Resource icon

Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,457
you are saying that after 60 days validation date will change by something magical?
Nothing magical at all; the webserver renews the cert automatically after about 60 days. That's how Let's Encrypt is supposed to work--you'll have an automated process to renew the certs well before they expire, with no attention needed from the admin.
I wanted to just type in the address bar on any browser example.us and then it will automatically redirect or put the https:// in front of my address. I also noticed I don't have a problem with this when I'm connect to the same wifi at home.
What you're saying you want is how it ought to work. If it's working when you're at home (on the same network), and not when you're away, the likely problem is with either your port forwarding configuration or your ISP blocking port 80. To check for the latter, you can use https://www.whatismyip.com/port-scanner/ and select the Web package.
I did some reading prior to asking the question and found out that my router is not compatible.
My vote would be a better router (OPNsense or pfSense are good candidates), but all you really need is something to provide local DNS that you can configure. Pi-Hole is popular, easy to use, and it can easily run in a VM on your system if you like, or you could run it on a Raspberry Pi as originally designed:
But it should work using the hosts file as well.
 

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
Please post the pkg info for the packages matching "pecl-imagick" and "ImageMagick". If they are installed without X11 support, then SVG is disabled. This is fixable, but I need the info which packages precisely you are using.
The script installs php74-pecl-imagick . I couldn't find much in my search about how to fix this. Noticed another package in freshports.org so I tried to install it to see if it fixed the issue.
php74-pecl-imagick-im7-3.4.4_2 PHP wrapper to the ImageMagick/GraphicsMagick library version 7 but that didn't work.
also have
ImageMagick7-nox11-7.0.11.12 Image processing tools
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
You need to deinstall the ImageMagick7-nox11 package and install the ImageMagick7 package instead.
pkg install ImageMagick7 will probably do both in one go.
 

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
You need to deinstall the ImageMagick7-nox11 package and install the ImageMagick7 package instead.
pkg install ImageMagick7 will probably do both in one go.
That deinstalled nox-11 as you stated but now I have the error
Code:
This instance is missing some recommended PHP modules. For improved performance and better compatibility it is highly recommended to install them.
imagick

After reInstalling php74-pecl-imagick and restarting the jail all the errors are gone. Thanks.
 

T_T

Explorer
Joined
Jul 24, 2018
Messages
64
Nothing magical at all; the webserver renews the cert automatically after about 60 days. That's how Let's Encrypt is supposed to work--you'll have an automated process to renew the certs well before they expire, with no attention needed from the admin.

I'm assuming that's how Let's Encrypt work and 60 days is pretty much a default time for certification renewal?

What you're saying you want is how it ought to work. If it's working when you're at home (on the same network), and not when you're away, the likely problem is with either your port forwarding configuration or your ISP blocking port 80. To check for the latter, you can use https://www.whatismyip.com/port-scanner/ and select the Web package.

It seems like my ISP block port 80 for security reasons. Will this affect my certificate automatic renewal process from Let's Encrypt? I think they might have required both ports 80 and 443 to be open. Is there any way to work around this?

But it should work using the hosts file as well

Couldn't get the internal IP to work. I might have to try that Pi-hole route.

New questions:
Related to my previous SMB share. I could not figure out how to config the permission have access from a window share. I have also read that people used plugin and was successfully done this but it is not recommended because nextcloud keep a metadata and if I was to put file into the nextcloud dataset it wouldn't work properly. Is this true if I use this installation?

In regard to running ONLYOFFICE. It's required that I have to run nextcloud behind a reverse proxy which I have no idea how to do. Is there any other way around this?

I have run into issue when I update the nextcloud jail through the web UI and after that every broke. Since I could not access using the internal IP address. I cannot do anything or figure out what's wrong. I did try to store from the snapshot before the update and everything works fine now. So my question is, what would be the best way to update?
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
I'm assuming that's how Let's Encrypt work and 60 days is pretty much a default time for certification renewal?
Most commercial certificates have a lifetime of about one year, nowadays, and renewal is manual.
Letsencrypt certificates have a lifetime of 90 days and renew automatically, 30 days before expiry the earliest.

