

Code:

Source = /mnt/Cloud/files
Destination = /mnt/files

Jail: nextcloud

Code:

Source = /mnt/Cloud/db
Destination = /var/db/mysql

Setting primary cache In FreeNAS UserSpace Shell
$ zfs set primarycache=metadata Cloud/db

F.A.M.P Installation
In this section we are going to install F.A.M.P, an iteration of LAMP (Linux, Apache, MySQL, PHP). I chose this because I, personally, haven't had much luck with nginx or lighttp. Another guide suggested lighttp and sqlite, but those might not hold up to a good amount of users storing a bit of data.
The setup is:
FreeBSD 11.0
Apache 2.4
MariaDB 10.1
PHP 7.0 or 7.1 **Do NOT install PHP7.2 - Nexcloud is absolutely incompatible with this version as of this writing **
This provides the basis for our webserving jail.

via putty ssh into the jail

From FreeNAS user space run command:
JLS
you will then see your jails, the run commander jexec "And the number of you jail" (example) "jexec 2"

Before we get started, let's add a few necessary packages as they aren't currently installed.
$ portsnap fetch extract
$ pkg install nano wget sudo

We will install each part of FAMP one-by-one. FreeBSD is the Operating system so good to go on that!

Install Apache 2.4
$ pkg install apache24

Setup in rc.conf
$ sysrc apache24_enable=yes

Start Apache
$ service apache24 start

Okay lets Check to see that it works!!!!
open a web browser on a local machine (preferably the machine your on) on your network

Navigate to http://your_jails_ip and you should see the text "It Works!"

Install MariaDB 10.1
$ pkg install mariadb101-server

Setup in rc.conf
$ sysrc mysql_enable=yes

Start MySQL Service
$ service mysql-server start

Run Wizard Script
$ mysql_secure_installation

For this step read and follow prompts.
By default there is no root password, ( you must create a new one when promted just hit enter, and answer Y to all the following questions.

Login to MySQL, create Nextcloud DB and User
$ mysql -u root -p

Enter the password you made for root during MariaDB 10.1 setup.

Enter each of these commands one-by-one, and make sure to include the semi-colon ;

Code:

CREATE DATABASE nextcloud;

CREATE USER 'nextcloud_admin'@'localhost' IDENTIFIED BY 'MAKEUP-YOUR-OWN-PASSWORD';

GRANT ALL ON nextcloud.* TO 'nextcloud_admin'@'localhost';

FLUSH PRIVILEGES;

exit

Replace MAKEUP-YOUR-OWN-PASSWORD with a password of your choosing. You need this for the NextCloud setup.

PHP 7.0
Install PHP and associated modules

Code:

pkg install redis php70 php70-bz2 php70-ctype php70-curl php70-dom php70-exif php70-fileinfo php70-filter php70-gd php70-hash php70-iconv php70-intl php70-json php70-mbstring php70-mcrypt php70-pdo_mysql php70-openssl php70-posix php70-session php70-simplexml php70-xml php70-xmlreader php70-xmlwriter php70-xsl php70-wddx php70-zip php70-zlib php70-opcache mod_php70

or perhaps you prefer

php 7.1
Install PHP and associated modules

Code:

pkg install redis php71-ctype php71-dom php71-gd php71-iconv php71-json php71-mbstring php71-posix php71-simplexml  php71-xmlreader php71-xmlwriter php71-zip php71-zlib php71-pdo_mysql php71-hash php71-xml php71-session php71-mysqli php71-wddx php71-xsl php71-filter php71-curl php71-fileinfo php71-bz2 php71-intl php71-mcrypt php71-openssl php71-ldap php71-ftp php71-imap php71-exif php71-gmp php71-memcache php71-opcache php71-pcntl php71 mod_php71

$ sysrc 'mysql_enable=YES' 'redis_enable=YES'
Configuring Apache for PHP7
Ensure that the rewrite and ssl modules are enabled (uncommented) in /usr/local/etc/apache24/httpd.conf.
$ nano /usr/local/etc/apache24/httpd.conf

in the httpd.conf file search for "ssl_module" by using the bellow command

To search the document

Code:

ctrl+w

Then enter the name of the file you want to search within the document

Code:

ssl_module

To execute the command simply press enter it will find the filename

while still in the same document "httpd.conf"
Uncomment these 2 lines (delete the # at the start of the line) so it looks like this:

Code:

LoadModule ssl_module libexec/apache24/mod_ssl.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so

Remove php5 (if it exist)

Code:

Find & Remove this >> LoadModule php5_module libexec/apache24/libphp5.so
Replace with >> LoadModule php7_module libexec/apache24/libphp7.so

Add php7:

Code:

If you can't find libphp5.so, just add
LoadModule php7_module  libexec/apache24/libphp7.so
to the last of the LoadModule section; right above where it says
# Third party modules IncludeOptional ...

while working in the same file after this line

Code:

LoadModule php7_module libexec/apache24/libphp7.so

Add this

Code:

<IfModule php7_module>
<FilesMatch "\.(php|phps|php7|phtml)$">
	 SetHandler php7-script
</FilesMatch>
DirectoryIndex index.php
</IfModule>

While still in the same file search for:

Code:

<IFModule mime_module>

Then Insert this code directly under:

Code:

AddType application/x-httpd-php-source .phps
AddType application/x-httpd-php		.php

Save & quit

Code:

ctl+x
y
enter

Double check that you see libphp7.so in /usr/local/libexec/apache24
to do this simply search by executing the following commander
$ find /usr -name libphp7.so

it should give you this feedback

Code:

/usr/local/libexec/apache24/libphp7.so

if it does this lets move on!!!!!!!

now lets add a PHP handler

Code:

# cd /usr/local/etc/apache24/modules.d
# touch /usr/local/etc/apache24/modules.d/001_mod_php.conf
# nano /usr/local/etc/apache24/modules.d/001_mod_php.conf

Paste this test in the 001_mod_php.conf file:

Code:

<FilesMatch "\.php$">
		SetHandler application/x-httpd-php
	</FilesMatch>
	<FilesMatch "\.phps$">
		SetHandler application/x-httpd-php-source
	</FilesMatch>

Save & Exit
Once you're done save and close

Code:

CTRL+x, Y, ENTER

Restart apache
service apache24 restart

Configure PHP.INI

Code:

$ cd /usr/local/etc
$ cp php.ini-production php.ini
$ nano /usr/local/etc/php.ini

Code:

find cgi.fix_pathinfo=0 change from =0 to =1

find date.timezone = Change to your timezone (America/New_York) [ SEE: http://php.net/manual/en/timezones.php ]

find post_max_size= change it to 1999M

find upload_max_size= change to 1999M

then uncomment and update the below values to match: (uncomment means to remove the # symbol before any line

Code:

opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

CTRL+X, Y, ENTER

Restart Apache
$ service apache24 restart
Testing with PHPINFO()
Navigate to /usr/local/www/apache24/data/

Code:

$ cd /usr/local/www/apache24/data
$ touch info.php
$ nano info.php

Paste the below code into the info.php file

Code:

<?php
// Show all information, defaults to INFO_ALL
phpinfo();
?>

Save & Exit

Navigate to http://your jails ip/info.php

You should see a full page with all the information regarding your PHP installation.

Now lets Configure REDIS
The purpose is to update redis.conf to run on local socket

Execute command:

Code:

nano /usr/local/etc/redis.conf

In the redis.conf file find the value

Code:

"port" and change it from its default value to 0

uncomment by removing the ; symbol from in front of the below values and edit to match

Code:

unixsocket /tmp/redis.sock
unixsocketperm 777

Add REDIS to rc.conf
$

Code:

sysrc redis_enable=yes

Start REDIS
$

Code:

service redis start

To run redis on a local socket,
Run
ls -al /tmp
you should see redis.sock and mysql.sock in the feedback list.

If you see those two, you're ALMOST DONE!!

Now lets Install NextCloud 12.3

before downloading NextCloud 12.3 navigate to the default apache data directory
$

Code:

cd /usr/local/www/apache24/data

Download Nextcloud:
wget https://download.nextcloud.com/server/releases/nextcloud-12.0.3.zip
Unzip Nextcloud:
$ unzip nextcloud-12.0.3.zip
Give correct owner/ or rather modify the folder permissions:

Code:

chown -R www:www /usr/local/www/apache24/data/nextcloud /mnt/files

Add virtual Host info :
Navigate to: /usr/local/etc/apache24/Includes

Code:

cd /usr/local/etc/apache24/Includes

Touch file: (I used a cloud.* subdomain, if you're not using a sub, remove the 'cloud.')

