Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

Apollo · Oct 2, 2019

Thomas_VDB said:
Hi,
A few posts ago, I mentioned that my (scripted) nextcloud install, is not syncing some files.
I am using external storage support to sync my local freenas pool to my nextcloud jail.
Manually resyncing (occ files scan) doesn't help.
Now I discovered that only the files with an 'é'-character in their filenames are not syncing.
What can I do about this?
I doubt this has to do with the warning that I'm also getting about 4-bytes support for mysql to use emojis is not enabled?
Thx!

I doubt the issue is with Netcloud.
However I have experienced such issue with Rsync. I don't know if it is relevent in your case.
I do have some files using the French characters and I have no problem with them.

danb35 · Oct 3, 2019

Thomas_VDB said:
only the files with an 'é'-character in their filenames

With a little further testing, I've been able to sync files like this using the client software (Mac, v2.6.0) and a fresh installation of NC17 using the nextcloud-17 branch of my script. My previous test uploaded the file through the Nextcloud web UI. I'm not seeing any problems here, but I haven't tried doing anything with the external storage piece of your configuration.

Apollo · Oct 3, 2019

Since you switched the script to Caddy, I have never been able to install Nextcloud. Even though it says the Letsencrypt has been successfully obtained, I am not able to reach the server. I have triedNC17 this time.

I used "STANDALONE_CERT=1" and provided my domain name.
I am using pfsense with Haproxy and I have it setup in a similar way as the one already in place.

I have tried with "NO_CERT=1" for a new install and I can access Nextcloud over HTTP.

I am puzzled and suspect Caddy and Let'sencrypt are not cooperating properly.
How can I debug this?

PS: I am going through the logs, and found the "caddy.log".
It indicate certificate couldn't be obtained at first but then succeed.
After that I constantly get:
http: TLS handshake error from 192.168.1.10:42117: no certificate available for ''

4q1 · Oct 4, 2019

I'm trying to install 17 with your new script. It's a no-go for me. There doesn't seem to be a listener at 80 or 443. I'm on FN 11.2U6

Where should I start troubleshooting?
Thanks!

PID TT STAT TIME COMMAND
43647 - SsJ 0:00.00 /usr/sbin/syslogd -c -ss
43698 - SsJ 0:00.04 redis-server: /usr/local/bin/redis-server 127.0.0.1:0 (r
43702 - SsJ 0:00.01 php-fpm: master process (/usr/local/etc/php-fpm.conf) (p
43703 - IJ 0:00.00 php-fpm: pool www (php-fpm)
43704 - IJ 0:00.00 php-fpm: pool www (php-fpm)
43712 - IsJ 0:00.01 /bin/sh /usr/local/bin/mysqld_safe --defaults-extra-file
43786 - IJ 0:00.24 /usr/local/libexec/mysqld --defaults-extra-file=/var/db/
43804 - IsJ 0:00.00 /usr/sbin/cron -J 15 -s
43863 3 IJ 0:00.00 login [pam] (login)
43864 3 SJ 0:00.01 -csh (csh)
43995 3 R+J 0:00.00 ps ax

danb35 · Oct 4, 2019

4q1 said:
Where should I start troubleshooting?

That output is inside the jail? What's in /var/log/caddy.log?

4q1 · Oct 4, 2019

Looks like I messed up the config file, so I am including that also.
I assumed that I couldn't get a cert so I imagined it would make a self signed cert locally.

