Error access nextcloud webinterface via http because of automatic forwarding to https

dhenzler

Explorer
Joined
Sep 24, 2019
Messages
57
Ok I have reinstalled the NexCloud again, but now with it's own ip-address and I don't know why I had choosen to access the NC through a port.
This solved a lot of issues, so I can access my NC secure and with the FQDN as the address.

Now I have to find out the configuration of the certificates and where I install the certificates.
  • I can choose maybe for my Gateway Server of Unifi
  • I can choose for installing the certificates in the Jail of the NC
I don't know what the best option is and if both will work?

Do only the following:

Step 4 – Enable HTTPS:
You will need to create self signed SSL certificate and the private key first. For this, you will have to login via ssh into the FreeNas. Then type: jls to list the running jails on your FreeNas Box. Note the number that corresponds to nextcloud and then enter: jexec jail# tcsh.
This will change the prompt to nextcloud. This means that you’re inside the nextcloud jail, ready to make changes specifically to nextcloud.
Goto the Location: /usr/local/etc/ssl
type the following to create the certificate in the jail terminal:
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout nextcloud.key -out nextcloud.crt

This will create two files. Certificate and the private key.
You will have to reference these in the nextcloud.conf file.
To locate nextcloud.conf is just type:

find / -name nextcloud.conf

this will search for the file from the root directory.
mine was located at: /usr/local/etc/nginx/conf.d/nextcloud.conf
Add the following inside server{:

server {
listen 443 ssl;
server_name _;
ssl_certificate /usr/local/etc/ssl/nextcloud.crt;
ssl_certificate_key /usr/local/etc/ssl/nextcloud.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
Restart nginx by: service nginx stop and then service nginx start
Goto your ip but this time with https://ip and it will give you a browser warning. Just add the certificate in your browser and it will then load.

You should be a "happy camper" at this point...

Let me know how it goes for you. I've got 3 servers running FreeNAS late version. Am going to attempt switching over to TrueNAS on one later this week.

If you need to have an alternate SSL use port 8443 it's the designated secondary port number
 

dhenzler

Explorer
Joined
Sep 24, 2019
Messages
57
I'd recommend to keep it simple... do your SSL inside NextCloud. Seperating it would likely lead to issues you'll never figure out.
 

Moluccan

Dabbler
Joined
Oct 6, 2020
Messages
18
I'd recommend to keep it simple... do your SSL inside NextCloud. Seperating it would likely lead to issues you'll never figure out.

Ok I am using the certificates now and I even didn't have to add the certificate in my browser.

Added two server_name-lines in the nextcloud.conf:
  • FQDN
  • 192.168.1.248
Can start my NC with https://FQDN or Local_IP and both are working without any warning.
 

Moluccan

Dabbler
Joined
Oct 6, 2020
Messages
18
Ohh I was a little to fast with my reply above.

But my office laptop with a VPN-connection gives the following message for http://My_FQDN:
  • The security certificate presented by this website was not issued by a trusted certificate authority.
I ignored the message and I am now connected to my NC.
 

dhenzler

Explorer
Joined
Sep 24, 2019
Messages
57
T
Ohh I was a little to fast with my reply above.

But my office laptop with a VPN-connection gives the following message for http://My_FQDN:
  • The security certificate presented by this website was not issued by a trusted certificate authority.
I ignored the message and I am now connected to my NC.
That's absolutely correct for a self signed certificate...
Good Going... now you can coach someone... you've been there!
Done that...
Got the T shirt ! ;O)
Dave
 
Top