Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

[Gblenn]

The only thing there that's at all out of the ordinary is the use of Caddy rather than Apache/Nginx, which I do to simplify the configuration (the server config file with Apache is 10x longer than it is with Caddy) and to take care of all the TLS stuff.

That is completely understandable although I suppose it does limit the amount of support available as most other installations are either Apache or Nginx?
Clearly the config files for Nginx are quite extensive, but at least they are available at : docs.nextcloud.com/.../installation/nginx.htm
Not sure that means they can be pulled by the script or you would have to make a copy for download?

But perhaps there is way more to it that I don't see?

It's kind of interesting to me that this was added, and noted as required, two years ago, but I've had no reports of problems until now. But in principle it shouldn't be too difficult to translate from nginx to Caddyfile syntax here. Just not sure when I'll get to it.

Agree, and I have tested all the way up to version 27 and it still works fine. This problem seems to have popped up with 28.0.1...

 

[Gblenn]

It’s probably Nextcloud 28. I’m having some issues as well but with uploading. In 27 I was able
To drag multiple files to upload, but with 28 I can only do one at a time. If I do multiple files, it only uploads one of them.

I just noticed the same thing... so it's both upload and download of multiple files that is broken...

However, this seems to be addressed as a bug... https://github.com/nextcloud/server/issues/43074

In the meantime, you can click the + New button and select as many files as you want and that upload works.

 

[danb35]

rewrite {
regexp ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) to /index.php{uri}
}

This highlights a problem with ChatGPT, in that it will confidently give wrong information. In this case, it gave what might have been correct syntax for Caddy v1 (the overall syntax is at least correct for Caddy v1; I can't vouch for the regex specifically), but is decidedly incorrect for Caddy v2.

 

[Gblenn]

This highlights a problem with ChatGPT, in that it will confidently give wrong information. In this case, it gave what might have been correct syntax for Caddy v1 (the overall syntax is at least correct for Caddy v1; I can't vouch for the regex specifically), but is decidedly incorrect for Caddy v2.

I was listening to a keynote by Timotheus Höttges (CEO of DT Germany) on Monday, and he was saying that the "hallucination rate" is somwhere between 3 and 27 percent depending on which AI engine we are using. I do belive OpenAI was the best in that regard though...

 

[danb35]

Surely part of the problem is people misusing it. But there have been cases where it completely invented legal precedent, in at least one case resulting in pretty stiff sanctions against a lawyer who relied on it as a legal research tool.

In your case, if you'd specified Caddy v2 syntax, it might have made a difference (or maybe not). But I think I'm OK with the Caddy part now; the question is going to be whether the regex itself is in proper RE2 syntax.

 

[Gblenn]

Surely part of the problem is people misusing it. But there have been cases where it completely invented legal precedent, in at least one case resulting in pretty stiff sanctions against a lawyer who relied on it as a legal research tool.

In your case, if you'd specified Caddy v2 syntax, it might have made a difference (or maybe not). But I think I'm OK with the Caddy part now; the question is going to be whether the regex itself is in proper RE2 syntax.

I actually had exactly that type of problem when trying to help a relative with a contractual problem. It even gave me the registration number for the court ruling. But when I googled I couldn't find it and when I got back about that, ChatGPT said it was "sorry, that was hypothetical"... hmmm

 

[cdog89]

Hi. TIA for your help. Please excuse my general lack of knowledge with whatever simple mistake I am making. Following the guide to run the script: I've created the directories, pulled the github files, and created the config file (shown below). I couldn't run 'script nextcloud.log./nextcloud-jail.sh' as it indicated in the directions. And when I run 'script nextcloud-jail.sh' it outputs the following 'Script started, output file is nextcloud-jail.sh', then returns to a prompt. Then it doesn't seem to do anything, even after waiting 15 minutes.

Config file:
JAIL_IP="192.168.86.200"
DEFAULT_GW_IP="192.168.86.1"
POOL_PATH="/mnt/Pool 1"
TIME_ZONE="America/Chicago"
HOST_NAME="nextcloud.local"
DNS_CERT=1
CERT_EMAIL="xxxx"

 

[danb35]

it outputs the following 'Script started, output file is nextcloud-jail.sh', then returns to a prompt.

I think the problem is as simple as a missing space--you should be running script nextcloud.log ./nextcloud-jail.sh; note the space between .log and ./.