$ touch YOURDOMAIN.com or org or gov.conf

$ nano YOURDOMAIN*

make your secure file in this format (simply copy and paste):
Be sure to edit the YOURSITE.COM part of the below file with your domain info
(Example) if your domain is "tocool.no-ip.org" enter that and the domain name matches your touch file name.

Code:

<VirtualHost *:80>
DocumentRoot "/usr/local/www/apache24/data/nextcloud"
ServerName YOURSITE.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =YOURSITE.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
#ErrorLog ${APACHE_LOG_DIR}/error.log
#CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /usr/local/www/apache24/data/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /usr/local/www/apache24/data/nextcloud
SetEnv HTTP_HOME /usr/local/www/apache24/data/nextcloud
Satisfy Any
</Directory>
</VirtualHost>

Restart Apache:
$ service apache24 restart
Navigate to the website
http://your jails ip/

You should now see the setup screen for NextCloud!!

If you do, give yourself a pat on the back. Now for the last steps...

NextCloud WebUI
Set up your admin account with a username and password you choose.

Storage & database

Code:

Data folder = /mnt/files

Code:

Database user = nextcloud_admin
Database password = MADEUP_PASSWORD_FROM_BEFORE
Database name = nextcloud
Database host = localhost:/tmp/mysql.sock

Now lets prepare the secure part of your domain file:
Navigate to: /usr/local/etc/apache24/Includes

Code:

cd /usr/local/etc/apache24/Includes
nano YOURDOMAIN*

Copy and paste under the previously entered info

Code:

<VirtualHost *:443>
  ServerAdmin YOUREMAIL
  ServerName YOURSITE.COM
  DirectoryIndex index.php
  DocumentRoot /usr/local/www/apache24/data/nextcloud
  SSLCertificateFile /usr/local/etc/letsencrypt/live/YOURSITE.COM/fullchain.pem
  SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/YOURSITE.COM/privkey.pem
  SSLEngine on
  # Intermediate configuration, tweak to your needs
  SSLProtocol  all -SSLv2 -SSLv3
  SSLCipherSuite  ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  SSLHonorCipherOrder  on
  SSLCompression  off
  SSLOptions +StrictRequire
  <Directory /usr/local/www/apache24/data/nextcloud>
  AllowOverride all
  </Directory>
  <IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
  </IfModule>
  </VirtualHost>

Lets Cache!!!
to setup a complete cache with redis and apcu:

Code:

cd
pkg install p5-Locale-gettext help2man texinfo m4 autoconf
make config-recursive install -C /usr/ports/databases/pecl-redis
make config-recursive install -C /usr/ports/devel/pecl-APCu

then execute the following commands:
for php 7.0 and php 7.1

Code:

$ su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set memcache.local --value="\OC\Memcache\APCu"'
$ su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set memcache.locking --value="\OC\Memcache\Redis"'
$ su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set redis host --value="/tmp/redis.sock"'
$ su -m www -c 'php /usr/local/www/apache24/data/nextcloud/occ config:system:set redis port --value=0 --type=integer'

Additional steps for php 7.1
Navigate to:
nano /usr/local/www/apache24/data/nextcloud/config/config.php
Then change:
'memcache.local' => '\\OC\\Memcache\\APCu',
to
'memcache.local' => '\\OC\\Memcache\\Redis',

service apache24 restart

Lets fix some annoying apache errors!
to get rid of the below error message when restarting apache do the following:

Code:

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK
Stopping apache24.
Waiting for PIDS: 80591.
Performing sanity check on apache24 configuration:
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK
Starting apache24.
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message when stating apache do the following:

Run command:
nano /usr/local/etc/apache24/httpd.conf
Search for "servername" it will look like the below, enter your jails ipaddress xxx.xxx.x.xxx:80

Code:

# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
 ServerName your jails ip:80 <<<<<<<put your serving machines ip address

uncomment the ServerName line (uncomment simply means to remove the # or ; symbol from the front of any line) and wala message will be fixed.

restart apache
service apache24 restart
To add Domains that can connect from outside the lan:
navigate to: /usr/local/www/apache24/data/nextcloud/config/config.php

Code:

nano /usr/local/www/apache24/data/nextcloud/config/config.php

The file will look like the below:

Code:

<?php
$CONFIG = array (
'instanceid' => 'ocwo6kfuc3ve',
'passwordsalt' => '9s6vbvue6FZ3g2AklNJS4Y3S4Y3FG1',
'secret' => 'gzWPI+QgwkIKkYQwmgfGk7oGW87N/jaytyODIEgVfBjCek0y',
'trusted_domains' =>
array (
	0 => '192.168.1.30',
	1 => 'coolp.to.org',<<<add just like this
),
'datadirectory' => '/usr/local/www/apache24/data/nextcloud/data',
'overwrite.cli.url' => 'http://192.168.1.30',
'dbtype' => 'mysql',
'version' => '12.0.3.3',
'dbname' => 'nextcloud',
'dbhost' => 'localhost:/tmp/mysql.sock',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextcloud_admin',
'dbpassword' => 'maria10 database password',
'installed' => true,
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
	'host' => '/tmp/redis.sock',

restart apache using the following command:
service apache24 restart
I cant use VI, its too cryptic so I choose to use nano to set cron jobs, to do so execute the following:

Code:

setenv VISUAL /usr/local/bin/nano
setenv EDITOR /usr/local/bin/nano

Setup NC's cron jobs:
crontab -u www -e

Code:

*/15 * * * * /usr/local/bin/php -f /usr/local/www/apache24/data/nextcloud/cron.php

Now lets secure this server
SSL using Certbot:
Download/Install Certbot
pkg install py27-certbot
certbot certonly --webroot -w /usr/local/www/apache24/data/nextcloud -d YOURSITE.COM
Navigate to /usr/local/etc/apache24/httpd.conf

Code:

cd /usr/local/etc/apache24/httpd.conf

in the httpd.conf file
Find Listen 80 and add underneath Listen 443
I don't know what the below command does but it works:
nano /etc/make.conf
Then add to the 2nd line of the file

Code:

DEFAULT_VERSIONS+=php7.0

Restart Apache:
service apache24 restart
Add Cron Job:
crontab -e

Code:

* 1 * * 1 ./usr/local/bin/certbot renew --quiet

Okay once you finally logon to Nextcloud 12.3 using http and you enter the admin area you will see these errors!!!!

Code:

Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. It is strongly recommended that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.
You are accessing this site via HTTP. We strongly suggest you configure your server to require using HTTPS instead as described in our security tips.

Have no fear if this error bothers you their is a fix

Force to https redirect:

Now lets introduce a redirect as in a redirect of http to https this mainly for on the lan as when accessed from the world wide web it automatically redirects to https and is not accessible via http.

be advised the https will say the connection is not secure when accessing from the lan using the direct ip.

Edit the .htaccess file by entering the following command:
$ nano /usr/local/www/apache24/data/nextcloud/.htaccess

While in the .htaccess file directly below this text:

Code:

#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####

Add:

Code:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Restart apache:
service apache24 restart

And VOILA! YOU ARE DONE!!!!!

so you can share with whomever you choose!!!!!!!!!!!!!

How to use NextCloud on a separate NIC

Code:

Shut down the jail
Click Edit
Uncheck VIMAGE and select the NIC from the NIC drop down. Make sure your IP info didn't change.
Start jail and try to access your cloud. If all went well you'd basically see nothing changed as it will work as expected.

helpful commands and notes from install
to find a file:
enter command: find /usr -name "filename"

beautiful guide,

However one thing i am not able to figure out is how to remove the index.php from the url

does anyone know where to find this?
nextcloud used to have these settings in its config file but changing these does not work.

 

[garm]

@rodofrn Well I would guess that either /usr/local/www/apache24/data/nextcloud isn’t your domain web root or the user running certbot don’t have write permissions in that folder.
-d MYDOMAIN will be used by letsencrypt to search for \.well-known. If you have nextcloud as a sub domain to MYDOMAIN you need to specify that as -d nc.MYDOMAIN eg

 

[Dwight Turner]

Hi

Thanks for the guide it was awesome and helped me and the install went great.

I have a question. In the touch File section I wasn't sure of what I was supposed to use as "YOURDOMAIN.COM". So I just made one up as homecloud.com

What does this actually affect. I was a bit confused on that part and I wasn't sure what to put in there. Obviously it says it cant resolve the host or should I have just put in my localhost(gateway)?

 

[Dwight Turner]

Hi

Thanks for the guide it was awesome and helped me and the install went great.

