-
Important Announcement for The TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
Resource icon
- Thread starter danb35
- Start date
.... Nas.tk {
root /usr/local/www/nextcloud
log /var/log/nextcloud_access.log
errors /var/log/nextcloud_errors.log
tls
ca https://acme-v02.api.letsencrypt.org/directory
dns cloudflare
fastcgi / 127.0.0.1:9000 php {
env PATH /bin
env modHeadersAvailable true
env front_controller_active true
connect_timeout 60s
read_timeout 3600s
send_timeout 300s
}
header / {
root /usr/local/www/nextcloud
log /var/log/nextcloud_access.log
errors /var/log/nextcloud_errors.log
tls
ca https://acme-v02.api.letsencrypt.org/directory
dns cloudflare
fastcgi / 127.0.0.1:9000 php {
env PATH /bin
env modHeadersAvailable true
env front_controller_active true
connect_timeout 60s
read_timeout 3600s
send_timeout 300s
}
header / {
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Strange, it's missing the braces. It should look like this:
Code:
tls {
ca https://acme-v02.api.letsencrypt.org/directory
dns cloudflare
}
I did an fresh install and got the following error during install:
"Destination: /../../../usr/ports does not exist or is not a directory."
in the config file i set the ports folder somewhere else..
later it did install all the ports in usr/ports
But it keeps saying: Ports collection not supported, please update build
"Destination: /../../../usr/ports does not exist or is not a directory."
in the config file i set the ports folder somewhere else..
later it did install all the ports in usr/ports
But it keeps saying: Ports collection not supported, please update build
Hi, i installed nextcloud a couple of months ago using this script and it was great, but a few days ago i received a letter from Let's Encrypt warning that the certificate is expiring. I see at the moment there is an updated script and the first question is whether it is possible to upgrade jail using an updated script without losing data. Another question is if it is not possible to change the use of jail tnaujinti sriptu how to solve the problem with https certificate.
I used a domain from freenom.com
The router has ports 80 and 443 open. I'm attaching a caddy log file where my domain name is changed to mydomain.ml and my external IP is changed to 84.240. **. ***
I used a domain from freenom.com
The router has ports 80 and 443 open. I'm attaching a caddy log file where my domain name is changed to mydomain.ml and my external IP is changed to 84.240. **. ***
Robert Thomspon
Patron
- Joined
- Jun 24, 2017
- Messages
- 338
Disregard... it just takes a REALLY long time (about 90 minutes)
Good afternoon gents...
I seem to be getting a hangup on (or after) Executing Poststart OK
Anyone else encounter this and know a workaround?
(FYI: running on FreeNAS 11.3-RC1 and changed line 151 to reflect the correct package... everything seems ok until that point (i did try canceling, deleting and starting over))
I seem to be getting a hangup on (or after) Executing Poststart OK
Anyone else encounter this and know a workaround?
(FYI: running on FreeNAS 11.3-RC1 and changed line 151 to reflect the correct package... everything seems ok until that point (i did try canceling, deleting and starting over))
Last edited:
Robert Thomspon
Patron
- Joined
- Jun 24, 2017
- Messages
- 338
OK, got this beast up an running...
Cant seem to get it to sign one of my site's certificates, and throws unsecure errors on the other... but not worried about that yet...
Trying to clean up NextCloud security flags (for some reason, file names is one but is fixed by running an occ command to convert the (i think long file names)...
Anyway, down to this weird one and i, for the life of me, can not clean it up... Ive looked everywhere for where Caddy might have it set, Ive looked into PHP, nginx, apache... grr...
Anyway, error in nextcloud security checks is:
The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
any help is appreciated...
Cant seem to get it to sign one of my site's certificates, and throws unsecure errors on the other... but not worried about that yet...
Trying to clean up NextCloud security flags (for some reason, file names is one but is fixed by running an occ command to convert the (i think long file names)...
Anyway, down to this weird one and i, for the life of me, can not clean it up... Ive looked everywhere for where Caddy might have it set, Ive looked into PHP, nginx, apache... grr...
Anyway, error in nextcloud security checks is:
The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
any help is appreciated...
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
This is addressed here:
security/performance issues with default install · Issue #80 · danb35/freenas-iocage-nextcloud
After deploying the nextcloud-instance with this script, there are two warnings reported by the instance itself (under admin/settings/administration/overview): The "X-Frame-Options" HTTP header is ...
github.com
I'll need to update the Caddyfile in the repo to really fix it, but you can modify yours by adding the line indicated in that issue.
Robert Thomspon
Patron
- Joined
- Jun 24, 2017
- Messages
- 338
OH!!! SH*T... all ive needed to do is ADD the line? Ive spent like 3 hours LOOKING for the line in other config files :)This is addressed here:
security/performance issues with default install · Issue #80 · danb35/freenas-iocage-nextcloud
After deploying the nextcloud-instance with this script, there are two warnings reported by the instance itself (under admin/settings/administration/overview): The "X-Frame-Options" HTTP header is ...