It seems like my ISP block port 80 for security reasons. Will this affect my certificate automatic renewal process from Let's Encrypt? I think they might have required both ports 80 and 443 to be open. Is there any way to work around this?
Automatic renewal using the HTTP challenge/response protocol requires port 80 and unencrypted traffic to be available. The security is in the protocol, no transport encryption is necessary. There is a DNS based alternative. For that you need control over the DNS for the domain you want to use with Letsencrypt.

Related to my previous SMB share. I could not figure out how to config the permission have access from a window share. I have also read that people used plugin and was successfully done this but it is not recommended because nextcloud keep a metadata and if I was to put file into the nextcloud dataset it wouldn't work properly. Is this true if I use this installation?
Don't access the Nextcloud data via other share protocols like SMB that do not run through Nextcloud. You can do a WebDAV mount of your cloud folders if needed.

In regard to running ONLYOFFICE. It's required that I have to run nextcloud behind a reverse proxy which I have no idea how to do. Is there any other way around this?
Not quite - you do not need a reverse proxy, you just need the ability to access your Nextcloud at e.g. https://cloud.my.domain/ and OnlyOffice at e.g. https://office.my.domain/. If you have only one IP address because you run these serves at home, a reverse proxy is the simplest solution.
I can give you a more or less complete setup for Apache 2.4 with Letsencrypt. @danb35 prefers Caddy.

I have run into issue when I update the nextcloud jail through the web UI and after that every broke. Since I could not access using the internal IP address. I cannot do anything or figure out what's wrong. I did try to store from the snapshot before the update and everything works fine now. So my question is, what would be the best way to update?
Update on the command line. Be aware that there may be additional steps if e.g. MySQL/MariaDB gets an update. Info about that can be found in the MySQL/MariaDB docs. And definitely after every Nextcloud update you need to run the occ tool to upgrade your database. All about that can be found in the Nextcloud documentation.

HTH,
Patrick
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,457
In regard to running ONLYOFFICE. It's required that I have to run nextcloud behind a reverse proxy which I have no idea how to do. Is there any other way around this?
I'll defer to Basil for details, as I don't run Nextcloud behind a proxy (or, for that matter, on Free/TrueNAS at all), but I'd start here:
I'm pretty sure this would also require local DNS to be working.
renew automatically, 30 days before expiry the earliest.
Well, that's about when any non-stupid client would start trying to renew, but they can do it it at any time (e.g., force-renew the cert every week).
Automatic renewal using the HTTP challenge/response protocol requires port 80 and unencrypted traffic to be available.
But unless I'm mistaken, Caddy defaults to using TLS-ALPN validation, so it will work with only port 443 open. Since Athy was able to obtain a cert in the first place, renewal should also be fine.
 

T_T

Explorer
Joined
Jul 24, 2018
Messages
64
Automatic renewal using the HTTP challenge/response protocol requires port 80 and unencrypted traffic to be available.
But unless I'm mistaken, Caddy defaults to using TLS-ALPN validation, so it will work with only port 443 open. Since Athy was able to obtain a cert in the first place, renewal should also be fine.

I guess I'll just have to wait until that 60 days mark.

There is a DNS based alternative. For that you need control over the DNS for the domain you want to use with Letsencrypt.

I have no idea what that mean. Can you elaborate?

Not quite - you do not need a reverse proxy, you just need the ability to access your Nextcloud at e.g. https://cloud.my.domain/ and OnlyOffice at e.g. https://office.my.domain/. If you have only one IP address because you run these serves at home, a reverse proxy is the simplest solution.
I can give you a more or less complete setup for Apache 2.4 with Letsencrypt. @danb35 prefers Caddy.

Looks like I will be stuck with the reverse proxy option. I actually came across https://www.truenas.com/community/t...sing-caddy-with-optional-automatic-tls.75978/ this thread from @danb35. I don't know if I can do this on top of what has already been installed. From what I understand there is quite a bit of redirecting that needed to be done. Is this OK to install it on top?

