dhenzler
Explorer
- Joined
- Sep 24, 2019
- Messages
- 57
Ok I have reinstalled the NexCloud again, but now with it's own ip-address and I don't know why I had choosen to access the NC through a port.
This solved a lot of issues, so I can access my NC secure and with the FQDN as the address.
Now I have to find out the configuration of the certificates and where I install the certificates.
I don't know what the best option is and if both will work?
- I can choose maybe for my Gateway Server of Unifi
- I can choose for installing the certificates in the Jail of the NC
Do only the following:
Step 4 – Enable HTTPS:
You will need to create self signed SSL certificate and the private key first. For this, you will have to login via ssh into the FreeNas. Then type: jls to list the running jails on your FreeNas Box. Note the number that corresponds to nextcloud and then enter: jexec jail# tcsh.
This will change the prompt to nextcloud. This means that you’re inside the nextcloud jail, ready to make changes specifically to nextcloud.
Goto the Location: /usr/local/etc/ssl
type the following to create the certificate in the jail terminal:
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout nextcloud.key -out nextcloud.crt
This will create two files. Certificate and the private key.
You will have to reference these in the nextcloud.conf file.
To locate nextcloud.conf is just type:
find / -name nextcloud.conf
this will search for the file from the root directory.
mine was located at: /usr/local/etc/nginx/conf.d/nextcloud.conf
Add the following inside server{:
server {
listen 443 ssl;
server_name _;
ssl_certificate /usr/local/etc/ssl/nextcloud.crt;
ssl_certificate_key /usr/local/etc/ssl/nextcloud.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
Restart nginx by: service nginx stop and then service nginx start
Goto your ip but this time with https://ip and it will give you a browser warning. Just add the certificate in your browser and it will then load.
You should be a "happy camper" at this point...
Let me know how it goes for you. I've got 3 servers running FreeNAS late version. Am going to attempt switching over to TrueNAS on one later this week.
If you need to have an alternate SSL use port 8443 it's the designated secondary port number