# cat nextcloud-config
JAIL_IP="192.168.1.11"
DEFAULT_GW_IP="192.168.1.1"
POOL_PATH="/mnt/home/Backup/NextCloud"
TIME_ZONE="America/Chicago"
HOST_NAME="XxXxXxXxX.duckdns.org"
STANDALONE_CERT=1
CERT_EMAIL="nad@yYyYyYy.com"
--More--(END)

cat caddy.log
Activating privacy features... 2019/10/03 23:14:51 [INFO][cache:0xc0001d2370] Started certificate maintenance routine
2019/10/03 23:14:57 [INFO] acme: Registering account for nad@yYyYyYy.com
2019/10/03 23:14:57 [INFO][XxXxXxXxX.duckdns.org] Obtain certificate
2019/10/03 23:14:57 [INFO] [XxXxXxXxX.duckdns.org] acme: Obtaining bundled SAN certificate
2019/10/03 23:14:57 [INFO] [XxXxXxXxX.duckdns.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12358367
2019/10/03 23:14:57 [INFO] [XxXxXxXxX.duckdns.org] acme: Could not find solver for: tls-alpn-01
2019/10/03 23:14:57 [INFO] [XxXxXxXxX.duckdns.org] acme: use http-01 solver
2019/10/03 23:14:57 [INFO] [XxXxXxXxX.duckdns.org] acme: Trying to solve HTTP-01
2019/10/03 23:15:19 [INFO] Unable to deactivated authorizations: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12358367
2019/10/03 23:15:19 [ERROR][XxXxXxXxX.duckdns.org] failed to obtain certificate: acme: Error -> One or more domains had a problem:
[XxXxXxXxX.duckdns.org] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://XxXxXxXxX.duckdns.org/.well-known/acme-challenge/eKDExWwE647qcH96SMvgWbbvOtyoCZjsHH4JGOSPuLE: Timeout during connect (likely firewall problem), url:
(attempt 1/3; challenge=http-01)
2019/10/03 23:15:20 [INFO] [XxXxXxXxX.duckdns.org] acme: Obtaining bundled SAN certificate
2019/10/03 23:15:20 [INFO] [XxXxXxXxX.duckdns.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12358474
2019/10/03 23:15:20 [INFO] [XxXxXxXxX.duckdns.org] acme: Could not find solver for: tls-alpn-01
2019/10/03 23:15:20 [INFO] [XxXxXxXxX.duckdns.org] acme: use http-01 solver
2019/10/03 23:15:20 [INFO] [XxXxXxXxX.duckdns.org] acme: Trying to solve HTTP-01
2019/10/03 23:15:31 [INFO] Unable to deactivated authorizations: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12358474
2019/10/03 23:15:31 [ERROR][XxXxXxXxX.duckdns.org] failed to obtain certificate: acme: Error -> One or more domains had a problem:
[XxXxXxXxX.duckdns.org] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://XxXxXxXxX.duckdns.org/.well-known/acme-challenge/18ugjP2C19k7awYKP5H8q6axEKe0ML3CpbYK7C2-xlg: Timeout during connect (likely firewall problem), url:
(attempt 2/3; challenge=http-01)
2019/10/03 23:15:32 [INFO] [XxXxXxXxX.duckdns.org] acme: Obtaining bundled SAN certificate
2019/10/03 23:15:32 [INFO] [XxXxXxXxX.duckdns.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12358529
2019/10/03 23:15:32 [INFO] [XxXxXxXxX.duckdns.org] acme: Could not find solver for: tls-alpn-01
2019/10/03 23:15:32 [INFO] [XxXxXxXxX.duckdns.org] acme: use http-01 solver
2019/10/03 23:15:32 [INFO] [XxXxXxXxX.duckdns.org] acme: Trying to solve HTTP-01
2019/10/03 23:15:51 [INFO] Unable to deactivated authorizations: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12358529
2019/10/03 23:15:51 [ERROR][XxXxXxXxX.duckdns.org] failed to obtain certificate: acme: Error -> One or more domains had a problem:
[XxXxXxXxX.duckdns.org] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://XxXxXxXxX.duckdns.org/.well-known/acme-challenge/-ZCrhX0nkXosakJjWdLr181FzY9wzJHVro5_x6Mqm5g: Timeout during connect (likely firewall problem), url:
(attempt 3/3; challenge=http-01)
2019/10/03 23:15:52 [INFO] [XxXxXxXxX.duckdns.org] acme: Obtaining bundled SAN certificate
2019/10/03 23:15:52 [INFO] [XxXxXxXxX.duckdns.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12358615
2019/10/03 23:15:52 [INFO] [XxXxXxXxX.duckdns.org] acme: use tls-alpn-01 solver
2019/10/03 23:15:52 [INFO] [XxXxXxXxX.duckdns.org] acme: Trying to solve TLS-ALPN-01
