Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

[xames]

the shell of freenas resolve my blablabla.mydomain.com with my internal Ip of the Jail, thats good or i need to delete de Internal Dns during installation?

 

[xames]

My rj35 is connected on igb3, how i configure to use that interface exactly?
Maybe script have no internet due to vnet0 bad config or something like that, then caddy and acme don't work?

igb3 is my lan.

I put JAIL_INTERFACE"vnet0:bridge3" thats ok or igb3 is not bridge3? I really this part don't understand.

 

[danb35]

How i can put in config initial file the dhcp option for the nextcloud jail?

This script doesn't support obtaining an IP via DHCP.

How is the procedure to start from 0, only with freenas installed

Delete the jail and any contents in $CONFIG_PATH and $DB_PATH.

acme: error presenting token: cloudflare: failed to find zone blablabla.mydomain.com.: Zone could not be found (attempt 3/3)

Sounds like the token you're using doesn't apply to the domain you've selected. Are you using the Global API key?

 

[xames]

Yes Global API key

The config_path and db_path where are exactly? because i normally delete entire jail.

If i stop the jail and edit network and put there dhcp work fine or not?

My cloudflare dns NAME is a CNAME called nextcloud2.mybusiness.com and is CONENT is mybusiness.dyndns.org (this last is what my dynamic ip of my business automatically refresh ip over my isp router). I don't know if that can be a problem for obtaining the certificate or aplying the token. but i perfectly connet to my business over the alis nextlcoud2.mybusiness.com.

 

[InGenetic]

You shouldn't need to do anything at all for this; Caddy (the web server) will renew it automatically.

Haven't had this problem for quite a while (since the timeouts in the Caddyfile were updated). Best guess I could say would be to check the things mentioned in the error message: "Could either be a network problem on the sending side or a problem writing to the storage on the server side."

Hi Mr.danb35,
by the way, related to letsencrypt ssl, i'm not sure if i already doing the last step from your guidance below :

Obtaining a trusted Let's Encrypt cert
This configuration generated by this script will obtain certs from a non-trusted certificate authority by default. This is to prevent you from exhausting the Let's Encrypt rate limits while you're testing things out. Once you're sure things are working, you'll want to get a trusted cert instead. To do this, you can use a simple script that's included. As long as you haven't changed the default jail name, you can do this by running iocage exec nextcloud /root/remove-staging.sh.

how to check that if i already done this step or not ? and what will happening to my nextcloud ssl ( letsencrypt ) if i'm still not doing the last step ?

regards,

 

[danb35]

how to check that if i already done this step or not ?

Check the certificate of your current installation (you can see it in your browser). If it's issued by "Let's Encrypt Authority X3", you're good. If not, you're probably getting certificate errors anyway.

 

[danb35]

The config_path and db_path where are exactly?

From the docs:

If i stop the jail and edit network and put there dhcp work fine or not?

Probably, but I'm not sure. Again, DHCP isn't a supported configuration with this script.

 

[xames]

I try to connect directly on the Jail with SSL and it works, then networking is good. Why not ip nextcloud on browser not working?

Now i figure another problem with my firewall Unifi i have threat dns active, i try without, and another problem if i put cname on cloudflare pointing to another cname of dyndns who is who refresh my dynamic ip of the jail, not work certification, i have to put A record with ip directly, but the problem with A record is that is static ip, and my isp refresh my ip constantly.

if i have caddy.log errors, anyway i cannot browse nextcloud page is normal?

 

[xames]

I see that documentation about cloudflare dns, how to add this to the script?

DNS Providers :: Let’s Encrypt client and ACME library written in Go.

go-acme.github.io

 

[Basil Hendroff]

I see that documentation about cloudflare dns, how to add this to the script?

DNS Providers :: Let’s Encrypt client and ACME library written in Go.

go-acme.github.io

For TLS with Cloudflare DNS validation, set DNS_CERT=1, and set up CERT_EMAIL, DNS_PLUGIN and DNS_ENV in your configuration file.

If you have problems, provide a redacted configuration file for checking.

 

[xames]

Yes all of that are correctly on config
DNS_CERT=1, and set up CERT_EMAIL, DNS_PLUGIN and DNS_ENV in your configuration file.

