nextcloud + lets encrypt missing

[phier]

hi,
any idea why there is no option/description how to enable Lets encrypt for nextcloud plugin?

thanks

 

[danb35]

Any guess I might make wouldn't be very kind to iX, so I'll just say that my script handles Let's Encrypt automatically:

GitHub - danb35/freenas-iocage-nextcloud: Script to create an iocage jail on FreeNAS for the latest Nextcloud 28 release, including Caddy, MariaDB or PostgreSQL, and Let's Encrypt

Script to create an iocage jail on FreeNAS for the latest Nextcloud 28 release, including Caddy, MariaDB or PostgreSQL, and Let's Encrypt - danb35/freenas-iocage-nextcloud

github.com

 

[phier]

Any guess I might make wouldn't be very kind to iX, so I'll just say that my script handles Let's Encrypt automatically:

GitHub - danb35/freenas-iocage-nextcloud: Script to create an iocage jail on FreeNAS for the latest Nextcloud 28 release, including Caddy, MariaDB or PostgreSQL, and Let's Encrypt

Script to create an iocage jail on FreeNAS for the latest Nextcloud 28 release, including Caddy, MariaDB or PostgreSQL, and Let's Encrypt - danb35/freenas-iocage-nextcloud

github.com

thats nice but its another "fork" from official stuff ;///

 

[danb35]

The "official stuff" in terms of plugins is deprecated, so I don't see much (read: any) value in trying to stick with it. But, naturally, you should do what seems best to you.

 

[phier]

@danb35 i read they did parthership with nextcloud so its up to date, isnt it?

 

[danb35]

The entire plugin ecosystem is, in the words of @Kris Moore, "for all intents and purposes deprecated" and "a path to sadness." See https://www.truenas.com/community/threads/just-a-rant-emby-plugin-update.102324/post-703911 and https://www.truenas.com/community/t...s3-bucket-with-immutability.88895/post-703828

 

[phier]

ah okay ;/ thanks

your script looks great, i mean the way how the environment of nextcloud is set up etc... but its also not up to date, isnt it?

 

[danb35]

I haven't updated the script to default to Nextcloud 24, but I have tested it, and it works fine. Just set NEXTCLOUD_VERSION=24 in the config file and it will install that version. Everything else is installed from the FreeBSD packages, which are pretty up-to-date. And keeping it up-to-date can be done through the built-in Nextcloud updater and/or the FreeBSD package system.

 

[phier]

@danb35 i see,
or maybe what about https://www.samueldowling.com/2020/...n-freenas-iocage-jail-with-hardened-security/ ?

 

[danb35]

If you're wanting to be up-to-date, that guide might not be the way to go.

 

[phier]

If you're wanting to be up-to-date, that guide might not be the way to go.

ah why... ?:(

 

[phier]

so it failed... ;/
nextcloud-config
NEXTCLOUD_VERSION="24.0.3"

Code:

go: downloading github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
2022/08/02 19:38:38 [INFO] exec (timeout=0s): /usr/local/bin/go build -o /usr/local/bin/caddy -ldflags -w -s -trimpath
2022/08/02 19:40:37 [INFO] Build complete: /usr/local/bin/caddy
2022/08/02 19:40:37 [INFO] Cleaning up temporary folder: /tmp/buildenv_2022-08-02-1936.907415802
fetch: https://download.nextcloud.com/server/releases/latest-24.0.3.tar.bz2: Not Found
fetch: https://download.nextcloud.com/server/releases/latest-24.0.3.tar.bz2.asc: Not Found
/tmp/nextcloud.asc                                    3100  B   19 MBps    00s
Command: fetch -o /tmp https://download.nextcloud.com/server/releases/latest-24.0.3.tar.bz2 https://download.nextcloud.com/server/releases/latest-24.0.3.tar.bz2.asc https://nextcloud.com/nextcloud.asc failed!
Failed to download Nextcloud

Script done, output file is nextcloud.log

now question would be... do i have to kill (remove) jail and start again?

 

[danb35]

now question would be... do i have to kill (remove) jail and start again?

Yes.

NEXTCLOUD_VERSION="24.0.3"

Look at my earlier post again--I said NEXTCLOUD_VERSION="24". Just specify the major version; the script automatically downloads the latest minor release in that.

 

[phier]

so i completely removed the jail ... and executed the command from the scratch .. but still cant access it :(

and i am using duckdns.org instead of Cloudflare...

and when i try access it from local ip it says >

 

[phier]

Look at my earlier post again--I said NEXTCLOUD_VERSION="24". Just specify the major version; the script automatically downloads the latest minor release in that.

yes fixed but still cant access it :(

thats what i was saying undocumented and now who can fix the stuff... nooeone as noone has any idea whats and how is setup there...


and the /var/log/domainname file is full of records as ...

