How to install Nextcloud 13 in FreeNAS with all checks passed updated to use iocage

[adrianwi]

Letsencrypt certificates are valid for 90 days. They renew when there are 30 days to go.

Why do most articles tend to recommend running/scheduling a renewal every few hours or daily?

Surely once a week is more than enough, even when you're managing multiple certificates with different renewal dates?

 

[danb35]

Why do most articles tend to recommend running/scheduling a renewal every few hours or daily?

Because the renewal process isn't guaranteed to succeed. Their servers could be down, your network could be down, your DNS host could be weird, or any number of other reasons. But "every minute during the 1:00 hour, every Monday" is just a silly schedule.

 

[NasKar]

This is only true if you originally got the cert in standalone mode, which isn't a good idea for exactly this reason.

I got my cert in the standalone mode and based on your suggestion I wanted to change to webroot. I read this site and issued the following command.
certbot certonly --webroot -w /usr/local/www -d <mydomain> --agree-tos -m <myemail>@gmail.com --no-eff-email
choose option2 to replace my current certificate.
After running
certbot renew --dry-run
I get the error

Code:

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Attempting to renew cert (mydomain.ddns.net) from /usr/local/etc/letsencrypt/renewal/mydomain.ddns.net.conf produced an unexpected error: Deserialization error: Could not decode 'status' (u'ready'): Deserialization error: Status not recognized. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /usr/local/etc/letsencrypt/live/<mydomain.ddns.net>/fullchain.pem (failure)

Any idea how to fix this? I'm using certbot 0.22.2

 

[Jailer]

Just leave your webserver running and call a renewal script from cron. Add a post hook event to restart apache if it's renewed.

Code:

#!/bin/sh
/usr/local/bin/certbot renew --post-hook "service apache24 restart" --quiet

 

[danb35]

Attempting to renew cert (mydomain.ddns.net) from /usr/local/etc/letsencrypt/renewal/mydomain.ddns.net.conf produced an unexpected error: Deserialization error: Could not decode 'status' (u'ready'): Deserialization error: Status not recognized. Skipping.

https://community.letsencrypt.org/t...owing-field-are-required-new-authzr-uri/66530

 

[spotcatbug]

This is only true if you originally got the cert in standalone mode, which isn't a good idea for exactly this reason.

I see in the .conf file, under "[renewalparams]" it has "authenticator = standalone", so, yeah, there you go.

I thought I followed OP's guide exactly. That is, I don't remember doing the certificate stuff differently, so I don't know why the certificate was obtained in standalone mode.

Can I switch to "not standalone" (easily)?

 

[danb35]

I thought I followed OP's guide exactly.

You may have, and it may call for standalone mode--I haven't reviewed it carefully. My script initially gets the cert in standalone mode, but then calls for reissuing in webroot mode to avoid this problem.

Can I switch to "not standalone" (easily)?

The way you'd do that is to reissue the cert in webroot mode. Once that cert is issued, it will update the .conf file so that subsequent renewals will use that. The command would be something like certbot certonly -w /usr/local/www/html/nextcloud/ -d your.full.domain.name
--post-hook "service apache24 restart"

 

[NasKar]

https://community.letsencrypt.org/t...owing-field-are-required-new-authzr-uri/66530

Thanks for the link. It states you need certbot 0.22.0 or greater and I was using 0.22.2. I upgraded to py27-certbot-0.25.1,1 and now I get "Congratulations, all renewals succeeded."
I placed in my cron now that I'm on webroot...
crontab -u root -e

Code:

9 5 * * * certbot renew >/dev/null 2>&1

but will have to wait till October to see if it works when the certificates are up for renewal.

 

[pakka]

Is it possible to move the entire folder /nextcloud in the main www/data/ folder so that the nextcloud-site is available directy under the IP adress?

 

[pakka]

OK, read to change it it http.conf file, I will try!
Other Problem is that I can't Upload any file. In webUI I got this Error:

Code:

Encryption not ready: No default encryption module defined

I think I checked this Checkbox under encryption but am not able to uncheck manually in UI.
In this manual I saw following command, but where to use it? In Shell I got an Error, command does Not exist.

