Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

[Robert Thomspon]

Hey guys... having some weird issues with my Nextcloud...

When I reboot the system (or the jail) All I get are 522 connection errors (connection timed out) to the nextcloud...
It worked perfectly fine before reboot...

I was able to fix it once by running the remove -staging script.. but that does not seem to help. Ive tried manually restarting caddy, with no effect...

Any ideas on where to start looking as to the why of whats happening?
(FreeNAS 11.3RC2, I cant check the version of Nextcloud as it wont come up... but, I believe it's V 17...)

 

[danb35]

Makes it sound like Caddy isn't restarting (and also like you're running behind Cloudflare, which can make errors harder to diagnose). Inside the jail, is there anything of interest in /var/log/caddy.log?

 

[Robert Thomspon]

Makes it sound like Caddy isn't restarting (and also like you're running behind Cloudflare, which can make errors harder to diagnose). Inside the jail, is there anything of interest in /var/log/caddy.log?

I am running behind cloudflare...

And Im not really sure what to look for as far as what the log should/shouldnt look like... The only thing that stands out is:

Code:

2020/02/10 17:12:26 [INFO] Caddy version: v1.0.4

2020/02/14 06:46:25 [INFO] Serving https://cloud.XXX.org
2020/02/14 06:48:26 [INFO] SIGTERM: Shutting down servers then terminating
2020/02/14 06:48:26 [INFO][cache:0xc0001bc320] Stopped certificate maintenance >
2020/02/14 06:48:27 [INFO] Caddy version: v1.0.4
2020/02/14 06:48:27 [INFO][cache:0xc0001d6320] Started certificate maintenance >
Activating privacy features... done.

Serving HTTPS on port 443
https://cloud.XXX.org

2020/02/14 06:48:27 [INFO] Serving https://cloud.XXX.org

The only stand-out part is the SIGTERM.. but that may be from me rebooting

 

[Robert Thomspon]

Im a little doubtful that the issue exists with cloudflare as it only happens on reboot (or restart of the owncloud jail).. But, then again, im also a little doubtful its the jail :) so...

 

[Robert Thomspon]

Interesting...

So, I got it back...

I had to change its IP address, then change it back... Wondering if theres a conflict somewhere on my network and I dont know about it...yet...

 

[danb35]

Wondering if theres a conflict somewhere on my network

That would explain it. I'd probably download the Fing app on my phone, stop the jail, and then scan the network--it would show if anything else is using that IP.

 

[Basil Hendroff]

It's been an education studying the 57 pages of this thread over the last couple of days! I'm far more comfortable in the GUI. I'm way out of my league and comfort zone here so please excuse my noob-ness.

Anyway, I finally took the plunge and ran the script earlier today after meeting all the prerequisites. I had no problems, but couldn't access Nextcloud internally or externally. So I started afresh this afternoon, and twice now, I keep failing at the same point in the script. My woes start within the highlighted box. Thoughts please?

 

[danb35]

My woes start within the highlighted box. Thoughts please?

There seem to be problems downloading from nextcloud.com--I noticed the same thing earlier trying to download the sync client for my computers, and just now the download is going very slowly (current ETA is over 2 hours to download the server package). There are a few threads on help.nextcloud.com mentioning the issue, but as yet no stated resolution. Only thing to do is wait for them to fix their servers.

 

[Basil Hendroff]

So, the scripted installation under FreeNAS11.3 went off without problems today (I have kept a copy of the session log if needed).

However, I still can't connect internally on my network or externally from the internet.

Internal Checks

Contents of my nextcloud-config:

Extract from iocage list.

I'm assuming (like the Nextcloud plugin), I enter in a browser 10.1.1.29:8282 to get to Nextcloud. However, I'm unable to establish a connection.

If I try to browse the IP address:

Curiously, /var/log/caddy.log is empty, but Caddy is running.

External Checks

I bounce my modem to change its external IP address and note the new address propagate through DNS-O-Matic and Cloudflare. However, if I try to connect to Nextcloud (using a free domain name acquired from Freenom.com), Cloudflare issues a 523 (Origin is Unreachable). Cloudflare seems to be aware of the IP address for the domain.

I backtrack. I'm reasonably confident that DNS-O-Matic is working properly.

