Resource icon

Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

Go to download
Overview Reviews (10) History Discussion
G

Gblenn

Dabbler
Joined
Feb 21, 2024
Messages
32
victort said:
Did you remove the lines from the download.php that you added earlier?
Click to expand...
Yes I did, but unfortunately, I spoke too soon.
It is NOT working now actually (uploading multiple files)... It's strange because it definitely worked when trying to upload three files the first time. Now when I'm trying again, it only uploads one of the files as before...
 
victort

victort

Guru
Joined
Dec 31, 2021
Messages
973
Gblenn said:
Yes I did, but unfortunately, I spoke too soon.
It is NOT working now actually (uploading multiple files)... It's strange because it definitely worked when trying to upload three files the first time. Now when I'm trying again, it only uploads one of the files as before...
Click to expand...
I think it might be a nextcloud issue. Some folks over on the nextcloud forum are lamenting about the new upload design.

EDIT It work on FireFox
 
G

Gblenn

Dabbler
Joined
Feb 21, 2024
Messages
32
victort said:
I think it might be a nextcloud issue. Some folks over on the nextcloud forum are lamenting about the new upload design.
Click to expand...
Yes, a lot of complaints about having to target the "upload area" whereas before you could drop anywhere on the page more or less. Now, if you try to drop somewhere else nothing happens...
But at least the upload of multiple files via drag and drop IS accepted as a bug as far as I understand.

The issue with downloading multiple files seems to have been rejected however, and rather considered a misconfiguration, and comments like the one I got : "Do not use a script e.g. danb35/freenas-iocage-nextcloud. Use a normal installation guide that you can understand all parts of installation."
 
victort

victort

Guru
Joined
Dec 31, 2021
Messages
973
Gblenn said:
Yes, a lot of complaints about having to target the "upload area" whereas before you could drop anywhere on the page more or less. Now, if you try to drop somewhere else nothing happens...
But at least the upload of multiple files via drag and drop IS accepted as a bug as far as I understand.

The issue with downloading multiple files seems to have been rejected however, and rather considered a misconfiguration, and comments like the one I got : "Do not use a script e.g. danb35/freenas-iocage-nextcloud. Use a normal installation guide that you can understand all parts of installation."
Click to expand...
Ya not very helpful sometimes. But oh well, I think we solved the rewrite issue.
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
victort said:
or into the box on top that says "Drag and Drop Files Here to Upload"?
Click to expand...
It works for me doing it this way--I haven't yet tried dragging onto a folder. I tested with Firefox, not yet with Chrome.
 
C

cdog89

Explorer
Joined
Jan 19, 2024
Messages
75
victort said:
The reason it redirect to your local IP is because you have the overwrite_host option set to that.

1. Do you own a domain?
2. Is your public IP static?

You can absolutely get it running securely. But it depends on if you have a domain, or if your just going to access it locally.

You can remove the overwrite_cli_url and overwrite_host options and add your public IP to the list of trusted domains to access it from outside your network.

But I would recommend getting a domain…
Click to expand...
Yes, I own several domains. But only 1 of them has an SSL cert. My public IP is dynamic. I anticipated that would be an issue and (before all of this) tried to setup a dynamic DNS update tool, but to no avail. I have set the IP address in the DNS record manually on my hosting service. Long term, I will definitely either get a static IP, or fix the DNS update tool. I have everything trying to go through cloudflare, and I think that's where I have things not set correctly

I'm thinking the first hurdle to clear is getting nextcloud to work securely. I can't set the primary host to go to nextcloud, but will a subdomain of the domain with an SSL cert suffice to point to my (future) secured nextcloud server? If so, I can set that quickly and easily. After that, do I just go back and revert the changes made to Caddyfile and config.php, but insteads using the new subdomain name? I made copies of the original Caddyfile and config.php on my nextcloud installation, so I can easily go back and forth if necessary.

Secondly, can I have a 'secure' connection to nextcloud that can bypass cloudflare for now? So essentially, I can use 'https:' again.

