How to manually install Nextcloud on FreeNAS in an iocage jail with hardened security v2.0.1

[baztardo.snow]

permission for which?.

 

[fahadshery]

permission for which?.

for your dataset

 

[fahadshery]

go to jail and then stop the jail and check the mount points from the Jails menu (not the storage menu you were showing pics for). Check How you are mapping your external dataset to the /mnt/SSD/iocage/jails/nextcloud/root/mnt/data

 

[baztardo.snow]

The permission are grey out at the parent there are not permissions for the childs

 

[baztardo.snow]

I stopped all the jails plugins and

 

[baztardo.snow]

sec i wilL try what you said before i posted .

 

[baztardo.snow]

ok now this is more confusing the guide is to create those mount points from CLI when I got to the mount points under the there aren't any trying to add one ? I should I be adding them here instead of the CLI ?

 

[samuel-emrys]

I tried to follow your guide but as of Today and Version: FreeNAS-11.3-U2.1 I get this Error and can't proceed <sigh>

There a lot of this in FreeNas that has changed and make following guide difficult this isn't your fault but FreeNas keeps changing so much stuff it breaks a lot of guides out there it very frustrating...

root@freenas[/mnt/NAS1/steve]# iocage fstab -a nextcloud /mnt/NAS1/cloud /mnt/data nullfs rw 0 0
Destination: /mnt/SSD/iocage/jails/nextcloud/root/mnt/data does not exist or is not a directory.
root@freenas[/mnt/NAS1/steve]#

is There a way to fix this did miss some thing in trying to make it work.. I would greatly appreciate any help ..

IIRC with newer versions of FreeNAS you may need to create the mount point in the jail before running the fstab command. Try executing the following:

Code:

iocage exec nextcloud mkdir /mnt/data

Then run the fstab commands again. Confirm they're added successfully with

Code:

iocage fstab -l nextcloud

ok now this is more confusing the guide is to create those mount points from CLI when I got to the mount points under the there aren't any trying to add one ? I should I be adding them here instead of the CLI ?

I haven't written the instructions for the GUI for this part. If you want to use the GUI, tread your own path but I'm only really familiar with the CLI so that's all I can really provide help for aside from making commonsense observations :)

 

[garm]

I have 3 public IP at my disposal and currently using two of them on two on different Router if you missed it I did mention this, I also have FQDN and a DNS set up for it, It has been awhile but I have had all of this working before, this new install of freenas has been giving me problems..
and my Freenas is behind a managed switch x2 10Gb x8 1Gb in on one of the 10Gb connection I mention this also .. that is also connected to a router, The second network has my kids and he Wifi Access point that is behind its own router.

Well, I have one public IP used for applications and several FQDNs using that IP. What you need is a route for the HTTP request. The server responding on the IP you map in DNS to you domain need to be able to forward or respond to the request. In your case, a browser asking for domain.io will have that resolved to the IP of your router, who in turn forwards 443/80 traffic to your Nextcloud jail IP, the web server in the jail need to listen to that interface and the FQDN, formulate a response and send it back. This works perfectly well with FreeNAS, pfSense and Cloudflare (in my case) so if there are any breaks in the chain in your case, you need to find it. Can the public IP be resolved? Are the ports open? Are the web server configured correctly?

 

[samuel-emrys]

Well, I have one public IP used for applications and several FQDNs using that IP. What you need is a route for the HTTP request. The server responding on the IP you map in DNS to you domain need to be able to forward or respond to the request. In your case, a browser asking for domain.io will have that resolved to the IP of your router, who in turn forwards 443/80 traffic to your Nextcloud jail IP, the web server in the jail need to listen to that interface and the FQDN, formulate a response and send it back. This works perfectly well with FreeNAS, pfSense and Cloudflare (in my case) so if there are any breaks in the chain in your case, you need to find it. Can the public IP be resolved? Are the ports open? Are the web server configured correctly?

Think you may have got the wrong thread @garm

 

[garm]

Think you may have got the wrong thread @garm

No, that comment is from a 3 year old thread about firewalls in FreeNAS. He is trying to get Nextcloud working, and the bulk of his comments are in this thread, so I think it’s a better fit

 

[baztardo.snow]

ah its fine at this point I'm pretty disappointed and about to give up..

 

[samuel-emrys]

ah its fine at this point I'm pretty disappointed and about to give up..

were you able to mount your dataset in to the jail?

 

[baztardo.snow]

Yes I manually inserted then in from the GUI. but I think my Freenas install is messed and need To reinstall.

 

[samuel-emrys]

samuel-emrys submitted a new resource:

How to manually install Nextcloud on FreeNAS in an iocage jail with hardened security - Install Nextcloud manually in an iocage jail

I've recently been through the process of standing up a NextCloud instance, and found that there were a number of points of difficulty not addressed in the current guides. Specifically, this includes how to properly secure the web server, including proper SSL configuration, php handling and tamper detection. Additionally, I found that many of the current guides on the matter were essentially a list of steps with little to no explanation of what was happening at each stage, so I've put...

Read more about this resource...

 

[Jailer]

I thought the resource section was for the actual resource not just a link to a blog post.

 

[danb35]

actual resource not just a link to a blog post.

It can be either; many of mine give a brief description and then link to the GitHub repo. But I'm not sure why there's an update posted today, and the blog post shows a date a few days ago, when its content still seems to be dealing with Nextcloud 14/15.

 

[samuel-emrys]

It can be either; many of mine give a brief description and then link to the GitHub repo. But I'm not sure why there's an update posted today, and the blog post shows a date a few days ago, when its content still seems to be dealing with Nextcloud 14/15.

I'm just preparing for an update. Figured this belongs as a resource given it seems to continue to be useful to a large number of people, and I thought it would be good to take advantage of the "versions" feature provided here to capture the first revision as well as subsequent ones.

 

[Heracles]

Hi @samuel-emrys,

I started reading your doc and from the very first lines, I noticed something significant is missing : a complete backup for Nextcloud also includes a another resource : custom_apps. By saving the config and database, you backup stuff related to external apps. But by not backing up the apps themselves, you may end up in trouble. Things like the version you had then is not available anymore to download.

I will keep reading the rest of the guide, but at least that one should be considered. In my docker container, that one is /var/www/html/custom_apps

 

[Heracles]

Another one : the crontab is now recommended to be run every 5 minutes instead of 15 minutes as it was in previous releases...

About restoring backups, you do not always want to overwrite the existing Nextcloud with the one to be restored. All the restore I did here were for recovering few files. For that, I have to deploy a new and parallel server, one that can run a previous version of Nextcloud, its apps, etc. Also, if one is using server-side encryption, the encryption keys are in the database and required for a restore. For these reasons, I would suggest you to put a restore procedure about how to restore without affecting the main instance.