I have a question. In the touch File section I wasn't sure of what I was supposed to use as "YOURDOMAIN.COM". So I just made one up as homecloud.com

What does this actually affect. I was a bit confused on that part and I wasn't sure what to put in there. Obviously it says it cant resolve the host or should I have just put in my localhost(gateway)?

Just as a note i deleted this file and just left the no-accf.conf file and my owncloud still works

 

[Aaron Siemieniec]

Running into a problem as soon as I cut-n-paste the secure/443 (below) stuff into my
/usr/local/etc/apache24/Includes/nextcloud.<domain name>.com.conf file. As soon as I do and restart Apache then the site fails to load. I try to access it on port 80 as well as 443 and it says:

Code:

This page isn’t working
10.1.1.108 is currently unable to handle this request.

HTTP ERROR 503

and

Code:

This site can’t provide a secure connection
nextcloud.abc123.com sent an invalid response.




Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR

I am running the site as a subdomain to my already registered domain. The domain file is supposed to end with ".conf" right? So if my domain was abc123.com, then the file would be called

Code:

/usr/local/etc/apache24/Includes/nextcloud.abc123.com.conf 

right? I'm pretty sure I have that right. I think what happens is the fullchain.pem can't be found so it bombs out.

Here is the Apache restart output:

Code:

root@NextCloud:/usr/local/etc/apache24/Includes # service apache24 restart
Performing sanity check on apache24 configuration:
AH00526: Syntax error on line 25 of /usr/local/etc/apache24/Includes/nextcloud.abc123.com.conf:
SSLCertificateFile: file '/usr/local/etc/letsencrypt/live/nextcloud.abc123.com/fullchain.pem' does not exist or is empty
root@NextCloud:/usr/local/etc/apache24/Includes #

I went with the install of php7.1, not php7.0

I've tried putting the nextcloud.abc123.com server in the DMZ to see if it is a firewall/access issue but that didn't help either.

I've read this thread and another user was having similar issues. So I've also re-run

Code:

certbot certonly --webroot -w /usr/local/www/apache24/data/nextcloud -d nextcloud.abc123.com

a few times with a result of:

Code:

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nextcloud.abc123.com
Using the webroot path /usr/local/www/apache24/data/nextcloud for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. nextcloud.abc123.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://nextcloud.abc123.com/.well-known/acme-challenge/GQLy_0QCs0JYDEUVvwhAnU8U91N_Rizu6SHfAQa4nVw: Connection refused

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: nextcloud.abc123.com
   Type:   connection
   Detail: Fetching
   https://nextcloud.abc123.com/.well-known/acme-challenge/GQLy_0QCs0JYDEUVvwhAnU8U91N_Rizu6SHfAQa4nVw:
   Connection refused

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
 - Your account credentials have been saved in your Certbot
   configuration directory at /usr/local/etc/letsencrypt. You should
   make a secure backup of this folder now. This configuration
   directory will also contain certificates and private keys obtained
   by Certbot so making regular backups of this folder is ideal.

directory listing of /usr/local/etc/letsencrypt

Code:

root@NextCloud:/usr/local/etc/letsencrypt # ll
total 2
drwx------  3 root  wheel  3 Dec  2 17:41 accounts/
drwxr-xr-x  2 root  wheel  2 Dec  2 17:42 renewal/
drwxr-xr-x  5 root  wheel  5 Dec  2 17:41 renewal-hooks/

Code:

<VirtualHost *:443>
  ServerAdmin <useralias>@abc123.com
  ServerName nextcloud.abc123.com
  DirectoryIndex index.php
  DocumentRoot /usr/local/www/apache24/data/nextcloud
  SSLCertificateFile /usr/local/etc/letsencrypt/live/nextcloud.abc213.com/fullchain.pem
  SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/nextcloud.abc123.com/privkey.pem
  SSLEngine on
  # Intermediate configuration, tweak to your needs
  SSLProtocol  all -SSLv2 -SSLv3
  SSLCipherSuite  ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  SSLHonorCipherOrder  on
  SSLCompression  off
  SSLOptions +StrictRequire
  <Directory /usr/local/www/apache24/data/nextcloud>
  AllowOverride all
  </Directory>
  <IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
  </IfModule>
  </VirtualHost>

I've re-run this install procedure three time looking for where I went wrong, but I'm not seeing it. Any help is appreciated.

