[How-To] ownCloud using NGINX, PHP-FPM, and MySQL

[ArgaWoW]

Please allow a quick simple question: does anyone have experienced problems with this ownCloud installation after updating to Freenas 10? I'm willing to update a client's NAS where they are happily using ownCloud and any disturbance in the connection to the cloud would be rather unpleasant.

Thank you!

Hi,
Yes I have problems. Look my post before yours. I hope someone can help to solve it, because I am very happy with this setup. I have used it for the last two years on freenas 9.10.

For the time until I have a solution I have set up owncloud in a debian vm on freenas corral.

 

[Chakalov]

So you had working ownCloud on 9.10 which got broken after you moved to Freenas 10!? What exactly was the problem?

Because if I got this correctly in your previous post you have an issue with a clean install on Freenas 10 which is not what I'm asking for.

 

[ArgaWoW]

You can't move your owncloud installation thought because you don't have jails. If you find a way, tell it please.

Gesendet von meinem LG-H850 mit Tapatalk

 

[Jailer]

Won't work, jails aren't supported in Corral. The jails dataset will still be there for data migration purposes but the install will have to be rebuilt in a VM or via a Docker container.

 

[KevDog]

Jailer ---

Sort of offtopic -- but why aren't jails supported on Corral? 9.10 had support for jails and VMs and now Corral has support for VMs and Docker but not jails. I liked the concept of jails a lot. Security concern?

 

[ArgaWoW]

Won't work, jails aren't supported in Corral. The jails dataset will still be there for data migration purposes but the install will have to be rebuilt in a VM or via a Docker container.

Jails not necessarily. You can install owncloud on a freebsd vm. The problem at the moment is php7-apcu. Hope the how-to will be updated soon

 

[KevDog]

According to https://www.freshports.org/devel/pecl-APCu/ php7-apcu moved to pecl-APCu, so can't you just use this package?

You might also have to add this to your /etc/make.conf file:

Code:

DEFAULT_VERSIONS+= php=7.0

If in the process of trying to install pecl-APCu using the pkg utility and it wants to pull in a bunch of php5.6 libraries and such, abort the process and compile pecl-APCu from ports and install that way. I'm pretty sure it should work.

 

[Michael Sparks]

where is the default folder location for all owncloud files (the ones I've added), if I never setup a separate dataset in the beginning (following the tutorial)? Thanks

 

[Chakalov]

Jailer ---
Sort of offtopic -- but why aren't jails supported on Corral? 9.10 had support for jails and VMs and now Corral has support for VMs and Docker but not jails. I liked the concept of jails a lot. Security concern?

Docker is a really cool stuff and the more I read about it the more I think is much better than Jails.

After just a few days of endless trial and error I've finally made a working ownCloud/Nextcloud installation on Corral. I'll be happy to assist if someone is still banging his head against the keyboard - in a separate topic, of course.

 

[NasKar]

I can't seem to get the email settings to work for gmail. Anyone have an idea what's wrong? The same settings work in the FreeNAS GUI email setup.
Admin/additonal settings/email server

 

[tamilmad]

Hi,
Yes I have problems. Look my post before yours. I hope someone can help to solve it, because I am very happy with this setup. I have used it for the last two years on freenas 9.10.

For the time until I have a solution I have set up owncloud in a debian vm on freenas corral.

Presently , I am on 9.10.2 u2 with owncloud on a jail, installed using Joshua's step by step guide in page 1.

I would apprieciate if you can come up with a step by step guide for installing owncloud in containers, if possible and if you have time for such a guide. My main use of freenas is for owncloud. So I would upgrade to coral 10.0.2 if I am sure that owncloud / nextcloud would work.

Thanks

 

[ArgaWoW]

Presently , I am on 9.10.2 u2 with owncloud on a jail, installed using Joshua's step by step guide in page 1.

I would apprieciate if you can come up with a step by step guide for installing owncloud in containers, if possible and if you have time for such a guide. My main use of freenas is for owncloud. So I would upgrade to coral 10.0.2 if I am sure that owncloud / nextcloud would work.