Lastly, if I've exhausted the resources of this 'well', please let me know. I can try to play around with it from here if I've become tiresome. :smile:

Many thanks.
 
Last edited:
victort

victort

Guru
Joined
Dec 31, 2021
Messages
973
cdog89 said:
Yes, I own several domains. But only 1 of them has an SSL cert. My public IP is dynamic. I anticipated that would be an issue and (before all of this) tried to setup a dynamic DNS update tool, but to no avail. I have set the IP address in the DNS record manually on my hosting service. Long term, I will definitely either get a static IP, or fix the DNS update tool. I have everything trying to go through cloudflare, and I think that's where I have things not set correctly

I'm thinking the first hurdle to clear is getting nextcloud to work securely. I can't set the primary host to go to nextcloud, but will a subdomain of the domain with an SSL cert suffice to point to my (future) secured nextcloud server? If so, I can set that quickly and easily. After that, do I just go back and revert the changes made to Caddyfile and config.php, but insteads using the new subdomain name? I made copies of the original Caddyfile and config.php on my nextcloud installation, so I can easily go back and forth if necessary.

Secondly, can I have a 'secure' connection to nextcloud that can bypass cloudflare for now? So essentially, I can use 'https:' again.

Many thanks.
Click to expand...
You can turn off cloudflares proxy and simply point your dns domain (or subdomain) to your public IP and make sure it’s forwarded to your Nextcloud server. Caddy will handle the certificate and ssl. Generally I haven’t got much experience with cloudflares proxy and ssl settings so I won’t be much help there.
 
victort

victort

Guru
Joined
Dec 31, 2021
Messages
973
Esentially it isn't very hard to get it working.

1. Own a domain (you don't need an SSL cert from cloudflare, Caddy does all that automatically and free)
2. Point it to your public IP (or use a DDNS service for dynamic IP)
3. Open your ports (80 and 443)
4. Have caddy configured to receive the connection and do SSL
5. Have the config.php file set up to do https
 
G

Gblenn

Dabbler
Joined
Feb 21, 2024
Messages
32
danb35 said:
It works for me doing it this way--I haven't yet tried dragging onto a folder. I tested with Firefox, not yet with Chrome.
Click to expand...
Now all of a sudden I'm not able to log in... but the places where I am already logged in are working fine...
Going back to the fix using changes in download.php
 
victort

victort

Guru
Joined
Dec 31, 2021
Messages
973
Gblenn said:
Now all of a sudden I'm not able to log in... but the places where I am already logged in are working fine...
Going back to the fix using changes in download.php
Click to expand...
Interesting. Can you share your Caddyfile? Remove sensitive values. I'm having no issues right now.
 
C

cdog89

Explorer
Joined
Jan 19, 2024
Messages
75
victort said:
Esentially it isn't very hard to get it working.

1. Own a domain (you don't need an SSL cert from cloudflare, Caddy does all that automatically and free)
2. Point it to your public IP (or use a DDNS service for dynamic IP)
3. Open your ports (80 and 443)
4. Have caddy configured to receive the connection and do SSL
5. Have the config.php file set up to do https
Click to expand...
Ok, there is progress! I created a subdomain and pointed it to my public IP. I can now type in the subdomain in an address bar and it takes me to the warning screen of an unsecure connection. I click through that, and I can access my nextcloud server. So the security hasn't been implemented.