THIS IS THE CADDY.LOG
2020/06/05 08:41:03 [INFO] [nextocloud2.mybusiness.com] acme: Waiting for DNS record propagation.
2020/06/05 08:41:05 [INFO] [nextocloud2.mybusiness.com] acme: Cleaning DNS-01 challenge
2020/06/05 08:41:07 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/62179603
2020/06/05 08:41:07 [ERROR][nextocloud2.mybusiness.com] failed to obtain certificate: acme: Error -> One or more domains had a problem:
[nextocloud2.mybusiness.com] time limit exceeded: last error: NS liberty.ns.cloudflare.com. returned NXDOMAIN for _acme-challenge.nextcloud2.mybusiness.com. (attempt 3/3; challenge=dns-01)
2020/06/05 08:41:08 failed to obtain certificate: acme: Error -> One or more domains had a problem:
[nextocloud2.mybusiness.com] time limit exceeded: last error: NS liberty.ns.cloudflare.com. returned NXDOMAIN for _acme-challenge.nextcloud2.mybusiness.com.
2020/06/05 08:40:55 [INFO] [nextocloud2.mybusiness.com] acme: Waiting for DNS record propagation.
2020/06/05 08:40:57 [INFO] [nextocloud2.mybusiness.com] acme: Waiting for DNS record propagation.
2020/06/05 08:41:00 [INFO] [nextocloud2.mybusiness.com] acme: Waiting for DNS record propagation.
2020/06/05 08:41:03 [INFO] [nextocloud2.mybusiness.com] acme: Waiting for DNS record propagation.
2020/06/05 08:41:05 [INFO] [nextocloud2.mybusiness.com] acme: Cleaning DNS-01 challenge
2020/06/05 08:41:07 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/62179603
2020/06/05 08:41:07 [ERROR][nextocloud2.mybusiness.com] failed to obtain certificate: acme: Error -> One or more domains had a problem:
[nextocloud2.mybusiness.com] time limit exceeded: last error: NS liberty.ns.cloudflare.com. returned NXDOMAIN for _acme-challenge.nextcloud2.mybusiness.com. (attempt 3/3; challenge=dns-01)
2020/06/05 08:41:08 failed to obtain certificate: acme: Error -> One or more domains had a problem:
[nextcloud2.mybusiness.com] time limit exceeded: last error: NS liberty.ns.cloudflare.com. returned NXDOMAIN for _acme-challenge.nextcloud2.mybusiness.com.

2020/06/05 08:41:00 [INFO] [nextcloud2.mybusiness.com] acme: Waiting for DNS record propagation.
2020/06/05 08:41:03 [INFO] [nextcloud2.mybusiness.com] acme: Waiting for DNS record propagation.
2020/06/05 08:41:05 [INFO] [nextcloud2.mybusiness.com] acme: Cleaning DNS-01 challenge
2020/06/05 08:41:07 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/62179603
2020/06/05 08:41:07 [ERROR][nextocloud2.mybusiness.com] failed to obtain certificate: acme: Error -> One or more domains had a problem:
[nextocloud2.mybusiness.com] time limit exceeded: last error: NS liberty.ns.cloudflare.com. returned NXDOMAIN for _acme-challenge.nextcloud2.mybusiness.com. (attempt 3/3; challenge=dns-01)
2020/06/05 08:41:08 failed to obtain certificate: acme: Error -> One or more domains had a problem:
[nextocloud2.mybusiness.com] time limit exceeded: last error: NS liberty.ns.cloudflare.com. returned NXDOMAIN for _acme-challenge.nextcloud2.mybusiness.com.
2020/06/05 08:40:55 [INFO] [nextocloud2.mybusiness.com] acme: Waiting for DNS record propagation.
2020/06/05 08:40:57 [INFO] [nextocloud2.mybusiness.com] acme: Waiting for DNS record propagation.
2020/06/05 08:41:00 [INFO] [nextocloud2.mybusiness.com] acme: Waiting for DNS record propagation.
2020/06/05 08:41:03 [INFO] [nextocloud2.mybusiness.com] acme: Waiting for DNS record propagation.
2020/06/05 08:41:05 [INFO] [nextocloud2.mybusiness.com] acme: Cleaning DNS-01 challenge
2020/06/05 08:41:07 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/62179603
2020/06/05 08:41:07 [ERROR][nextocloud2.mybusiness.com] failed to obtain certificate: acme: Error -> One or more domains had a problem:
[nextocloud2.mybusiness.com] time limit exceeded: last error: NS liberty.ns.cloudflare.com. returned NXDOMAIN for _acme-challenge.nextcloud2.mybusiness. (attempt 3/3; challenge=dns-01)
2020/06/05 08:41:08 failed to obtain certificate: acme: Error -> One or more domains had a problem:
[nextocloud2.mybusiness.com] time limit exceeded: last error: NS liberty.ns.cloudflare.com. returned NXDOMAIN for _acme-challenge.nextcloud2.mybusiness.com.

