Owncloud plugin ssl FN9.3.1

[James1432]

Build FreeNAS-9.3-STABLE-201601181840
Platform AMD Athlon(tm) II X3 440 Processor
Memory 32715MB

Hi there

After 6 months of pulling out my hair I have managed to get this to work! If somebody could give me a real noob way of doing the following.. I'd be really impressed!

1. Install my Godaddy SSL 'EASILY'

2. Get owncloud to display my server name when forwarded from godaddy

3. EASILY customise the CSS of the plugin.. Surprised there isn't a plugin for this (Tried theme switcher but didn't work)

Not amazingly confident at this and was hoping there would be an easy way?
or if I could just..

Filezilla into Freenas and nav down to the owncloud/apache24/www/whatever and just drag and drop my godaddy ssl bundle and cert in this way? Some advice here would be great please? Assuming that owncloud still needs to create a key and .pem files??


For those struggling with the whole trusted domain thing.. its actually very simple, This will get you to where I am, if the other methods dont work.. Had major Grief with this and this is by no means supposed to be educational.

1. Purchase a static IP pack from your provider

2. Install owncloud plugin (!!!DO NOT ACTIVATE!!!)

3. Create Storage

4. Ensure storage and jail permissions are set to www

5. Go to your router and assign a static IP to the IP address of the owncloud jail.. (+port forwarding)

6. Restart owncloud jail

7. Activate owncloud plugin

8. Your static IP is now a trusted Domain

9. Still have to follow guides to add your FQDN in the right place but relatively easy at this point.

For those in the UK.. !!GET A DECENT ROUTER!! and ISP

 

[Jailer]

Or set up a proxy server that handles the ssl termination and put whatever server you want behind it.

 

[James1432]

Hi Jailer
Thanks for a reply mate! Am going to get another MB for an old chassis I have here and banging around and shove a pentium 4 in it.. Will install pfsense and hopefully be the end of my woes! Lol Like FUCK!!
Struggling with the lack of support for this project.. Dr KK's guide don't work and most of the time i'm running into a wall!! Id say 40% of problems have been due to router 60% shitting programming! If this plugin installed and run as easy as Plex folks all over the world would really be getting on the freenas project!
Tried to create a CSR.. Copy and paste from where exactly.. just went back to #rootowncloud with no location for the CSR?? Grrrr Had a look through the file tree.. nothing there!
Have managed to install every other plugin I want including SABnzbd, Headphones, Sickbeard andf whole list of others.. So not a Plank, This is complete wank!!

 

[Valdhor]

First off, you may want to check out what's going on between owncloud and nextcloud. I believe nextcloud is the way forward. There should be no real differences between installation of either, though.

When I installed owncloud I did not use the plug-in. I am much more familiar with Apache (LAMP) than I am with any other server. I used a guide on installing FAMP (FreeBSD LAMP) I found with Google. Then I used the owncloud port to install, setting up the correct config for my server. I used dynu to get my "own" domain and setup my router (DD-WRT) to port forward to my server. I disabled port 80 and only allowed port 443 (SSL). I used a self signed certificate (The only people connecting to my server are known to me so can add an exception). I am looking at getting my own domain name so I can have cloud.myname.com point to my nextcloud server.

So, I need some info from you to help out. What web server are you using? What certificate authority did you use? (You will need to install the intermediate certificates from this authority and configure the location in your server software).

I should probably document my install procedure so others can benefit. I will probably get it done this weekend.

 

[James1432]

Hey Valdor

Thanks for the reply.. after trying Dr KK's method, Joshuas method and pretty much everything else lol I just used the pre installed plugin.. Had some issues with the hostname thing but all up and running. FQDN works and have generated a CSR but I can't find it?? Obviously just need this file to complete the process but it evades me? Had a look through the file tree using filezilla and have found no entries there.. inc under apache files where certs/ca's are stored??
Will take another route if necssary but would prefer to get this working if I can

Many thanks

James

 

[Joshua Parker Ruehlig]

Apache2.4 that the plugin uses, has its SSL cert and key in /usr/pbi/owncloud-amd64/etc/apache24

 

[Valdhor]

I don't believe James has got to the cert and key part yet. He has just created the Certificate Signing Request.

James: Do you have the command line you used to create the CSR? That will tell us where the output is (The -o switch).

 

[James1432]

Hi Joshua & Valdor

Valdor is right Josh can't find the csr.. Have found the apache file already so that part is ready to go.. But the CSR run down a rabbit hole!

Tried a couple of methods but can't find the links now :/ Had a look at my history and this was the last method I attempted.

openssl req -new -newkey rsa:2048 -nodes -keyout www_privatekey.pem -out www_csr.pem

Completed the form and hit enter.. back to root_owncloud

Run this script afterwards

openssl req -in www_csr.pem -text -verify -noout

Came back with a Sha

Many thanks for helping me out guys.. appreciate your efforts

James

 

[Joshua Parker Ruehlig]

so when you were using curse words earlier, what did you expect the plugin to do to make replacing the SSL cert easier?

if I had to do this I'd read a tutorial, run the commands to create the CSR/cert on my desktop, place the cert/key in the appropriate place in the jail, and restart the plugin.

