Connection problem with HTTPS Help

[Itay1778]

Hey i need help or link to a good guide how to give to nextcloud HTTPS protocol that is now on http and i know it is not secure when i access it via internet on this protocol. And I searched for guides and I tried directories and here in the forum I was looking I could not set it up at https currently everything is set up great besides that problem. I have access outside my local network and I use dynamic DNS with duckdns and I have not found any way to make it into HTTPS

Thanks
Itay

 

[Nick2253]

You really haven't given us a whole lot to go off of. What version of FreeNAS? What version of NextCloud? Are you using a plugin? Are you using a VM? Did you create a jail from scratch?

From the NextCloud hardening guide, they provide steps to enable HTTPS in Apache: https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html (literally the first Google result for "nextcloud https")

Without more information, it's difficult to provide any help. If you want to resolve this issue, I recommend that you tell us what steps you've taken, and what errors you're getting. At this point, it just looks like you haven't bothered to try helping yourself.

 

[Itay1778]

After a few days I was looking for how to say it so yes I was a bit desperate and there was the information that was missing:
FreeNAS 11.1 U1
nextcloud version of 10.0.1
Yes it's a plugin
I do not have a VM
And while installing the plugin created jail
I also saw this site but I do not know what to do with these commands (at least I think they are commands) they do not really say where to put them and what to do with them is one of the things I do not really understand what to do here

 

[Nick2253]

I also saw this site but I do not know what to do with these commands

They are not commands. They are Apache configs. Which is why the Nextcloud document says "setting such as the following in the Apache VirtualHosts configuration". Doing a Google search for "Apache VirtualHosts configuration" provides a wealth of resources on the topic. You will probably need to narrow your search to FreeBSD results to get results that are applicable to your use, and not the Linux world in general.

 

[Itay1778]

Ok thank you so much I will try and let you know

 

[Itay1778]

When I search for "Apache VirtualHosts configuration" it finds me how to set http in virtual form and i need https on nextcloud which is a server that exists

 

[Nick2253]

[I'm not sure what you're saying here.

If you want to follow the docs from Nextcloud, you're setting HTTP to permanently redirect to HTTPS so you always get HTTPS. You'll be modifying your existing configuration for the permanent redirect.

However, that's assuming the plugin uses Apache (I believe this is correct, but I'm not 100% sure). Furthermore, it also assumes that you can access HTTPS. Is this even the case?

Part of the issue here is that we're in the wrong forum. @Ericloewe, can we get this moved to the plugin/jails subforum?

 

[Itay1778]

you can access HTTPS. Is this even the case?

Yes only with I set the ports in my router to 443 (port of https) but with I do it then the browser says a security error but basically i can access https but because it is not set then i do not get its encryption then write https but Really this is a regular http

 

[Itay1778]

They are not commands. They are Apache configs. Which is why the Nextcloud document says "setting such as the following in the Apache VirtualHosts configuration". Doing a Google search for "Apache VirtualHosts configuration" provides a wealth of resources on the topic. You will probably need to narrow your search to FreeBSD results to get results that are applicable to your use, and not the Linux world in general.

And I also tried to set up the apache but all the time I get an error that is not set or not installed / not found and I really do not have any idea what the problem is because of that I'm asking for help from you

 

[Nick2253]

We're all over the place here.

First off, you have not provided a single error message or warning. For that matter, you've basically provided nothing that really describes what the problem is. We can't help you fix what we can't understand.

Based on your second to last post, and reading between the lines, it sounds like your problem is nothing like what you've described in your first post. If I'm going to take a guess, HTTPS is working just fine. Your problem is that you are getting an unsigned certificate error.

Please try to provide the following: exact steps you are following, what kind of problems you are running in to, and what you've tried to fix the problem. I'll give you an example:

"I'm trying to make sure I'm connecting securely to my Nextcloud over the internet. When I go to https://<ip address>, I get the following warning: 'blah blah blah'. I'm assuming there is a problem with HTTPS. I did a search on Google for "nextcloud https" and found some resources (<insert link>) that I think will solve my problem, but it talks about modifying Apache VirtualHosts Configurations, and that is way over my head. I'm honestly not even sure if I'm on the right path here."

