HOW-TO: NextCloud 10 w/ Apache, PHP, and MariaDB

Status
Not open for further replies.

techmod

Cadet
Joined
Oct 10, 2016
Messages
9
Hi again!

Look at my guide again, the SSL cert and cipher info all belongs under <VirtualHost*:443>

I have configured my config again and inserted a self signed ssl certificate. Works pretty well now, but only in LAN.
is some config in my fritzbox wrong ?

I have the freenas box on LAN 4, connected over eth0. The nextcloud jail within freenas is also on LAN4. When I nmap (btw I use ArchLinux as my daily driver) the box internally it shows open ports 80 for http, 84 for ssh, 443 for https and 3306 for mysql.

When I nmap from outside it doesnt find anything. Fritzbox is forwarded on 443. Maybe an issue with dyndns? I don´t use it.
 

nathank1989

Contributor
Joined
Aug 29, 2016
Messages
103
Hi again!



I have configured my config again and inserted a self signed ssl certificate. Works pretty well now, but only in LAN.
is some config in my fritzbox wrong ?

I have the freenas box on LAN 4, connected over eth0. The nextcloud jail within freenas is also on LAN4. When I nmap (btw I use ArchLinux as my daily driver) the box internally it shows open ports 80 for http, 84 for ssh, 443 for https and 3306 for mysql.

When I nmap from outside it doesnt find anything. Fritzbox is forwarded on 443. Maybe an issue with dyndns? I don´t use it.

I am from the US so I am quite unfamiliar with Fritzbox. Only thing I can suggest based off your posts is that your router(fritzbox) is not configured to accept outside https connections.
If https works on LAN but not WAN that's usually a router/gateway problem.

Make sure you have port forwarding/triggering enabled and forwarded to your internal LAN address of the JAIL, not the FreeNAS itself. Also check any firewall settings on the router too. Maybe try putting the jail in a DMZ temporarily to test connections. If you still can't connect, you'll have to research how your ISP handles remote access.
 

snaptec

Guru
Joined
Nov 30, 2015
Messages
502
Which Provider?
Maybe unitymedia, they use dslite so natted IPv4 and native ipv6


Gesendet von iPhone mit Tapatalk
 

techmod

Cadet
Joined
Oct 10, 2016
Messages
9
No, 1&1 they don´t block anything. i called them yesterday. i will try the nat function.
 

JWTech

Dabbler
Joined
Sep 25, 2015
Messages
25
Personally, I despise vi, but this is the quickest method I have found. Know a way better, please let me know.
if you don't know how to use vi, here's a quick step by step. I suggest you check out this cheat sheet

Reason we don't use nano here is because keys like ctrl+x do not work in the shell applet used in FreeNAS GUI. We have to use a real terminal like PuTTY to use a nano properly.

  1. Scroll down using the DOWN arrow key until you find #PermitRootLogin no line.
  2. With the cursor on the # hit x this will delete the hash now use the RIGHT arrow key to select the space before 'no'
  3. Hit i type yes
  4. Hit esc
  5. Select the n in 'no' and hit x twice to delete 'no' so the line reads PermitRootLogin yes
  6. type :wq
  7. Hit ENTER
  8. The file is now saved

Use ee to make the edit (I use it when I can't use nano), then just hit ESC then follow the prompt to exit the file and save.
Or just run sed -i '' 's/#PermitRootLogin no/PermitRootLogin yes/g' /etc/ssh/sshd_config and that will auto-replace the text.

Could also SSH into the main system, then "jexec" nano, or just nano the file from outside the jail, restart the jail when saved, then SSH into the jail.
 

nathank1989

Contributor
Joined
Aug 29, 2016
Messages
103
Use ee to make the edit (I use it when I can't use nano), then just hit ESC then follow the prompt to exit the file and save.
Or just run sed -i '' 's/#PermitRootLogin no/PermitRootLogin yes/g' /etc/ssh/sshd_config and that will auto-replace the text.

Could also SSH into the main system, then "jexec" nano, or just nano the file from outside the jail, restart the jail when saved, then SSH into the jail.

I forgot about sed, I don't use it often. I'll look into ee I've actually never heard of it.
And I didn't learn about jexec until after I wrote this, really my first stint using FreeNAS so I'm still learning new things.

To simplify steps, I'll probably just replace those steps with the sed command
 

Keuj

Cadet
Joined
Sep 27, 2016
Messages
1
Thanks a lot for your post Nathan, I successfully intall nextcloud this evening
 

techmod

Cadet
Joined
Oct 10, 2016
Messages
9
Hi again!

I had to set everything up new. So i had to follow your guide anew. Now I am facing the problem (which was no problem before), that when I want to retrieve the certificate from certbot it cannot connect to my IP (http-01). Here´s a screenshot of it:

 

Attachments

  • Unbenannt.PNG
    Unbenannt.PNG
    21.2 KB · Views: 499

Lazulitone

Dabbler
Joined
Sep 12, 2016
Messages
20
Thanks everyone for this guide. I was able to get my nextcloud instance running, however, when trying to get SSL to work I ran into a bump:
after running:
Code:
cd /usr/ports/www/apache24/
make deinstall
make install clean


Apache won't start/restart...
Code:
root@nextcloud:/usr/local/www/apache24/data # service apache24 start
apache24 does not exist in /etc/rc.d or the local startup
directories (/usr/local/etc/rc.d)


Any ideas how to restore this? I tried a dynamic link to the apache24 dir but I don't have permissions to run it this way.

