danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Have you forwarded ports 80 and 443 to the Nextcloud instance?can't be reached from internet.
Have you forwarded ports 80 and 443 to the Nextcloud instance?can't be reached from internet.
That was my problem. I forgot about that.Have you forwarded ports 80 and 443 to the Nextcloud instance?
Caddy doesn't control your router, so that wouldn't be possible.In fact I was thinking that caddy will do it automatically...
JAIL_IP="172.16.0.10" DEFAULT_GW_IP="172.16.0.1" POOL_PATH="/mnt/all" TIME_ZONE="Europe/Warsaw" #SELFSIGNED_CERT=1 #HOST_NAME="next.xxxx" HOST_NAME="next.xxxx.xx" DNS_CERT=1 DNS_PLUGIN="ovh" DNS_ENV="OVH_ENDPOINT=ovh-eu OVH_APPLICATION_KEY=XXXXX OVH_APPLICATION_SECRET=XXXX" CERT_EMAIL="admin@xxx.xx" DB_PATH="/mnt/all/DB" FILES_PATH="/mnt/all/Pliki"
Set mode for background jobs to 'cron'
crontab: /mnt/configs/www-crontab: Permission denied
Command: crontab /mnt/configs/www-crontab failed!
Successfully removed mount from nextcloud's fstab
Installation complete!
Using your web browser, go to https://next.xxx.xx to log in
Default user is admin, password is XXXXXX
Database Information
--------------------
Database user = nextcloud
Database password = XXXXX
The MariaDB root password is XXXX
All passwords are saved in /root/nextcloud_db_password.txt
You have obtained your Let's Encrypt certificate using the staging server.
This certificate will not be trusted by your browser and will cause SSL errors
when you connect. Once you've verified that everything else is working
correctly, you should issue a trusted certificate. To do this, run:
iocage exec nextcloud /root/remove-staging.sh
That's entirely to be expected, as I don't use Apache or Nginx for the web server in my script--I use Caddy instead. But if it's just timing out when you try to reach it, there's a good chance it isn't running either. Make sure the Caddyfile is there (it should be at /usr/local/www/Caddyfile). Assuming it's there, check the Caddy log (/var/log/caddy.log) and see if there's anything of note there."top" command (within a jail) doesn't show neither Nginx nor apache24 process running.
Content of caddy.log:Make sure the Caddyfile is there (it should be at /usr/local/www/Caddyfile). Assuming it's there, check the Caddy log (/var/log/caddy.log) and see if there's anything of note there.
Seems like it's something wrong with my LE cert...root@nextcloud:~ # cat /var/log/caddy.log
2020/03/03 11:20:00 [INFO] Caddy version: v1.0.4
2020/03/03 11:20:00 /usr/local/www/Caddyfile:9 - Error during parsing: Setting up DNS provider 'ovh': ovh: some credentials information are missing: OVH_CONSUMER_KEY
2020/03/03 11:20:00 [INFO][cache:0xc0000a8a50] Started certificate maintenance routine
2020/03/03 11:22:37 [INFO] Caddy version: v1.0.4
2020/03/03 11:22:37 /usr/local/www/Caddyfile:9 - Error during parsing: Setting up DNS provider 'ovh': ovh: some credentials information are missing: OVH_CONSUMER_KEY
2020/03/03 11:32:48 [INFO] Caddy version: v1.0.4
2020/03/03 11:32:48 /usr/local/www/Caddyfile:9 - Error during parsing: Setting up DNS provider 'ovh': ovh: some credentials information are missing: OVH_CONSUMER_KEY
2020/03/03 11:32:48 [INFO][cache:0xc0001a23c0] Started certificate maintenance routine
root@nextcloud:~ # service caddy start Starting caddy.
