Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

[snorp]

Hello folks and hello DAN35,

I can't connect to the nextcloud server any more. Freenas is reachable without problems and I can also reach the iocage with the console. If I enter the following command in iocage:

host google.com

I get the following error message:

connection timed out; no servers could be reached

I've already read a lot about this topic on the internet, but unfortunately I couldn't find a solution.

 

[danb35]

OK, lots of questions:

• What version of FreeNAS are you running now?
• What version were you running when you ran the script?
• Did it work at some point?
• Did you change anything before it stopped working?
• What's the output of iocage get ip4_addr nextcloud?
• What about iocage get defaultrouter nextcloud?

 

[snorp]

OK, lots of questions:

• What version of FreeNAS are you running now?
• What version were you running when you ran the script?
• Did it work at some point?
• Did you change anything before it stopped working?
• What's the output of iocage get ip4_addr nextcloud?
• What about iocage get defaultrouter nextcloud?

• 11.1 U-2
• I think exactly the same version.
• Yes, before there were some changes that I can't undo anymore. Among others new router/switch/modem.
• new DHCP Setting 192.168.0.X to 192.168.1.X
• lagg0|192.168.1.11
• 192.168.1.1

 

[danb35]

The ip4_addr should have the subnet on it as well, like lagg0|192.168.1.11/24. I'm not sure if that would result in what you're seeing, but it should probably be fixed. You should be able to set that with iocage set ip4_addr="lagg0|192.168.1.11/24" nextcloud, then restart that jail.

 

[snorp]

The ip4_addr should have the subnet on it as well, like lagg0|192.168.1.11/24. I'm not sure if that would result in what you're seeing, but it should probably be fixed. You should be able to set that with iocage set ip4_addr="lagg0|192.168.1.11/24" nextcloud, then restart that jail.

Thank you very much for the quick answer!

Unfortunately I still get the same error when typing

host google.com

When I enter the IP of the cage, in this case 192.168.1.11 I get an error message:

ERR_SSL_PROTOCOL_ERROR

Of course I have to renew the SSL certificate, because by changing the IP, it will not work anymore.

But this has nothing to do with the error I get in my browser?

 

[Ceetan]

I almost had the script running to full completion, dot then i hit an invalid domain error during the acmestage. This was pretty wierd , since I had cloudflare domain with an api key that seemed like it should be working. There must be something I am missing: It is 2 am here, so Iam probably in need of bed, but @danb35, what info could I provide that would aid in troubleshooting?

 

[danb35]

what info could I provide that would aid in troubleshooting?

The exact error message in context (say, 10 lines before and after) is probably the most useful. Mask domain names if you like, but the rest should help show what's going on.

 

[danb35]

Of course I have to renew the SSL certificate, because by changing the IP, it will not work any more.

Certificates don't care about your IP address, just your FQDN.

Unfortunately I still get the same error when typing
host google.com

What are the contents of /etc/resolv.conf in the jail?

 

[Ceetan]

The exact error message in context (say, 10 lines before and after) is probably the most useful. Mask domain names if you like, but the rest should help show what's going on.

Thank you
here it is

the actual error; as far as I can tell is on line 32-36. Also, When i followed @dureal99d 's guide, I could always see the nextcloud page/jail at {JAIL_IP}/nextcloud. Not so now. Dont know if that's perfectly normal, but just thought i would mention it.

 

[danb35]

the actual error; as far as I can tell is on line 32-36.

Yes, I'd say you're right. The TXT record doesn't appear to have been created. Forgive a stupid question, but Cloudflare is your authoritative DNS for that domain, right? And it's a domain you own? Because with the domain in that pastebin fragment, I don't see any DNS records at all.

 

[Ceetan]

Yes, I'd say you're right. The TXT record doesn't appear to have been created. Forgive a stupid question, but Cloudflare is your authoritative DNS for that domain, right? And it's a domain you own? Because with the domain in that pastebin fragment, I don't see any DNS records at all.

What ever else that question may be , it is not stupid. Now that you mention it, I dont think I have fully grasped what I was doing. Cloudflare provised DNS HOSTING, not the domain name itself...is that the case?