2019/10/03 23:16:03 [INFO] Unable to deactivated authorizations: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12358615
2019/10/03 23:16:03 [ERROR][XxXxXxXxX.duckdns.org] failed to obtain certificate: acme: Error -> One or more domains had a problem:
[XxXxXxXxX.duckdns.org] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem), url:
(attempt 1/3; challenge=tls-alpn-01)
2019/10/03 23:16:04 [INFO] [XxXxXxXxX.duckdns.org] acme: Obtaining bundled SAN certificate
2019/10/03 23:16:04 [INFO] [XxXxXxXxX.duckdns.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12358650
2019/10/03 23:16:04 [INFO] [XxXxXxXxX.duckdns.org] acme: use tls-alpn-01 solver
2019/10/03 23:16:04 [INFO] [XxXxXxXxX.duckdns.org] acme: Trying to solve TLS-ALPN-01
2019/10/03 23:16:20 [INFO] Unable to deactivated authorizations: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12358650
2019/10/03 23:16:20 [ERROR][XxXxXxXxX.duckdns.org] failed to obtain certificate: acme: Error -> One or more domains had a problem:
[XxXxXxXxX.duckdns.org] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem), url:
(attempt 2/3; challenge=tls-alpn-01)
2019/10/03 23:16:21 [INFO] [XxXxXxXxX.duckdns.org] acme: Obtaining bundled SAN certificate
2019/10/03 23:16:21 [INFO] [XxXxXxXxX.duckdns.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12358710
2019/10/03 23:16:21 [INFO] [XxXxXxXxX.duckdns.org] acme: use tls-alpn-01 solver
2019/10/03 23:16:21 [INFO] [XxXxXxXxX.duckdns.org] acme: Trying to solve TLS-ALPN-01
2019/10/03 23:16:36 [INFO] Unable to deactivated authorizations: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12358710
2019/10/03 23:16:36 [ERROR][XxXxXxXxX.duckdns.org] failed to obtain certificate: acme: Error -> One or more domains had a problem:
[XxXxXxXxX.duckdns.org] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem), url:
(attempt 3/3; challenge=tls-alpn-01)
2019/10/03 23:16:37 failed to obtain certificate: acme: Error -> One or more domains had a problem:
[XxXxXxXxX.duckdns.org] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem), url:
Activating privacy features... 2019/10/04 19:18:19 [INFO][cache:0xc0000b8870] Started certificate maintenance routine
2019/10/04 19:18:24 [INFO][XxXxXxXxX.duckdns.org] Obtain certificate
2019/10/04 19:18:24 [INFO] [XxXxXxXxX.duckdns.org] acme: Obtaining bundled SAN certificate
2019/10/04 19:18:24 [INFO] [XxXxXxXxX.duckdns.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12544593
2019/10/04 19:18:24 [INFO] [XxXxXxXxX.duckdns.org] acme: use tls-alpn-01 solver
2019/10/04 19:18:24 [INFO] [XxXxXxXxX.duckdns.org] acme: Trying to solve TLS-ALPN-01
2019/10/04 19:18:37 [INFO] Unable to deactivated authorizations: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12544593
2019/10/04 19:18:37 [ERROR][XxXxXxXxX.duckdns.org] failed to obtain certificate: acme: Error -> One or more domains had a problem:
[XxXxXxXxX.duckdns.org] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem), url:
(attempt 1/3; challenge=tls-alpn-01)
2019/10/04 19:18:38 [INFO] [XxXxXxXxX.duckdns.org] acme: Obtaining bundled SAN certificate
2019/10/04 19:18:38 [INFO] [XxXxXxXxX.duckdns.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12544628
2019/10/04 19:18:38 [INFO] [XxXxXxXxX.duckdns.org] acme: use tls-alpn-01 solver
2019/10/04 19:18:38 [INFO] [XxXxXxXxX.duckdns.org] acme: Trying to solve TLS-ALPN-01
2019/10/04 19:18:53 [INFO] Unable to deactivated authorizations: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12544628
2019/10/04 19:18:53 [ERROR][XxXxXxXxX.duckdns.org] failed to obtain certificate: acme: Error -> One or more domains had a problem:
[XxXxXxXxX.duckdns.org] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem), url:
(attempt 2/3; challenge=tls-alpn-01)
2019/10/04 19:18:54 [INFO] [XxXxXxXxX.duckdns.org] acme: Obtaining bundled SAN certificate
2019/10/04 19:18:54 [INFO] [XxXxXxXxX.duckdns.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12544669