But If the only thing you've changed in your config file is to mask the email, I see a few other problems:

• Your pool name seems to have a space in it--I wouldn't expect this to directly bother the script, but it isn't considered a good practice.
• To get a cert from Let's Encrypt, you need to have a public domain name; .local isn't one.
• To use DNS validation for the cert, you also need to specify a DNS_PLUGIN, which should correspond to your DNS host
• ...and when you're doing that, you also need to specify credentials for that DNS host in the config file

 

[cdog89]

Thanks @danb35 . I know, I know, I know. I've known for some time that I should avoid spaces in all names. I foolishly created the pool name with a space. But as I understand, I can't change the pool name once it's been created, is that correct? If I can change the name, I will certainly do so.

I do have a public domain name that I originally inserted there, but maybe I got confused after reading the guide some more - I thought the domain name in the config file referred to the internal host name? And just for clarification, because the term 'host' and 'domain' are sometimes used interchangeably: In this case does HOST_NAME refer to the entire name e.g. "www.google.com", or just the domain "google.com"? I have cloudflare already setup with this domain, but I don't see in the guide what the exact syntax of that should be (e.g. DNS_PLUGIN=?).

It looks like I should have the Cloudflare API key set up before running the script. Let me ask: If I run the script and it installs nextcloud successfully. Can all of these settings be changed afterwards? Or is this a no-go and should be done upfront in the config file?

Thank you again danb. I can see that you've supported many over the years with nextcloud installs. Mucho appreciation to you.

Edit: I've set the config file as follows:


JAIL_IP="192.168.86.200"
DEFAULT_GW_IP="192.168.86.1"
POOL_PATH="/mnt/Pool 1"
TIME_ZONE="America/Chicago"
HOST_NAME="xxxx.com"
DNS_CERT=1
DNS_PLUGIN="cloudflare"
DNS_TOKEN="xxxx"
CERT_EMAIL="xxxx@xxxx"

 

[danb35]

But as I understand, I can't change the pool name once it's been created, is that correct? If I can change the name, I will certainly do so.

You can, but only at the CLI:

• Export the pool through the GUI. You obviously don't want to check the box to destroy your data.
• From the shell, zpool import "Pool 1" Pool1 - this is what renames the pool
• From the shell, zpool export Pool1
• From the GUI, import the pool

Now, this is going to mean that anything you've configured using the "Pool 1" name is going to have to be changed to "Pool1", including any shares as well as the data mountpoints for this jail. So you might reasonably decide it isn't worth the trouble--but it isn't an optimal arrangement.

In this case does HOST_NAME refer to the entire name e.g. "www.google.com", or just the domain "google.com"?

From the README:

HOST_NAME is the fully-qualified domain name you want to assign to your installation.

...so, in your example, that'd be www.google.com.

I have cloudflare already setup with this domain, but I don't see in the guide what the exact syntax of that should be (e.g. DNS_PLUGIN=?).

Again, from the README:

• DNS_PLUGIN: If DNS_CERT is set, DNS_PLUGIN must contain the name of the DNS validation plugin you'll use with Caddy to validate domain control. At this time, the only valid value is cloudflare (but see below).
• DNS_TOKEN: If DNS_CERT is set, this must be set to a properly-scoped Cloudflare API Token. You will need to create an API token through Cloudflare's dashboard, which must have "Zone / Zone / Read" and "Zone / DNS / Edit" permissions on the zone (i.e., the domain) you're using for your installation. See this documentation for further details.

So the relevant part of the config file would look like this:

Code:

DNS_CERT=1
CERT_EMAIL="(redacted)"
DNS_PLUGIN="cloudflare"
DNS_TOKEN="(redacted)"

Let me ask: If I run the script and it installs nextcloud successfully. Can all of these settings be changed afterwards?

Yes, but some more easily than others. The biggest hurdle is the DNS plugin, because that's compiled into Caddy. If you change it, you have to rebuild Caddy--you'd run xcaddy build --output /usr/local/bin/caddy --with github.com/caddy-dns/cloudflare (or whatever other plugin you'd want) inside the jail to do that. Changing the hostname would involve changes to both the Nextcloud config file inside the jail (it's at /usr/local/www/nextcloud/config/config.php) and the Caddyfile (/usr/local/www/Caddyfile). Changes to the API token and such would just require updating the Caddyfile.

 

[cdog89]

You can, but only at the CLI:

• Export the pool through the GUI. You obviously don't want to check the box to destroy your data.
• From the shell, zpool import "Pool 1" Pool1 - this is what renames the pool
• From the shell, zpool export Pool1
• From the GUI, import the pool

Now, this is going to mean that anything you've configured using the "Pool 1" name is going to have to be changed to "Pool1", including any shares as well as the data mountpoints for this jail. So you might reasonably decide it isn't worth the trouble--but it isn't an optimal arrangement.