Thanks

Hi, you can easily install owncloud on a freebsd vm according to this guid on corral. I have done so an everything works good.

Edit:
Just use the freebsd 10 template, not freebsd 12

 

[Chakalov]

And mapping the Datasets from the VM went just fine?

 

[ArgaWoW]

And mapping the Datasets from the VM went just fine?

Yes,
Just mount an nfs share with fstad. Runs like a charm for me. [emoji106]

Gesendet von meinem LG-H850 mit Tapatalk

 

[NasKar]

I followed the directions by @KevDog on page 62 and everything worked great I can't renew my lets encrypt certificate in nextcloud. I get this error:

Code:

Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/xxxx.ddns.net.conf produced an unexpected error: Failed authorization procedure. xxxx.ddns.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to xxxx.ddns.net. Skipping.

In the past I didn't get an error if I ran /usr/local/bin/certbot renew --dry-run

 

[KevDog]

I followed the directions by @KevDog on page 62 and everything worked great I can't renew my lets encrypt certificate in nextcloud. I get this error:

Code:

Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/xxxx.ddns.net.conf produced an unexpected error: Failed authorization procedure. xxxx.ddns.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to xxxx.ddns.net. Skipping.

In the past I didn't get an error if I ran /usr/local/bin/certbot renew --dry-run

I'm not sure why you are getting that error -- might be connection problem. The same command works for me. Seems due to an authentication problem you're missing a password or something.

 

[NasKar]

Also getting these errors. Not sure what the could not open default servers... means.

Code:

W:LANG: Cannot open language file.  Will use english defaults, or default override (--lang_file <path/file_name>...)
Apr  6 07:33:25 freenas notifier: Thu Apr  6 07:33:25 2017: S:INADYN: Could not open default servers_additional.cfg.  Will try svr_add_cfg option, if set...
Apr  6 07:33:25 freenas INADYN[50948]: Thu Apr  6 07:33:25 2017: W:CACHE_LIST x.x.x.x  xxxx.ddns.net:auto dynupdate.no-ip.com...

 

[ArgaWoW]

Hi,

I try to install nextcloud according to the how-to on the first page and got this error:

Code:

pkg: No packages available to install matching 'php70-APCu' have been found in the repositories

Me on Freenas Corral and I have done this installation for owncloud in a FreeBSD 10.3 VM and it worked without problems.

Can someone point me to a solution of this issue pls.

Thanks in advance.

 

[KevDog]

The php70-APCu package has been replaced by pecl-APCu. (Information on this change at the bottom https://www.freshports.org/devel/php70-APCu/)

 

[NasKar]

I followed the directions by @KevDog on page 62 and everything worked great I can't renew my lets encrypt certificate in nextcloud. I get this error:

Code:

Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/xxxx.ddns.net.conf produced an unexpected error: Failed authorization procedure. xxxx.ddns.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to xxxx.ddns.net. Skipping.

In the past I didn't get an error if I ran /usr/local/bin/certbot renew --dry-run

I'm not sure but I think it maybe my nginx.conf file that is preventing the letsencrypt from renewing. Could someone take a look at mine and tell me if you think there is a problem with it?

Code:

load_module /usr/local/libexec/nginx/ngx_mail_module.so;
load_module /usr/local/libexec/nginx/ngx_stream_module.so;

#user  nobody;
worker_processes  2;

# This default error log path is compiled-in to make sure configuration parsing
# errors are logged somewhere, especially during unattended boot when stderr
# isn't normally logged anywhere. This path will be touched on every nginx
# start regardless of error log location configured here. See
# https://trac.nginx.org/nginx/ticket/147 for more info.
#
#error_log  /var/log/nginx/error.log;
#