2019/10/04 19:18:54 [INFO] [XxXxXxXxX.duckdns.org] acme: use tls-alpn-01 solver
2019/10/04 19:18:54 [INFO] [XxXxXxXxX.duckdns.org] acme: Trying to solve TLS-ALPN-01
2019/10/04 19:19:11 [INFO] Unable to deactivated authorizations: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12544669
2019/10/04 19:19:11 [ERROR][XxXxXxXxX.duckdns.org] failed to obtain certificate: acme: Error -> One or more domains had a problem:
[XxXxXxXxX.duckdns.org] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem), url:
(attempt 3/3; challenge=tls-alpn-01)
2019/10/04 19:19:12 [INFO] [XxXxXxXxX.duckdns.org] acme: Obtaining bundled SAN certificate
2019/10/04 19:19:12 [INFO] [XxXxXxXxX.duckdns.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12544728
2019/10/04 19:19:12 [INFO] [XxXxXxXxX.duckdns.org] acme: Could not find solver for: tls-alpn-01
2019/10/04 19:19:12 [INFO] [XxXxXxXxX.duckdns.org] acme: use http-01 solver
2019/10/04 19:19:12 [INFO] [XxXxXxXxX.duckdns.org] acme: Trying to solve HTTP-01
2019/10/04 19:19:30 [INFO] Unable to deactivated authorizations: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12544728
2019/10/04 19:19:30 [ERROR][XxXxXxXxX.duckdns.org] failed to obtain certificate: acme: Error -> One or more domains had a problem:
[XxXxXxXxX.duckdns.org] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://XxXxXxXxX.duckdns.org/.well-known/acme-challenge/icCGJWKW17rcPDx08Ga6VILViIVkBLJ4iYAfJGwEkBQ: Timeout during connect (likely firewall problem), url:
(attempt 1/3; challenge=http-01)
2019/10/04 19:19:31 [INFO] [XxXxXxXxX.duckdns.org] acme: Obtaining bundled SAN certificate
2019/10/04 19:19:31 [INFO] [XxXxXxXxX.duckdns.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12544786
2019/10/04 19:19:31 [INFO] [XxXxXxXxX.duckdns.org] acme: Could not find solver for: tls-alpn-01
2019/10/04 19:19:31 [INFO] [XxXxXxXxX.duckdns.org] acme: use http-01 solver
2019/10/04 19:19:31 [INFO] [XxXxXxXxX.duckdns.org] acme: Trying to solve HTTP-01
2019/10/04 19:19:47 [INFO] Unable to deactivated authorizations: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12544786
2019/10/04 19:19:47 [ERROR][XxXxXxXxX.duckdns.org] failed to obtain certificate: acme: Error -> One or more domains had a problem:
[XxXxXxXxX.duckdns.org] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://XxXxXxXxX.duckdns.org/.well-known/acme-challenge/B_kT56oPT06zNRuXAgIRgiX4AUMSVGLILbNG9JQU9Co: Timeout during connect (likely firewall problem), url:
(attempt 2/3; challenge=http-01)
2019/10/04 19:19:48 [INFO] [XxXxXxXxX.duckdns.org] acme: Obtaining bundled SAN certificate
2019/10/04 19:19:48 [INFO] [XxXxXxXxX.duckdns.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12544835
2019/10/04 19:19:48 [INFO] [XxXxXxXxX.duckdns.org] acme: Could not find solver for: tls-alpn-01
2019/10/04 19:19:48 [INFO] [XxXxXxXxX.duckdns.org] acme: use http-01 solver
2019/10/04 19:19:48 [INFO] [XxXxXxXxX.duckdns.org] acme: Trying to solve HTTP-01
2019/10/04 19:19:59 [INFO] Unable to deactivated authorizations: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/12544835
2019/10/04 19:19:59 [ERROR][XxXxXxXxX.duckdns.org] failed to obtain certificate: acme: Error -> One or more domains had a problem:
[XxXxXxXxX.duckdns.org] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://XxXxXxXxX.duckdns.org/.well-known/acme-challenge/6BS9mVtJlnaX3DHvyrT1UZ6dXRn4pybTR49IFyHkbfc: Timeout during connect (likely firewall problem), url:
(attempt 3/3; challenge=http-01)
2019/10/04 19:20:00 failed to obtain certificate: acme: Error -> One or more domains had a problem:
[XxXxXxXxX.duckdns.org] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://XxXxXxXxX.duckdns.org/.well-known/acme-challenge/6BS9mVtJlnaX3DHvyrT1UZ6dXRn4pybTR49IFyHkbfc: Timeout during connect (likely firewall problem), url:

4q1 · Oct 4, 2019

OK, I see. I used:
STANDALONE_CERT=1
when I should have used:

4q1 · Oct 4, 2019

Let me try that again....

I used:
STANDALONE_CERT=1
when I should have used:
SELFSIGNED_CERT=1

I will delete the jail and try again.

mapcevn · Oct 5, 2019

danb35 said:
Well, the simple answer if you don't have any significant amount of data on the Nextcloud instance is to wipe it out and re-run the script with NO_CERT enabled--that will have your Nextcloud installation speaking only http, and relying on your reverse proxy for TLS termination. If there's very much data there, though, you wouldn't want to go that way. In that case, you'll need to update the Caddyfile to only do HTTP. You can use the Caddyfile-nossl from the script's configs directory to help with this.

I've tested the NO_CERT option with both Dan's scripts for Nextcloud 16 and 17, but it doesn't work with my nginx reverse proxy. The nginx reverse proxy pass the SSL certificate through with a green lock, but I got the error message
502 Bad Gateway
nginx

It should be highlighted that, my nginx reverse proxy is currently working with the following services
- Nextcloud 16 installed with Dan's script, the 2FA is working with TOTP (authenticator app), but it doesn't work with U2F devices.
- My wordpress website - it's working perfectly with both TOTP app and the 2FA. I just have to add the code $_SERVER['HTTPS']= 'on'; into the wp-config.php. Surprisingly, the proxy_pass just forwards the https instead of http as tested with ssllabs.com I don't know why, but it doesn't matter as I just want to get it works. I would like to have this side effect works with the nextcloud too as the forwarded https is still better than the http.

Any clue would be much appreciated.

mapcevn · Oct 5, 2019

Hurraaaaaaaaaaaah, I've made it works for both TOTP app and my U2F devices!!!!!!!!!

In summary, what I did to get my existing Nextcloud 16 (installed with Dan's script) works with my nginx reverse proxy are:
- Modify the first line in the caddy file making it looks like nextcloud.mydomain.com:80
- Insert the code $_SERVER['HTTPS']= 'on', into the 3rd line in the config.php file in the folder /usr/local/www/nextcloud/config

Though this trick does not forwards the https to the nextcloud server (the data from nginx reverse server to the nextcloud server is in plain text), but it is OK enough at this moment.

Hope this helps someone too.

danb35 · Oct 5, 2019

4q1 said:
used:
STANDALONE_CERT=1
when I should have used:
SELFSIGNED_CERT=1

Came here to say that, but you beat me to it.

danb35 · Oct 5, 2019

mapcevn said:
Hurraaaaaaaaaaaah, I've made it works for both TOTP app and my U2F devices!!!!!!!!!

