How to install Nextcloud 13 in FreeNAS with all checks passed updated to use iocage

[cunningorb]

I had similar ssl issues but never tried the standalone command. If I can't get the new script method to work I may try that after doing the NC13 guide another time from scratch again.

Attempting this soon on new hardware in a virtual environment with freenas, hoping that doesn't just make it worse.

 

[danb35]

Problem binding to port 80: Could not bind to IPv4 or IPv6.

That would suggest that something is running. What's the output of sockstat -l?

By the way im using asus router with asus ddns service asus.com. My isp is dynamic IP. Can any of this factors prevent me from getting it secured?

The dynamic IP definitely won't, as long as your DDNS service keeps your DNS up to date. The router won't be a problem, as long as you've forwarded ports 80 and 443 to the jail. But the asuscomm.com domain might be, as it doesn't appear to be on the Public Suffix List, which could result in rate limit problems.

If so what route should I go to make this work in this setup?

If you run into rate limit problems, you'd need to register another domain (you can get domains at no cost at freenom.com), and set a DNS alias (a CNAME record) to point to your xxxx.asuscomm.com, and then set up Nextcloud with that domain rather than the xxxx.asuscomm.com one. But I wouldn't mess with this unless you do run into an error with the rate limits.

 

[alexten9]

That would suggest that something is running. What's the output of sockstat -l?

The dynamic IP definitely won't, as long as your DDNS service keeps your DNS up to date. The router won't be a problem, as long as you've forwarded ports 80 and 443 to the jail. But the asuscomm.com domain might be, as it doesn't appear to be on the Public Suffix List, which could result in rate limit problems.

If you run into rate limit problems, you'd need to register another domain (you can get domains at no cost at freenom.com), and set a DNS alias (a CNAME record) to point to your xxxx.asuscomm.com, and then set up Nextcloud with that domain rather than the xxxx.asuscomm.com one. But I wouldn't mess with this unless you do run into an error with the rate limits.

Code:

USER	 COMMAND	PID   FD PROTO  LOCAL ADDRESS		 FOREIGN ADDRESS
www	  httpd	  45900 4  tcp4   192.168.9.7:80		*:*
www	  httpd	  45900 5  tcp4   192.168.9.7:443	   *:*
www	  httpd	  45899 4  tcp4   192.168.9.7:80		*:*
www	  httpd	  45899 5  tcp4   192.168.9.7:443	   *:*
www	  httpd	  43240 4  tcp4   192.168.9.7:80		*:*
www	  httpd	  43240 5  tcp4   192.168.9.7:443	   *:*
www	  httpd	  5421  4  tcp4   192.168.9.7:80		*:*
www	  httpd	  5421  5  tcp4   192.168.9.7:443	   *:*
www	  httpd	  5378  4  tcp4   192.168.9.7:80		*:*
www	  httpd	  5378  5  tcp4   192.168.9.7:443	   *:*
www	  httpd	  5377  4  tcp4   192.168.9.7:80		*:*
www	  httpd	  5377  5  tcp4   192.168.9.7:443	   *:*
www	  httpd	  5354  4  tcp4   192.168.9.7:80		*:*
www	  httpd	  5354  5  tcp4   192.168.9.7:443	   *:*
www	  httpd	  5316  4  tcp4   192.168.9.7:80		*:*
www	  httpd	  5316  5  tcp4   192.168.9.7:443	   *:*
www	  httpd	  5235  4  tcp4   192.168.9.7:80		*:*
www	  httpd	  5235  5  tcp4   192.168.9.7:443	   *:*
www	  httpd	  2894  4  tcp4   192.168.9.7:80		*:*
www	  httpd	  2894  5  tcp4   192.168.9.7:443	   *:*
root	 httpd	  2892  4  tcp4   192.168.9.7:80		*:*
root	 httpd	  2892  5  tcp4   192.168.9.7:443	   *:*
redis	redis-serv 91996 4  stream /tmp/redis.sock
mysql	mysqld	 89230 17 tcp4   192.168.9.7:3306	  *:*
mysql	mysqld	 89230 18 stream /tmp/mysql.sock
root	 syslogd	15968 4  dgram  /var/run/log
root	 syslogd	15968 5  dgram  /var/run/logpriv

On the router ports 80 and 443 are forwarding to 192.168.9.7

 

[danb35]

Try service apache24 stop, followed by the certbot command I gave above.

 

[alexten9]

Try service apache24 stop, followed by the certbot command I gave above.

Code:

root@nextcloud:/ # service apache24 stop
Stopping apache24.
Waiting for PIDS: 2892.
root@nextcloud:/ # certbot certonly --standalone --preferred-challenges http -d xxxx.asuscomm.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxxx.asuscomm.com
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /usr/local/etc/letsencrypt/live/pcmd.asuscomm.com/fullchain.pem
   Your key file has been saved at:
   /usr/local/etc/letsencrypt/live/xxxx.asuscomm.com/privkey.pem
   Your cert will expire on 2018-06-17. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:					https://eff.org/donate-le

root@nextcloud:/ # service apache24 start
Performing sanity check on apache24 configuration:
AH00526: Syntax error on line 30 of /usr/local/etc/apache24/Includes/pcmd.asuscomm.com.conf:
SSLCipherSuite takes one argument, Colon-delimited list of permitted SSL Ciphers ('XXX:...:XXX' - see manual)
Starting apache24.
AH00526: Syntax error on line 30 of /usr/local/etc/apache24/Includes/xxxx.asuscomm.com.conf:
SSLCipherSuite takes one argument, Colon-delimited list of permitted SSL Ciphers ('XXX:...:XXX' - see manual)
/usr/local/etc/rc.d/apache24: WARNING: failed to start apache24

i think its another brake

 

[danb35]

SSLCipherSuite takes one argument, Colon-delimited list of permitted SSL Ciphers ('XXX:...:XXX' - see manual)

Yeah, looks like another extraneous line break--I mentioned that line above too.