 

[Itay1778]

Well I start from scratch
Hi I want to securely connect to my nextcloud (HTTPS) and that I type in my browser along with my domain (duckdns.org) so I get it:
(My domain) is using an invalid security certificate. The certificate is not trusted because it is self-signed. This certificate is not valid for domain. Error code: SEC_ERROR_UNKNOWN_ISSUER.
And I know there's a sure way to put the security signature in the browser but the problem is that I'm also signing in from devices that will not be able to insert the signature so I realized I need to set my nextcloud as HTTPS in a way that will work on all devices from scratch and I figured I should do it. So I started searching Google for keywords and found the right directory (nextcloud https, nextcloud ssl on FreeNAS) and found some directories like these:
https://forums.freenas.org/index.ph...nextcloud-owncloud-letsencrypt-ssl-tls.57797/

https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html#use-https

https://www.freebsdnews.com/2016/11/07/configure-apache-virtual-host-freebsd/

And many more like that.
Then already in the first command there is a problem like this

Code:

[root @ nasla ~] # pkg update
Updating local repository catalog ...
pkg: Repository local load error: access repo file (/var/db/pkg/repo-local.sqlite
) failed: No such file or directory
pkg: file: ///usr/ports/packages/meta.txz: No such file or directory
repository local has no meta file, using default settings
pkg: file: ///usr/ports/packages/packagesite.txz: No such file or directory
Unable to update repository local
Error updating repositories!
[root @ nasla ~] #

Or so

Code:

[root @ nasla ~] # pkg install apache24
Updating local repository catalog ...
pkg: Repository local load error: access repo file (/var/db/pkg/repo-local.sqlite
) failed: No such file or directory
pkg: file: ///usr/ports/packages/meta.txz: No such file or directory
repository local has no meta file, using default settings
pkg: file: ///usr/ports/packages/packagesite.txz: No such file or directory
Unable to update repository local
Error updating repositories!
[root @ nasla ~] #

And I really do not know what to do with these problems and I do not understand the language of command or the use of commands. Yes, I have knowledge of networks and computers and all these things.
And I need to set my nextcloud as HTTPS rather than as HTTP
(My ports in router are 80 (HTTP) and 443 (HTTPS)
I would be very happy to help and solve

Thanks
Itay

 

[Nick2253]

Thanks! Now we are on the same page.

Your problem is entirely your certificate. Nextcloud is set up and working 100% with HTTPS.

If you do not want to get a self-signed certificate warning (which you can bypass), you will need to get a publicly signed certificate. The best way to get a certificate today is probably Let's Encrypt. Setting up your Nextcloud jail to automatically get a Let's Encrypt certificate is best addressed in the Nextcloud community (they might have a plugin that does it for you).

Don't forget that a certificate does two things for you: verifies the identity of the server you are connecting to, and encrypting the traffic between you and the server. Using a self-signed certificate only compromises the first point. The traffic is still encrypted. If you are only using this for personal and friend use, then I would just keep using the self-signed cert.

 

[Itay1778]

Using a self-signed certificate only compromises the first point

This is one of the things I do not want to create and put myself into the signature browser but really thank you very much I will contact the nextcloud community

 

[danb35]

The best way to get a certificate today is probably Let's Encrypt.

...but port 80 must be open to your jail to do so, or you must be able to make changes to your DNS records. The TLS validation has been deprecated, so there's no way to validate with just port 443.

Setting up your Nextcloud jail to automatically get a Let's Encrypt certificate is best addressed in the Nextcloud community (they might have a plugin that does it for you).

I don't think I'd agree here; this is really something that should be taken care of at a lower level. There are lots of ways to do it (and I've lately become a fan of DNS validation using Cloudflare and acme.sh), but it really isn't a Nextcloud issue.

 

[Nick2253]

I don't think I'd agree here; this is really something that should be taken care of at a lower level. There are lots of ways to do it (and I've lately become a fan of DNS validation using Cloudflare and acme.sh), but it really isn't a Nextcloud issue.

After further research, I'm going to agree with you. I was under the misconception that Nextcloud managed its own certificates, but this is not the case.

I personally use the DNS validation for my domains, but that is challenging when your domain is a dynamic DNS subdomain for a larger public domain. For OP to use Let's Encrypt, the best thing is probably set it up in the jail.

This is one of the things I do not want to create

You don't have to create it; it already exists. If the certificate did not exist, you would get a different error.

 

[Itay1778]

Let's Encrypt, the best thing is probably set it up in the jail

I need to also make changes to the jail because I thought Let's Encrypt is only set through the shell

 

[Itay1778]

.but port 80 must be open to your jail to do so, or you must be able to make changes to your DNS records. The TLS validation has been deprecated, so there's no way to validate with just port 443

Both 80 and 443 are defined in my router

 

[danb35]

I thought Let's Encrypt is only set through the shell

Not necessarily, but close enough.

Both 80 and 443 are defined in my router

Are they open to the outside? And you own a domain that points there? So if someone from a computer outside your network browses to http://yourdomainname, they'll see your Nextcloud instance?

 

[Itay1778]

Are they open to the outside? And you own a domain that points there? So if someone from a computer outside your network browses to http://yourdomainname, they'll see your Nextcloud instance?

Yes I have connections to nextcloud outside the network as well

 

[danb35]

OK, then your remaining tasks are to get a certificate and to configure Apache to use that certificate. Let's see where Apache's looking for the certificate files right now. In your jail, do ls -l /usr/local/etc/httpd/conf/ and
ls -l /usr/local/etc/httpd/conf.d/, and post the output here.