4q1 · Oct 6, 2019

ok, try #2 using SELFSIGNED_CERT=1. Seems to have installed ok. telnettted to 80 and 443 and there are listeners. try web browsers:

chrome:

Code:

This site can’t provide a secure connection

192.168.1.11 sent an invalid response.

    Try running Windows Network Diagnostics.

ERR_SSL_PROTOCOL_ERROR

Firefox:

Code:

Secure Connection Failed

An error occurred during a connection to 192.168.1.11. Peer reports it experienced an internal error. Error code: SSL_ERROR_INTERNAL_ERROR_ALERT

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

explorer:

Code:

This page can’t be displayed

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://192.168.1.11  again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

at first the caddy.log file looked empty, but after a reboot I see this:

Code:

2019/10/04 23:07:12 [INFO] Serving https://XxXxXxXxX.duckdns.org
2019/10/05 00:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 00:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 01:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 01:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 02:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 02:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 03:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 03:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 04:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 04:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 05:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 05:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 06:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 06:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 07:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 07:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 08:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 08:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 09:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 09:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 10:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 10:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 11:07:12 [INFO][cache:0xc0001b83c0] Scanning for expiring certificates
2019/10/05 11:07:12 [INFO][cache:0xc0001b83c0] Done scanning certificates
2019/10/05 11:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 11:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 12:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 12:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 13:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 13:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 14:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 14:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 15:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 15:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 16:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 16:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 17:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 17:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 18:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 18:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 19:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 19:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 20:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 20:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 21:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 21:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 22:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 22:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/05 23:07:12 [INFO][cache:0xc0001b83c0] Scanning for expiring certificates
2019/10/05 23:07:12 [INFO][cache:0xc0001b83c0] Done scanning certificates
2019/10/05 23:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/05 23:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 00:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 00:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 01:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 01:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 02:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 02:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 03:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 03:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 04:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 04:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 05:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 05:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 06:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 06:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 07:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 07:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 08:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 08:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 09:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 09:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 10:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 10:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 11:07:12 [INFO][cache:0xc0001b83c0] Scanning for expiring certificates
2019/10/06 11:07:12 [INFO][cache:0xc0001b83c0] Done scanning certificates
2019/10/06 11:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 11:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 12:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 12:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 13:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 13:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 14:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 14:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 15:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 15:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 16:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 16:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 17:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 17:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 18:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 18:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 19:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 19:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 20:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 20:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 21:07:12 [INFO][cache:0xc0001b83c0] Scanning for stale OCSP staples
2019/10/06 21:07:12 [INFO][cache:0xc0001b83c0] Done checking OCSP staples
2019/10/06 21:32:43 [INFO] 192.168.1.11 - No such site at :80 (Remote: 192.168.1.139, Referer: )
2019/10/06 21:32:43 [INFO] 192.168.1.11 - No such site at :80 (Remote: 192.168.1.139, Referer: )
2019/10/06 21:32:46 [INFO] 192.168.1.11 - No such site at :80 (Remote: 192.168.1.139, Referer: )
2019/10/06 21:42:35 http: TLS handshake error from [::1]:10234: tls: first record does not look like a TLS handshake
2019/10/06 21:45:57 http: TLS handshake error from 192.168.1.139:61222: no certificate available for ''
2019/10/06 21:46:20 http: TLS handshake error from 192.168.1.139:61240: no certificate available for ''
2019/10/06 21:46:22 http: TLS handshake error from 192.168.1.139:61243: no certificate available for ''
2019/10/06 21:46:23 http: TLS handshake error from 192.168.1.139:61244: no certificate available for ''
2019/10/06 21:46:33 http: TLS handshake error from 192.168.1.139:61259: no certificate available for ''
2019/10/06 21:46:33 http: TLS handshake error from 192.168.1.139:61260: no certificate available for ''
2019/10/06 21:47:05 http: TLS handshake error from 192.168.1.139:61631: no certificate available for ''
2019/10/06 21:47:05 http: TLS handshake error from 192.168.1.139:61632: tls: client offered only unsupported versions: [301 300]
2019/10/06 21:47:05 http: TLS handshake error from 192.168.1.139:61633: EOF
2019/10/06 21:48:39 [INFO] SIGTERM: Shutting down servers then terminating
2019/10/06 21:48:39 [INFO][cache:0xc0001b83c0] Stopped certificate maintenance routine

