Need help setting up OwnCloud with SSL

[rodofrn]

Did it work before you configured with SSL? Does it work with https://<jailip>/owncloud?

Don't recall having to change anything in PHP, although probably worth restarting nginx and php-fpm services, or just restart the jail.

yup, it worked flawlessly before doing all the changes to add the SSL cert. The https://<jailip>/owncloud? gives me a blank page as well as the other adress. I restarted the jail and NOTHING. I think im going to do the cyberjock method.

 

[danb35]

I think im going to do the cyberjock method.

Yes, give that a try. You don't need to (and really shouldn't) remove anything you did from letsencrypt, and it will help narrow down where the problem is.

 

[adrianwi]

Just compared with mine, and although I'm not using a letsencrypt certificate, I'm not convinced your ssl_ lines are pointing to the right files. Mine point to a *.crt file and a *.key file.

Might also be worth checking the permissions on the *.key file as this should be -rw------ (chmod 600 I think)

 

[rodofrn]

Yes, give that a try. You don't need to (and really shouldn't) remove anything you did from letsencrypt, and it will help narrow down where the problem is.

I trashed all of it, I will setup the cyberjock method, then, if it works, change it for a more secure ssl cert. I will report back in about 1 hour.

Just compared with mine, and although I'm not using a letsencrypt certificate, I'm not convinced your ssl_ lines are pointing to the right files. Mine point to a *.crt file and a *.key file.

I think i made sure to check the lines that danb gave me and I think they pointed to the right cert and key..

 

[danb35]

Most letsencrypt clients (including letsencrypt.sh) use .pem file extensions for the certificate and the key. That's reasonable, as they're PEM-encoded files. His configuration in that regard is fine, as evidenced by the fact that you can load https://freenasowncloud.info/.well-known/acme-challenge/test.txt without a certificate error. I'm pretty sure there's an error in the config somewhere, but I'm quite certain it doesn't directly relate to Let's Encrypt.

 

[rodofrn]

Most letsencrypt clients (including letsencrypt.sh) use .pem file extensions for the certificate and the key. That's reasonable, as they're PEM-encoded files. His configuration in that regard is fine, as evidenced by the fact that you can load https://<HOSTNAME>/.well-known/acme-challenge/test.txt without a certificate error. I'm pretty sure there's an error in the config somewhere, but I'm quite certain it doesn't directly relate to Let's Encrypt.

yeah, i think so too, there were no erros when accesing that file, and the padlock was green. there is 1 little mistake somewhere in the configs that is not pointing to the right directory or something, keep in mind that joshua sets up 2 datasets..! 1 for db and 1 for files.

 

[adrianwi]

I've also got a 'ssl_protocols TLSv1 TLSv1.1 TLSv2;' line in my server block.

Can you post up your /usr/local/www/owncloud/config/config.php file too?

 

[rodofrn]

i think i found the problem, maybe...
could it be that when i followed the joshua's original guide, in the part where i edit the

"/usr/local/etc/redis.conf"

1. service nginx start && service php-fpm start && service mysql-server start && service redis start
2. mysql_secure_installation
3. mysql -u root -p
4. CREATE DATABASE owncloud;
5. GRANT ALL PRIVILEGES ON owncloud.* TO 'ocuser'@'localhost' IDENTIFIED BY 'ocpass'; ^^^^^^^^^^^^^^^^in that part, do i have to add my website or something else???
6. FLUSH PRIVILEGES;
7. quit;

 

[adrianwi]

Those steps are just creating the owncloud mysql database and assigning privileges to a user (ocuser) that owncloud will use. If this worked pre-ssl, I can't see what you'd need to change here post-ssl.

 

[rodofrn]

ah ok,

Those steps are just creating the owncloud mysql database and assigning privileges to a user (ocuser) that owncloud will use. If this worked pre-ssl, I can't see what you'd need to change here post-ssl.

well...almost done doing cyberjock's guide....repoting bak in a few.

 

[rodofrn]

Most letsencrypt clients (including letsencrypt.sh) use .pem file extensions for the certificate and the key. That's reasonable, as they're PEM-encoded files. His configuration in that regard is fine, as evidenced by the fact that you can load https://freenasowncloud.info/.well-known/acme-challenge/test.txt without a certificate error. I'm pretty sure there's an error in the config somewhere, but I'm quite certain it doesn't directly relate to Let's Encrypt.

Those steps are just creating the owncloud mysql database and assigning privileges to a user (ocuser) that owncloud will use. If this worked pre-ssl, I can't see what you'd need to change here post-ssl.

Well, I just finished doing the cyberjock;s instructions, AND...................I also get blank pages..! lol
What is going on?? what could be the problem?

 

[danb35]

Well, at least that confirms it wasn't anything with Let's Encrypt that caused the problem. I'm positive the issue is somewhere in the nginx configuration, but I don't know enough about it yet to say where that might be. I'll see if I can read up on it and offer some suggestions.