 

[alexten9]

Yeah, looks like another extraneous line break--I mentioned that line above too.

Yep thank you so much got it to work!

 

[gt2416]

This has nothing to do with the install but I was wondering for the people who have nextcloud up and running.
In Settings - Logging, How often do you see unknown ip's trying to connect to your nextcloud ?
Almost every day I see at least 5-10 attempts from different ip's. Is this normal ?...
I do have a pfsense box but its really tiring blocking all the ip's AFTER the fact that they tried to connect.

 

[Jailer]

Almost every day I see at least 5-10 attempts from different IP's. Is this normal ?

If it's internet facing, yes.

 

[Apollo]

Great post. I have been able to go through installing Nextcloud and run Let'sencrypt succesfully on a VM under Virtualbox.
Now, I ham trying to reproduce the procedure on my backup server and validate the procedure on real hardware before doing the final install on the real server.
I am not so lucky there.
Everything up to the point of testing PHP works, but when I install Nexcloud and setup my domain name (here I was just testing on my LAN with fix IP) for which I have been previoulsy successful on the VM.
When I try to connect to IP/Nextcloud, it fails by redirecting me to my Freenas web page. Iocage is on the same NIC. I did notice this once on the VM but was able to recover from it. I just don't remember if binding was the cause of it or not.
I can't seem to fix it on my backup server and I don't know if going through the entire iocage creation will fix things.

Any idea where to look at?

 

[irs]

I am stuck as when I enter mysql_secure_installation
I get Error
Enter current password for root (enter for none):
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)

I followed all the instructions but no luck

 

[jeremygb]

Getting this when I try to start the jail for the first time.

Code:

[root@freenas ~]# iocage start nextcloud																							
Traceback (most recent call last):																								 
  File "/usr/local/bin/iocage", line 10, in <module>																				
   sys.exit(cli())																												 
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 722, in __call__												
   return self.main(*args, **kwargs)																							   
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 697, in main													
   rv = self.invoke(ctx)																										   
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1066, in invoke												 
   return _process_result(sub_ctx.command.invoke(sub_ctx))																		 
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 895, in invoke												 
   return ctx.invoke(self.callback, **ctx.params)																				 
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 535, in invoke												 
   return callback(*args, **kwargs)																								
  File "/usr/local/lib/python3.6/site-packages/iocage/cli/start.py", line 54, in cli												
   ioc.IOCage(exit_on_error=True, jail=jail, rc=rc).start()																		
  File "/usr/local/lib/python3.6/site-packages/iocage/lib/iocage.py", line 1637, in start										   
   exit_on_error=self.exit_on_error)																							   
  File "/usr/local/lib/python3.6/site-packages/iocage/lib/ioc_start.py", line 64, in __init__									   
   self.__start_jail__()																										   
  File "/usr/local/lib/python3.6/site-packages/iocage/lib/ioc_start.py", line 127, in __start_jail__								
   vnet_interfaces = self.conf["vnet_interfaces"]																				 
KeyError: 'vnet_interfaces'

Also, should the jail be visible in the jails section of the freenas web interface? Mine isn't even though it seems like the jail creation went through.

 

[danb35]

Also, should the jail be visible in the jails section of the freenas web interface?

Only through the new GUI, not in the old GUI.

KeyError: 'vnet_interfaces'

You're running into the same problem I was seeing; @TimvH found the fix:

Code:

cd /tmp
git clone --recursive https://github.com/iocage/iocage
cp -R iocage/iocage/lib/ /usr/local/lib/python3.6/site-packages/iocage/lib

 

[jeremygb]

Only through the new GUI, not in the old GUI.

You're running into the same problem I was seeing; @TimvH found the fix:

Code:

cd /tmp
git clone --recursive https://github.com/iocage/iocage
cp -R iocage/iocage/lib/ /usr/local/lib/python3.6/site-packages/iocage/lib

Sorry for being a noob -

I ran that code and it seems like it did what is supposed to do, but there was no change in the outcome when I attempt to start the jail. How does one get the new GUI? I am using a fresh install of freenas 11 updated to 11.1-U4

Thanks

 

[danb35]

How does one get the new GUI?

Toward the bottom of the login window, there's a link that says something like "click here to use the new beta UI". Click on that.

 

[dureal99d]

I am stuck as when I enter mysql_secure_installation
I get Error
Enter current password for root (enter for none):
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)

I followed all the instructions but no luck

Hold down
Code:
Cntl+C
to stop the script

Then enter the following Command
/usr/local/etc/rc.d/mysql-server stop
Then Enter this Command
mysqld_safe --skip-grant-tables &
/usr/local/etc/rc.d/mysql-server start
Once Again Hold down
Code:
Cntl+C
to stop the script
Run Wizard Script

 

[Chrisrehn]

Awesome guide! thnx for it..

but i have a problem adding this to the crontab-e.. when i open it i can't do anything.. im pretty bad at this.
Thanks in advance!

crontab -e

Code:

* 1 * * 1 ./usr/local/bin/certbot renew --quiet

 

[diedrichg]

Nice guide, thanks.

 

[dureal99d]

Awesome guide! thnx for it..

but i have a problem adding this to the crontab-e.. when i open it i can't do anything.. im pretty bad at this.
Thanks in advance!

The reason is that your default editor is "VI" a very difficult, cryptic word editor that i personally despise.

run these commmands

pkg install nano

then

setenv VISUAL /usr/local/bin/nano
setenv EDITOR /usr/local/bin/nano

 

[Jailer]

Or just use ee(1) since it's already installed.

setenv editor ee