Also, the ONLYOFFICE guide have 2 options: Ubuntu VM on TrueNAS CORE vs using TrueNAS SCALE, what's the benefit of 1 over the other?

Update on the command line. Be aware that there may be additional steps if e.g. MySQL/MariaDB gets an update. Info about that can be found in the MySQL/MariaDB docs. And definitely after every Nextcloud update you need to run the occ tool to upgrade your database. All about that can be found in the Nextcloud documentation.

In what order would update all this?
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,457
I guess I'll just have to wait until that 60 days mark.
I think so--I don't believe there's a way with Caddy to force early renewal.
I have no idea what that mean. Can you elaborate?
Let's Encrypt needs to validate that you own the domain for which you're asking for a cert, and it has three ways of doing so: (1) HTTP validation, which serves a token at http://domain_name/.well-known/acme-challenge/foo (and thus requires port 80 to be open); (2) TLS-ALPN, which operates via magic (not really, of course, but I don't know how it does operate) over port 443, and which I believe is Caddy's default; and (3) DNS validation, which requires you to create a DNS record at _acme-challenge.yourdomain with specified contents. I like DNS validation and use it a lot, but to be practical, it requires you use a DNS host with a supported API so that Caddy (or whatever other client you're using) can update its records automatically. Cloudflare is pretty popular in this regard.
Is this OK to install it on top?
No, the reverse proxy would be installed in a different jail.
Also, the ONLYOFFICE guide have 2 options: Ubuntu VM on TrueNAS CORE vs using TrueNAS SCALE, what's the benefit of 1 over the other?
Basil would be a better person to ask than me, but it'd largely come down to which OS you're running--I wouldn't expect it to be worth switching to SCALE just for ONLYOFFICE.
 
Joined
Jan 4, 2014
Messages
1,644
In regard to running ONLYOFFICE. It's required that I have to run nextcloud behind a reverse proxy which I have no idea how to do. Is there any other way around this?
There's a guide for linking the Nextcloud and Caddy resources, and Onlyoffice here. Work your way through it step by step and you should be fine.

Also, the ONLYOFFICE guide have 2 options: Ubuntu VM on TrueNAS CORE vs using TrueNAS SCALE, what's the benefit of 1 over the other?
TrueNAS SCALE is in beta. Go the VM route if you've not got a SCALE server set up.
 

j0nathanr

Cadet
Joined
May 17, 2020
Messages
1
Would someone be kind enough to share their Nextcloud upload/download speeds locally and externally? I'm more interested in large file transfers rather than lots of small files.

I've recently used the scripted installation to set up my Nextcloud Jail and everything is working as expected, SSL is enabled and a proper certificate from let's encrypt is being used.

However, I expected faster upload/download speeds than I'm currently getting. Over LAN, download seems to be capped at around 8-9 MB/s (megabytes), while upload is usually double that around 16-19 MB/s. Over WAN the speeds are basically cut in half, so around 4 MB/s down and around 8 up. I should also state that I do not have file encryption turned on.

Now I've done some tests and can confirm running Nextcloud in HTTP yields basically a full gigabit of transfer speeds. Running in https with a self signed SSL cert brings the speeds down tremendously, but as to be expected I suppose. Download speeds averaged around 45 MB/s while curiously uploads started high but quickly throttled to around 20 MB/s while using a self signed cert.

I'm not so familiar with how SSL encryption works or how self signed certs vs CA signed may differ, but I'd like to know if the speeds I'm experiencing are to be expected.
 

nick23369

Cadet
Joined
Jan 19, 2021
Messages
8
Hi All,
I'm a newbie and this is my very first post on this forum, I hope I'll be able to explain my issue.

I'm running TrueNAS-12.0-U4.1 since January 2021 on a ASUS Prime X370-Pro with C-State disabled and AMD 7 Pro 1700X. Data is on 6 X 4TB WD Red Plus RAIDZ2.