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 745 redis 4 20 0 10560K 4876K kqread 1 0:00 0.03% redis-server 87566 root 1 20 0 7924K 3200K CPU0 0 0:00 0.02% top 836 mysql 31 20 0 574M 99732K select 3 0:00 0.01% mysqld 749 root 1 20 0 216M 35420K kqread 5 0:00 0.00% php-fpm 87465 root 1 20 0 7488K 3724K pause 4 0:00 0.00% csh 1096 root 1 22 0 7488K 3764K ttyin 1 0:00 0.00% csh 759 mysql 1 52 0 7148K 2952K wait 4 0:00 0.00% sh 1095 root 1 52 0 6948K 2852K wait 3 0:00 0.00% login 87464 root 1 52 0 6948K 2852K wait 3 0:00 0.00% login 855 root 1 23 0 6460K 2360K nanslp 2 0:00 0.00% cron 652 root 1 20 0 6420K 2460K select 1 0:00 0.00% syslogd 750 www 1 52 0 216M 35444K accept 4 0:00 0.00% php-fpm 751 www 1 52 0 216M 35444K accept 2 0:00 0.00% php-fpm
Still no luck. Caddy is listed as running process but there's no response when trying to open page.JAIL_IP="172.16.0.10"
DEFAULT_GW_IP="172.16.0.1"
POOL_PATH="/mnt/all"
TIME_ZONE="Europe/Warsaw"
SELFSIGNED_CERT=1
HOST_NAME="next.xxx.xx"
CERT_EMAIL="admin@xxx.xx"
DB_PATH="/mnt/all/DB"
FILES_PATH="/mnt/all/Pliki"
Does it mean that self signed cert hasn't been generated at all?2020/03/03 14:10:13 [INFO] Serving https://next.xxx.xx
2020/03/03 14:10:13 [INFO] Serving https://172.16.0.10
2020/03/03 14:11:08 http: TLS handshake error from 172.16.4.6:56780: no certificate available for ''
2020/03/03 14:11:11 http: TLS handshake error from 172.16.4.6:56785: no certificate available for ''
2020/03/03 14:12:48 http: TLS handshake error from 172.16.4.6:56912: no certificate available for ''
2020/03/03 14:13:35 http: TLS handshake error from 172.16.4.6:56964: no certificate available for ''
2020/03/03 14:14:54 http: TLS handshake error from 172.16.4.6:57079: no certificate available for ''
The Caddy log is literally telling you exactly what the error is:Seems like it's something wrong with my LE cert...
ovh: some credentials information are missing: OVH_CONSUMER_KEY
Yes, two of them: (1) log in as a regular user, thenBTW, is there any way to login as root from regular terminal?
su -
to become root. You'll give root's password to do this. (2) Check the "Log in as root with password" box in the SSH service options.Yes' I've noticed that and tried to obtain consumer key. It's not so easy as https://api.ovh.com/createToken/?GE.../domain/zone/*&DELETE=/domain/zone/*/record/* rejects my credentials. I was able to create app key and secret (it works with acme script from https://github.com/acmesh-official/acme.sh/wiki/How-to-use-OVH-domain-api installed on Synology) on https://eu.api.ovh.com/createApp/ and tried to retrieve consumer key from api console https://api.ovh.com/console/#/me/api/credential#GET. Unfortunately it doesn't work as caddy throws out API errors.The Caddy log is literally telling you exactly what the error is:
http://next.xxx.xx http://172.16.1.2 { redir https://next.dom.net{uri} } https://next.xxx.xx https://172.16.1.2 {
sudo iocage set ip4_addr="igb2|172.16.1.2/26" defaultrouter="172.16.1.1" nextcloud
The timeouts are already set in the Caddyfile in the current version of the script, and it's been this way since not too long after that discussion up-thread took place."timeouts 3600", "timeouts 3600s"
Since my testing involved a direct connection to Nextcloud on my LAN, this strikes me as the obvious source of the problem. Are you able to connect directly to Nextcloud on your LAN, without involving the HAProxy instance? If so, are you able to upload the test file with such a connection?The Nextcloud is behind HAProxy within a dedicated pfSense box.
Double check plugin’s name and its variables. In my case it was “ovh” but I couldn’t get correct consumer key variable... So I’ve ended up using acme script (also @danb35 ) for FreeNAS only (wildcard cert) and mounting cert files in nextcloud and also in iredmail iocages. I use cron to copy cert files to dedicated folder (mounted source) and change their names on daily basis....My latest attempt doesnt even pass your checks in your script. It fails the check for DNS_CERT=1 & DNS_PLUGIN:.. I get the message it failed. Not a supported plugin go read etc. Not exactly sure how I can be failing... Thanks for the help
Double check plugin’s name and its variables. In my case it was “ovh” but I couldn’t get correct consumer key variable... So I’ve ended up using acme script (also @danb35 ) for FreeNAS only (wildcard cert) and mounting cert files in nextcloud and also in iredmail iocages. I use cron to copy cert files to dedicated folder (mounted source) and change their names on daily basis....
What exactly is in your nextcloud-config file (masking credentials and other sensitive information), and what exactly does the error say?Not exactly sure how I can be failing.
Maybe read https://github.com/acmesh-official/acme.sh/wiki/dnsapi, have you seen it?it is godaddy.