Code:

occ maintenance:mode --on
occ encryption:disable

Thanks to all!
Also for the whole Tutorial! Thumbs Up!

PS. you have to run the occ command in a complex way... something like this:

Code:

sudo -u apache /opt/rh/php56/root/usr/bin/php /var/www/html/nextcloud/occ

, change path for your case. (source: https://docs.nextcloud.com/server/12/admin_manual/configuration_server/occ_command.html)

 

[twsps]

Hi,
I'm not able to set primarycache by this line of code

Code:

zfs set primarycache=metadata YOURDRIVENAME/db

I got an error with cannot open '/mnt/DRIVE/db': dataset does not exist.
Thanks
p.s. Fixed by using webui shell

 

[twsps]

I'm not able to get into my nextcloud by https but okay for http. Where did I do wrong?

 

[twsps]

https is not working even using my jail's IP address, is there some file that I need to enable it?

 

[twsps]

The strange thing is when I restart FreeNAS, I'm not able to get in nextcloud by jail ip..

 

[twsps]

It seems like I'm not able to ping google.com inside jail, but I can before restart.

 

[pakka]

I guess https is only working for a NON-local IP!?

 

[twsps]

I guess https is only working for a NON-local IP!?

The problem now is after restarting my FreeNAS, I'm not able to get in next cloud web GUI by my jail IP address

Sent from my Mate 9 using Tapatalk

 

[neto_hugo]

Guys, a simple question here ...

In this part of the tutorial:
$ portsnap fetch extract

is happening as below:

Code:

root@nextcloud:/ # portsnap fetch extract																						  
Looking up portsnap.FreeBSD.org mirrors... none found.																			
Fetching public key from portsnap.FreeBSD.org... failed.																		  
No mirrors remaining, giving up.

I set it to "igb0", see:

Code:

[root@freenas ~]# ifconfig																										
igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500												
	   options=2400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6>								
	   ether 00:25:90:dd:44:74																									
	   hwaddr 00:25:90:dd:44:74																									
	   inet 192.168.0.8 netmask 0xffffff00 broadcast 192.168.0.255																
	   nd6 options=9<PERFORMNUD,IFDISABLED>																						
	   media: Ethernet autoselect (1000baseT <full-duplex>)																		
	   status: active																											
igb1: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500															
	   options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>	
	   ether 00:25:90:dd:44:75																									
	   hwaddr 00:25:90:dd:44:75																									
	   nd6 options=9<PERFORMNUD,IFDISABLED>																						
	   media: Ethernet autoselect																								
	   status: no carrier																										
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384																  
	   options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>																	  
	   inet6 ::1 prefixlen 128																									
	   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3																				
	   inet 127.0.0.1 netmask 0xff000000																						  
	   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>																				  
	   groups: lo																												
bridge0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500																
	   ether 02:83:2e:b0:a6:00																									
	   nd6 options=9<PERFORMNUD,IFDISABLED>																						
	   groups: bridge																											
	   id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15																
	   maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200																	
	   root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0																		
bridge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500													  
	   ether 02:83:2e:b0:a6:01																									
	   nd6 options=9<PERFORMNUD,IFDISABLED>																						
	   groups: bridge																											
	   id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15																
	   maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200																	
	   root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0																	
	   member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>															  
			   ifmaxaddr 0 port 6 priority 128 path cost 2000																	
	   member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>																
			   ifmaxaddr 0 port 1 priority 128 path cost 20000																	
epair0a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500											  
	   options=8<VLAN_MTU>																										
	   ether 02:61:50:00:06:0a																									
	   hwaddr 02:61:50:00:06:0a																									
	   nd6 options=1<PERFORMNUD>																								  
	   media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)																		
	   status: active																											
	   groups: epair

iocage create -n "nextcloud" -r 11.1-RELEASE ip4_addr="igb0|192.168.0.10/24" defaultrouter="192.168.0.1" vnet="on" allow_raw_sockets="1" boot="on"

Where did I get lost?
Thank you!

