Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

[bermau]

Hoping someone can help me.
I have successfully installed nextcloud and can reach it from the reverse proxy (I followed this guide):

https://www.ixsystems.com/community...o-reverse-proxy-your-jails- w-certbot.49876 /

Everything ok except that after login I get the following error:
this directory is unavailable please check the logs or contact the administrator

Furthermore, in security there are the following errors:

my system configuration:
nextcloud config.php (in nextcloud jail)

Code:

<?php
$CONFIG = array (
  'passwordsalt' => 'Mk9g3tK3Au7IT/YYfUXFugws+tTiA8',
  'secret' => 'iwPshnPVUWFbom7mznjRdTVWBU3oP2cFKKuTMh3Mm3Eg4lXS',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'mydomain.com',
    2 => '192.168.0.199', #(nextcloud jail ip)
  ),
  'datadirectory' => '/mnt/files',
  'dbtype' => 'mysql',
  'version' => '16.0.4.1',
  'overwrite.cli.url' => 'https://mydomain.com/',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost:/tmp/mysql.sock',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'snkfRLDFKwfEgiYTJRaBKA==',
  'installed' => true,
  'instanceid' => 'oc3qfsowp4k1',
  'logtimezone' => 'Europe/Rome',
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud.log',
  'loglevel' => '2',
  'logrotate_size' => '104847600',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'redis' =>
  array (
    'host' => '/tmp/redis.sock',
    'port' => 0,
  ),
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'htaccess.RewriteBase' => '/',
  'trusted_proxies' =>
  array (
    0 => '192.168.0.158', #(reverse_proxy jail ip)
  ),
  'overwritehost' => 'mydomain.com',
  'overwriteprotocol' => 'https',
  'overwritewebroot'  => '/nextcloud',
);

proxy_setup_nextcloud.conf (in reverse proxy jail)

Code:

location /nextcloud {
        proxy_pass http://192.168.0.199/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
        client_max_body_size 16400M;
        proxy_read_timeout 90;
        proxy_redirect http://192.168.0.199/ https://mydomain.com/nextcloud/;
        }

and nextcloud log

Code:

[remote] Error: Sabre\DAV\Exception\Forbidden: Requested uri (/nextcloud/remote.phpp/dav/files/admin/) is out of base uri (/nextcloud/remote.php/dav/) at <<closure>>

0. /usr/local/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 549
   Sabre\DAV\Server->calculateUri("/nextcloud/remote.phpp/dav/files/admin/")
1. /usr/local/www/nextcloud/apps/dav/lib/Server.php line 322
   Sabre\DAV\Server->getRequestUri()
2. /usr/local/www/nextcloud/apps/dav/lib/Server.php line 148
   OCA\DAV\Server->requestIsForSubtree(["calendars","pu ... "])
3. /usr/local/www/nextcloud/apps/dav/appinfo/v2/remote.php line 34
   OCA\DAV\Server->__construct(OC\AppFramework\Http\Request {}, "/nextcloud/remote.php/dav/")
4. /usr/local/www/nextcloud/remote.php line 163
   undefinedundefinedrequire_once("/usr/local/www/ ... p")

PROPFIND /nextcloud/remote.phpp/dav/files/admin/
from 192.168.0.1 by admin at 2019-08-27T18:30:16+02:00

thank you very much to those who want to help me.

 

[Thomas_VDB]

Been running Nextcloud on my Freenas via this script happily for some time now. Linked Nextcloud to my Freenas files via "External storage"
Today when working remotely I noticed 2 files are not present/listed in the Nextcloud-interface, while they present on the freenas share. When I add extra files in the share, they are immediately available in Nextcloud. It seems that the Nextcloud scan engine 'missed' these 2 files.
What is the best way to do a rescan?
Can someone walk me through adding e.g. a daily rescan cron job? Thx!

 

[danb35]

What is the best way to do a rescan?

I can't access it from here, but the Nextcloud administrator's manual has a lengthy section on the occ command, and I'm 99% sure that command can be made to do as you want. Once you figure out the syntax, you'd call it with something like su -m www -c 'php /usr/local/www/nextcloud/occ maintenance:update:htaccess'. You can then add it to www's crontab with crontab -u www -e.

 

[mendocino]

Hi i have installed nextclaud on my freenas server using this user guide, everything works fine but i have one big problem and i don't know how to fix it. If I share a download link to the outside (pictures with a total size of 4GB in the link) the download just stops at some point. I ran an experiment through a VPN server and found that the download takes exactly 1 minute after it is terminated. Of course, depending on the speed of the VPN server, it takes a minute to download the data, and after 1 minute the download stops. For the local network, the same situation. Still noticed if I want to download any file from nextcloud (not via the sharing link but directly through my account) the download takes exactly 1 min and everything stops. Please help me.