From the README:

...so, in your example, that'd be www.google.com.

Again, from the README:

So the relevant part of the config file would look like this:

Code:

DNS_CERT=1
CERT_EMAIL="(redacted)"
DNS_PLUGIN="cloudflare"
DNS_TOKEN="(redacted)"

Yes, but some more easily than others. The biggest hurdle is the DNS plugin, because that's compiled into Caddy. If you change it, you have to rebuild Caddy--you'd run xcaddy build --output /usr/local/bin/caddy --with github.com/caddy-dns/cloudflare (or whatever other plugin you'd want) inside the jail to do that. Changing the hostname would involve changes to both the Nextcloud config file inside the jail (it's at /usr/local/www/nextcloud/config/config.php) and the Caddyfile (/usr/local/www/Caddyfile). Changes to the API token and such would just require updating the Caddyfile.

Great, I've changed the name to "Pool1" successfully. I re-ran the script and received errors. I know this is a really long copy/paste but wanted the entire output displayed here, so apologies if it's too much. I've removed the API token for security.

In reviewing, it seems that a reference to the pool path doesn't show the number '1'. Could that be the issue?

-------------------------------------------------------

Script started, output file is nextcloud.log
./nextcloud-jail.sh: Script: not found
./nextcloud-jail.sh: #: not found
./nextcloud-jail.sh: .git: not found
./nextcloud-jail.sh: .gitignore: not found
./nextcloud-jail.sh: includes: not found
./nextcloud-jail.sh: #: not found
./nextcloud-jail.sh: ot found
./nextcloud-jail.sh: 24rot found
./nextcloud-jail.sh: 49mot found
./nextcloud-jail.sh: 49m
ot found
./nextcloud-jail.sh: 34H[: not found
./nextcloud-jail.sh: 33H[: not found
./nextcloud-jail.sh: 79H






ot found cloudflareile name too long
./nextcloud-jail.sh: 24rot found
DNS_TOKEN=(redacted)




DNS_PLUGIN=cloudflarergument list too long
DNS_TOKEN=(redacted)





^G: not found


root@truenas[... 1/downloads/freenas-iocage-nextcloud]# more nextcloud-config
JAIL_IP=192.168.86.200
DEFAULT_GW_IP=192.168.86.1
POOL_PATH=/mnt/Pool: Argument list too long
Save: File name too longot found
./nextcloud-jail.sh: 1H: not found found m
^G: not foundail.sh: 23H
./nextcloud-jail.sh: 21HM-D: not found
./nextcloud-jail.sh: 61HM-B: not found
./nextcloud-jail.sh: 61H^T: not found
./nextcloud-jail.sh: 71H: not found
./nextcloud-jail.sh: 32H[: not found
not foundd-jail.sh: 1H
: not found.168.86.200
./nextcloud-jail.sh: 39: Syntax error: word unexpected (expecting ")")

Script done, output file is nextcloud.log
root@truenas[...l1/downloads/freenas-iocage-nextcloud]# more nextcloud.log
Script started on Fri Mar 1 06:03:18 2024
Command: ./nextcloud-jail.shls
script: ./nextcloud-jail.shls: No such file or directory

Command exit status: 1
Script done on Fri Mar 1 06:03:18 2024
root@truenas[...l1/downloads/freenas-iocage-nextcloud]# cd ..
root@truenas[/mnt/Pool1/downloads]# more nextcloud.log
Script started on Fri Mar 1 05:59:23 2024
Command: ./nextcloud-jail.sh
script: ./nextcloud-jail.sh: No such file or directory

Command exit status: 1
Script done on Fri Mar 1 05:59:23 2024
root@truenas[/mnt/Pool1/downloads]#
root@truenas[/mnt/Pool1/downloads]# ls
freenas-iocage-nextcloud nextcloud.log
root@truenas[/mnt/Pool1/downloads]# rm nextcloud.log
root@truenas[/mnt/Pool1/downloads]# ls
freenas-iocage-nextcloud
root@truenas[/mnt/Pool1/downloads]# cd freenas-iocage-nextcloud
root@truenas[...l1/downloads/freenas-iocage-nextcloud]# ls
.git includes nextcloud-jail.sh
.gitignore LICENSE nextcloud.log
?[?2004l?[1m?[7m#?[27m?[1m?[m nextcloud-config README.md
root@truenas[...l1/downloads/freenas-iocage-nextcloud]# script nextcloud.log ./nextcloud-jail.sh
Script started, output file is nextcloud.log
./nextcloud-jail.sh: Script: not found
./nextcloud-jail.sh: #: not found
./nextcloud-jail.sh: .git: not found
./nextcloud-jail.sh: .gitignore: not found
./nextcloud-jail.sh: includes: not found
./nextcloud-jail.sh: #: not found
./nextcloud-jail.sh: ot found
./nextcloud-jail.sh: 24rot found
./nextcloud-jail.sh: 49mot found
./nextcloud-jail.sh: 49m
ot found
./nextcloud-jail.sh: 34H[: not found
./nextcloud-jail.sh: 33H[: not found
./nextcloud-jail.sh: 79H






