Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

[twsps]

Correct. You'd download the origin cert and install it in the jail.

Here I have two files, one is mydomain.com.key (private key) and one is mydomain.com.crt (origin certificate). Do I need these two files? It seems like the script uses .pem file and I'm not sure if its my mydomain.com.key file.
Also I need to mod these commands below?

Code:

iocage exec ${JAIL_NAME} mkdir -p /usr/local/etc/pki/tls/certs/
iocage exec ${JAIL_NAME} mkdir -p /usr/local/etc/pki/tls/private/
iocage exec ${JAIL_NAME} touch /usr/local/etc/pki/tls/private/privkey.pem
iocage exec ${JAIL_NAME} chmod 600 /usr/local/etc/pki/tls/private/privkey.pem
iocage exec ${JAIL_NAME} curl https://get.acme.sh -o /tmp/get-acme.sh
iocage exec ${JAIL_NAME} sh /tmp/get-acme.sh
iocage exec ${JAIL_NAME} rm /tmp/get-acme.sh
# Issue certificate. If standalone mode is selected, issue directly, otherwise call external script to issue cert via DNS validation
if [ $STANDALONE_CERT -eq 1 ]; then
iocage exec ${JAIL_NAME} /root/.acme.sh/acme.sh --issue ${TEST_CERT} --home "/root/.acme.sh" --standalone -d ${HOST_NAME} -k 4096 --fullchain-file /usr/local/etc/pki/tls/certs/fullchain.pem --key-file /usr/local/etc/pki/tls/private/privkey.pem --reloadcmd "service apache24 reload"
elif [ $DNS_CERT -eq 1 ]; then
iocage exec ${JAIL_NAME} /mnt/configs/acme_dns_issue.sh
fi

Thanks.

 

[danb35]

Do I need these two files?

Yes, those are the cert and key files, and they're almost certainly in .pem format (even without that extension). If you put them in the right place in the jail, I'd expect it will work.

 

[twsps]

Yes, those are the cert and key files, and they're almost certainly in .pem format (even without that extension). If you put them in the right place in the jail, I'd expect it will work.

Seems like I don't need to run the below code:

Code:

# Issue certificate. If standalone mode is selected, issue directly, otherwise call external script to issue cert via DNS validation
if [ $STANDALONE_CERT -eq 1 ]; then
iocage exec ${JAIL_NAME} /root/.acme.sh/acme.sh --issue ${TEST_CERT} --home "/root/.acme.sh" --standalone -d ${HOST_NAME} -k 4096 --fullchain-file /usr/local/etc/pki/tls/certs/fullchain.pem --key-file /usr/local/etc/pki/tls/private/privkey.pem --reloadcmd "service apache24 reload"
elif [ $DNS_CERT -eq 1 ]; then
iocage exec ${JAIL_NAME} /mnt/configs/acme_dns_issue.sh
fi

Also not to run acme.sh?

Code:

iocage exec ${JAIL_NAME} curl https://get.acme.sh -o /tmp/get-acme.sh
iocage exec ${JAIL_NAME} sh /tmp/get-acme.sh
iocage exec ${JAIL_NAME} rm /tmp/get-acme.sh

However,

Code:

iocage exec ${JAIL_NAME} mkdir -p /usr/local/etc/pki/tls/certs/
iocage exec ${JAIL_NAME} mkdir -p /usr/local/etc/pki/tls/private/
iocage exec ${JAIL_NAME} touch /usr/local/etc/pki/tls/private/privkey.pem
iocage exec ${JAIL_NAME} chmod 600 /usr/local/etc/pki/tls/private/privkey.pem

I do not need to create privkey.pem, but putting the privkey in the same place. What about mydomain.com.crt (origin certificate)? I don't see where to place the file.

Thanks.

 

[danb35]

What about mydomain.com.crt (origin certificate)? I don't see where to place the file.

I don't remember the location off the top of my head, but take a look in the nextcloud.conf file--it's indicated there.

 

[twsps]

I don't remember the location off the top of my head, but take a look in the nextcloud.conf file--it's indicated there.

Ok thanks. If I want to access my next cloud through my jail IP with HTTPS, do I still need let's encrypt? I followed this guide : https://forums.freenas.org/index.ph...ll-checks-passed-updated-to-use-iocage.61934/
(Sorry that I bring up other people's guide) my point is I installed let's encrypt and through my mydomain.com I'll get SSL handshake 525 error by cloudflare. Not sure if I this is caused by let's encrypt.
When I install next cloud plugin, I have no issues with cloudflare through mydomain.com.


Sent from my Mate 9 using Tapatalk

 

[danb35]

If I want to access my next cloud through my jail IP with HTTPS, do I still need let's encrypt?

Either way you'll get a certificate error--with the LE cert you'll get the error because your IP isn't on the cert; with Cloudflare you'll get the error because they aren't a trusted CA. So no particular reason to use LE.

 

[danb35]

After a bit of delay, I think I have the nextcloud.conf file fixed so that certificate renewals will work when you're using HTTP validation. At least, I've tested it on my system, and it's working for me. If you've previously run this script to set up your jail, and are using HTTP validation (i.e., you didn't set up DNS validation for your certificate), suggest you look at (inside the jail) /usr/local/etc/apache24/Includes/YOUR_FQDN.conf and make it look like this.

 

[casibus]

Hi there!
Again a total beginner...
I run your script and first it seemed to perform well as it reportet:
Installation complete!". But then I realized that I cannot reach the nextcloud, neither from in- nor from outside the local network. Typing in the IP of the jail sends me to the freenas GUI.