 

[mapcevn]

I'm pulling my hair out doing google-fu but no help. I've installed three things below:

1. A reverse proxy server with nginx in a jail named 'nginx_reverse'
2. A web server with nginx to host my wordpress website in a jail named "www"
3. A nextcloud server in a jail named "nextcloud" installed by using danb35's script

The reverse proxy server works well with the web server, however it doesn't work with the nextcloud server. I entered the nextcloud URL into the browser, but it kept returning a message:

"'Client sent an HTTP request to an HTTPS server"

I guess the solution, maybe, I need to remove the installed Letsencrypt certificate from the nextcloud server as the reverse proxy server has already taken care of this. This trick works perfectly for my web server with nginx. But, I don't know how to do this with the nextcloud server.

Can someone point me to the right direction?

 

[danb35]

Well, the simple answer if you don't have any significant amount of data on the Nextcloud instance is to wipe it out and re-run the script with NO_CERT enabled--that will have your Nextcloud installation speaking only http, and relying on your reverse proxy for TLS termination. If there's very much data there, though, you wouldn't want to go that way. In that case, you'll need to update the Caddyfile to only do HTTP. You can use the Caddyfile-nossl from the script's configs directory to help with this.

 

[mapcevn]

You are indeed a legend, Dan. I chose to modify the Caddyfile adding the ":80" to nextcloud.mydomain.com, and it works!!! Thank you for your brilliant work!

 

[mapcevn]

Hi Dan, sorry I need your help again. Though this trick works perfectly with all my devices using app password login, but it causes problem with logging into accounts using 2FA with my yubikeys. An error happened as below.

U2F device
An error occurred: Sign failed

I had to use the backup passcode to login and removed the 2FA to avoid locking myself out.

Am I missing anything here?

 

[danb35]

Am I missing anything here?

I haven't worked with any 2FA devices, so it's hard to say. Best I can suggest is check the nextcloud log (/var/log/nextcloud.log, IIRC) and see what errors are appearing.

 

[mendocino]

Hi i have installed nextclaud on my freenas server using this user guide, everything works fine but i have one big problem and i don't know how to fix it. If I share a download link to the outside (pictures with a total size of 4GB in the link) the download just stops at some point. I ran an experiment through a VPN server and found that the download takes exactly 1 minute after it is terminated. Of course, depending on the speed of the VPN server, it takes a minute to download the data, and after 1 minute the download stops. For the local network, the same situation. Still noticed if I want to download any file from nextcloud (not via the sharing link but directly through my account) the download takes exactly 1 min and everything stops. Please help me.

My problem is described above, I checked nextclod_error.log and it throws me an error like this
27/Sep/2019:16:57:43 +0300 [ERROR 502 /index.php] read tcp 127.0.0.1:64497->127.0.0.1:9000: i/o timeout
27/Sep/2019:17:14:37 +0300 [ERROR 502 /index.php] read tcp 127.0.0.1:16355->127.0.0.1:9000: i/o timeout
what settings need to be changed to fix this error?

 

[danb35]

My problem is described above,

I haven't been ignoring you, I'm just having trouble reproducing the problem. I just did a fresh installation from the latest version of my script and uploaded a 2.1 GB ISO file to it through the web interface. The upload completed in just over 2 minutes without errors. I synced another 2GB file through the client, again with no issues. A 5 GB and a 7 GB file similarly uploaded without problems. Finally a 10 GB file gave an error (and I'm seeing the same thing in nextcloud_error.log), but then corrected itself. I'm working on getting PHP to log its errors to see where the problem is, but no luck so far.

 

[vorchan]

My problem is described above, I checked nextclod_error.log and it throws me an error like this
27/Sep/2019:16:57:43 +0300 [ERROR 502 /index.php] read tcp 127.0.0.1:64497->127.0.0.1:9000: i/o timeout
27/Sep/2019:17:14:37 +0300 [ERROR 502 /index.php] read tcp 127.0.0.1:16355->127.0.0.1:9000: i/o timeout
what settings need to be changed to fix this error?

I had the same problem and found a solution that worked for me, please see posts #837, #839 and #841.

 

[danb35]

Code:

HOST {
 timeouts 3600s 
}

I'm not quite sure I understand this one--is it in its own block with a header of HOST (so you'd add all three lines here), or is it just a single added line in the main host block? IOW, should the change to the Caddyfile be like this:

Code:

yourhostnamehere {

...
...
timeouts 3600s
}

 

[vorchan]

I'm not quite sure I understand this one--is it in its own block with a header of HOST (so you'd add all three lines here), or is it just a single added line in the main host block? IOW, should the change to the Caddyfile be like this:

Code:

yourhostnamehere {

...
...
timeouts 3600s
}

Yes, you are correct! It follows standard syntax from Caddyserver docs.