 

[jonidimo]

I have this problem now:

Current version is 12.0.3.
Update to Nextcloud 12.0.4 available. (channel: "stable")

• Check for expected files
  The following extra files have been found:
  • .well-known

 

[GLaDER]

When invoking service mysql-server start I receive the following:

Code:

root@nextcloud-server:/ # service mysql-server start
Installing MariaDB/MySQL system tables in '/var/db/mysql' ...
2017-12-06  2:40:11 34422743040 [Note] /usr/local/libexec/mysqld (mysqld 10.1.29-MariaDB) starting as process 27513 ...
/usr/local/libexec/mysqld: Undefined symbol "fdatasync"

Installation of system tables failed!  Examine the logs in
/var/db/mysql for more information.

The problem could be conflicting information in an external
my.cnf files. You can ignore these by doing:

	shell> /usr/local/bin/mysql_install_db --defaults-file=~/.my.cnf

You can also try to start the mysqld daemon with:

	shell> /usr/local/libexec/mysqld --skip-grant --general-log &

and use the command line tool /usr/local/bin/mysql
to connect to the mysql database and look at the grant tables:

	shell> /usr/local/bin/mysql -u root mysql
	mysql> show tables;

Try 'mysqld --help' if you have problems with paths.  Using
--general-log gives you a log in /var/db/mysql that may be helpful.

The latest information about mysql_install_db is available at
https://mariadb.com/kb/en/installing-system-tables-mysql_install_db
MariaDB is hosted on launchpad; You can find the latest source and
email lists at http://launchpad.net/maria

Please check all of the above before submitting a bug report
at http://mariadb.org/jira

/usr/local/etc/rc.d/mysql-server: WARNING: failed precmd routine for mysql

I have tried to look around for fdatasync, but have been unable to conclude what the issue is.

I am running a fresh install of FreeNAS 11.1-RC1.

 

[JeremyBaker]

I tried following this guide yesterday and got the exact same problem with fdatasync. I am running Freenas 11.0 U4. From what I can determine, fdatasync is a system call that first appeared in freebsd 11.1. My version of Freenas is freebsd 11.0. Are the packages being installed in the jail somehow linked to freebsd 11.1?

 

[escapen]

I'm running into the same fdatasync error trying to install duplicati in a jail. Looks like it's related to a new version of mysql relying on the FreeBSD 11.1 kernel? FreeNAS 11-RC3 runs on FreeBSD 11.0

 

[escapen]

Figured out how to fix it for my issue, can probably use this to fix yours. In my case it was sqlite3 that was causing the issue, so I used pkg_deinstall to remove it and then used the methods laid out here, https://forums.freebsd.org/threads/49934/ to install a previous version of sqlite3 and no fdatasync error.

Hope that helps!

 

[GLaDER]

Figured out how to fix it for my issue, can probably use this to fix yours. In my case it was sqlite3 that was causing the issue, so I used pkg_deinstall to remove it and then used the methods laid out here, https://forums.freebsd.org/threads/49934/ to install a previous version of sqlite3 and no fdatasync error.

Hope that helps!

Thank you for your reply, I will give it another couple of days before I attempt this. It seems bad practice to opt for an older package if it could be avoided.

 

[JeremyBaker]

I deinstalled mariadb101-server and client binaries then installed them using the ports system. That got me past the fdatasync error. Now I have a new problem - when I first use my browser to access nextcloud, I get a message about php-gd not being installed. It is of course. Here is an excerpt from my apache error log.

Code:

[Thu Dec 07 00:46:22.529751 2017] [php7:notice] [pid 99822] [client 192.168.5.164:58170] {"reqId":"QXJ53Z2uIvBmWqfKJ05X","level":3,"time":"2017-12-07T05:46:22+00:00","remoteAddr":"192.168.5.164","user":"--","app":"PHP","method":"GET","url":"\\/","message":"PHP Startup: Unable to load dynamic library '\\/usr\\/local\\/lib\\/php\\/20160303\\/gd.so' - \\/lib\\/libz.so.6: version ZLIB_1.2.9 required by \\/usr\\/local\\/lib\\/libpng16.so.16 not found at Unknown#0","userAgent":"Mozilla\\/5.0 (X11; Linux x86_64) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/62.0.3202.94 Safari\\/537.36","version":""}

Any ideas on this?

 

[JeremyBaker]

I should have mentioned that /lib/libz.so.6 does exist, as does /usr/local/lib/libpng16.so.16

 

[JeremyBaker]

I should have mentioned that /lib/libz.so.6 does exist, as does /usr/local/lib/libpng16.so.16

I solved this by uninstalling the png binary, and reinstalling it from source using ports.