4q1 · Oct 6, 2019

I was trying to use it IP address to get to the VM locally. when I opened a port and redirected it to 443, I get the login prompt. so I'll part way home. :) Thanks.

danb35 · Oct 14, 2019

I’ve made a few updates to the nextcloud-17 branch, mainly to update the Caddyfiles for pretty URLs and to increase some timeouts. It looks like it’s working well and will probably be merged into master shortly. In testing, I’ve been able to upload files up to 15 GB through the web UI without any problems.

danb35 · Oct 18, 2019

nextcloud-17 is now merged into master.

Kuro Houou · Oct 21, 2019

I am getting the same error as reported back in post #597, I have tried 3 re-install's all the same exact errors as shown below... My fstab shows it has 4 mounts, ports, portsnap, files, and db. Not quite sure what the problem is, any ideas?

************************
Nextcloud was successfully installed

Your data directory is readable by other users
Please change the permissions to 0770 so that the directory cannot be listed by other users.

An unhandled exception has been thrown:
Exception: Environment not properly prepared. in /usr/local/www/nextcloud/lib/private/Console/Application.php:166
Stack trace:
#0 /usr/local/www/nextcloud/console.php(96): OC\Console\Application->loadCommands(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#1 /usr/local/www/nextcloud/occ(11): require_once('/usr/local/www/...')
#2 {main}
Your data directory is readable by other users
Please change the permissions to 0770 so that the directory cannot be listed by other users.

An unhandled exception has been thrown:
Exception: Environment not properly prepared. in /usr/local/www/nextcloud/lib/private/Console/Application.php:166
Stack trace:
#0 /usr/local/www/nextcloud/console.php(96): OC\Console\Application->loadCommands(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#1 /usr/local/www/nextcloud/occ(11): require_once('/usr/local/www/...')
#2 {main}
Your data directory is readable by other users
Please change the permissions to 0770 so that the directory cannot be listed by other users.

Goes on like that for awhile with other similar errors.

Kuro Houou · Oct 21, 2019

Maybe solved the initial 0770 permission issue. I removed the "Everyone" permission as it had read and execute.. although I have this error now,

Internal Server Error

The server encountered an internal error and was unable to complete your request.
Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.
More details can be found in the server log.

Does Everyone still need permissions to any of the files/db/ports folders, at least just read only?

Kuro Houou said:
I am getting the same error as reported back in post #597, I have tried 3 re-install's all the same exact errors as shown below... My fstab shows it has 4 mounts, ports, portsnap, files, and db. Not quite sure what the problem is, any ideas?

************************
Nextcloud was successfully installed

Your data directory is readable by other users
Please change the permissions to 0770 so that the directory cannot be listed by other users.

An unhandled exception has been thrown:
Exception: Environment not properly prepared. in /usr/local/www/nextcloud/lib/private/Console/Application.php:166
Stack trace:
#0 /usr/local/www/nextcloud/console.php(96): OC\Console\Application->loadCommands(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#1 /usr/local/www/nextcloud/occ(11): require_once('/usr/local/www/...')
#2 {main}
Your data directory is readable by other users
Please change the permissions to 0770 so that the directory cannot be listed by other users.

An unhandled exception has been thrown:
Exception: Environment not properly prepared. in /usr/local/www/nextcloud/lib/private/Console/Application.php:166
Stack trace:
#0 /usr/local/www/nextcloud/console.php(96): OC\Console\Application->loadCommands(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#1 /usr/local/www/nextcloud/occ(11): require_once('/usr/local/www/...')
#2 {main}
Your data directory is readable by other users
Please change the permissions to 0770 so that the directory cannot be listed by other users.