EDIT:

Why did the jail's network interface changed to lo0?

Code:

root@nextcloud:/ # ifconfig																										 
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384																   
	   options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>																	   
	   inet6 ::1 prefixlen 128																									 
	   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1																				 
	   inet 127.0.0.1 netmask 0xff000000																						   
	   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>																				   
	   groups: lo 

 

[twsps]

Guys, a simple question here ...

In this part of the tutorial:
$ portsnap fetch extract

is happening as below:

Code:

root@nextcloud:/ # portsnap fetch extract																						
Looking up portsnap.FreeBSD.org mirrors... none found.																			
Fetching public key from portsnap.FreeBSD.org... failed.																		
No mirrors remaining, giving up.

I set it to "igb0", see:

Code:

[root@freenas ~]# ifconfig																										
igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500												
	   options=2400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6>								
	   ether 00:25:90:dd:44:74																									
	   hwaddr 00:25:90:dd:44:74																									
	   inet 192.168.0.8 netmask 0xffffff00 broadcast 192.168.0.255																
	   nd6 options=9<PERFORMNUD,IFDISABLED>																						
	   media: Ethernet autoselect (1000baseT <full-duplex>)																		
	   status: active																											
igb1: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500															
	   options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>	
	   ether 00:25:90:dd:44:75																									
	   hwaddr 00:25:90:dd:44:75																									
	   nd6 options=9<PERFORMNUD,IFDISABLED>																						
	   media: Ethernet autoselect																								
	   status: no carrier																										
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384																
	   options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>																	
	   inet6 ::1 prefixlen 128																									
	   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3																				
	   inet 127.0.0.1 netmask 0xff000000																						
	   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>																				
	   groups: lo																												
bridge0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500																
	   ether 02:83:2e:b0:a6:00																									
	   nd6 options=9<PERFORMNUD,IFDISABLED>																						
	   groups: bridge																											
	   id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15																
	   maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200																	
	   root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0																		
bridge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500													
	   ether 02:83:2e:b0:a6:01																									
	   nd6 options=9<PERFORMNUD,IFDISABLED>																						
	   groups: bridge																											
	   id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15																
	   maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200																	
	   root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0																	
	   member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>															
			   ifmaxaddr 0 port 6 priority 128 path cost 2000																	
	   member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>																
			   ifmaxaddr 0 port 1 priority 128 path cost 20000																	
epair0a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500											
	   options=8<VLAN_MTU>																										
	   ether 02:61:50:00:06:0a																									
	   hwaddr 02:61:50:00:06:0a																									
	   nd6 options=1<PERFORMNUD>																								
	   media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)																		
	   status: active																											
	   groups: epair

iocage create -n "nextcloud" -r 11.1-RELEASE ip4_addr="igb0|192.168.0.10/24" defaultrouter="192.168.0.1" vnet="on" allow_raw_sockets="1" boot="on"

Where did I get lost?
Thank you!

EDIT:

Why did the jail's network interface changed to lo0?

Code:

root@nextcloud:/ # ifconfig																										
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384																 
	   options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>																	 
	   inet6 ::1 prefixlen 128																									
	   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1																				
	   inet 127.0.0.1 netmask 0xff000000																						 
	   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>																				 
	   groups: lo 

I prefer not to use vnet, if used, then I'm not able to get in Nextcloud after freenas restart

Code:

iocage create -n “nextcloud” -r 11.1-RELEASE ip4_addr=“networkinterface|jailip/24" defaultrouter=“routerip” vnet=“off” allow_raw_sockets="1" boot="on"

 

[neto_hugo]

Guys, I was able to finish the entire installation process, except for the forcing HTTPS redirect part.

even in or outside my LAN I only have access through http://my_ip/nextcloud or http://mydomain.com/nextcloud

What could be wrong?

@twsps thanks! worked with vnet=off