First I would like to thank Danb35 for the NextCloud script, it worked like a charm and I'm running NextCloud since March. I'm happy so far, everything related to NextCloud is working fine but recently I realised that my certificate is expiring and it seems that I cannot get it renewed.
Here there is my config file I used for the installation (I have a FQDN and I'm using Cloudflare as DNS host):
Code:
JAIL_IP="192.168.178.68"
DEFAULT_GW_IP="192.168.178.1"
POOL_PATH="/mnt/TrueNAS_Data"
TIME_ZONE="Europe/Zurich"
HOST_NAME="example.com"
DNS_CERT=1
DNS_PLUGIN=cloudflare
DNS_TOKEN=long API Key
CERT_EMAIL=my.email@email.com
NEXTCLOUD_VERSION=21

and here the is the output of tail /var/log/caddy.log:
Code:
{"level":"info","ts":1627598096.4593964,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["example.com"],"remaining":769123.540604257}

My actual network (since May) is as follows:
ISP --> Modem --> pfSense --> Switch --> NextClound.

Before May it was:
ISP --> ISP router --> NextCould

I'm using pfSense Dynamic DNS to update my external IP to Cloudflare (using an A record in Cloudflare).
In pfSense I have set a host override so that my FQDN resolves to my jail inside my network, I have as well opened port 80 and 443 (although it should not be required using DNS as far as I understood) but I cannot resolve the issue.
Obviously my new configuration screwed up the DNS set up but I cannot find where I'm doing something wrong.

Any help is really appreciated.

Thanks a lot
Nicola
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,457
and here the is the output of tail /var/log/caddy.log:
I would expect there to be more there--can you post a few more lines? Because otherwise, everything else looks OK, and you're right that you shouldn't need 80/443 open to your jail in order to renew the cert with DNS validation.
 

nick23369

Cadet
Joined
Jan 19, 2021
Messages
8
Ups sorry, I thought I copied more lines. Anyhow here there is the output:
Code:
{"level":"info","ts":1627663496.5021982,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["example.com"],"remaining":703723.497802444}
{"level":"info","ts":1627664096.5325203,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["example.com"],"remaining":703123.467480438}
{"level":"info","ts":1627664696.5220306,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["example.com"],"remaining":702523.477969917}
{"level":"info","ts":1627665044.2138884,"logger":"tls.renew","msg":"renewing certificate","identifier":"example.com","remaining":702175.786113368}
{"level":"info","ts":1627665045.825654,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"example.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1627665047.2786791,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"example.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for example.com (probably OK if presenting failed)"}
{"level":"info","ts":1627665049.6973739,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"example.com","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1627665050.529697,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"example.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for example.com (probably OK if presenting failed)"}
{"level":"error","ts":1627665051.12809,"logger":"tls.renew","msg":"will retry","error":"[example.com] Renew: [example.com] solving challenges: presenting for challenge: adding temporary record for zone com.: expected 1 zone, got 0 for com. (order=https://acme.zerossl.com/v2/DV90/order/-jRq_ld9b61ZIZZmNfbc4g) (ca=https://acme.zerossl.com/v2/DV90)","attempt":60,"retrying_in":21600,"elapsed":1058754.660798463,"max_duration":2592000}
{"level":"info","ts":1627665296.4773295,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["example.com"],"remaining":701923.522671224}

Thanks for taking time to look into this.
 