 

[James1432]

Hi Josh

Was by no means intended to offend.. The frustration with this is killing me as it appears alot of other people too!

Found the CSR.. it was placed slap bang infront of me on the owncloud file.. D'oh!!

Copied it and pasted it into godaddy and got a bundle in return.. went further down the tree to

/mnt/Volume1/jails/owncloud_1/usr/pbi/owncloud-amd64/etc/apache24

where the preisntalled cert is and pasted them into here with the key that was named the same as the CSR.. Restart

Nothing.. Now the plugin says its up and running but is inaccessible?

Entered the schell and tried the follwing command

openssl verify www_certificate.pem

Error opening certificate file www_certificate.pem
50255:error:02001002:system library:fopen:No such file or directory:/usr/src/sec
ure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:356:fopen('www_c
ertificate.pem','r')
50255:error:20074002:BIO routines:FILE_CTRL:system lib:/usr/src/secure/lib/libcr
ypto/../../../crypto/openssl/crypto/bio/bss_file.c:358:
unable to load certificate

Is still getting forwarded by godaddy so I am assuming I need to create or edit soem .pem files to get it back up again?

Regards

James

 

[Joshua Parker Ruehlig]

What's the output when you run 'service apache24 restart'

 

[James1432]

Performing sanity check on apache24 configuration:
AH00526: Syntax error on line 103 of /usr/pbi/owncloud-amd64/etc/apache24/extra/
httpd-ssl.conf:
SSLCertificateFile: file '/usr/pbi/owncloud-amd64/etc/apache24/server.crt' does
not exist or is empty

 

[Joshua Parker Ruehlig]

Performing sanity check on apache24 configuration:
AH00526: Syntax error on line 103 of /usr/pbi/owncloud-amd64/etc/apache24/extra/
httpd-ssl.conf:
SSLCertificateFile: file '/usr/pbi/owncloud-amd64/etc/apache24/server.crt' does
not exist or is empty

so you deleted the self-signed cert the plugin was installed with and didn't properly replace it

 

[James1432]

Ohhh Donkey Doo's!!

Any fixes mate or am I

 

[James1432]

sorry.. back to the drawing board??

 

[Joshua Parker Ruehlig]

read the error message, apache expects the file at /usr/pbi/owncloud-amd64/etc/apache24/server.crt

what is the output of 'ls -l /usr/pbi/owncloud-amd64/etc/apache24'

 

[James1432]

Thats where I placed the godaddy files?
root@owncloud_1:/ # ls -l /usr/pbi/owncloud-amd64/etc/apache24
total 89
-rw-r--r-- 1 root wheel 1874 Jul 11 10:32 84db5fa608eeb84f.crt
drwxr-xr-x 2 root wheel 4 Jul 5 16:38 Includes
-rw-r--r-- 1 root wheel 1675 Jul 11 11:28 ceserver.key
drwxr-xr-x 2 root wheel 3 Jul 5 16:38 envvars.d
drwxr-xr-x 2 root wheel 14 Jun 30 08:18 extra
-rw-r--r-- 1 root wheel 4795 Jul 11 10:44 gd_bundle-g2-g1.crt
-rw-r--r-- 1 root wheel 19549 Jul 8 01:04 httpd.conf
-rw-r--r-- 1 root wheel 13077 Jun 30 08:17 magic
-rw-r--r-- 1 root wheel 53011 Jun 30 08:17 mime.types
drwxr-xr-x 2 root wheel 3 Jun 30 08:18 modules.d
root@owncloud_1:/ #

 

[Joshua Parker Ruehlig]

I'm assuming your cert is 84db5fa608eeb84f.crt, you should have renamed that to server.crt
You probably need to rename your key file as well to server.key

I'm not sure if you need to include the godaddy intermediate certificate. I know with my StartSSL cert I need to, to get a valid certificate chain.
something like 'cat 84db5fa608eeb84f.crt gd_bundle-g2-g1.crt > server.crt' might be what you need to do

 

[James1432]

Hey Josh.. renamed the files and its back on :) Unfortunately tho browser is showing connection is insecure :(

Entered the code you gave me.. not sure if this was right

root@owncloud_1:/ # cat 41414141141411.crt gd_bundle-g2-g1.crt > server.crt
cat: 4141411414141141f.crt: No such file or directory
cat: gd_bundle-g2-g1.crt: No such file or directory
root@owncloud_1:/ #

replaced the digits 84db5fa.. with server.crt too to give it a go.. no joy

 

[Joshua Parker Ruehlig]

maybe it's insecure because you aren't serving the intermediate cert
those commands were meant to be run in the directory, here's what I recommend you try

Code:

mv /usr/pbi/owncloud-amd64/etc/apache24/server.crt /usr/pbi/owncloud-amd64/etc/apache24/84db5fa608eeb84f.crt
cat /usr/pbi/owncloud-amd64/etc/apache24/84db5fa608eeb84f.crt /usr/pbi/owncloud-amd64/etc/apache24/gd_bundle-g2-g1.crt > /usr/pbi/owncloud-amd64/etc/apache24/server.crt
service apache24 restart