Basil Hendroff
Wizard
- Joined
- Jan 4, 2014
- Messages
- 1,644
Scenario 2: NC plugin using DHCP
Choosing DHCP for the NC plugin network setting:
The plugin installs with the following install notes:
There's a problem here. From the install notes, you can see that the trusted domain has been set to the IP of the TN server rather than the NC jail. Accessing the jail at http://10.1.1.129 results in the following:
Examining and correcting trusted domains in the NC
This time, accessing the jail at http://10.1.1.129 gives the correct behaviour:
Injecting other parameters in the NC
In the Caddyfile for the Caddy RP, I map
Clearing cookies doesn't help.
Scenario 2: Test result: FAIL
Scenario 3 testing to follow.
Choosing DHCP for the NC plugin network setting:

The plugin installs with the following install notes:
Code:
Install Notes: Saving debug log to /var/log/letsencrypt/letsencrypt.log No certificates found. Saving debug log to /var/log/letsencrypt/letsencrypt.log No certificates found. Generating a RSA private key No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. ................+++++ No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. .+++++ writing new private key to '/usr/local/etc/letsencrypt/live/truenas/root.key' No certificates found. ----- No certificates found. Generating a RSA private key No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. ...........................................................................+++++ No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. No certificates found. .....................................................+++++ No certificates found. writing new private key to '/usr/local/etc/letsencrypt/live/truenas/server.key' ----- No certificates found. Signature ok subject=O = TrueNAS (Nextcloud), CN = localhost No certificates found. Getting CA Private Key You can install the following CA on your devices to trust the TLS certificate: /usr/local/etc/letsencrypt/live/truenas/root.cer Getting CA Private Key nginx_enable: -> YES Getting CA Private Key mysql_enable: -> YES Getting CA Private Key php_fpm_enable: -> YES Getting CA Private Key redis_enable: -> YES Getting CA Private Key fail2ban_enable: -> YES Getting CA Private Key Performing sanity check on nginx configuration: Getting CA Private Key Starting nginx. Getting CA Private Key Performing sanity check on php-fpm configuration: Getting CA Private Key Starting php_fpm. Getting CA Private Key Starting mysql. Getting CA Private Key Starting redis. Getting CA Private Key Starting redis. mysqladmin: [Warning] Using a password on the command line interface can be insecure. Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety. Starting redis. Starting redis. mysql: [Warning] Using a password on the command line interface can be insecure. Nextcloud was successfully installed [Warning] Using a password on the command line interface can be insecure. Set mode for background jobs to 'cron' [Warning] Using a password on the command line interface can be insecure. System config value trusted_domains => 1 set to string 10.1.1.14 [Warning] Using a password on the command line interface can be insecure. contacts 4.0.3 installed [Warning] Using a password on the command line interface can be insecure. contacts enabled [Warning] Using a password on the command line interface can be insecure. calendar 2.3.4 installed [Warning] Using a password on the command line interface can be insecure. calendar enabled [Warning] Using a password on the command line interface can be insecure. notes 4.1.1 installed [Warning] Using a password on the command line interface can be insecure. notes enabled [Warning] Using a password on the command line interface can be insecure. deck 1.5.3 installed [Warning] Using a password on the command line interface can be insecure. deck enabled [Warning] Using a password on the command line interface can be insecure. spreed 12.1.2 installed [Warning] Using a password on the command line interface can be insecure. spreed enabled [Warning] Using a password on the command line interface can be insecure. mail 1.10.5 installed [Warning] Using a password on the command line interface can be insecure. mail enabled [Warning] Using a password on the command line interface can be insecure. Server ready [Warning] Using a password on the command line interface can be insecure. Admin Portal: http://10.1.1.129
There's a problem here. From the install notes, you can see that the trusted domain has been set to the IP of the TN server rather than the NC jail. Accessing the jail at http://10.1.1.129 results in the following:

Examining and correcting trusted domains in the NC
config.php
:Code:
root@ncdhcp:~ # su -m www -c 'php /usr/local/www/nextcloud/occ config:system:get trusted_domains' localhost 10.1.1.14 root@ncdhcp:~ # su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set trusted_domains 1 --value="10.1.1.129"' System config value trusted_domains => 1 set to string 10.1.1.129 root@ncdhcp:~ # su -m www -c 'php /usr/local/www/nextcloud/occ config:system:get trusted_domains' localhost 10.1.1.129
This time, accessing the jail at http://10.1.1.129 gives the correct behaviour:

Injecting other parameters in the NC
config.php
required for the RP:Code:
root@ncdhcp:~ # su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set trusted_domains 2 --value="ncdhcp.udance.com.au"' System config value trusted_domains => 2 set to string ncdhcp.udance.com.au root@ncdhcp:~ # su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set overwriteprotocol --value="https"' System config value overwriteprotocol set to string https root@ncdhcp:~ # su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set overwritehost --value="ncdhcp.udance.com.au"' Systemroot@ncdhcp:~ # su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value="http://ncdhcp.udance.com.au/"' System config value overwrite.cli.url set to string http://ncdhcp.udance.com.au/ config value overwritehost set to string ncdhcp.udance.com.au
In the Caddyfile for the Caddy RP, I map
ncdhcp.udance.com.au
to 10.1.1.129
. Attempting to connect to the NC instance, I'm greeted with the following:
Clearing cookies doesn't help.
Scenario 2: Test result: FAIL
Scenario 3 testing to follow.