How to manually install Nextcloud on FreeNAS in an iocage jail with hardened security

How to manually install Nextcloud on FreeNAS in an iocage jail with hardened security v2.0.1

samuel-emrys

Contributor
Joined
Dec 14, 2018
Messages
136
@samuel-emrys @dureal99d
I may just be dumb but how do I get past this?
Do I manually create folders or did I miss something, this is the third time I have tried following this and dureal's guide with same results.
Code:
src component not installed, skipped
Installing updates... done.


iocage start nextcloud
nextcloud is already running!

Code:
iocage fstab -a nextcloud "/mnt/Data1/files  /mnt/files  nullfs  rw  0  0"
Destination: /mnt/Data1/iocage/jails/nextcloud/root/mnt/files does not exist or is not a directory.
Source: /mnt/Data1/files does not exist!


Any help here is greatly appreciated!

It looks like you may have skipped over the section where I detail dataset creation. The error message is telling you that your source directory, /mnt/Data1/files does not exist. You need to create that directory first before you can mount it into the jail environment.

In the guide, the relevant part for this would be where I show how to create a dataset /mnt/vault/cloud

Hope this helps. Cheers.
 

Kungfooed

Cadet
Joined
Jul 6, 2019
Messages
2
Sorry, after more research, the issue was I did not have DHCP enabled on my interface.
All set now though, thanks for the guide. Everything up and running smoothly.
 

Dolev Levy

Cadet
Joined
Jul 19, 2019
Messages
5
Hey, I am a new guy here, and that's the main reasons i got FreeNAS for, to use it for remote access like nextcloud, i had real hard time configuring out these stuff. seems like you guys know better than me and i'd like to ask if there's someone who can help me privately install and setup the service... i tried about 8 times already and i always run into errors i don't know how to resolve
thanks anyways
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,458
We don't do one-on-one private support here. We'll help you, but you need to put in the work (to whatever degree required) to do it yourself. In my completely-unbiased opinion, my script is one of the simplest ways to get it working; the other relatively simple option would be to simply use the plugin. I don't think the plugin is very well thought-out, but if you pay attention to the status message it gives you once the installation finishes, it's pretty easy to get working. If you have problems with either of those, post on my thread (if using my script) or start a new thread (if using the plugin), give detailed information about what's going on, and we can go from there.
 

Dolev Levy

Cadet
Joined
Jul 19, 2019
Messages
5
Not asking for a support, just for a nice person who knows how to deal with these stuff better than me. I am completely new to FreeNAS and networking in general and that stuff is quite hard for me and i am asking for help.
 

samuel-emrys

Contributor
Joined
Dec 14, 2018
Messages
136
Not asking for a support, just for a nice person who knows how to deal with these stuff better than me. I am completely new to FreeNAS and networking in general and that stuff is quite hard for me and i am asking for help.
Hi Dolev,

I'm afraid I agree with @danb35 on this one. My guide is designed to help you learn how to do these things for yourself; I don't have the time or inclination to do the installation myself for everyone who asks. If you want it to *just work*, then the script @danb35 has provided a link to is probably the best option. Otherwise, if you want to develop some knowledge to be able to do this sort of thing yourself, read through the guide I've written and pay attention to the details that I discuss. If you still run into issues, post a question here asking a specific question about the problems you're having, and I can help you try to understand it.

Cheers
 

Apollo

Wizard
Joined
Jun 13, 2013
Messages
1,449
Not asking for a support, just for a nice person who knows how to deal with these stuff better than me. I am completely new to FreeNAS and networking in general and that stuff is quite hard for me and i am asking for help.
Hi Dolev,

Freenas is not a very forgiving system, especially for a newbie.
If you spend a bit of time reading posts related to Coral and jail migration to iocage you might understand a few things.
What I mean, is that if you were able to install Nextcloud in the jail or as a plugin, but do not spend the time to acquire knowledge to maintain your Freenas setup, what do you think will happen when a glitch, hardware failure or update will do to your cloud. The data should still be there but retrieving it would be nearly impossible if you don't know a thing or two.
 

RueGorE

Dabbler
Joined
Dec 10, 2018
Messages
18
Hi @samuel-emrys,

I've upgraded my system to 11.2-U5 and I'm trying to run through your manual installation guide again. Unfortunately this time I've run into a similar issue as @Kungfooed however FreeNAS is complaining my destination path doesn't exist:

Code:
root@freenas:~ # iocage create -n nextcloud -r 11.2-RELEASE ip4_addr="vnet0|192.168.10.7/24" defaultrouter="192.168.10.1" vnet="on" allow_raw_sockets="1" boot="on"
nextcloud successfully created!
* Starting nextcloud
  + Started OK
  + Configuring VNET OK
  + Starting services OK
root@freenas:~ # iocage start nextcloud
nextcloud is already running!
root@freenas:~ # iocage fstab -a nextcloud /mnt/MyPool/cloud /mnt/data nullfs rw 0 0
Destination: /mnt/MyPool/iocage/jails/nextcloud/root/mnt/data does not exist or is not a directory.
root@freenas:~ #


Looks like /mnt/data expands to /mnt/MyPool/iocage/jails/nextcloud/root/mnt/data
Any idea what is happening here or what I should do?
 

