Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

[Erwin1e]

I wasn't aware of the existance of this file :( now that i look in it i think the sollution is there.

I don't want to post the complete log because it is quite large and will probably annoy a lot of ppl. But i suspect i have to just wait while leaving my ports open.

Seems caddy knows my certs are expired. But i probably got put on hold by nextcloud because my ports are closed. I'll wait and see what happens.

reating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/, url: (attempt 3/3; challenge=http-01)
2020/04/20 17:05:34 [ERROR][nextcloud.somestring.nl] failed to renew certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/, url:
done.

Serving HTTPS on port 443

https://nextcloud.somestring.nl

2020/04/20 17:05:34 [INFO] Serving https://nextcloud.somestring.nl

Serving HTTP on port 80

http://nextcloud.somestring.nl

2020/04/20 17:05:34 [INFO] Serving http://nextcloud.somestring.nl
2020/04/20 17:07:45 http: TLS handshake error from 192.168.210.141:33992: remote error: tls: expired certificate
2020/04/20 17:07:52 [Error] failed to write body: http2: stream closed
2020/04/20 17:15:11 http: TLS handshake error from 192.168.210.132:57735: EOF
2020/04/20 17:15:53 http: TLS handshake error from 192.168.210.132:57746: EOF
2020/04/20 17:18:41 [INFO] SIGTERM: Shutting down servers then terminating
2020/04/20 17:18:41 [INFO][cache:0xc0000cc9b0] Stopped certificate maintenance routine
2020/04/20 17:18:41 http: TLS handshake error from 192.168.210.132:57743: read tcp 192.168.210.206:443->192.168.210.132:57743: use of closed network connection

#Edit: Put on hold by letsencrypt

 

[danb35]

Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/, url:

Yep, that's probably your problem. But that rate limit should clear itself pretty quickly.

 

[InGenetic]

Hi again all,
My nexctcloud going fine for couple days, but today the ssl was error, no one can access my nextcloud from external of lan, the screenshot from chrome browser is like below :

Please help how to fixed this problem.
Maybe i do something wrong ?

I put static dns on my mikrotik router ,that FQDN directly to my nextcloud ip lan, is it the cause ?

Thanks n regards,

 

[InGenetic]

Hi again all,
My nexctcloud going fine for couple days, but today the ssl was error, no one can access my nextcloud from external of lan, the screenshot from chrome browser is like below :
View attachment 37817

Please help how to fixed this problem.
Maybe i do something wrong ?

I put static dns on my mikrotik router ,that FQDN directly to my nextcloud IP lan, is it the cause ?

Thanks n regards,

Solved, there's a new webserver using same ip public, changing new ip public on new webserver, now nextcloud running normally.

Regards,

 

[danb35]

changing new IP public on new webserver, now nextcloud running normally.

Well, mostly. It doesn't seem to be responding on port 80, which suggests you have a firewall somewhere blocking that. If all your users know to go to https://, you'll be fine, but it really is better to answer on port 80 and redirect to https.

 

[profzelonka]

Ping the jail IP and the Nextcloud FQDN. If they both succeed, it's not a DNS issue. If the latter fails, you have a problem with your local DNS resolver.

I'm able to ping the IP, FQDN, and subdomain. I changed my router to use 1.1.1.1 for DNS, and now can't access nextcloud locally again. Browser connection attemp times out. Weird...

Is it worth messing with Dynamic/Static Routing? I'm pretty sure that's if I'm using a second router before the FreeNAS device, which I'm not.

 

[Basil Hendroff]

You've done an internal ping of the Nextcloud FQDN, I presume, from a device on your private network. Try doing an external ping to see if the issue lies elsewhere.

 

[profzelonka]

What am I external pinging tho? It works fine externally.. It's the local that can't reach it for some reason. Ping and traceroute succeed but web access hangs. All of my FreeNAS jails work fine locally, but nextcloud in particular can't be reached locally.

 

[Basil Hendroff]

If you can ping your Nextcloud domain from inside and outside your network, you don't have an internal or external DNS resolver issue. Look elsewhere.

 

[Basil Hendroff]

@NasKar Thank you for your PM. I've posted the response here rather than reply back as it relates to Nextcloud and may be useful for other forum members who may be experiencing similar issues.

I'm wondering if there is an issue with dan's script with NO_CERT option.

I've been successful using the NO_CERT option with the script. I used this option rather than the other options as I wanted to place Nextcloud behind a separate Caddy reverse proxy that would provide certificate services.

In your config.php do you have
Code:
# 'overwritehost' => 'cloud.mydomain.cf',
# 'overwriteprotocol' => 'https',

commented out or not in there at all?

Yes, I do have those parameters set up. Without them, you may find that you won't be able to get past the NC login screen unless you refresh the browser window. You also won't be able to use the NC mobile app as you can't refresh the app in the same way. It appears these parameters are required when Nextcloud is placed behind a reverse proxy. More details can be found within the discussion thread Redirecting bug since 15.0.2.