Here's my updated Caddyfile:
Code:
{
        # debug
        acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
        email XXXX
        # default_sni XXXX
}

nextcloud.XXXX.com {
        root * /usr/local/www/nextcloud
        file_server
        log {
                output file /var/log/www.XXXX.com.log
        }

        php_fastcgi 127.0.0.1:9000 {
                env front_controller_active true
        }

#       tls {
#               dns cloudflare XXXX
#       }

        header {
                # enable HSTS
                # Strict-Transport-Security max-age=31536000;
        }

        # client support (e.g. os x calendar / contacts)
        redir /.well-known/carddav /remote.php/dav 301
        redir /.well-known/caldav /remote.php/dav 301
        redir /.well-known/webfinger /index.php/.well-known/webfinger 301
        redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301

        # .htaccess / data / config / ... shouldn't be accessible from outside
        @forbidden {
                path /.htaccess
                path /data/*
                path /config/*
                path /db_structure
                path /.xml
                path /README
                path /3rdparty/*
                path /lib/*
                path /templates/*
                path /occ
                path /console.php
        }

        respond @forbidden 404
}


And here's my updated config.php
Code:
<?php
$CONFIG = array (
  'passwordsalt' => 'XXXX',
  'secret' => 'XXXX',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'nextcloud.XXXX.com',
    2 => '192.168.86.200',
  ),
  'datadirectory' => '/mnt/files',
  'dbtype' => 'mysql',
  'version' => '28.0.3.2',
  'overwrite.cli.url' => 'https://nextcloud.XXXX.com',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost:/var/run/mysql/mysql.sock',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'XXXX',
  'installed' => true,
  'instanceid' => 'XXXX',
  'logtimezone' => 'America/Chicago',
  'default_phone_region' => 'US',
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'loglevel' => '2',
  'logrotate_size' => '104847600',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'redis' =>
  array (
    'host' => '/var/run/redis/redis.sock',
    'port' => 0,
  ),
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'overwritehost' => 'nextcloud.XXXX.com',
  'overwriteprotocol' => 'https',
  'htaccess.RewriteBase' => '/',
  'trusted_proxies' =>
  array (
    1 => 'localhost',
  ),
  'maintenance_window_start' => 5,
);


Do I need to add the 'trusted domains' now?
 
victort

victort

Guru
Joined
Dec 31, 2021
Messages
973
cdog89 said:
Ok, there is progress! I created a subdomain and pointed it to my public IP. I can now type in the subdomain in an address bar and it takes me to the warning screen of an unsecure connection. I click through that, and I can access my nextcloud server. So the security hasn't been implemented.

Here's my updated Caddyfile:
Code:
{
        # debug
        acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
        email XXXX
        # default_sni XXXX
}

nextcloud.XXXX.com {
        root * /usr/local/www/nextcloud
        file_server
        log {
                output file /var/log/www.oroshiba.com.log
        }

        php_fastcgi 127.0.0.1:9000 {
                env front_controller_active true
        }

#       tls {
#               dns cloudflare XXXX
#       }

        header {
                # enable HSTS
                # Strict-Transport-Security max-age=31536000;
        }

        # client support (e.g. os x calendar / contacts)
        redir /.well-known/carddav /remote.php/dav 301
        redir /.well-known/caldav /remote.php/dav 301
        redir /.well-known/webfinger /index.php/.well-known/webfinger 301
        redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301

        # .htaccess / data / config / ... shouldn't be accessible from outside
        @forbidden {
                path /.htaccess
                path /data/*
                path /config/*
                path /db_structure
                path /.xml
                path /README
                path /3rdparty/*
                path /lib/*
                path /templates/*
                path /occ
                path /console.php
        }

        respond @forbidden 404
}


And here's my updated config.php
Code:
<?php
$CONFIG = array (
  'passwordsalt' => 'XXXX',
  'secret' => 'XXXX',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'nextcloud.XXXX.com',
    2 => '192.168.86.200',
  ),
  'datadirectory' => '/mnt/files',
  'dbtype' => 'mysql',
  'version' => '28.0.3.2',
  'overwrite.cli.url' => 'https://nextcloud.XXXX.com',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost:/var/run/mysql/mysql.sock',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'XXXX',
  'installed' => true,
  'instanceid' => 'XXXX',
  'logtimezone' => 'America/Chicago',
  'default_phone_region' => 'US',
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'loglevel' => '2',
  'logrotate_size' => '104847600',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'redis' =>
  array (
    'host' => '/var/run/redis/redis.sock',
    'port' => 0,
  ),
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'overwritehost' => 'nextcloud.XXXX.com',
  'overwriteprotocol' => 'https',
  'htaccess.RewriteBase' => '/',
  'trusted_proxies' =>
  array (
    1 => 'localhost',
  ),
  'maintenance_window_start' => 5,
);
Click to expand...
So right now caddy is getting a cert from acme staging environment. At the top of your Caddyfile, and a comment # in front of the line that starts with acme

But then it will obtain one using http validation.