Apollo

Wizard
Joined
Jun 13, 2013
Messages
1,449
Try this instead I think:

/mnt/iocage/jails/nextcloud/root/mnt/data
 

samuel-emrys

Contributor
Joined
Dec 14, 2018
Messages
136
Hi @samuel-emrys,

I've upgraded my system to 11.2-U5 and I'm trying to run through your manual installation guide again. Unfortunately this time I've run into a similar issue as @Kungfooed however FreeNAS is complaining my destination path doesn't exist:

Code:
root@freenas:~ # iocage create -n nextcloud -r 11.2-RELEASE ip4_addr="vnet0|192.168.10.7/24" defaultrouter="192.168.10.1" vnet="on" allow_raw_sockets="1" boot="on"
nextcloud successfully created!
* Starting nextcloud
  + Started OK
  + Configuring VNET OK
  + Starting services OK
root@freenas:~ # iocage start nextcloud
nextcloud is already running!
root@freenas:~ # iocage fstab -a nextcloud /mnt/MyPool/cloud /mnt/data nullfs rw 0 0
Destination: /mnt/MyPool/iocage/jails/nextcloud/root/mnt/data does not exist or is not a directory.
root@freenas:~ #


Looks like /mnt/data expands to /mnt/MyPool/iocage/jails/nextcloud/root/mnt/data
Any idea what is happening here or what I should do?

I'm still running on 11.2-U1, so I'm not able to replicate the issue at the moment. @Apollo is correct though, the destination dir translation should be /mnt/iocage/... not /mnt/MyPool/iocage. You can confirm this by identifying where the iocage dir is on your FN host: ls /mnt. Perhaps this translation has changed in 11.2-U5. Otherwise, you could try what Kungfooed suggested fixed his issue; I'm not sure why that would fix this issue though.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,458
iocage seems to have undergone a change with -U5, such that it now requires the destination directory for your mountpoint to exist before you do the iocage fstab -a command. Not sure why that's the case, but I had to update my script to account for it.
 

RueGorE

Dabbler
Joined
Dec 10, 2018
Messages
18
iocage seems to have undergone a change with -U5, such that it now requires the destination directory for your mountpoint to exist before you do the iocage fstab -a command. Not sure why that's the case, but I had to update my script to account for it.

That was it. After I created those destination directories, the iocage fstab commands worked like a charm! I now have a working NextCloud 15 jail thanks to you guys!

Now I'm interested in putting the jail in a VLAN but I'm having no luck with that. I created a separate post in case anyone knows what to do to get that working.
 

Christopher_P

Dabbler
Joined
Nov 10, 2019
Messages
10
This guide is absolutely amazing! I agree the script is easier but this guide brought my understanding of what's going on behind the scenes to a whole new level. If you're looking to intimately understand how your web app works, definitely run through this guide. I have a setup that requires Dynamic DNS so it added an additional layer of complexity but improved my knowledge a ton. I would consider myself an intermediate level tech user across most areas (hardware, scripting/programming, systems admin, networking, etc.). This guide really helps you dig deep and get familiarized with Apache and how it renders content. Highly recommended for anyone looking to step up their sys admin and/or web app game! Thank you!

UPDATED FOR NEXTCLOUD 15

Hi all,

Not sure if this is the right spot for this, but recently I went through the process of standing up a NextCloud instance, and found that there were a number of points of difficulty not addressed in the current guides. Specifically, this includes how to properly secure the web server, including proper SSL configuration, php handling and tamper detection. Additionally, I found that many of the current guides on the matter were essentially a list of steps with little to no explanation of what was happening at each stage, so I've put together a guide on the installation and configuration of Nextcloud with the aim of being as complete as possible to make this guide accessible as a learning resource for complete beginners.

I'm by no means an expert, and wrote this in the process of learning it, so if you find any inaccurate information, or you have feedback/suggestions, or questions, just leave a comment below!

The Guide: https://www.samueldowling.com/2018/...n-freenas-iocage-jail-with-hardened-security/

The latest branch of the FreeBSD repository now ships with Nextcloud 15. I've run through the installation process and made a couple of minor caching modifications to ensure compatibility. My brief test showed everything working as expected.
 

dureal99d

Contributor
Joined
Aug 3, 2017
Messages
156
This guide is absolutely amazing! I agree the script is easier but this guide brought my understanding of what's going on behind the scenes to a whole new level. If you're looking to intimately understand how your web app works, definitely run through this guide. I have a setup that requires Dynamic DNS so it added an additional layer of complexity but improved my knowledge a ton. I would consider myself an intermediate level tech user across most areas (hardware, scripting/programming, systems admin, networking, etc.). This guide really helps you dig deep and get familiarized with Apache and how it renders content. Highly recommended for anyone looking to step up their sys admin and/or web app game! Thank you!
You are correct i did not provide security steps and there was little to no play by play info as relates to what does what.