Code:

{"level":"info","ts":1659468624.9242651,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"193.37.33.11","remote_port":"11073","proto":"HTTP/1.1","method":"GET","host":"xxxx1.duckdns.org","uri":"/","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"xxx.duckdns.org"}},"user_id":"","duration":0.022436067,"size":0,"status":302,"resp_headers":{"Content-Security-Policy":["default-src 'self'; script-src 'self' 'nonce-RG5CUGExL2xtZ1NHOTBscDM1MEdsQ3lvNTBlcUdJemZmd0tURE1EdUM3UT06UmlNRFVoaUozVkRWd240UnZPaEl4QjNkc0RQTlcveW5Na3pXZVpIQmJmWT0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';"],"X-Content-Type-Options":["nosniff"],"X-Robots-Tag":["none"],"X-Frame-Options":["SAMEORIGIN"],"Location":["https://xxx1.duckdns.org/login"],"Content-Type":["text/html; charset=UTF-8"],"Cache-Control":["no-store, no-cache, must-revalidate"],"X-Permitted-Cross-Domain-Policies":["none"],"Referrer-Policy":["no-referrer"],"X-Xss-Protection":["1; mode=block"],"Status":["302 Found"],"Expires":["Thu, 19 Nov 1981 08:52:00 GMT"],"Set-Cookie":[],"Server":["Caddy"],"X-Powered-By":["PHP/8.0.20"],"Pragma":["no-cache"]}}
{"level":"info","ts":1659468625.2010803,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"193.37.33.11","remote_port":"11073","proto":"HTTP/1.1","method":"GET","host":"xxxx1.duckdns.org","uri":"/login","headers":{"User-Agent":["python-requests/2.22.0"],"Accept-Encoding":["gzip, deflate"],"Accept":["*/*"],"Connection":["keep-alive"],"Cookie":[]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"xxx.duckdns.org"}},"user_id":"","duration":0.030864936,"size":4258,"status":200,"resp_headers":{"Content-Security-Policy":["default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self'"],"Server":["Caddy"],"Content-Type":["text/html; charset=UTF-8"],"X-Frame-Options":["SAMEORIGIN"],"Cache-Control":["no-cache, no-store, must-revalidate"],"X-Request-Id":["NIvBZt0OLv5FM5graEQW"],"X-Powered-By":["PHP/8.0.20"],"Referrer-Policy":["no-referrer"],"Pragma":["no-cache"],"Expires":["Thu, 19 Nov 1981 08:52:00 GMT"],"X-Permitted-Cross-Domain-Policies":["none"],"Content-Encoding":["gzip"],"Feature-Policy":["autoplay 'self';camera 'none';fullscreen 'self';geolocation 'none';microphone 'none';payment 'none'"],"Content-Length":["4258"],"X-Xss-Protection":["1; mode=block"],"X-Content-Type-Options":["nosniff"],"X-Robots-Tag":["none"]}}

caddy log

Code:

{"level":"info","ts":1659468792.4528084,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"xxxx.duckdns.org"}
{"level":"info","ts":1659468792.452817,"logger":"tls.obtain","msg":"releasing lock","identifier":"xxxx.duckdns.org"}

 

[phier]

like all the projects without proper documentation - doomed.

maybe the issue is that the nextcloud is running behind 2 NATs? Ie 1. nat on the provider router; 2. nat on my openwrt router... then nextcloud jail

have no clue

 

[Patrick M. Hausen]

This is free community driven open source software - the Nextcloud script by Dan. It is assumed that whoever uses it has got some basic system administration skills and experience running Unix systems. Possibly you are better off just renting a Nextcloud full service.

1 TB of fully managed Nextcloud storage can be had for less than 5 €/$ per month:

Storage Share

www.hetzner.com

Also you are free to buy professional services like with any other complex IT product. Nextcloud itself is at least as complex as your entire TrueNAS operating system.

 

[phier]

1 TB of fully managed Nextcloud storage can be had for less than 5 €/$ per month:
https://www.hetzner.com/de/storage/storage-share

no i dont need that. thanks...

 

[danb35]

like all the projects without proper documentation - doomed.

There's a support thread for that script, and it's linked in the GitHub repo. This isn't it. There's also pretty thorough documentation. I'm happy to address deficiencies if they're identified, but a drive-by line like this makes you look like a smart*ss, and doesn't do much to motivate me to help you. One of the things that documentation says is that you shouldn't expect access via IP address to work. Another of the things it says is that your hostname needs to resolve to the local IP of your jail from inside your network. I'd expect one or the other, or both, of these is responsible for the issues you're seeing.

 

[phier]

There's a support thread for that script, and it's linked in the GitHub repo.

yes i checked ppl mentioned similar issues but no fix was mentioned... ;/

you shouldn't expect access via IP address to work

yes thats correct and it doesnt work.

. Another of the things it says is that your hostname needs to resolve to the local IP of your jail from inside your network. I'd expect one or the other, or both, of these is responsible for the issues you're seeing.

this part i dont get...
how can you resolve public hostname to the local ip?

i dont know if issue is because the jail is behind 2 NATs ... no clue.