ot found cloudflareile name too long
./nextcloud-jail.sh: 24rot found
DNS_TOKEN=(redacted)




DNS_PLUGIN=cloudflarergument list too long
DNS_TOKEN=(redacted)





^G: not found


root@truenas[... 1/downloads/freenas-iocage-nextcloud]# more nextcloud-config
JAIL_IP=192.168.86.200
DEFAULT_GW_IP=192.168.86.1
POOL_PATH=/mnt/Pool: Argument list too long
Save: File name too longot found
./nextcloud-jail.sh: 1H: not found found m
^G: not foundail.sh: 23H
./nextcloud-jail.sh: 21HM-D: not found
./nextcloud-jail.sh: 61HM-B: not found
./nextcloud-jail.sh: 61H^T: not found
./nextcloud-jail.sh: 71H: not found
./nextcloud-jail.sh: 32H[: not found
not foundd-jail.sh: 1H
: not found.168.86.200
./nextcloud-jail.sh: 39: Syntax error: word unexpected (expecting ")")

Script done, output file is nextcloud.log
root@truenas[...l1/downloads/freenas-iocage-nextcloud]#

 

[danb35]

This looks like something is very badly wrong; I'm wondering if your previous attempt may have overwritten the script. Try pulling a clean copy of the script with git pull (it won't affect your config file), then run it again.

 

[cdog89]

This looks like something is very badly wrong; I'm wondering if your previous attempt may have overwritten the script. Try pulling a clean copy of the script with git pull (it won't affect your config file), then run it agaiT

 

[cdog89]

The installation worked with a fresh script! I need to figure out now how to reset the domain pointer. I previously had it point to my public IP address through to my plex server, which it is still doing. I can usually figure out how to change destinations, etc. in the DNS settings. But with adding cloudflare, I can't see at all how it knows to point to where it is going. I'll play around with it to see if I can fix it.

In the meantime, I'm not able to access the nextcloud interface through the local IP address (192.168.86.200). I've accessed nextcloud this way before (when I tried using the truenas plugin) and it worked fine. The jail is up and running. Pinging that address is all good. Any ideas how I can access the interfact directly through the IP instead of the domain name I selected?

If I haven't said it before. Thanks very, very much for your help with this. You've saved me hours and hours of time.

 

[Gblenn]

The installation worked with a fresh script! I need to figure out now how to reset the domain pointer. I previously had it point to my public IP address through to my plex server, which it is still doing. I can usually figure out how to change destinations, etc. in the DNS settings. But with adding cloudflare, I can't see at all how it knows to point to where it is going. I'll play around with it to see if I can fix it.

In the meantime, I'm not able to access the nextcloud interface through the local IP address (192.168.86.200). I've accessed nextcloud this way before (when I tried using the truenas plugin) and it worked fine. The jail is up and running. Pinging that address is all good. Any ideas how I can access the interfact directly through the IP instead of the domain name I selected?

If I haven't said it before. Thanks very, very much for your help with this. You've saved me hours and hours of time.

Try editing the Caddyfile and add the internal IP so it reads
yourdomain.ddns.com, 192.168.86.200 {
root * /usr/local/www/nextcloud...etc....

Restart the jail and try accessing it now at 192.168.86.200/login

 

[danb35]

Any ideas how I can access the interfact directly through the IP instead of the domain name I selected?

Editing the Caddyfile to include the IP may work, but it really isn't intended to be used this way, mainly because it'll give you SSL certificate errors. What you should be doing is (once again) described in the README:

Also, HOST_NAME needs to resolve to your jail from inside your network. You'll probably need to configure this on your router, or on whatever other device provides DNS for your LAN. If you're unable to do so, you can edit the hosts file on your client computers to achieve this result, but consider installing something like Pi-Hole to give you control over your DNS.