 

[lobo feroz]

I have problems with the mariadb starting. I get this error every time I try to run the wizard for for the first time:

Code:

root@NEXTCLOUD:/ # service mysql-server start																					   
Starting mysql.																													 
root@NEXTCLOUD:/ # mysql_secure_installation																						
																																   
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB															   
	 SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!																 
																																   
In order to log into MariaDB to secure it, we'll need the current																   
password for the root user.  If you've just installed MariaDB, and																 
you haven't set the root password yet, the password will be blank,																 
so you should just press enter here.																								
																																   
Enter current password for root (enter for none):																				   
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2 "No such file or directory")			
Enter current password for root (enter for none):																				   

Digging a little bit, I found this JAILNAME.err file in the /var/db/mysql/ folder:

Code:

171208 15:51:38 mysqld_safe Starting mysqld daemon with databases from /var/db/mysql												
2017-12-08 15:51:38 34422743040 [Note] /usr/local/libexec/mysqld (mysqld 10.1.29-MariaDB) starting as process 9825 ...			 
/usr/local/libexec/mysqld: Undefined symbol "fdatasync"																			 
171208 15:51:38 mysqld_safe mysqld from pid file /var/db/mysql/NEXTCLOUD.pid ended	 

I need to run nextcloud with mariadb or mysql, sqlite is not an option, any help is appreciated.

THXS

 

[JeremyBaker]

I have problems with the mariadb starting. I get this error every time I try to run the wizard for for the first time:

Code:

root@NEXTCLOUD:/ # service mysql-server start																					  
Starting mysql.																													
root@NEXTCLOUD:/ # mysql_secure_installation																						
																																  
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB															  
	 SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!																
																																  
In order to log into MariaDB to secure it, we'll need the current																  
password for the root user.  If you've just installed MariaDB, and																
you haven't set the root password yet, the password will be blank,																
so you should just press enter here.																								
																																  
Enter current password for root (enter for none):																				  
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2 "No such file or directory")			
Enter current password for root (enter for none):																				  

Digging a little bit, I found this JAILNAME.err file in the /var/db/mysql/ folder:

Code:

171208 15:51:38 mysqld_safe Starting mysqld daemon with databases from /var/db/mysql												
2017-12-08 15:51:38 34422743040 [Note] /usr/local/libexec/mysqld (mysqld 10.1.29-MariaDB) starting as process 9825 ...			
/usr/local/libexec/mysqld: Undefined symbol "fdatasync"																			
171208 15:51:38 mysqld_safe mysqld from pid file /var/db/mysql/NEXTCLOUD.pid ended	

I need to run nextcloud with mariadb or mysql, sqlite is not an option, any help is appreciated.

THXS

If you look at my post above, you can uninstall the mariadb binaries and install it from ports

 

[lobo feroz]

If you look at my post above, you can uninstall the mariadb binaries and install it from ports

Could you post the procedure (including commands) of this, I´m kind of a noob

THXS

 

[JeremyBaker]

Could you post the procedure (including commands) of this, I´m kind of a noob

THXS

the following removes the binaries

Code:

 pkg remove mariadb101-server mariadb101-client

then

Code:

 
cd /usr/ports/databases/mariadb101-server
make install
cd ../mariadb101-client
make install

if the system complains about the system being unsupported, then you may also need to edit /etc/make.conf and add the following line

Code:

 ALLOW_UNSUPPORTED_SYSTEM=yes 

You will have to confirm many config options when doing the first 'make install' command, but it will finish eventually. The following link has usefull information on using ports. https://www.freebsd.org/doc/handbook/ports-using.html

 

[AMD_5]

Having the same issue after installing MariaDB. After I installed from ports, service my-sql start appears to work, but I'm getting the same ERROR 2002 that others have reported when trying to run the installation script. The service looks like it starts, but doesn't and thus the socket is never opened.

Worth noting that I've tried this on 2 separate FreeNAS instances, 11.0-U4 and 11.1-RC3

 

[glauco]

Having the same issue after installing MariaDB. After I installed from ports, service my-sql start appears to work, but I'm getting the same ERROR 2002 that others have reported when trying to run the installation script. The service looks like it starts, but doesn't and thus the socket is never opened.

I'm having the same issue.