Goes on like that for awhile with other similar errors.

Kuro Houou · Oct 21, 2019

Ok, played with permissions as best I could and think I found the issue and resolution (albeit not completely). For better or worse, all my jails configs/install folders are on my one volume, V01, then in a folder called apps.. The key point I found though was the folder I put that apps folder in was a Windows shared type permission folder in freenas. I tried to set the folder permissions exactly as if it were a freshly created linux folder.. but no matter what I couldn't get Nextcloud to install and run properly there. So I created a new dataset called jails with unix share type permissions, and put a nextcloud folder in that. Low and behold that new folder worked when running the script... Wish I knew what permissions were causing the issue, if indeed it was just that... either way, I am fine with this resolution and will now continue on with my nextcloud setup. Thanks :)

Kuro Houou said:
Maybe solved the initial 0770 permission issue. I removed the "Everyone" permission as it had read and execute.. although I have this error now,

Internal Server Error

The server encountered an internal error and was unable to complete your request.
Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.
More details can be found in the server log.

Does Everyone still need permissions to any of the files/db/ports folders, at least just read only?

Apollo · Oct 21, 2019

@Kuro Houou, When iocage was introduced, my first trial and errors I encountered was mostly related to iocage management.
As a result, and also based on the script requirements, I have taken on the habit of creating a top level dataset where all my iocage installs reside.
The top level dataset cannot be named "iocage" as it will clash or make things ambioguous when dealing with jails.

On my system I have several iocage jails of Nextcloud running as they need to address different requirements.
The basic structure would be as follow:

Code:

My_iocage_install_dataset

Structure for iocage jail Nextcloud_A:
My_iocage_install_dataset\Nextcloud_A\
My_iocage_install_dataset\Nextcloud_A\files
My_iocage_install_dataset\Nextcloud_A\db
My_iocage_install_dataset\Nextcloud_A\portsnap
My_iocage_install_dataset\Nextcloud_A\install

Structure for iocage jail Nextcloud_B:
My_iocage_install_dataset\Nextcloud_B\
My_iocage_install_dataset\Nextcloud_B\files
My_iocage_install_dataset\Nextcloud_B\db
My_iocage_install_dataset\Nextcloud_B\portsnap
My_iocage_install_dataset\Nextcloud_B\install

...

Structure for iocage jail Nextcloud_N:
My_iocage_install_dataset\Nextcloud_N\
My_iocage_install_dataset\Nextcloud_N\files
My_iocage_install_dataset\Nextcloud_N\db
My_iocage_install_dataset\Nextcloud_N\portsnap
My_iocage_install_dataset\Nextcloud_N\install

I create the datasets via the GUI, but I handle all the install procedure via CLI over SSL as root.

When launching the bash file to proceed with the install of Nextcloud, I would expect the jail to be up and running without issues.
All the permissions would be set accordingly byt the script and access to the web interface should work as expected, unless Freenas fails to fetch the packages or the firewall isn't configured properly.

I do not use the default 'files' or 'db' dataset created above to store my data as they reside in different datasets on my system. However they are used to proceed ahead with the install. Once the jail is working, I just make the necessary modification to the 'fstab' and 'config.php' to remap my nextcloud 'files' and 'db' datasets and update the necessary credentials to access the database.

If the new iocage jails fails for any reasons, I would try to sort out the issue and fix it. Then it is just a matter of deleting the jail and contents of the 'files', 'db' and 'portsnap' dataset, not destroying the datasets.
Once done, I just run the install bash again.

Important Announcement for the TrueNAS Community.

Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

Wizard

Hall of Famer

Wizard

Cadet

Hall of Famer

Cadet

Cadet

Cadet

Dabbler

Dabbler

Hall of Famer

Hall of Famer

Cadet

Cadet

Hall of Famer

Hall of Famer

Contributor

Contributor

Contributor

Wizard

Similar threads