 

[KevDog]

Nextcloud 28.0.3
php8.2

Getting warnings:

Code:

    This instance is missing some recommended PHP modules. For improved performance and better compatibility it is highly recommended to install them: sodium. For more details see the documentation ↗.
    The PHP module "imagick" in this instance has no SVG support. For better compatibility it is recommended to install it. For more details see the documentation ↗.

Have installed php82-pecl-imagick and php82-sodium (previously tried php82-pecl-libsodium). From research I've seen posts that sodium needs a php version to be built with argon2 support and imagick needs to be compiled with X11. Php82 is compiled with argon2 support

Code:

# pkg info php82
php82-8.2.16
Name           : php82
Version        : 8.2.16
Installed on   : Fri Mar  1 18:58:41 2024 CST
Origin         : lang/php82
Architecture   : FreeBSD:13:amd64
Prefix         : /usr/local
Categories     : www lang devel
Licenses       : PHP301
Maintainer     : bofh@FreeBSD.org
WWW            : https://www.php.net/
Comment        : PHP Scripting Language (8.2.X branch)
Options        :
    CGI            : on
    CLI            : on
    DEBUG          : off
    DTRACE         : on
    EMBED          : on
    FPM            : on
    IPV6           : on
    LINKTHR        : on
    MYSQLND        : on
    PCRE           : on
    PHPDBG         : off
    ZTS            : off
Shared Libs required:
    libxml2.so.2
    libpcre2-8.so.0
    libargon2.so.0
Shared Libs provided:
    libphp.so

Code:

# pkg info php82-sodium
php82-sodium-8.2.16
Name           : php82-sodium
Version        : 8.2.16
Installed on   : Fri Mar  1 23:45:41 2024 CST
Origin         : security/php82-sodium
Architecture   : FreeBSD:13:amd64
Prefix         : /usr/local
Categories     : security
Licenses       : PHP301
Maintainer     : bofh@FreeBSD.org
WWW            : https://www.php.net/
Comment        : The sodium shared extension for php
Shared Libs required:
    libsodium.so.23

Code:

# pkg info php82-pecl-imagick
php82-pecl-imagick-3.7.0_3
Name           : php82-pecl-imagick
Version        : 3.7.0_3
Installed on   : Fri Mar  1 23:37:28 2024 CST
Origin         : graphics/pecl-imagick
Architecture   : FreeBSD:13:amd64
Prefix         : /usr/local
Categories     : graphics
Licenses       : PHP301
Maintainer     : 000.fbsd@quip.cz
WWW            : https://pecl.php.net/package/imagick
Comment        : PHP wrapper to the ImageMagick/GraphicsMagick library
Shared Libs required:
    libMagickWand-7.so.10
    libMagickCore-7.so.10

Any thoughts?

 

[Gblenn]

I'm entirely willing to believe that the issue is the lack of a rewrite line that's in the "official" nginx config:
Code:
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;

It's kind of interesting to me that this was added, and noted as required, two years ago, but I've had no reports of problems until now. But in principle it shouldn't be too difficult to translate from nginx to Caddyfile syntax here. Just not sure when I'll get to it.

The "temporary fix" suggested by kunago in this thread works for me... https://github.com/nextcloud/server/issues/42617

If anyone else is interested to try it out, it's this file : /mnt/YOURPOOL/iocage/jails/nextcloud/root/usr/local/www/nextcloud/apps/files/ajax/download.php

And I placed the lines at the top like this : (restart does not seem to be necessary)

<?php

$vendorDir = dirname(__DIR__);
$baseDir = dirname(dirname($vendorDir));
include_once $baseDir . '/lib/base.php';
include_once $baseDir . '/lib/private/legacy/OC_Util.php';

/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*

 

[victort]

The "temporary fix" suggested by kunago in this thread works for me... https://github.com/nextcloud/server/issues/42617

If anyone else is interested to try it out, it's this file : /mnt/YOURPOOL/iocage/jails/nextcloud/root/usr/local/www/nextcloud/apps/files/ajax/download.php

And I placed the lines at the top like this : (restart does not seem to be necessary)

<?php

$vendorDir = dirname(__DIR__);
$baseDir = dirname(dirname($vendorDir));
include_once $baseDir . '/lib/base.php';
include_once $baseDir . '/lib/private/legacy/OC_Util.php';

/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*

Does not work for me.

 

[Gblenn]

Does not work for me.

So you still get the same error when trying to download multiple files?
Not sure what could be different then? I have not made any other changes, except what I tried in Caddyfile which failed so I reverted back to what is created when running the installation script.

I just tested again on a running system, no restart, just commenting out the lines and then I get the error. Then reinstating them and it works...