nick23369

Cadet
Joined
Jan 19, 2021
Messages
8
In the mean time I restarted Caddy to see if something was changing and I got more log
Code:
{"level":"info","ts":1627673696.4731736,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["example.com"],"remaining":693523.526827023}
{"level":"info","ts":1627673866.8557456,"logger":"http.log.access","msg":"handled request","request":{"remote_addr":"128.14.134.170:55746","proto":"HTTP/1.1","method":"GET","host":"84.226.84.212","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"],"Accept":["*/*"],"Referer":["http://84.226.84.212/"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":771,"cipher_suite":49195,"proto":"","proto_mutual":true,"server_name":""}},"common_log":"128.14.134.170 - - [30/Jul/2021:21:37:46 +0200] \"GET / HTTP/1.1\" 0 0","duration":0.000004879,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1627674296.525296,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["example.com"],"remaining":692923.47470467}
{"level":"info","ts":1627674896.4768107,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["example.com"],"remaining":692323.52318987}
{"level":"info","ts":1627675183.6531477,"logger":"http.log.access","msg":"handled request","request":{"remote_addr":"183.136.225.14:47539","proto":"HTTP/1.1","method":"GET","host":"84.226.84.212:443","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":771,"cipher_suite":49196,"proto":"","proto_mutual":true,"server_name":""}},"common_log":"183.136.225.14 - - [30/Jul/2021:21:59:43 +0200] \"GET / HTTP/1.1\" 0 0","duration":0.000004068,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1627675185.158426,"logger":"http.log.access","msg":"handled request","request":{"remote_addr":"183.136.225.14:54629","proto":"HTTP/1.1","method":"GET","host":"84.226.84.212:443","uri":"/","headers":{"Connection":["close"],"User-Agent":["Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE"],"Accept":["*/*"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":771,"cipher_suite":49195,"proto":"","proto_mutual":true,"server_name":""}},"common_log":"183.136.225.14 - - [30/Jul/2021:21:59:45 +0200] \"GET / HTTP/1.1\" 0 0","duration":0.000003296,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1627675186.1166399,"logger":"http.log.access","msg":"handled request","request":{"remote_addr":"183.136.225.14:6435","proto":"HTTP/1.1","method":"GET","host":"84.226.84.212:443","uri":"/favicon.ico","headers":{"Accept-Encoding":["gzip"],"Connection":["close"],"User-Agent":["Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE"],"Accept":["*/*"]},"tls":{"resumed":false,"version":771,"cipher_suite":49195,"proto":"","proto_mutual":true,"server_name":""}},"common_log":"183.136.225.14 - - [30/Jul/2021:21:59:46 +0200] \"GET /favicon.ico HTTP/1.1\" 0 0","duration":0.000001222,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1627675496.4550421,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["example.com"],"remaining":691723.544958876}
{"level":"info","ts":1627675767.6408079,"logger":"http.log.access","msg":"handled request","request":{"remote_addr":"193.118.53.194:48266","proto":"HTTP/1.1","method":"GET","host":"84.226.84.212","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"],"Accept":["*/*"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":771,"cipher_suite":49195,"proto":"","proto_mutual":true,"server_name":""}},"common_log":"193.118.53.194 - - [30/Jul/2021:22:09:27 +0200] \"GET / HTTP/1.1\" 0 0","duration":0.000003767,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1627676096.4530761,"logger":"tls.cache.maintenance","msg":"certificate expires soon; queuing for renewal","identifiers":["example.com"],"remaining":691123.546924247}
 

ThatGuyAZ

Dabbler
Joined
Apr 28, 2021
Messages
32
Thank you for this script, I have used it and believe that I have a semi working version of NextCloud installed. I have a couple questions thought that I'm hoping someone can help me with. Some of these questions have to do with my inexperience with NextCloud, others my inexperience with TrueNAS. Any help you can provide would be greatly appreciated.

  • First I use a host-name of "nextcloud.mydomain.com" although I didn't receive any errors. I couldn't access the login from that domain and I received this error when trying to access it (ERR_SSL_PROTOCOL_ERROR) regardless of browser I used. Had to nuke the jail. Now I can access Nextcloud from http://mydomain.com; Can this be changed to make the wildcard work?
  • I use namecheap for my domain and my Dynamic DNS updating (along with pfsense). I'm thinking it may be best to buy a SSL that will cover all wildcards so that I can do SSL for my jails (unifi, pfsense, plex, nextcloud, etc). Is there a way to incorporate an SSL purchased from another provider with Nextcloud using your script? If not using your script, is there a resource elsewhere to provide this functionality?
  • I followed the resource and added the 4 datasets. My intended usage of Nextcloud is to do camera uploads from my phone to my NAS. I then have another dataset with all of my pictures that I copy the images/videos I want to keep to. How would I do this, as Nextcloud currently only has access to the dataset that I created. I have other datasets that I also might like to move files to/from and from reading up this should not be done outside of Nextcloud........So how do I do this with nextcloud?
  • In the instructions you state regarding changing zfs = metadata for a dataset (db). How do I confirm that this was done correctly? the instructions seem wrong to me (doesn't include the "/mnt" portion) however my knowledge of Truenas is in the infancy stage. I'd like some way to verify that the dataset is indeed setup correctly.
  • Lastly, this is no criticism, I am only pointing it out to help. The example you provide for the config file doesn't have the standalone cert option correct. It should be STANDALONE_CERT="1" (quotations missing on the github). I missed that in my cut and paste, so it took me a minute to see what I had done wrong.