I'll need to update the Caddyfile in the repo to really fix it, but you can modify yours by adding the line indicated in that issue.
Robert Thomspon
Patron
- Joined
- Jun 24, 2017
- Messages
- 338
You may also want to have occ chmod set to executable (something i noticed ive had to do manually each time ive installed via script)
Last edited:
Robert Thomspon
Patron
- Joined
- Jun 24, 2017
- Messages
- 338
is it possible to set up with no SSL security at installation and then set up a secure connection after install?
And, if so... any chance you know the best way to go about doing so? (I can not, for the life of me, get my company's website to be registered correctly... im happy to send you a private link if you want to look at it, but its not super important...)and No-IP for some reason, gets security flags when visiting it even though it seems to register perfectly fine... (Sorry, I just learned to read instructions correctly... Running the cleanup script clears up the flags for the No-IP forward)
And, if so... any chance you know the best way to go about doing so? (I can not, for the life of me, get my company's website to be registered correctly... im happy to send you a private link if you want to look at it, but its not super important...)
Last edited:
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Yes, but it'd be manual work. Briefly, you'd set it up with NO_CERT=1, and then when you want to use SSL instead, change the Caddyfile accordingly (you can use one of the templates with the script as a model). If you're fine using Let's Encrypt, use one of those Caddyfile versions--that's the most-common way to use Caddy. Otherwise, you can use the self-signed cert version along with any cert you've obtained elsewhere.
The recommended way to run occ is with
php occ ..., so there's no reason that occ itself needs to be executable.Hey Dan, Thanks for the script it worked perfectly!
Just a quick (newbie) question. I'm trying to install the preview generator. I have installed the app and have managed to SSH into the jail. I found on page 56 that I probably need to run this command:
su -m www -c 'php /usr/local/www/nextcloud/occ preview:pre-generate-all -vvv'
When I do this I'm promted for a password. I'm guessing this would be the password for user www but I can't figure out what it is...
Just a quick (newbie) question. I'm trying to install the preview generator. I have installed the app and have managed to SSH into the jail. I found on page 56 that I probably need to run this command:
su -m www -c 'php /usr/local/www/nextcloud/occ preview:pre-generate-all -vvv'
When I do this I'm promted for a password. I'm guessing this would be the password for user www but I can't figure out what it is...
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
You shouldn't ever need to SSH into a jail--SSH to your FreeNAS box, then
iocage console nextcloud. And apparently you aren't logging in as root, otherwise you wouldn't be prompted for a password (which the www user doesn't have)--and the latter is the real issue. So, you need to become root in the jail--either log in as root directly, or su to root once you're logged in (which will require root's password, which you'll need to set--better to do as I said initially, be root on FreeNAS, then enter the jail). You'll then be able to su to another user without needing that user's password.
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
You could do it through the GUI (the command would be
iocage exec nextcloud su -m www . . .), but I'd lean toward doing it as a cron job in the jail itself. Enter the jail, do export EDITOR=nano, and then crontab -u www -e, which will bring up the www user's crontab file. Because it's already the www user, the "su -m www" part isn't needed, so the command would just be php /usr/local/www/nextcloud/occ preview:pre-generate-all -vvv (unless the command for repeat use is different).Sooo i followed every step of the guide BUT while i try to install/use the script i get the same error all the time:
root@freenas[~/freenas-iocage-nextcloud]# ./nextclou
ls: /mnt/tank/db: No such file or directory
nextcloud successfully created!
Testing SRV response to FreeBSD
pkg.freebsd.org's SRV record could not be verified.
Testing DNSSEC response to FreeBSD
pkg.freebsd.org could not be reached via DNSSEC.
Testing DNS response to FreeBSD
pkg.freebsd.org could not be reached via DNS, check
Failed to create jail
What did i wrong? What am i missing?
edit: it creates the jail
When i try it again it says, that the jail already exists............... freenas. what a joy
edit2:
i think somehow the jail kannt connect to the internet or something like taht. dont understand it and donmt really know how to check/fix it
edit3: Opend all ports in my fritzbox. still same error
root@freenas[~/freenas-iocage-nextcloud]# ./nextclou
ls: /mnt/tank/db: No such file or directory
nextcloud successfully created!
Testing SRV response to FreeBSD
pkg.freebsd.org's SRV record could not be verified.
Testing DNSSEC response to FreeBSD
pkg.freebsd.org could not be reached via DNSSEC.
Testing DNS response to FreeBSD
pkg.freebsd.org could not be reached via DNS, check
Failed to create jail
What did i wrong? What am i missing?
edit: it creates the jail
When i try it again it says, that the jail already exists............... freenas. what a joy
edit2:
i think somehow the jail kannt connect to the internet or something like taht. dont understand it and donmt really know how to check/fix it
edit3: Opend all ports in my fritzbox. still same error
Last edited:
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Yes, that's what's going on. What version of FreeNAS are you using? And what's in your nextcloud-config file (masking any DNS credentials)?