#pid		logs/nginx.pid;


events {
	worker_connections  1024;
}


http {
	include	   mime.types;
	default_type  application/octet-stream;
#turn off server tokens
	server_tokens off;
# add pound to remove
	#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
	#				  '$status $body_bytes_sent "$http_referer" '
	#				  '"$http_user_agent" "$http_x_forwarded_for"';

	#access_log  logs/access.log  main;

	sendfile		off;
	#tcp_nopush	 on;

	#keepalive_timeout  0;
	keepalive_timeout  65;

	#gzip  off;
#	ssl_certificate /usr/local/etc/nginx/server.crt;
#	ssl_certificate_key /usr/local/etc/nginx/server.key;

#######SSL SECTION########################################
	# global SSL options with Perfect Forward Secrecy (PFS) high strength ciphers
	# first. PFS ciphers are those which start with ECDHE which means (EC)DHE
	# which stands for (Elliptic Curve) Diffie-Hellman Ephemeral. 256bit preference.

	# ciphers for RSA signed certificates

#	  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA;
	# ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';


	#ssl_ciphers EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
	# Nginx with BoringSSL ciphers for Elliptic Curve Digital Signature Algorithm
	# (ECDSA) signed certificates. equal preference groups.
	# ssl_ciphers [ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-AES256-GCM-SHA384]:[ECDHE-ECDSA-AES128-SHA256|ECDHE-ECDSA-AES256-SHA384]:[ECDHE-ECDSA-AES128-SHA|ECDHE-ECDSA-AES256-SHA];

	ssl_certificate /usr/local/etc/letsencrypt/live/xxxx.ddns.net/fullchain.pem;
		ssl_certificate_key /usr/local/etc/letsencrypt/live/xxxx.ddns.net/privkey.pem;
	ssl_trusted_certificate /usr/local/etc/letsencrypt/live/xxxx.ddns.net/chain.pem;
#	ssl_certificate /usr/local/etc/nginx/ssl/nginx-selfsigned.crt;
#	ssl_certificate_key /usr/local/etc/nginx/ssl/nginx-selfsigned.key;
	ssl_dhparam /usr/local/etc/nginx/ssl/dhparam.pem;

	ssl_ecdh_curve secp384r1;			  # 384 bit prime modulus curve efficiently supports ECDHE ssl_ciphers up to a SHA384 hash
	ssl_prefer_server_ciphers on;		  # the preferred ciphers are listed on the server by "ssl_ciphers"
	ssl_protocols TLSv1.2 TLSv1.1 TLSv1;   # protocols, the order is unimportant
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 128s;			  # how long before the client and server must renegotiate the ssl key
	#ssl_stapling on;					   # staple the ssl cert to the initial reply returned to the client for speed
	#ssl_stapling_verify on;

	######END SSL SECTION########################################

server {
	listen	  80;
	listen	  443 ssl;
		server_name  192.168.1.180;
	add_header Strict-Transport-Security "max-age=0; includeSubDomains; preload;";
#	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
		root /usr/local/www;
		location = /robots.txt { allow all; access_log off; log_not_found off; }
		location = /favicon.ico { access_log off; log_not_found off; }


		location ^~ /nextcloud {
			client_max_body_size 512M;
			error_page 403 /nextcloud/core/templates/403.php;
			error_page 404 /nextcloud/core/templates/404.php;
			location /nextcloud {
				rewrite ^ /nextcloud/index.php$uri;
			}
			location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
				deny all;
			}
			location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
				deny all;
			}
			location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
				fastcgi_split_path_info ^(.+\.php)(/.*)$;
				include fastcgi_params;
				fastcgi_pass unix:/var/run/php-fpm.sock;
				fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
				fastcgi_param PATH_INFO $fastcgi_path_info;
				fastcgi_param front_controller_active true;
				fastcgi_intercept_errors on;
			}
			location ~* \.(?:css|js)$ {
				try_files $uri /nextcloud/index.php$uri$is_args$args;
				add_header Cache-Control "public, max-age=7200";
			}
			location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
				try_files $uri /nextcloud/index.php$uri$is_args$args;
			}

		}
	}
}