tls
dns <long API token>
I haven't. I think it'd be a helpful feature, but I don't want my script to be Cloudflare-specific if I can help it.if you have looked into the use of the Zero Access Tunnels feature in Cloudflare in order to prevent the need to open 80 and 443?
This is actually really simple.if you have looked into the use of the Zero Access Tunnels feature in Cloudflare in order to prevent the need to open 80 and 443?
service cloudflared start
and it starts working.#!/bin/sh # PROVIDE: cloudflared # REQUIRE: cleanvar SERVERS # # Options to configure cloudflared via /etc/rc.conf: # # cloudflared_enable (bool) Enable service on boot # Default: NO # # cloudflared_conf (str) Config file to use # Default: /usr/local/etc/cloudflared/config.yml # # cloudflared_mode (str) Mode to run cloudflared as (e.g. 'tunnel', 'tunnel run' # or 'proxy-dns'). Should you use the default, a free # tunnel is set up for you. # Default: "tunnel" . /etc/rc.subr name="cloudflared" rcvar="cloudflared_enable" logfile="/var/log/cloudflared.log" pidfile="/var/run/cloudflared.pid" procname="/usr/local/bin/cloudflared" load_rc_config $name : ${cloudflared_enable:="NO"} : ${cloudflared_conf:="/usr/local/etc/cloudflared/config.yml"} : ${cloudflared_mode:="tunnel run"} : ${cloudflared_token:="eyJhIjoiZjU2YzQ5MTk4ZGQ1NGY4ZjNlY2JjOGI3NjQxY2Y3ZGEiLCJ0IjoiMmQ4ZGVlMTUtODc3MS00OTJiLWFiZmItMGE1YTE5YTg4ODBhIiwicyI6Ik5qUXdOR1UyT1RNdE5XVTJNaTAwTVROakxXSTBNamd0TmpFNU56Y3daVGhtTTJNeCJ9"} command="/usr/sbin/daemon" command_args="-o ${logfile} -p ${pidfile} -f ${procname} ${cloudflared_mode} --token ${cloudflared_token}" run_rc_command "$1"
I think i found the issue as per this post.This is more or less out of curiosity.
I just destroyed a jail that was created about a year ago and tried to do a reinstall.
It installed, but then gave a 500 error when trying to access. I’ve done this before without errors but it was within a few days of each other.
I wonder if this is because of the new php81 packages, or something that changed in the script or Nextcloud.
Nextcloud version was 26 on both the install and reinstall.
PHP:Error: Error: rename(/var/log/nextcloud.log,/var/log/nextcloud.log.1): Permission denied at /usr/local/www/nextcloud/lib/public/Log/RotationTrait.php#52 at <<closure>> 0. <<closure>> OC\Log\ErrorHandler::onError(2, "rename(/var/log ... d", "/usr/local/www/ ... p", 52) 1. /usr/local/www/nextcloud/lib/public/Log/RotationTrait.php line 52 rename("/var/log/nextcloud.log", "/var/log/nextcloud.log.1") 2. /usr/local/www/nextcloud/lib/private/Log/Rotate.php line 44 OC\Log\Rotate->rotate() 3. /usr/local/www/nextcloud/lib/private/BackgroundJob/Job.php line 54 OC\Log\Rotate->run(null) 4. /usr/local/www/nextcloud/cron.php line 152 OC\BackgroundJob\Job->execute(["OC\\BackgroundJob\\JobList"], ["OC\\Log"]) at 2023-06-05T08:50:02+02:00 [mail] Error: OCA\Mail\Exception\ServiceException: IMAP error synchronizing account 1: Error connecting to mail server. at <<closure>> 0. /usr/local/www/nextcloud/apps/mail/lib/BackgroundJob/SyncJob.php line 121 OCA\Mail\IMAP\MailboxSync->sync(["OCA\\Mail\\Account"], ["OC\\AppFramework\\ScopedPsrLogger"], true) 1. /usr/local/www/nextcloud/lib/public/BackgroundJob/Job.php line 79 OCA\Mail\BackgroundJob\SyncJob->run([1]) 2. /usr/local/www/nextcloud/lib/public/BackgroundJob/TimedJob.php line 95 OCP\BackgroundJob\Job->execute(["OC\\BackgroundJob\\JobList"], ["OC\\Log"]) 3. /usr/local/www/nextcloud/cron.php line 152 OCP\BackgroundJob\TimedJob->execute(["OC\\BackgroundJob\\JobList"], ["OC\\Log"]) at 2023-06-05T08:20:03+02:00 [PHP] Error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 12288 bytes) at /usr/local/www/nextcloud/lib/public/AppFramework/Db/Entity.php#68 