SSL nextcloud + Nginx not safe

[tecnicaemail]

Hello friends, I've tried everything and I can't make my "nextcloud" have a valid SSL, I installed "Nginx" I put my duckdns Nginx created the SSL I have WAN access normally but I get the security error saying it's not safe, how can I correct this?

The certificate has the following information

Issued by: localhost
Issued by: Truenas (Nextcloud) local Root CA

TKS

 

[danb35]

how can I correct this?

Configure Nginx to use a trusted cert. How to do that? No idea; you've given us no idea how you've installed any of this stuff.

 

[tecnicaemail]

Configure o Nginx para usar um certificado confiável. Como fazer isso? Nenhuma idéia; você não nos deu nenhuma idéia de como você instalou qualquer uma dessas coisas.

Obrigado amigo pela resposta rápida!
Configurei o Nginx para apontar para o IP do meu Jails Nextcloud, tenho acesso tanto a Lan quanto a Wan, mas estou inseguro, e pelo que estou pesquisando só é possível fazer o certificado assinado digitalmente, isso teria um custo certo?

Eu sou meio leigo no assunto então vou pegar um pouco sobre isso!

 

[tecnicaemail]

Configure Nginx to use a trusted cert. How to do that? No idea; you've given us no idea how you've installed any of this stuff.

Thanks friend for the quick reply!
I configured Nginx to point to the IP of my Jails Nextcloud, I have access to both Lan and Wan, but I'm insecure, and from what I'm researching it's only possible to make the certificate digitally signed, would that have a cost right?

I'm kind of a layman on the subject so picking up a little bit about it!

 

[tecnicaemail]

Look how my certificate looks!

Certificado hosted at ImgBB

Image Certificado hosted in ImgBB

ibb.co

 

[danb35]

So it sounds like you're using Nginx as a reverse proxy. You might find it easier to work with Caddy--it doesn't have a GUI like Nginx Proxy Manager, but it handles so much automatically that it may be worth it anyway. I have a script to automate that installation, assuming you're using CORE rather than SCALE:

GitHub - danb35/freenas-iocage-caddy: Script to install Caddy V2 in a FreeNAS jail

Script to install Caddy V2 in a FreeNAS jail. Contribute to danb35/freenas-iocage-caddy development by creating an account on GitHub.

github.com

OTOH, since you are using NPM, it's entirely capable of obtaining and using a trusted cert from Let's Encrypt (for free) automatically--though you'll need to check its docs for how to do that.

 

[tecnicaemail]

So it sounds like you're using Nginx as a reverse proxy. You might find it easier to work with Caddy--it doesn't have a GUI like Nginx Proxy Manager, but it handles so much automatically that it may be worth it anyway. I have a script to automate that installation, assuming you're using CORE rather than SCALE:

GitHub - danb35/freenas-iocage-caddy: Script to install Caddy V2 in a FreeNAS jail

Script to install Caddy V2 in a FreeNAS jail. Contribute to danb35/freenas-iocage-caddy development by creating an account on GitHub.

github.com

OTOH, since you are using NPM, it's entirely capable of obtaining and using a trusted cert from Let's Encrypt (for free) automatically--though you'll need to check its docs for how to do that.

Thank you I'll try to follow the instructions in that link, this link teaches how to sign the certificate is it?

 

[tecnicaemail]

So it sounds like you're using Nginx as a reverse proxy. You might find it easier to work with Caddy--it doesn't have a GUI like Nginx Proxy Manager, but it handles so much automatically that it may be worth it anyway. I have a script to automate that installation, assuming you're using CORE rather than SCALE:

GitHub - danb35/freenas-iocage-caddy: Script to install Caddy V2 in a FreeNAS jail

Script to install Caddy V2 in a FreeNAS jail. Contribute to danb35/freenas-iocage-caddy development by creating an account on GitHub.

github.com

OTOH, since you are using NPM, it's entirely capable of obtaining and using a trusted cert from Let's Encrypt (for free) automatically--though you'll need to check its docs for how to do that.

Friend just for you to understand the scenario better
I use Truenas Core
my config
Intel i3 6th generation
1x 10TB HDD
1x 4TB HDD
1x 2TB HDD
1x HDD 1TB
1x SSD 120GB System
32GB Ram DDR3
In it I leave it installed via Plugin
Qbittorent, Plex Server and Nextcloud.
I have a VM with Ubuntu Server, where I installed Docker with Portainer, on Portainer, Ngnix, Duckdns and that's all for now, everything works, the only problem is the certificate.

 

[danb35]

Thank you I'll try to follow the instructions in that link, this link teaches how to sign the certificate is it?

The Caddy installation (using that script, or otherwise) would act as a reverse proxy, replacing Nginx. And in so doing, it would automatically obtain certs for you and renew them as needed. But again, since you're using Nginx Proxy Manager, it should be able to do this for you as well.

 

[tecnicaemail]

The Caddy installation (using that script, or otherwise) would act as a reverse proxy, replacing Nginx. And in so doing, it would automatically obtain certs for you and renew them as needed. But again, since you're using Nginx Proxy Manager, it should be able to do this for you as well.

I understand, friend, which command do I use to uninstall the caddy?

Now I understand my browsers will not show a valid secure certificate if I host the same and pay a validation!

Thank you very much, if you can provide me with the caddy uninstall command I will be grateful!!

 

[danb35]

I understand, friend, which command do I use to uninstall the caddy?

If you ran my script, you can delete the jail using the TrueNAS web UI.

 

[tecnicaemail]

If you ran my script, you can delete the jail using the TrueNAS web UI.

Thanks again, my friend, it was very helpful!