 

[danb35]

Cloudflare provised DNS HOSTING, not the domain name itself...is that the case?

That appears to be the case--as far as I can tell, the domain you're using just doesn't exist. If you want to use it, you'll need to register it with a domain registrar. Cloudflare doesn't currently operate as a registrar, but it looks like they're going to be offering that service in the (probably-near) future. I have my domains registered with easydns.com and have been happy with them. Without a registered public domain under your control, you aren't going to be able to obtain a cert from Let's Encrypt.

The other option would be to use a private domain and create a self-signed cert for it. If you do this, it should be on a private suffix (e.g., .lan or .local, not .com). You'll get a certificate error when you first browse to your installation, but you should be able to set an exception and not have it recur on that browser.

 

[Ceetan]

That appears to be the case--as far as I can tell, the domain you're using just doesn't exist. If you want to use it, you'll need to register it with a domain registrar. Cloudflare doesn't currently operate as a registrar, but it looks like they're going to be offering that service in the (probably-near) future. I have my domains registered with easydns.com and have been happy with them. Without a registered public domain under your control, you aren't going to be able to obtain a cert from Let's Encrypt.

The other option would be to use a private domain and create a self-signed cert for it. If you do this, it should be on a private suffix (e.g., .lan or .local, not .com). You'll get a certificate error when you first browse to your installation, but you should be able to set an exception and not have it recur on that browser.

That is certainly an option. I can easely enable local in the router, but I would not know how to issue a self signed cert. However, I have a duckdns domain I could use. That could work, I think.

 

[danb35]

I would not know how to issue a self signed cert.

Set SELFSIGNED_CERT=1 in nextcloud-config.

 

[snorp]

Certificates don't care about your IP address, just your FQDN.

What are the contents of /etc/resolv.conf in the jail?

# Generated by resolvconf search local

Edit:
Changed values in this file will be removed after each restart.

 

[Ceetan]

Made a little haedway,, I think.

Code:

Error: Usage: acme.sh --issue  -d  a.com  -w /path/to/webroot/a.com/
/mnt/configs/acme_dns_issue.sh: fethercloud.duckds.org: not found
/mnt/configs/acme_dns_issue.sh: --fullcha$: not found

I think I just need ato figure aout how to get acme to work with duckdns

 

[danb35]

Something else to be careful of is your line breaks--it looks like the acme.sh command has wrapped to more than one line, which is causing problems for you.

 

[danb35]

# Generated by resolvconf
search local

That looks like your problem--you need to add a line like this:
nameserver 192.168.1.1

 

[snorp]

After a few restarts I get the following error message:
[root@freenas ~]# iocage console nextcloud

Code:

mount: /mnt/iocage/jails: No such file or directory                        
jail: /sbin/mount -t nullfs -o rw /mnt/thunderfire.raid/portsnap/ports /mnt/ioca
ge/jails/nextcloud/root/usr/ports: failed

Do I understand correctly that I can no longer access the data now?
In this folder
/mnt/thunderfire.raid/iocage/jails/nextcloud/root/mnt/files
no more data is available. And that's not all. I am always denied access with root, only logging in with the GUI is possible.

btw happy new year!

 

[Apollo]

After a few restarts I get the following error message:
[root@freenas ~]# iocage console nextcloud

Code:

mount: /mnt/iocage/jails: No such file or directory                        
jail: /sbin/mount -t nullfs -o rw /mnt/thunderfire.raid/portsnap/ports /mnt/ioca
ge/jails/nextcloud/root/usr/ports: failed

Do I understand correctly that I can no longer access the data now?
In this folder
/mnt/thunderfire.raid/iocage/jails/nextcloud/root/mnt/files
no more data is available. And that's not all. I am always denied access with root, only logging in with the GUI is possible.

btw happy new year!

Don't panic, yet.
What type of restart? Freenas or "nextcloud" jail?
One thing that might work is to restart all the jails only if they have a unique IP allocated.

iocage restart ALL
If this doesn't work, I found resetting the host address under Freenas console and setting it again does fix the issue.
Freenas pre 11.2 Release had lots of issues related to iocage jails. Would it make sense to upgrade then worry about iocage jails?

You can edit "fstab" file to edit jail mount point.