Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

[Apollo]

Though I do have a question before running it, can I specify having the dirs db/files/portsnap installed in the nextcloud dir rather than the main /mnt/Data dataset? Or was this just an issue with 11.1-U6?

Sure you can.
Just create a dataset named "nexctloud" located in "Data" and within the "nextcloud" dataset, create the "db", "files", "portsnap" and personally I create another one like "script_install" to store the script, but that's me.
You will end up with:

/mnt/Data/nextcloud/db
/mnt/Data/nextcloud/files
/mnt/Data/nextcloud/portsnap
/mnt/Data/nextcloud/script_install

 

[gt2416]

You sure? That would not explain why I did not get the error when I made the jail by hand.

When creating the jail by hand you dont use bash. Some packages work some dont.

 

[IronRobi]

Trying to set this up with a .ca domain and get this message

"It seems that http://mydomain.ca/ is an IDN( Internationalized Domain Names), please install 'idn' command first."

Which then follows with a bunch of No such file or directory errors I'm assuming because it's not actually creating the certificate.

EDIT:
Fixed that by signing up for cloudflare and changing the config file to work with cloudflare. I can now access nextcloud locally.

I'm having a certificate issue when accessing remotely and I know it's got something to do with my settings. I own my domain and setup the certificate as "subdomain.domain.ca" then in cloudflare I setup a cname of "subdomain" and set the alias to my no-ip address of "myaccount.ddns.net". (I admittedly have no idea if any of this is correct because all this A record, CNAME, DNAME, etc... is all new to me)

when I go to subdomain.domain.ca I get redirected to myaccount.ddns.net and can access nextcloud but I'm getting a certificate error because the certificate is under subdomain.domain.ca and it's loading nextcloud through myaccount.ddns.net.

Through the android and windows app, I can reach nextcloud using my internal ip, but if I put in subdomain.domain.ca it says server not found.

Can anybody help point me in the right direction here??

 

[rfanch3r]

Hi all, I have gone ahead and run this script unfortunately I cannot access over lan, the only way to access it is over a ssh socks5 proxy connection. Anyone else run into this issue and how to resolve it? This basically breaks all of my desktop clients so looking for a solution.

 

[danb35]

"I cannot access", unfortunately, doesn't tell me much. What happens when you try?

 

[rfanch3r]

"I cannot access", unfortunately, doesn't tell me much. What happens when you try?

I did not provide much information because I am not sure what to include. When I attempt to go to the IP it redirects me to the DDNS HOST then the router UI, from my research that's normal behavior when it cannot access anything.

LAN IP -> Takes me to the router UI
DDNS HOST -> Takes me to the router UI

If I am external I can access it, if I setup a ssh socks5 tunnel I can access it via LAN IP

 

[gt2416]

If I am external I can access it, if I setup a ssh socks5 tunnel I can access it via LAN IP

Sounds like your router is not doing internal proxy. It maybe an option on your router or not. Not sure what you are using.

External:
yourdomain.com is accessible externally as it is resolved by your dns provider as your router address/IP. So dns name --> Router IP/port --> Internal IP(forwarded by NAT on your router).

Internal:
yourdomain.com is not resolved by your router to the internal ip correctly. DNS name --> router doesnt know, asks internet --> DNS provider gives router ip. (This is not router knowing to do NAT and redirect to your internal IP). (Even if it does work and NAT to your internal ip you will not have a valid https cert)

Internal + proxy(A lot of routers do this by default):

DNS name --> router resolves dns to itself ---> Redirects DNS to external redirection (the proxy) with NAT (You will see a VALID https certificate internally)

 

[rfanch3r]

@gt2416 If I spin up the NextCloud plugin(This take more work to get https working so I choose to use this script instead) I can access it so I don't believe it is an internal proxy issue as this same behavior is present on Comcrap. I have Frontier FIOS, I just looked around the settings and I cannot find a proxy setting, also this is the first time I have heard a ISP router supporting internal proxy's.

 

[snorp]

Hello folks,

It's me again. I bought a new switch. It supports link aggregation. I could configure Freenas so that everything works. Just what steps do I have to take to make Nextcloud reachable in my cage?


[root@nextcloud ~]# ifconfig

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500

options=2098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>

ether 74:d4:35:ea:af:31

hwaddr 74:d4:35:ea:af:33

media: Ethernet autoselect (1000baseT <full-duplex>)

status: active

alc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500

options=82098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>

ether 74:d4:35:ea:af:31

hwaddr 74:d4:35:ea:af:31

inet 192.168.0.11 netmask 0xffffff00 broadcast 192.168.0.255

media: Ethernet autoselect (1000baseT <full-duplex>)

status: active

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384

options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>

groups: lo

lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500

options=2098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>

ether 74:d4:35:ea:af:31

media: Ethernet autoselect

status: active

groups: lagg

laggproto lacp lagghash l2,l3,l4

laggport: em0 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>

laggport: alc0 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>





root@nextcloud ~]# host google.com

;; connection timed out; no servers could be reached





alc0 192.168.0.11
but this must be lagg0 192.168.0.11

or?

Edit: It´s my old running System just changed the Link Aggregation.
Thank you in advance!

