Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

[danb35]

<<<<<<< HEAD

That must be a bizarre artifact of the git merge--I'll try to fix it this evening. Nothing looks wrong with your config file assuming you have an actual domain name in HOST_NAME. Your setting of DB_PATH and FILES_PATH are redundant (they'll default to what you've set them to), but that won't hurt anything.

 

[jephilosoraptor]

Nothing looks wrong with your config file assuming you have an actual domain name in HOST_NAME.

I do not have a domain name there. I can put in the name of my local domain, "lan", but I do not own a domain. I was planning on self signing because I'm lacking a domain. Perhaps I misunderstood how to use that field.

 

[danb35]

You can put a local domain there if you're using a self-signed cert, but it should still be some name that's going to resolve to your Nextcloud instance. Edit: if there isn't such a name, put the IP address of the jail instead--but seriously consider getting a domain and a proper certificate.

I've fixed the issue with the script; you can change back to its directory and to git pull to get the current copy.

 

[droeders]

That must be a bizarre artifact of the git merge--I'll try to fix it this evening. Nothing looks wrong with your config file assuming you have an actual domain name in HOST_NAME. Your setting of DB_PATH and FILES_PATH are redundant (they'll default to what you've set them to), but that won't hurt anything.

You're correct that 'git merge' added these lines. FYI - they are the result of a merge conflict that must be resolved by hand.

 

[danb35]

FYI - they are the result of a merge conflict that must be resolved by hand.

...which was the case. The point I must have missed was that I needed to resolve it by hand-editing the file. In any event, fixed now.

 

[plague]

Hey @danb35! Thank you a million for the script! It is instrumental in doing away with the manual work of setting up NextCloud the right way. I successfully executed the script (commit 6265310f8d381234bff32b017c7b8993143b8) however, I cannot access the NextCloud GUI via the IP address or the server address.

Any idea what may have gone wrong? I made sure to setup port forwarding for ports 80 and 443 on the jail (TCP traffic) before running the script.

My domain is registered with Hover, and the name servers for my domain are Cloudflare based.

FreeNAS version
FreeNAS-11.2-U4.1

Config

Code:

JAIL_IP="192.168.86.160"
DEFAULT_GW_IP="192.168.86.1"
POOL_PATH="/mnt/Alexandria/Apps/NextCloud"
TIME_ZONE="America/Los_Angeles"
HOST_NAME="subdomain.domain.ext"
DNS_CERT=1
CERT_EMAIL="personal@email.com"
DNS_PLUGIN="cloudflare"
DNS_ENV="CLOUDFLARE_EMAIL=cloudflare@accountemail.com CLOUDFLARE_API_KEY=cloudflare_account_key"

FSTAB entries


Reachability Errors

 

[danb35]

Does subdomain.domain.ext resolve to the IP of your Nextcloud jail from inside your network? If not, can you make it do so? Because my installation does that if I try to browse by IP, but it works fine browsing by FQDN.

 

[plague]

Does subdomain.domain.ext resolve to the IP of your Nextcloud jail from inside your network? If not, can you make it do so? Because my installation does that if I try to browse by IP, but it works fine browsing by FQDN.

Yes! I amended my /etc/hosts file to make my FQDN resolve to my jails IP. I can now see the login page! Thank you Dan!

 

[plague]

I am now done with setting up the necessary user accounts on the NextCloud server as well as obtaining a proper cert from Lets Encrypt! The script you wrote has been of immense help :)

Are there any additional configurations I need to add to enable remote access to the NextCloud server? I tried accessing it via `https://<public_ip>:443` but no dice. I also tried accessing it via the FQDN from outside my home network and the connection times out.

I guess port 443 is blocked by my ISP? I can't seem to ping my public IP either.

 

[danb35]

I guess port 443 is blocked by my ISP?

Could be, but that isn't nearly as common as port 80. You could try a port scan on your connection by visiting https://www.grc.com/shieldsup.