and honestly i had not planned to but you may be on to something. i shall revise in the future my instruction style to fully educate those that choose to use.

thank you for the feed back
 

samuel-emrys

Contributor
Joined
Dec 14, 2018
Messages
136
This guide is absolutely amazing! I agree the script is easier but this guide brought my understanding of what's going on behind the scenes to a whole new level. If you're looking to intimately understand how your web app works, definitely run through this guide. I have a setup that requires Dynamic DNS so it added an additional layer of complexity but improved my knowledge a ton. I would consider myself an intermediate level tech user across most areas (hardware, scripting/programming, systems admin, networking, etc.). This guide really helps you dig deep and get familiarized with Apache and how it renders content. Highly recommended for anyone looking to step up their sys admin and/or web app game! Thank you!
I'm glad you found it useful :)
 

lloydmr

Cadet
Joined
Dec 14, 2019
Messages
1
Thanks so much for this guide. Worked like a charm and everything's working great. Worked perfect with php 7.3, freenas 11.2-U7, 11.3 jail, and Nextcloud 16.0.4. I wasn't sure if your guide would work due to everything being newer, but it worked better than expected. Even my acme certificate is working without me even having to do anything on the server side. Beautiful. Thanks again.

I tried that other script. But nextcloud just wasn't working, and it was hard to know where to start with all the things the script did. Following a guide is a bit slower, but your's is great.
 

G8One2

Patron
Joined
Jan 2, 2017
Messages
248
I too followed the Doweling guide. The command "iocage create -n nextcloud -r 11.2-RELEASE ip4_addr="vnet0|192.168.X.X/24" defaultrouter="192.168.X.X" vnet="on" allow_raw_sockets="1" boot="on" does not create a folder inside the jail for /mnt/data , /var/db/mysql, or /usr/local/www/nextcloud/config or /usr/local/www/nextcloud/themes. I had to manually create those folders inside the jail root directory, for the fstab portion of the guide. I followed the guide, step by step and got hung up on the fstab portion because i would get errors that the folder did not exist. Aside from that little hiccup, and a couple others, I still managed to figure it out and still have a successful installation with HTTPS.
 

samuel-emrys

Contributor
Joined
Dec 14, 2018
Messages
136
I too followed the Doweling guide. The command "iocage create -n nextcloud -r 11.2-RELEASE ip4_addr="vnet0|192.168.X.X/24" defaultrouter="192.168.X.X" vnet="on" allow_raw_sockets="1" boot="on" does not create a folder inside the jail for /mnt/data , /var/db/mysql, or /usr/local/www/nextcloud/config or /usr/local/www/nextcloud/themes. I had to manually create those folders inside the jail root directory, for the fstab portion of the guide. I followed the guide, step by step and got hung up on the fstab portion because i would get errors that the folder did not exist. Aside from that little hiccup, and a couple others, I still managed to figure it out and still have a successful installation with HTTPS.
That command isn't intended to create those directories, it only creates the jail. Those directories were automatically created by the fstab -a command. This may have changed with newer FreeNAS releases though; I'm still running 11.2-U1, so I'll update it accordingly when I get some time. Thanks for the feedback :)
 

G8One2

Patron
Joined
Jan 2, 2017
Messages
248
Yeah I was on 11.2 U7 when i did the install. I also got tripped up on obtaining a certificate through certbot. For whatever reason,
pkg install py27-certbot installed that package, but the command "certbot certonly --webroot -w /usr/local/www/nextcloud -d cloud.mydomain.com"
didnt work with py27. I managed to just run the command "pkg install py-36-cerbot" and the certonly command worked for me to get a certificate. Obviously, the commands will change as FreeNas packages evolve, so i know theres no way for you to be able to constantly keep up with the ever changing packages and commands to install NextCloud. Myself, and I'm sure everyone else greatly appreciate your contribution and help to the community. Keep up the great work!
 

samuel-emrys

Contributor
Joined
Dec 14, 2018
Messages
136
Yeah I was on 11.2 U7 when i did the install. I also got tripped up on obtaining a certificate through certbot. For whatever reason,
pkg install py27-certbot installed that package, but the command "certbot certonly --webroot -w /usr/local/www/nextcloud -d cloud.mydomain.com"
didnt work with py27. I managed to just run the command "pkg install py-36-cerbot" and the certonly command worked for me to get a certificate. Obviously, the commands will change as FreeNas packages evolve, so i know theres no way for you to be able to constantly keep up with the ever changing packages and commands to install NextCloud. Myself, and I'm sure everyone else greatly appreciate your contribution and help to the community. Keep up the great work!
Yeah, I think I note in the guide that I wasn't able to get it working that way either, which is why I opted for DNS verification. Interesting that the newer python version made a difference, I'd have thought it would just be a reimplementation of the same functionality, though I guess since 2.7 is EOL as of Jan 1, it's possible its maintenance may have been abandoned. I'll look at revising this as well :)
 
Top