If you want to obtain one using DNS validation, I comment the three lines in the TLS block
 
victort

victort

Guru
Joined
Dec 31, 2021
Messages
973
victort said:
So right now caddy is getting a cert from acme staging environment. At the top of your Caddyfile, and a comment # in front of the line that starts with acme

But then it will obtain one using http validation.

If you want to obtain one using DNS validation, I comment the three lines in the TLS block
Click to expand...
Oh and do a service caddy reload
 
C

cdog89

Explorer
Joined
Jan 19, 2024
Messages
75
victort said:
So right now caddy is getting a cert from acme staging environment. At the top of your Caddyfile, and a comment # in front of the line that starts with acme

But then it will obtain one using http validation.

If you want to obtain one using DNS validation, I comment the three lines in the TLS block
Click to expand...
That absolutely worked! I now have a secure connection to the nextcloud server through the domain name. I'm thrilled. :-D

I'm not sure how much I need cloudflare now. I'm pretty sure that was where my problem was. How strongly do you recommend implementing that? As it is now, is a secure connection good enough?

Thanks so, so much for your help with this. I'm certain I would've given up on this a long time ago.
 
victort

victort

Guru
Joined
Dec 31, 2021
Messages
973
cdog89 said:
That absolutely worked! I now have a secure connection to the nextcloud server through the domain name. I'm thrilled. :-D

I'm not sure how much I need cloudflare now. I'm pretty sure that was where my problem was. How strongly do you recommend implementing that? As it is now, is a secure connection good enough?

Thanks so, so much for your help with this. I'm certain I would've given up on this a long time ago.
Click to expand...
As far as security goes, Cloudflare might have some things that they implement. But I feel if you aren’t google or Amazon you should be ok with an SSL (secure) connection using Caddy. Caddy has some built in things, as does Nextcloud to stay secure.

I don’t use Cloudflare proxy or SSL because I forward some stuff to other ports besides 443 and 80

I only use Cloudflare to host my DNS.
 
C

cdog89

Explorer
Joined
Jan 19, 2024
Messages
75
victort said:
As far as security goes, Cloudflare might have some things that they implement. But I feel if you aren’t google or Amazon you should be ok with an SSL (secure) connection using Caddy. Caddy has some built in things, as does Nextcloud to stay secure.

I don’t use Cloudflare proxy or SSL because I forward some stuff to other ports besides 443 and 80

I only use Cloudflare to host my DNS.
Click to expand...
Got it. Than I will stick to what I have. You're AWESOME. Thanks also to @danb35 for your help getting the script set up. I appreciate the both of you. Have a great day!
 
victort

victort

Guru
Joined
Dec 31, 2021
Messages
973
victort said:
Interesting. Can you share your Caddyfile? Remove sensitive values. I'm having no issues right now.
Click to expand...
I’m fairly sure there is a bug in your Caddyfile somewhere. As it works flawlessly right now for me. Could be wrong though…
 
You must log in or register to reply here.

Similar threads

victort
Scripted Vaultwarden Installation
Replies
0
Views
847
victort
victort
A
Enable Let's Encrypt SSL in Nextcloud on FreeNAS
Replies
16
Views
25K
vaxman14
V
N
Fork of Nextcloud installation script using nginx
2
Replies
28
Views
7K
NasKar
N
N
  • Locked
Recreate nextcloud in iocage jail
Replies
7
Views
3K
NasKar
N
victort
Scripted Zenphoto Installation
Replies
0
Views
536
victort
victort
Top