Are the entries for trusted domain have one for cloud.mydomain.cf and anther for overwrite.cli.url with cloud.mydomain.cf

This is what I have in my config.php for the various parameters you've referred to:

Code:

  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'cloud.mydomain.com',
    2 => '10.1.1.29',
  ),

  'overwritehost' => 'cloud.mydomain.com',
  'overwriteprotocol' => 'https',
  'overwrite.cli.url' => 'http://cloud.mydomain.com/',

 

[NasKar]

Thanks Basil,
After reviewing Dan's script clearly those lines are supposed to be there. Not sure what the issue was when I ran the script but I've added them back in and it all works.

 

[Calmedy]

I've been banging my head for hours trying to install nextcloud, so I tried to install using your script and everything went well until when it tried to create the jail. Apparently from what I can see, an '\r' was added to the jail ip, even though I didn't do that in the file. Can some help me out on this?

Code:

Please provide a valid ip: Only decimal digits permitted in '10\r' in '192.168.0.10\r'
Failed to create jail

 

[NasKar]

I've been banging my head for hours trying to install nextcloud, so I tried to install using your script and everything went well until when it tried to create the jail. Apparently from what I can see, an '\r' was added to the jail IP, even though I didn't do that in the file. Can some help me out on this?

Code:

Please provide a valid IP: Only decimal digits permitted in '10\r' in '192.168.0.10\r'
Failed to create jail

Post your nextcloud-config file

 

[Calmedy]

Post your nextcloud-config file

Code:

JAIL_IP="192.168.0.10"
DEFAULT_GW_IP="192.168.0.1"
POOL_PATH="/mnt/Vault\UserData"
TIME_ZONE="Europe/London"
HOST_NAME="*(hiding this)"
STANDALONE_CERT=1
CERT_EMAIL="*(hiding this)"
DB_PATH="$POOL_PATH/nextcloud/db"
FILES_PATH="$POOL_PATH"
CONFIG_PATH="/mnt/ssd/nextcloud/config"
PORTS_PATH="$POOL_PATH/portsnap"

 

[NasKar]

POOL_PATH should be /mnt/Vault/UserData and try leaving out the DB, FILE, and CONFIG paths so it uses the defaults. Don’t think pool and file path should be the same.

 

[tung1112]

I have run the script with this config

Code:

JAIL_IP="192.168.1.15"
DEFAULT_GW_IP="192.168.1.1"
POOL_PATH="/mnt/poolname"
TIME_ZONE="Asia/Hong_Kong"
HOST_NAME="nextcloud.domain.com"
DNS_CERT=1
CERT_EMAIL="abd@email.com"
DNS_PLUGIN="cloudflare"
DNS_ENV="CLOUDFLARE_EMAIL=abc@email.com CLOUDFLARE_API_KEY=xxxxxxxxxxxxxx"

The jail is accessible from local network via FQDN with hosts file configured but I can't access from internet. I am using free domain name from Freenom, Cloudflare and DNS-O-Matric. The TXT record can be seen on Cloudflare but the status on DNS-O-Matric is showing that "Waiting for first update". I checked my domain. It didn't resolve to any IP address. Are there anything I missed? I am new to all of these stuffs and tried hard to get here but I can't make this final step done. Help!!

 

[Calmedy]

POOL_PATH should be /mnt/Vault/UserData and try leaving out the DB, FILE, and CONFIG paths so it uses the defaults. Don’t think pool and file path should be the same.

Okay, I've done that and it successfully installed (thanks!), but now I can't access the admin page and its giving me a connection refused error. I'm so lost at this point. Is it because I need to do something extra to make it accessible?

 

[Basil Hendroff]

@tung1112 Something on your network, preferably an edge device like a router, needs to lets DNS-O-Matic know whenever the dynamic IP address of your network changes. Check first to see if your router is has a DDNS client that can update DNS-O-Matic. Failing that, you may find the links below useful.

1. I believe you may be able to use the DDNS client in FreeNAS to update DNS-O-Matic. Refer here.
2. Find software or hardware which updates DNS-O-Matic.
3. If your edge device is a Fritz!Box look here.
4. Manage dynamic IPs in Cloudflare DNS programmatically

 

[tung1112]

@tung1112 Something on your network, preferably an edge device like a router, needs to lets DNS-O-Matic know whenever the dynamic IP address of your network changes. Check first to see if your router is has a DDNS client that can update DNS-O-Matic. Failing that, you may find the links below useful.

1. I believe you may be able to use the DDNS client in FreeNAS to update DNS-O-Matic. Refer here.
2. Find software or hardware which updates DNS-O-Matic.
3. If your edge device is a Fritz!Box look here.
4. Manage dynamic IPs in Cloudflare DNS programmatically

Haha. I have just managed to figure out how to use DDNS client in FreeNAS before seeing your reply and I can now successfully resolve my domain into my IP address but still cannot access due to a long response time.

 

[Basil Hendroff]

Let's have a look at redacted screenshots of your DNS-O-Matic Cloudflare service and your Cloudflare DNS records.