at 2023-06-05T08:17:19+02:00 [PHP] Error: Error: dns_get_record(): A temporary server error occurred. at /usr/local/www/nextcloud/lib/private/Http/Client/DnsPinMiddleware.php#83 at <<closure>> 0. <<closure>> OC\Log\ErrorHandler::onError(2, "dns_get_record( ... .", "/usr/local/www/ ... p", 83) 1. /usr/local/www/nextcloud/lib/private/Http/Client/DnsPinMiddleware.php line 83 dns_get_record("api.met.no", 16) 2. /usr/local/www/nextcloud/lib/private/Http/Client/DnsPinMiddleware.php line 128 OC\Http\Client\DnsPinMiddleware->dnsResolve("api.met.no", 1) 3. /usr/local/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php line 35 OC\Http\Client\DnsPinMiddleware->OC\Http\Client\{closure}("*** sensitive parameters replaced ***") 4. /usr/local/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php line 31 GuzzleHttp\PrepareBodyMiddleware->__invoke("*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***") 5. /usr/local/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php line 71 GuzzleHttp\Middleware::GuzzleHttp\{closure}("*** sensitive parameters replaced ***") 6. /usr/local/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php line 63 GuzzleHttp\RedirectMiddleware->__invoke("*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***") 7. /usr/local/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/HandlerStack.php line 75 GuzzleHttp\Middleware::GuzzleHttp\{closure}("*** sensitive parameters replaced ***") 8. /usr/local/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php line 331 GuzzleHttp\HandlerStack->__invoke("*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***") 9. /usr/local/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php line 168 GuzzleHttp\Client->transfer("*** sensitive parameters replaced ***", "*** sensitive parameters replaced ***") 10. /usr/local/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php line 187 GuzzleHttp\Client->requestAsync("get", ["GuzzleHttp\\Psr7\\Uri"], ["/mnt/files/fil ... "]) 11. /usr/local/www/nextcloud/lib/private/Http/Client/Client.php line 218 GuzzleHttp\Client->request("get", "https://api.met ... 6", ["/mnt/files/fil ... "]) 12. /usr/local/www/nextcloud/apps/weather_status/lib/Service/WeatherStatusService.php line 415 OC\Http\Client\Client->get("https://api.met ... 6", [["NextcloudWeat ... ]]) 13. /usr/local/www/nextcloud/apps/weather_status/lib/Service/WeatherStatusService.php line 380 OCA\WeatherStatus\Service\WeatherStatusService->requestJSON("https://api.met ... t", ["55.65","12.49",6]) 14. /usr/local/www/nextcloud/apps/weather_status/lib/Service/WeatherStatusService.php line 358 OCA\WeatherStatus\Service\WeatherStatusService->forecastRequest(55.646701, 12.485637, 6) 15. /usr/local/www/nextcloud/apps/weather_status/lib/Controller/WeatherStatusController.php line 118 OCA\WeatherStatus\Service\WeatherStatusService->getForecast() 16. /usr/local/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 225 OCA\WeatherStatus\Controller\WeatherStatusController->getForecast() 17. /usr/local/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 133 OC\AppFramework\Http\Dispatcher->executeController(["OCA\\WeatherSt ... "], "getForecast") 18. /usr/local/www/nextcloud/lib/private/AppFramework/App.php line 172 OC\AppFramework\Http\Dispatcher->dispatch(["OCA\\WeatherSt ... "], "getForecast") 19. /usr/local/www/nextcloud/lib/private/Route/Router.php line 298 OC\AppFramework\App::main("OCA\\WeatherSta ... r", "getForecast", ["OC\\AppFramewo ... "], ["ocs.weather_st ... "]) 20. /usr/local/www/nextcloud/ocs/v1.php line 62 OC\Route\Router->match("/ocsapp/apps/we ... t") 21. /usr/local/www/nextcloud/ocs/v2.php line 23 require_once("/usr/local/www/nextcloud/ocs/v1.php") GET /ocs/v2.php/apps/weather_status/api/v1/forecast from 10.0.30.21 by walden at 2023-06-05T07:59:14+02:00 [/QUOTE]