 

[danb35]

OK, not super happy with an hour timeout (or with php-fpm not logging where the problem is), but it works--just uploaded a 15GB file through the web interface of a test installation. I've pushed out an update to the script that changes the Caddyfile and php.ini accordingly.

 

[mapcevn]

I haven't worked with any 2FA devices, so it's hard to say. Best I can suggest is check the nextcloud log (/var/log/nextcloud.log, IIRC) and see what errors are appearing.

Hi Dan, I tried to clear all log files to locate the right one which recorded the 2FA response. The only recorded log is in the file nextcloud_access.log which is as below:

192.168.2.20 - - [30/Sep/2019:20:05:45 +1000] "POST /index.php/login?clear=1 HTTP/1.0" 303 0
192.168.2.20 - - [30/Sep/2019:20:05:45 +1000] "GET /index.php/login/selectchallenge HTTP/1.0" 200 11508
192.168.2.20 - - [30/Sep/2019:20:05:45 +1000] "GET /apps/twofactor_totp/img/app.svg HTTP/1.0" 200 1042
192.168.2.20 - - [30/Sep/2019:20:05:45 +1000] "GET /index.php/apps/encryption/ajax/getStatus HTTP/1.0" 303 0
192.168.2.20 - - [30/Sep/2019:20:05:45 +1000] "GET /index.php/login/selectchallenge?redirect_url=/index.php/apps/encryption/ajax/getStatus HTTP/1.0" 200 11671
192.168.2.20 - - [30/Sep/2019:20:05:55 +1000] "PROPFIND /remote.php/dav/files/username/ HTTP/1.0" 207 388
192.168.2.20 - - [30/Sep/2019:20:05:59 +1000] "GET /index.php/login/challenge/u2f HTTP/1.0" 200 13071
192.168.2.20 - - [30/Sep/2019:20:06:00 +1000] "GET /apps/twofactor_u2f/js/challenge.js?v=aecebc2c-1 HTTP/1.0" 200 124306
192.168.2.20 - - [30/Sep/2019:20:06:00 +1000] "GET /index.php/apps/encryption/ajax/getStatus HTTP/1.0" 303 0
192.168.2.20 - - [30/Sep/2019:20:06:00 +1000] "GET /index.php/login/selectchallenge?redirect_url=/index.php/apps/encryption/ajax/getStatus HTTP/1.0" 200 11677
192.168.2.20 - - [30/Sep/2019:20:06:00 +1000] "PROPFIND /remote.php/dav/files/username/ HTTP/1.0" 207 368
I trie

 

[Thomas_VDB]

Hi,
A few posts ago, I mentioned that my (scripted) nextcloud install, is not syncing some files.
I am using external storage support to sync my local freenas pool to my nextcloud jail.
Manually resyncing (occ files scan) doesn't help.
Now I discovered that only the files with an 'é'-character in their filenames are not syncing.
What can I do about this?
I doubt this has to do with the warning that I'm also getting about 4-bytes support for mysql to use emojis is not enabled?
Thx!

 

[danb35]

With the release of Nextcloud 17, I’ve created a new branch of this script to install that version. To try it out, run git clone -b nextcloud-17 https://github.com/danb35/freenas-iocage-nextcloud.git. It installs fine for me, but has had only minimal testing. I’ll probably merge this into master in a week or so if I don’t find or hear of any problems with it.

With this branch, I’ve also added a simple script to remove the Let’s Encrypt staging CA from your Caddyfile and obtain a trusted cert. See either the README or the end of the script’s output for more information.

 

[danb35]

What can I do about this?

Hard to say, though I'd agree it's unlikely it has anything to do with the 4-byte character support. Are there any errors in either the server or the client log? I'm able to upload a file containing that character in the name and have it appear without issues, but that's hardly an exhaustive test.

 

[Apollo]

My problem is described above, I checked nextclod_error.log and it throws me an error like this
27/Sep/2019:16:57:43 +0300 [ERROR 502 /index.php] read tcp 127.0.0.1:64497->127.0.0.1:9000: i/o timeout
27/Sep/2019:17:14:37 +0300 [ERROR 502 /index.php] read tcp 127.0.0.1:16355->127.0.0.1:9000: i/o timeout
what settings need to be changed to fix this error?

Not sure if this is the issue, but I have read that with some latest update to php, there has been some issues related to timeout caused by malformed request or something.