For right now, though, try to revert to the nginx config that Joshua gave in the original how-to. Does that still work?

 

[adrianwi]

Try creating a file called info.php in your /usr/local/www/owncloud folder with the following code inside it.

Code:

<?php phpinfo(); ?>

Then see what you get at https://<jailip>/owncloud/info.php

It could be something in the owncloud config.php file. Lets have a look....

 

[rodofrn]

Well, at least that confirms it wasn't anything with Let's Encrypt that caused the problem. I'm positive the issue is somewhere in the nginx configuration, but I don't know enough about it yet to say where that might be. I'll see if I can read up on it and offer some suggestions.

For right now, though, try to revert to the nginx config that Joshua gave in the original how-to. Does that still work?

that works perfectly, lol, what is wrong with the nginx file then???

Try creating a file called info.php in your /usr/local/www/owncloud folder with the following code inside it.

Code:

<?php phpinfo(); ?>

Then see what you get at https://<jailip>/owncloud/info.php

It could be something in the owncloud config.php file. Lets have a look....

that did not work..blank page as usual....

 

[adrianwi]

So the nginx.conf file from joshua's thread works (you get the login screen) using http on port 80?

What happens if you just add in the two ssl_ lines, change it to listen on 443 and then access using https?

Here's my nginx.conf file, which works perfectly with my PositiveSSL certificate:

Code:

worker_processes 2;                                                                                                                
                                                                                                                                   
events {                                                                                                                           
    worker_connections  1024;                                                                                                      
}                                                                                                                                  
                                                                                                                                   
http {                                                                                                                             
        include      mime.types;                                                                                                   
        default_type  application/octet-stream;                                                                                    
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '                                                  
        access_log  logs/access.log  main;                                                                                         
        sendfile        off;                                                                                                                                                                                                           
        keepalive_timeout  65;                                                                                                     
        gzip off;                                                                                                                  
        ssl_certificate /usr/local/etc/nginx/server.crt;                                                                           
        ssl_certificate_key /usr/local/etc/nginx/server.key;                                                                       
        server {                                                                                                                   
                server_name owncloud;                                                                                              
                listen 443 ssl;                                                                                                    
                root /usr/local/www/;                                                                                              
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;                                                                               
                add_header Strict-Transport-Security max-age=15768000;                                                             
                location = /robots.txt { allow all; access_log off; log_not_found off; }                                           
                location = /favicon.ico { access_log off; log_not_found off; }                                                     
                location ^~ /owncloud {                                                                                            
                        index index.php;                                                                                           
                        try_files $uri $uri/ /owncloud/index.php$is_args$args;                                                     
                        client_max_body_size 10G;                                                                                  
                        location ~ ^/owncloud/(?:\.|data|config|db_structure\.xml|README) {                                        
                        deny all;                                                                                                  
                }                                                                                                                  
                location ~ \.php(?:$|/) {                                                                                          
                        fastcgi_split_path_info ^(.+\.php)(/.*)$;                                                                  
                        fastcgi_pass unix:/var/run/php-fpm.sock;                                                                   
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;                                          
                        fastcgi_param PATH_INFO $fastcgi_path_info;                                                                
                        include fastcgi_params;                                                                                    
                        fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;                                                             
                }                                                                                                                  
                location ~* \.(?:jpg|gif|ico|png|css|js|svg)$ {                                                                    
                        expires 30d; add_header Cache-Control public;                                                              
                }                                                                                                                  
                location ^~ /owncloud/data {                                                                                       
                        internal;                                                                                                                                                 
                        alias /mnt/files;                                                                                          
                }                                                                                                                  
        }                                                                                                                          
}                           

 

[rodofrn]

So the nginx.conf file from joshua's thread works (you get the login screen) using http on port 80?

What happens if you just add in the two ssl_ lines, change it to listen on 443 and then access using https?

well, this is awkard, that WORKS...! WTF..! HOW???? any explanation? gj man, you guys got it..! you are awesome..!

 

[adrianwi]

Snapshot, small changes, test and then rollback if necessary :D This is really good advice for updating owncloud, which is renowned for breaking stuff!

Glad to hear it's working though. Clearly something missing or added to the nginx.conf file that wasn't liked. Have fun...

 

[rodofrn]

nvm dumb qeustion

 

[rodofrn]

Snapshot, small changes, test and then rollback if necessary :D This is really good advice for updating owncloud, which is renowned for breaking stuff!

Glad to hear it's working though. Clearly something missing or added to the nginx.conf file that wasn't liked. Have fun...

Thanks mate, really nice to have you guys help me figure this thing out, very nice to see forums like this one around..!
NVM got it..

 

[danb35]

Having established this, getting a trusted cert working from letsencrypt should be a no-brainer at this point. Follow the instructions I posted to get the cert, and change the ssl_certificate and ssl_certificate_key lines to point to the new files. Snapshot first if you want to be ultra-cautious, or just save a copy of nginx.conf if you want to be reasonably cautious.