I'm not as confident that I have the right records for Cloudflare, even though the A record is being updated with the correct IP. I was prompted to create an MX record, but I ignored this.

Freenom has been configured to use Cloudflare nameservers.

If I do an external ping of the domain name using Fing on my mobile phone, the IP addresses don't match.

I get this address as well if I do a ping from within my network. Same thing from inside the Nextcloud jail.

I'm missing something that's right under my nose, but I'm not sure what it is. I'd like a new set of eyes on this, please.

 

[danb35]

I'm assuming (like the Nextcloud plugin), I enter in a browser 10.1.1.29:8282

I have no idea where you got port 8282 from--the plugin doesn't use it and neither does this script.

If I do an external ping of the domain name using Fing on my mobile phone, the IP addresses don't match.

That's because you're using Cloudflare's proxying (the orange cloud)--the IP you're seeing is one of their servers. That's also why you're getting an error page from Cloudflare. Their proxying shouldn't break anything, but I'd suggest turning it off for the time being, as it can complicate troubleshooting.

Set up your router (if possible) or your local hosts file (if you can't set up your router) so that the FQDN you're using for the jail resolves to the jail's IP address. Then try browsing to that FQDN and see what happens.

 

[Basil Hendroff]

Once I made those two small, but significant changes, Nextcloud burst into life both inside and outside my network Computers can be so unforgiving! Thank you danb35! Do I leave the proxies off Cloudflare?

I have no idea where you got port 8282 from--the plugin doesn't use it

FYI, in 11.3, the plugin uses NAT by default now and sets the admin portal to IP_addr:8282.

I've read somewhere in this thread that if I want to use your Caddy script for a reverse proxy, the Nextcloud script should be run with SELFSIGNED_CERT=1. Since this is a new install, is the easiest way to destroy the Nextcloud jail and start over? Is there a preferred order in which script, Caddy or Nextcloud, is run first?

 

[claudioferraz]

@ danb35 Your script is amazing! I can access the remote control successfully. Thank you!

 

[danb35]

FYI, in 11.3, the plugin uses NAT by default now and sets the admin portal to IP_addr:8282.

Ah, that's what I get for not trying the plugin under 11.3--thanks for the correction. It's still the case that this script doesn't use it. (-:

As to putting this behind a reverse proxy, I really don't have any experience with that scenario, though I think you'll find some posts toward the end of my thread on using Caddy as a reverse proxy indicating some Caddyfile settings that would help. I don't see what benefit there would be to using a self-signed cert for the Nextcloud instance in that case (since you're using DNS validation anyway, there's no impediment to continuing to use a Let's Encrypt cert), but if you do want to do that, the easiest way at this point is probably to just destroy the jail and re-run the script with that setting.

 

[Basil Hendroff]

@danb35 The installation of Nextcloud using the script complains a bit more when NO_CERT=1 compared to when DNS_CERT=1. I use the former setting when dovetailing a Nextcloud install with a Reverse Proxy using Caddy.

When DNS_CERT=1, there are very few, if any, warnings thrown up during script execution. The Nextcloud administration overview also shows no security and setup warnings.

When NO_CERT=1, the following message is repeated frequently towards the end of script execution.

Code:

The process control (PCNTL) extensions are required in case you want to interrupt long running commands - see http://php.net/manual/en/book.pcntl.php

The Nextcloud administration overview also shows some warnings.

I've done some digging around to see if I can work around these warnings, but nothing seems to make much sense to me atm.

 

[Basil Hendroff]

After a useful discussion with danb35 starting here on the Let's Encrypt with FreeNAS 11.1 and later 0.3 resource, I decided to start afresh with Caddy and Nextcloud. Curiously, today, with NO_CERT=1, I ended up with a clean scripted installation of Nextcloud. The Nextcloud administration overview showed only the following warning, which is expected with NO_CERT=1.

,,, and after putting it behind Reverse Proxy using Caddy (with optional automatic TLS)

Sweet!

 

[claudioferraz]

Hi!! How to change port in iocage with nextcloud? I don't locate httpd.conf. tks

 

[danb35]

Hi!! How to change port in iocage with nextcloud?

You'd change it in the Caddyfile, located at /usr/local/www/Caddyfile. But doing that will probably break its automatic HTTPS support. Why do you want to change the port?