Obviously i change my domain.com by mybusiness.com but i can send you to private if you want. or i can tell you my ssh connection if you can help me more i spend all the week on that and nothing.

 

[Basil Hendroff]

Better to have several sets of eyes on your config. See post #1083 for an example of what to provide. For readability, in future, place your output between code tags as shown in the example.

 

[xames]

JAIL_IP="192.168.0.96"
DEFAULT_GW_IP="192.168.0.3"
POOL_PATH="/mnt/NEXTCLOUD"
TIME_ZONE="Europe/Madrid"
HOST_NAME="mydns.mydomain.com"
CERT_EMAIL=mymail
JAIL_NAME="Nextcloud"
JAIL_INTERFACES="vnet0:bridge3"
INTERFACE="vnet0"
DNS_CERT=1
CERT_EMAIL="mymail"
DNS_PLUGIN="cloudflare"
DNS_ENV="CLOUDFLARE_EMAIL=mymail CLOUDFLARE_API_KEY=43a2fcNOREALe1f2c290e24c477ec0518866"

 

[Basil Hendroff]

DNS_ENV="CLOUDFLARE_EMAIL=mymail CLOUDFLARE_API_KEY=xxxx"

I suggest you obscure your API key in your post above.

Your POOL_PATH looks suspicious. Is NEXTCLOUD the name of your pool?
There's no parameter named JAIL_INTERFACES. Remove it.
You can remove one of the entries for CERT_MAIL.
I'm assuming mymail is a placeholder. Make sure you use a valid email address in the two places that mymail appears.
JAIL_NAME and INTERFACE can be removed as you're using the default values.

 

[xames]

Thanks i could change pool name and remove that parameters, but if i have my rj45 connected on igb3, this is default?

 

[xames]

I Try now with that.

JAIL_IP="192.168.0.96"
DEFAULT_GW_IP="192.168.0.3"
POOL_PATH="/mnt/POOL2"
TIME_ZONE="Europe/Madrid"
HOST_NAME="mydns.mydomain.com"
CERT_EMAIL=mymailname@mydomain.com
DNS_CERT=1
DNS_PLUGIN="cloudflare"
DNS_ENV="CLOUDFLARE_EMAIL=mymailname@mydomain.com CLOUDFLARE_API_KEY=43aNOTREALDONTWORRYe24c446ec0516856"

 

[Basil Hendroff]

Thanks i could change pool name and remove that parameters, but if i have my rj45 connected on igb3, this is default?

Sorry, I don't understand what you're saying here. From your FreeNAS dashboard, what is written within the highlight below?

 

[xames]

Now the name is POOL2, before NEXTCLOUD, with NEXTCLOUD name on the pool all go wrong i don't know why... but now all works fine, but i cannot browse my nextcloud page... nothing in caddy.log first, but after some time the same errors.

I have POOL2 and POOL1 i set POOL_PATH="/mnt/POOL2" but it install the Jail in POOL1, WHY???

 

[xames]

I see that doing a sockstat -4 -l the ports 80 and 443 on the jail are not open, why?

Adding parameter:
INTERFACE="igb3" is ok?

 

[Basil Hendroff]

Follow instructions very carefully and do not deviate from them.

From the FreeNAS UI, what is the output of Jails > Settings?

Supply a screenshot. Do not change anything. It should look something like:

Place a redacted copy of your current script config between code tags.

Apart from redacting HOST_NAME, CERT_EMAIL, CLOUDFLARE_EMAIL and CLOUDFLARE_API_KEY, do not alter anything else. It should look something like this:

Code:

JAIL_IP="192.168.0.96"
DEFAULT_GW_IP="192.168.0.3"
POOL_PATH="/mnt/POOL2"
TIME_ZONE="Europe/Madrid"
HOST_NAME="mydns.mydomain.com"
CERT_EMAIL=mymailname@mydomain.com
DNS_CERT=1
DNS_PLUGIN="cloudflare"
DNS_ENV="CLOUDFLARE_EMAIL=mymailname@mydomain.com CLOUDFLARE_API_KEY=43aNOTREALDONTWORRYe24c446ec0516856"