 

[plague]

Could be, but that isn't nearly as common as port 80. You could try a port scan on your connection by visiting https://www.grc.com/shieldsup.

Shieldsup confirms that port 443 is reachable from outside. In the meantime I disabled port 80 since I will be doing secure communication with the NextCloud server.

Is there something I need to setup at my domain end? Add like an A record to force subdomain.domain.ext to point to my public_ip:443? Idk if that is good practice.

 

[danb35]

Ordinarily you'd want port 80 to be open; if you browse to subdomain.domain.ext on a browser that hasn't been there before (one that has would have the HSTS header automatically go to HTTPS), it will try to connect on port 80. Caddy will automatically redirect to HTTPS on 443, but in order to do that, it needs to connect on port 80 first.

Add like an A record to force subdomain.domain.ext to point to my public_ip:443

You can't add ports to an A record, but you should have an A or CNAME record that would resolve to your public IP. If you PM me the FQDN, I can check from here.

 

[Hidyman]

I am getting:
This site can't be reached.
192.168.0.6 refused to connect
ERR_CONNECTION_REFUSED

This happens with the ip or the FQDN (which is also pointed at 192.168.0.6 inside my network).
I am using FreeNAS-11.2-U4.1 (also tried on 11.2-U4)

Here is the nextcloud-config I am running:

JAIL_IP="192.168.0.6"
DEFAULT_GW_IP="192.168.0.2"
POOL_PATH="/mnt/Pool1/NextCloud"
TIME_ZONE="America/New_York"
HOST_NAME="drive.mydomain.com"
STANDALONE_CERT=0
NO_CERT=1

On the very last line during install I get
[: -eq: unexpected operator

I don't know if this means something.

For background, I set this up with an earlier version of the script that didn't allow NO_CERT, and used Apache for the web server.
It worked fine, but I'm now using a nginx reverse-proxy and was getting certificate errors, so I planned to let my reverse-proxy handle the SSL and redirect to the NextCloud instance on port 80.

I'm not very familiar with FreeBSD.

Thank you for your time.
(On a side note, you may be interested in this B5 kickstarter https://www.kickstarter.com/projects/1387618382/the-babylon-5-preservation-project )

 

[danb35]

POOL_PATH="mnt/Pool1/NextCloud"

This should have a leading slash: POOL_PATH="/mnt/Pool1/NextCloud".

 

[Hidyman]

This should have a leading slash: POOL_PATH="/mnt/Pool1/NextCloud".

Sorry that was a typo, not sure how to copy the config from the shell window on the browser.

 

[danb35]

shell window on the browser.

Just don't use it. Seriously--it's not as bad as it once was, but it's still entirely unsuitable for anything more than a simple command here or there. SSH to the server instead.

So if that was set correctly, we'll need to dig into the jail a bit to see what happened. Enter the jail with iocage console nextcloud, then see if caddy's running with service caddy status. If it isn't (which is what I suspect), see if the log file tells you why: tail /var/log/nextcloud_access.log and tail /var/log/nextcloud_errors.log.

 

[Hidyman]

From Service caddy status I get:

rc variable $caddy_cert_email is not set. Please provide a valid SSL certificate issuer email.

When I run tail , both say: No such file or directory

Maybe I have to give it an email addy, even if it's not using a cert?

 

[danb35]

Maybe I have to give it an email addy, even if it's not using a cert?

That shouldn't be necessary, and I thought I'd tested it that way, but I'm getting the same issue now. Try giving it an address (doesn't have to be a real one) with sysrc caddy_cert_email=me@example.com, then service caddy start.

 

[Hidyman]

That worked.
I set it up with the dummy address and I was able to start the service and access the nextcloud instance.

 

[Hidyman]

I need to destroy the jail and set it up again because I didn't create the "db" dataset with 16k record size and the "files" datasaet with no atime.
If you update the script I would be happy to try it again.