 

[claudioferraz]

My ISP blocked =/

 

[mapcevn]

I've got this message when uploading a file of 1.8GB using the web interface
"Error when assembling chunks, status code 504"
Any idea on what is going on here?

 

[tebra]

Hi all,
I installed Nextcloud with this script and the option DNS_CERT for duckdns. Nextcloud instance works from my lan but can't be reached from internet.
Here is the end output of the install script

Code:

Build complete.
Don't forget to run 'make test'.
===>  Staging for php73-pcntl-7.3.15
===>   php73-pcntl-7.3.15 depends on file: /usr/local/include/php/main/php.h - found
===>   Generating temporary packing list
====> Compressing man pages (compress-man)
===>  Installing for php73-pcntl-7.3.15
===>  Checking if php73-pcntl is already installed
===>   Registering installation for php73-pcntl-7.3.15
[nextcloud] Installing php73-pcntl-7.3.15...
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-pcntl.ini

Copying Caddyfile for Let's Encrypt cert
caddy_enable:  -> YES
caddy_cert_email:  -> 
caddy_env:  -> DUCKDNS_TOKEN=
* Stopping nextcloud
  + Executing prestop OK
  + Stopping services OK
  + Tearing down VNET OK
  + Removing devfs_ruleset: 6 OK
  + Removing jail process OK
  + Executing poststop OK
No default gateway found for ipv6.
* Starting nextcloud
  + Started OK
  + Using devfs_ruleset: 6
  + Configuring VNET OK
  + Using IP options: vnet
  + Starting services OK
  + Executing poststart OK
Nextcloud was successfully installed
System config value mysql.utf8mb4 set to boolean true
Check indices of the share table.
Check indices of the filecache table.
Check indices of the twofactor_providers table.
Check indices of the login_flow_v2 table.
Check indices of the whats_new table.
Check indices of the cards table.
Check indices of the cards_properties table.
Check indices of the calendarobjects_props table.
Adding calendarobject_calid_index index to the calendarobjects_props table, this can take some time...
calendarobjects_props table updated successfully.
Check indices of the schedulingobjects table.
Adding schedulobj_principuri_index index to the schedulingobjects table, this can take some time...
schedulingobjects table updated successfully.
Following columns will be updated:

* mounts.storage_id
* mounts.root_id
* mounts.mount_id

This can take up to hours, depending on the number of files in your instance!
System config value logtimezone set to string Europe/Brussels
System config value log_type set to string file
System config value logfile set to string /var/log/nextcloud.log
System config value loglevel set to string 2
System config value logrotate_size set to string 104847600
System config value memcache.local set to string \OC\Memcache\APCu
System config value redis => host set to string /tmp/redis.sock
System config value redis => port set to integer 0
System config value memcache.locking set to string \OC\Memcache\Redis
System config value overwrite.cli.url set to string https://xyz.duckdns.org/
System config value htaccess.RewriteBase set to string /
.htaccess has been updated
System config value trusted_domains => 1 set to string xyz.duckdns.org
System config value trusted_domains => 2 set to string 192.168.1.210
encryption enabled
Encryption enabled

Default module: OC_DEFAULT_MODULE
Encryption disabled
Set mode for background jobs to 'cron'
Successfully removed mount from nextcloud's fstab
Installation complete!

And this is the end of the output of /var/log/caddy.log

Code:

2020/02/29 15:54:13 [INFO] [xyz.duckdns.org] acme: Validations succeeded; requesting certificates
2020/02/29 15:54:14 [INFO] [xyz.duckdns.org] Server responded with a certificate.
done.

Serving HTTPS on port 443
https://xyz.duckdns.org
https://192.168.1.210

2020/02/29 15:54:14 [INFO] Serving https://xyz.duckdns.org
2020/02/29 15:54:14 [INFO] Serving https://192.168.1.210

Serving HTTP on port 80
http://xyz.duckdns.org

2020/02/29 15:54:14 [INFO] Serving http://xyz.duckdns.org
2020/02/29 16:27:52 [INFO] SIGTERM: Shutting down servers then terminating
2020/02/29 16:27:52 [INFO][cache:0xc0001ca320] Stopped certificate maintenance routine