Looking into the output during installation it seems to me that Apache could not be installed:

Code:

Looking up portsnap.FreeBSD.org mirrors... 6 mirrors found.
Fetching public key from ec2-eu-west-1.portsnap.freebsd.org... done.
Fetching snapshot tag from ec2-eu-west-1.portsnap.freebsd.org... done.
Fetching snapshot metadata... done.
Fetching snapshot generated at Sun Aug 12 17:10:33 PDT 2018:
eee1996251d0860c70defd6211c0b220dc64f05086465e  4% of   82 MB  863 kBps 01m39s
fetch: eee1996251d0860c70defd6211c0b220dc64f05086465edb76d1f300e3c2ba2d.tgz: No space left																								   on device
True
chsh: user information updated

make: chdir /usr/ports/www/apache24: No such file or directory
True
/tmp/latest-13.tar.bz2						100% of   42 MB 3072 kBps 00m15s

tar: could not chdir to '/usr/local/www/apache24/data/'

True
chown: /usr/local/www/apache24/data/nextcloud/: No such file or directory
True
...

There are plenty of "No such file or directory" warnings showing up afterwards.
The weired thing to me is that there seems to be enough space left (using "df"). Trying to start the apache server from within the jail does not work of course - as it probably is just not there ^^ So I installed it manually and I am able to run it but for sure not configered correctly. Browsing to the IP of the jail tells me "It works!". What to do?

I cannot image it is a problem of the size of the stick on which I installed freenas (2.5Gb free). I hope this is not too off-topic as it is maybe not a specific problem with the script.

Would be great to have some advice!! Thanks

 

[danb35]

fetch: eee1996251d0860c70defd6211c0b220dc64f05086465edb76d1f300e3c2ba2d.tgz: No space left on device

Wherever you told the script to put your ports collection ($POOL_PATH/portsnap by default) is full. What does your nextcloud-config look like?

 

[Apollo]

Hi Casibus,

As far I understand,The jail gets created into the root folder of the system drive, unless you specify another Volume with the "iocage activate pool" command. If space is the issue as it seems, see how much volume space is available under your iocage folder. Is t also possible you have restricted yourself with a quota?

 

[danb35]

The jail gets created into the root folder of the system drive

The jail shouldn't go on the system drive. But if, say, either the POOL_PATH or PORTS_PATH variables tried to put the ports collection onto the boot device, that could cause the problem he's seeing.

 

[casibus]

Shame on me! While copying my configs I realized that there was a typo in the pool path.

Probably I should have removed the old jail but I could not figure out how to do so. Therefore I just tried to run the script again, but ended up with the following errors:

Code:

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

...and others. Seems that the database cannot be accessed:

Code:

Nextcloud is not installed - only a limited number of commands are available
Error while trying to create admin user: Failed to connect to the database: 
An exception occured in driver: SQLSTATE[HY000] [1045] Access denied for user 'nextcloud'@'localhost' (using password: YES)

PS: Now when I visit the IP in the browser it sends me to my domain but that seems to be a dead end.

 

[danb35]

Probably I should have removed the old jail but I could not figure out how to do so.

iocage destroy -f nextcloud

Then erase everything in DB_PATH (by default, it's at $POOL_PATH/db/). Then try again.

 

[casibus]

Thanks a lot for the spontanious help - It is running! Really great to have your script. I was trying a lot before to get the nextcloud plugin updated... you saved me hours if not days!

 

[isidoreisou]

Hey,
So happy to find your script, exactly what I was looking for.

BUT I made a mistake when I enter my Jail IP : it was an IP that my router already gave to a device (wifi mobile). I think it's may cause problem right ?
Well the script ran till the end anyway. But I think I've add some warning and error during it.

So :

- When I enter my jail IP on my browser, it doesn't work? It would work with the jail IP right ?
- How can I check the log to see if there was problem running the script ?
- Can I change the jail IP now, after the script installation ?
- How can I remove everything and start again the script ?

Thank you for your help.

 

[danb35]

it was an IP that my router already gave to a device (wifi mobile). I think it's may cause problem right ?

Yes, it could.

It would work with the jail IP right ?

It should, though the FQDN is preferred

How can I check the log to see if there was problem running the script ?

The script doesn't write a log, as such; you'd just look through the output of the script.

Can I change the jail IP now, after the script installation ?

I'm honestly not sure if there's a good way to do that. It would look like iocage set ip4_addr="vnet0|111.222.0.3/24" nextcloud should do the job, but I haven't tried it.

How can I remove everything and start again the script ?

iocage destroy -f nextcloud, then delete everything in $FILES_PATH and $DB_PATH. Then edit nextcloud-config appropriately and run the script again.

 

[snorp]

Hello everybody,

some days ago a new version of Nextcloud was released. Can I start an update via the web interface without any doubts?

I have searched this thread as best I can to find an answer to this question. I found a short post from glauco (post: 461173), which was able to start an update more or less without problems.

Many thanks in advance!

 

[danb35]

Can I start an update via the web interface without any doubts?

You should be able to. If you want to be on the safe side, take a snapshot of the jail first so you can roll back in case things go sideways. But the script installs Nextcloud from source, not from some other package source, so it should be fine.

 

[Scrat_]

Code:

Error while trying to create admin user: Failed to connect to the database: An exception occured in 
driver: SQLSTATE[HY000] [1045] Access denied for user 'user'@'localhost' (using password: YES)

I get this on 11.2 beta 2 using the web interface. O am i better off waiting for beta 3?

 

[Apollo]

Code:

Error while trying to create admin user: Failed to connect to the database: An exception occured in
driver: SQLSTATE[HY000] [1045] Access denied for user 'user'@'localhost' (using password: YES)

I get this on 11.2 beta 2 using the web interface. O am i better off waiting for beta 3?

Why use the web interface?
Running the script should allow you to create the jail accordingly.
The script in itself seems very robust, but it is possible the nextcloud-config files has not been setup properly.