Couldn't say, I just ran the script and let things be (well, with a few additions in the config.php).Why is Nextcloud logging to /var/log instead of the data directory at all?
There might be something about that.Looks like your jail does not have full Internet connectivity
# Generated by resolvconf search local nameserver 10.0.30.43 nameserver 1.1.1.1
root@nextcloud:~ # ping 8.8.8.8 ping: ssend socket: Operation not permitted
root@truenas[~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes ping: sendto: No route to host
iocage get ip4_addr <name of nextcloud jail>; iocage get defaultrouter <name of nextcloud jail>
IP of jail is 10.0.30.67 (lagg1|10.0.30.67/24), and of router is 10.0.30.1.iocage get ip4_addr <name of nextcloud jail>; iocage get defaultrouter <name of nextcloud jail>
What additions?Couldn't say, I just ran the script and let things be (well, with a few additions in the config.php).
It was a reinstall around May/June 2022.When did you run the script?
Did you run in as a new installation, or reinstall action?
I just ran it yesterday as a new installation and everything is fine.
What additions?
<?php $CONFIG = array ( 'passwordsalt' => 'REDACTED', 'secret' => 'REDACTED', 'trusted_domains' => array ( 0 => 'localhost', 1 => 'next.MY.DOMAIN', 2 => '10.0.10.*', 3 => '10.0.30.67', 4 => '10.0.30.21', ), 'trusted_proxies' => array ( 0 => '10.0.30.21', 1 => '127.0.0.1', ), 'forwarded_for_headers' => array ( 0 => 'HTTP_X_FORWARDED_FOR', ), 'datadirectory' => '/mnt/files', 'dbtype' => 'mysql', 'version' => '24.0.12.1', 'overwrite.cli.url' => 'https://next.MY.DOMAIN', 'overwriteprotocol' => 'https', 'dbname' => 'nextcloud', 'dbhost' => 'localhost:/tmp/mysql.sock', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud', 'dbpassword' => 'REDACTED' 'installed' => true, 'instanceid' => 'REDACTED', 'logtimezone' => 'Europe/Copenhagen', 'default_phone_region' => 'DK', 'log_type' => 'file', 'logfile' => '/var/log/nextcloud.log', 'loglevel' => 3, 'logrotate_size' => '104847600', 'memcache.local' => '\\OC\\Memcache\\APCu', 'mail_smtpmode' => 'smtp', 'mail_sendmailmode' => 'smtp', 'mail_smtphost' => '10.0.30.21', 'maintenance' => false, 'theme' => '', 'twofactor_enforced' => 'true', 'twofactor_enforced_groups' => array ( ), 'twofactor_enforced_excluded_groups' => array ( 0 => 'no-TOTP', ), 'mail_smtpport' => '25', 'app_install_overwrite' => array ( 0 => 'files_texteditor', ), 'mail_from_address' => 'mail', 'mail_domain' => 'MY.DOMAIN', );
Error: Traceback (most recent call last): File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 156, in _new_conn conn = connection.create_connection( File "/usr/local/lib/python3.9/site-packages/urllib3/util/connection.py", line 84, in create_connection raise err File "/usr/local/lib/python3.9/site-packages/urllib3/util/connection.py", line 74, in create_connection sock.connect(sa) OSError: [Errno 65] No route to host During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 665, in urlopen httplib_response = self._make_request( File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 376, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 994, in _validate_conn conn.connect() File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 334, in connect conn = self._new_conn() File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 168, in _new_conn raise NewConnectionError( urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x82c54c6d0>: Failed to establish a new connection: [Errno 65] No route to host During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 719, in urlopen retries = retries.increment( File "/usr/local/lib/python3.9/site-packages/urllib3/util/retry.py", line 436, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='www.freebsd.org', port=443): Max retries exceeded with url: /security/unsupported.html (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x82c54c6d0>: Failed to establish a new connection: [Errno 65] No route to host')) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 138, in call_method result = await self.middleware._call(message['method'], serviceobj, methodobj, params, app=self, File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1224, in _call return await self.run_in_executor(prepared_call.executor, methodobj, *prepared_call.args) File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1128, in run_in_executor return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs)) File "/usr/local/lib/python3.9/concurrent/futures/thread.py", line 52, in run result = self.fn(*self.args, **self.kwargs) File "/usr/local/lib/python3.9/site-packages/middlewared/schema.py", line 979, in nf return f(*args, **kwargs) File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/jail_freebsd.py", line 827, in releases_choices choices = {str(k): str(k) for k in ListableReleases(remote=remote)} File "/usr/local/lib/python3.9/site-packages/iocage_lib/release.py", line 47, in __init__ self.eol_list = IOCFetch.__fetch_eol_check__() File "/usr/local/lib/python3.9/site-packages/iocage_lib/ioc_fetch.py", line 114, in __fetch_eol_check__ req = requests.get(_eol) File "/usr/local/lib/python3.9/site-packages/requests/api.py", line 75, in get return request('get', url, params=params, **kwargs) File "/usr/local/lib/python3.9/site-packages/requests/api.py", line 60, in request return session.request(method=method, url=url, **kwargs) File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 533, in request resp = self.send(prep, **send_kwargs) File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 516, in send raise ConnectionError(e, request=request) requests.exceptions.ConnectionError: HTTPSConnectionPool(host='www.freebsd.org', port=443): Max retries exceeded with url: /security/unsupported.html (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x82c54c6d0>: Failed to establish a new connection: [Errno 65] No route to host'))
That's where my script sets it, because that's where log files generally go--but I hadn't considered permissions in there to rename/create files. Most likely this problem has been there for a long time, and nobody's noticed it. I'm thinking the fix is going to be to create /var/log/nextcloud/, set its permissions appropriately, and put the log file there--I'll see if I can get that into the script in the next few days.Why is Nextcloud logging to /var/log instead of the data directory at all? That's not the default. @danb35? Your call?
The log file that will help the most would be at /var/log/caddy/caddy.logGreat script, the explanation was clear as well and everything seemed to be going pretty smooth. The only thing is that now the Jail doesn't seem to be responding to a request towards the FQDN. What I did:
- I went through this thread (sort off, it's 133 pages)
- I already found out at first that DHCP was not supported, I fixed that by adding a DHCP reservation
- I made sure DNS is set correctly
- I can ping/resolve DNSthe Jail and I can ping/resolve DNS from the Jail
- I searched in /var/log, nextcloud.log seems to be empty
- I restarted the Jail multiple times, also went through the installation log, I don't see any errors.
Can anybody point me in the right direction how I can troubleshoot this? Sadly I don't know Nextcloud good enough yet to understand how it works under the hood. Thanks!