 

[gt2416]

@rfanch3r Ok strange.
Also its not really a proxy (thats just what the option is called on pfsense), my old fios router knew to handle requests to itself just fine, but pfSense needed me to change the setting as its not default behavior. But like you said if the plugin worked its probably not that.
If I turn off that option I get the same behavior as you describe. Canot connect on LAN, it will timeout but will work from an external IP.

 

[danb35]

@rfanch3r, I think what's going on is that when you try to reach your nextcloud installation from your LAN, the HTTPS redirect is sending it back to the FQDN you used in the nextcloud-config file (the value for HOST_NAME), which is resolving to your router, rather than to the jail. If you ping that name, what IP address does it resolve to?

 

[Apollo]

@rfanch3r, If you are using pfsense, you will most likely be using Haproxy to handle redirection to various servers such as one or more instances of Nextcloud, syslog servers...

If you need more details, let me know and I will give you the details to make it work.
For now, the quick and dirty way to handle the issue is to use Port Forwarding of port 80 and 443 to your Nextcloud iocage IP address.
You need to set Firewal/NAT/Port Forward to allow WAN to map port 80 tp 443 to the Nextcloud IP address. Best to use a IP and Port Alias.

Then, you should create the Rule the same way has what was done for NAT. You can let pfsense set the rule for you if you you have the following option checked under "System Advanced: Network Address Translation":
Enable NAT Reflection for 1:1 NAT: - Automatic creation of additional NAT redirect rules from within the internal networks.
Enable automatic outbound NAT for Reflection" : - Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from.

Once this is done,you need to set the following:
NAT Reflection mode for port forwards: Pure NAT.

With all of this in place, you should be able to connect to Nextcloud using your FQDN.

 

[danb35]

I've never touched HAproxy in pfSense (or elsewhere, for that matter). A simpler way to handle the (presumed) DNS issue is to enter the FQDN as a host override under Services -> DNS Resolver.

 

[lneib]

Hey all, I too am trying to run the script under FreeNas 11.2 RC1 first of all I would like to thank danb35 for this thread and this script. My problem is as follows, I have a fresh install, and when I try and run:

cp -R iocage/iocage/lib/ /usr/local/lib/python3.6/site-packages/iocage/lib

I get the following error: cp: iocage/iocage/lib/: Not a directory

I ran the command from the /tmp directory and not sure where to go from here. I see an iocage folder under the temp folder but no iocage/iocage folder, which explains why I am getting this error but I could use some assistance here

Full disclosure, this is the first time playing with Freenas since version 8

thanks in advance

 

[Apollo]

Hey all, I too am trying to run the script under FreeNas 11.2 RC1 first of all I would like to thank danb35 for this thread and this script. My problem is as follows, I have a fresh install, and when I try and run:

cp -R iocage/iocage/lib/ /usr/local/lib/python3.6/site-packages/iocage/lib

I get the following error: cp: iocage/iocage/lib/: Not a directory

I ran the command from the /tmp directory and not sure where to go from here. I see an iocage folder under the temp folder but no iocage/iocage folder, which explains why I am getting this error but I could use some assistance here

Full disclosure, this is the first time playing with Freenas since version 8

thanks in advance

You don't need to run this command. Just start from the Git install directly.

 

[lneib]

You don't need to run this command. Just start from the Git install directly.

Thanks for the assist, I was able to get the install working correctly, so far no issues but I am still exploring

 

[kwessel]

I have had two Owncloud machines running rock solid based on a guide by Joshua Parker Ruehlig. After trying to resolve a problem with that setup, I see I have been out of the loop and that we now have Nextcloud and Iocage. I tried to run you script and need some help.

To start: Can I use myname.dlinkddns.com as an FQDM? If not, if I buy a domain name and direct it at the ddns address will it work? If not I may need to understand API. I have two environments. One with static IPs and one with dynamic.

 

[rfanch3r]

@rfanch3r, I think what's going on is that when you try to reach your nextcloud installation from your LAN, the HTTPS redirect is sending it back to the FQDN you used in the nextcloud-config file (the value for HOST_NAME), which is resolving to your router, rather than to the jail. If you ping that name, what IP address does it resolve to?

@danb35 I am not sure where to look for the HOST_NAME but if you are referring to the apache file for the nextcloud setup, then the ServerName is set to the ddns host. Pinging that ddns host I get my external IP as I would expect.

 

[rfanch3r]

I've never touched HAproxy in pfSense (or elsewhere, for that matter). A simpler way to handle the (presumed) DNS issue is to enter the FQDN as a host override under Services -> DNS Resolver.

@danb35 Yeah I do not have HAproxy/pfSense installed, where would I look for Services -> DNS Resolver? Is this in my router? NextCloud? Jail? FreeNAS? I just looked in FreeNAS and while I do have Services I do not have a DNS Resolver. I have something similar on my router though (Static DNS) and I did set the IP of my Nextcloud LAN IP to nextcloud.local but that did not work.

 

[rfanch3r]

I have had two Owncloud machines running rock solid based on a guide by Joshua Parker Ruehlig. After trying to resolve a problem with that setup, I see I have been out of the loop and that we now have Nextcloud and Iocage. I tried to run you script and need some help.

To start: Can I use myname.dlinkddns.com as an FQDM? If not, if I buy a domain name and direct it at the ddns address will it work? If not I may need to understand API. I have two environments. One with static IPs and one with dynamic.

I have my setup for my ddns host name so I would say yes to your question.