Thank you so much for your time creating this excellent script.
 

T_T

Explorer
Joined
Jul 24, 2018
Messages
64
Update on the command line. Be aware that there may be additional steps if e.g. MySQL/MariaDB gets an update. Info about that can be found in the MySQL/MariaDB docs. And definitely after every Nextcloud update you need to run the occ tool to upgrade your database. All about that can be found in the Nextcloud documentation.

I believed I might have successfully upgrade the jail using the command line and be low is the picture I got after the upgrade. What step or command to I need to run for MySQL/MariaDB? and how do I run the nextcloud OCC command and what is that OCC for?
nextcloud jail post upgrade.png
 
Last edited:

T_T

Explorer
Joined
Jul 24, 2018
Messages
64
Would someone be kind enough to share their Nextcloud upload/download speeds locally and externally? I'm more interested in large file transfers rather than lots of small files.

I've recently used the scripted installation to set up my Nextcloud Jail and everything is working as expected, SSL is enabled and a proper certificate from let's encrypt is being used.

However, I expected faster upload/download speeds than I'm currently getting. Over LAN, download seems to be capped at around 8-9 MB/s (megabytes), while upload is usually double that around 16-19 MB/s. Over WAN the speeds are basically cut in half, so around 4 MB/s down and around 8 up. I should also state that I do not have file encryption turned on.

Now I've done some tests and can confirm running Nextcloud in HTTP yields basically a full gigabit of transfer speeds. Running in https with a self signed SSL cert brings the speeds down tremendously, but as to be expected I suppose. Download speeds averaged around 45 MB/s while curiously uploads started high but quickly throttled to around 20 MB/s while using a self signed cert.

I'm not so familiar with how SSL encryption works or how self signed certs vs CA signed may differ, but I'd like to know if the speeds I'm experiencing are to be expected.

what method are you using to upload the files to your nextcloud. I'm also trying to figure out the fastest way to migrate data from an external hard drive I have into nextcloud but it took forever to just copy and paste. I don't know how you got to 45 MB/s.
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
I believed I might have successfully upgrade the jail using the command line and be low is the picture I got after the upgrade. What step or command to I need to run for MySQL/MariaDB? and how do I run the nextcloud OCC command and what is that OCC for?
It says right in your screenshot to run mysql_upgrade.

Log in to your jail and become root - either direct ssh or iocage console as you prefer. Type mysql_upgrade -p. Enter the root password of the database server. Watch for error messages. If there are none, all is good.

Then run - still as root: su -m www -c "/usr/local/bin/php /usr/local/www/nextcloud/occ upgrade".
Documentation for that can be found here:

Restart your jail. Done.

HTH,
Patrick
 
  • Like
Reactions: T_T

T_T

Explorer
Joined
Jul 24, 2018
Messages
64
It says right in your screenshot to run mysql_upgrade.

Log in to your jail and become root - either direct ssh or iocage console as you prefer. Type mysql_upgrade -p. Enter the root password of the database server. Watch for error messages. If there are none, all is good.

Then run - still as root: su -m www -c "/usr/local/bin/php /usr/local/www/nextcloud/occ upgrade".
Documentation for that can be found here:

Restart your jail. Done.

HTH,
Patrick
Work like a charm. Thank you so much!
 
Top