Thanks!
 

nathank1989

Contributor
Joined
Aug 29, 2016
Messages
103
Thanks everyone for this guide. I was able to get my nextcloud instance running, however, when trying to get SSL to work I ran into a bump:
after running:
Code:
cd /usr/ports/www/apache24/
make deinstall
make install clean


Apache won't start/restart...
Code:
root@nextcloud:/usr/local/www/apache24/data # service apache24 start
apache24 does not exist in /etc/rc.d or the local startup
directories (/usr/local/etc/rc.d)


Any ideas how to restore this? I tried a dynamic link to the apache24 dir but I don't have permissions to run it this way.

Thanks!

Try
Code:
$ sysrc apache24_enable=yes
 

Lazulitone

Dabbler
Joined
Sep 12, 2016
Messages
20
Try
Code:
$ sysrc apache24_enable=yes

Thanks Nathan for your speedy response... Didn't work.

Code:
root@nextcloud:~ # sysrc apache24_enable=yes
apache24_enable: yes -> yes
root@nextcloud:~ # service apache24 start
apache24 does not exist in /etc/rc.d or the local startup
directories (/usr/local/etc/rc.d)
 

Lazulitone

Dabbler
Joined
Sep 12, 2016
Messages
20
Code:
root@nextcloud:/usr/ports/www/apache24 # apachectl -v
apachectl: Command not found.
root@nextcloud:/usr/ports/www/apache24 # cd
root@nextcloud:~ # apachectl -v
apachectl: Command not found.


I'm afraid I'm lost. It's as though the new package from make install clean Apache washed away all the system references to the installation.
 

nathank1989

Contributor
Joined
Aug 29, 2016
Messages
103
Did you run into any errors while compiling Apache from ports? Try recompiling* again. It sounds like Apache isn't even installed.

Try this
portsnap fetch
portsnap extract
portsnap update
cd /usr/ports/www/apache24
make install clean

I would also highly suggest recompiling openssl per instructions after updating the ports tree before you do Apache
 
Last edited:

nathank1989

Contributor
Joined
Aug 29, 2016
Messages
103
Hi again!

I had to set everything up new. So i had to follow your guide anew. Now I am facing the problem (which was no problem before), that when I want to retrieve the certificate from certbot it cannot connect to my IP (http-01). Here´s a screenshot of it:

That is usually a connectivity problem. From my understanding you need a Fully Qualified Domain Name pointed to a valid DNS for certbot to work. Mine wouldn't work until my domain fully propagated. Google DNS propagation checker and type in your domain, if it's all green then I'm afraid someone else or Google will have to help you. Certbot does NOT work with raw IP addresses (at least when I tried)
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,977
Quick question for all installing this. Why not just use the pkg version of nextcloud and mysql? Seems like it would be easier to keep up to date via pkg if you do.
 

nathank1989

Contributor
Joined
Aug 29, 2016
Messages
103
Quick question for all installing this. Why not just use the pkg version of nextcloud and mysql? Seems like it would be easier to keep up to date via pkg if you do.

When I first did this, pkg install nextcloud didn't work for me, so I did it manually. You can upgrade using the updater within the Web UI. I never noticed it was in the ports tree until recently.

Correct me if I am wrong, but I also thought what's available in the ports/repo isn't always the freshest version available from nextcloud.com

But if it works and it's easier, by all means do it that way. ;)
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,977
Ports and packages get updated albeit at a slightly slower pace than the source files. It all depends on the maintainer. Using the nextcloud package would make for easier upgrades as dependencies are handled via pkg.

Don't get me wrong, I'm not knocking a manual install, just looking to entertain some discussion.

But if it works and it's easier, by all means do it that way. ;)
I did and it was or I wouldn't have posted this. ;)

You can upgrade using the updater within the Web UI.
This is not working for me on my manual nextcloud install hence why I pursued the nextcloud package install.
 

techmod

Cadet
Joined
Oct 10, 2016
Messages
9
That is usually a connectivity problem. From my understanding you need a Fully Qualified Domain Name pointed to a valid DNS for certbot to work. Mine wouldn't work until my domain fully propagated. Google DNS propagation checker and type in your domain, if it's all green then I'm afraid someone else or Google will have to help you. Certbot does NOT work with raw IP addresses (at least when I tried)

I know that, thank you. It worked with my previous install (same IP, same domain, same setup). Hmmm. Thanks for your work and thoughts.
 

nathank1989

Contributor
Joined
Aug 29, 2016
Messages
103
This is not working for me on my manual nextcloud install hence why I pursued the nextcloud package install.

There was a known issue in 10.0 Stable that used Owncloud's updater and version. So if you open the updater it will say: Owncloud 9.1.1 when technically you're on Nextcloud 10.0 Stable. This prevents the updater from working so (unless you used pkg) you will need to manually upgrade.
10.0.1 is the version I am running, and the plan is after this release, anyone can update via the updater app like you would with say, wordpress. This was my ultimate goal, but was disappointed when I saw the issues in 10.0 STABLE.

Either way, glad you got it working.
 
Last edited:
Status
Not open for further replies.
Top