Nextcloud on FreeNAS 11.2RC1 using plug-in

[kingtj]

I just started experimenting with setting up Nextcloud on my FreeNAS, once I realized it might be a great alternative to keeping a basic SFTP server running to share some of my files.

I installed the plug-in offered on 11.2RC1 and was successful in getting most of it working. I see that the majority of posts here about Nextcloud seem to suggest setting it up from scratch using one of the install scripts that's been created. I can definitely see the advantages of that, except as I found in the past when trying to do that with Plex on my FreeNAS, it tends to mess up the correlation of what your web UI says and what you're actually doing on the system. I'd rather not have a manually, command-line created IOCage jail running, for example, that the UI doesn't display as belonging to a specific application like Plex or Nextcloud (or may not even display at all).

Plus, I figure somebody went to all the effort to create the plug-in, so why not take advantage of all of their hard work?

The biggest "gotcha" I had to overcome with the Nextcloud plug-in is I found you need to configure its jail so it runs a vnet. If I just set up a static IP address and told it to use a specific network adapter, I found it wasn't actually getting out to the Internet properly. Also, I'm not 100% certain it was needed, but I enabled "raw sockets" support for it too. (These settings were also needed to get everything working properly in the Plex plug-in for IOCage jails. Without them, you could get Plex itself to communicate over the network but it wouldn't ever download cover art or movie descriptions.)

One problem I've had with it, that I haven't figured out a solution for yet, is that it seems to be configured to save its temporary "session" lock files under a "tmp" folder underneath /usr/local/www/nextcloud. As long as those are there, the auto-updater fails to do any pending updates for Nextcloud, complaining the "tmp" folder fails the file integrity check.

I'm so new to Nextcloud, I'm not sure if there's a place in it where you can configure where it puts these temp files? Or would this require recompiling the whole thing from source to make that change?

 

[kingtj]

Just following up to say I solved this issue!

The trick is editing /usr/local/etc/php-fpm.conf and modifying the default path for:

php_admin_value[session.save_path]

I set it to use /usr/local/www/nextcloudtemp instead of /usr/local/www/nextcloud/tmp and then created the new nextcloudtemp folder in that location, granting ownership to www.

The auto-updater successfully upgraded NextCloud from v4.01 to v4.03 for me after I made this change and restarted its jail.

 

[H3ll3r]

Thanks! I had the same issue and changing the session.save_path, *and* deleting the /usr/local/www/nextcloud/tmp directory, got it going a bit further.

But in my case, it fails at the next step, saying that it doesn't have write permission on pretty much all files in /usr/local/www/nextcloud/updater/../*

Looking at the file system, most of these files / folders are owned by root, except a few directories such as apps, config, data which are owned by www.
I was wondering if yours is the same?

 

[kingtj]

Yes, you're correct. I neglected to mention that step.

I had to go in to the shell and "chown -R www:www /usr/local/www/nextcloud" to give the www user permissions to that whole folder and the subfolders and files underneath it.
And additionally, yes, you have to delete that original "tmp" folder and any contents in it once you've gotten it running with the session.save_path properly modified.

Now, the only challenge I've got left is figuring out how to make nextcloud work via https protocol (port 443) instead of only on the regular web http port 80, like they've preconfigured it in this plug-in.

By reading through other tutorials designed for nextcloud setups in other environments (such as Ubuntu Linux), I was able to piece together that I needed to install the "certbot" package first. (This worked for me by issuing the following command:
"pkg install py27-certbot".)

When that installation completed, it showed several lines of notes about optional plug-in packages available. One was for the nginx web server, and the other was for apache web server. This configuration of nextcloud runs nginx as its web server instead of apache, so I went ahead and did the pkg install command to download the nginx plug-in it referenced. (I believe the benefit that gives me is the ability to run certbot to request a new cert, or to update an existing one, without having to shut down nextcloud first. The nginx plug-in seems to let it communicate THROUGH the nginx web server that's already hosting the nextcloud pages.)

To run certbot to make your SSL certificate, you do this:

certbot certonly -d yourdomain.com

It asks to confirm some terms of service stuff, asks you for an email address you can be reached at, and then proceeds to make a new SSL certificate for you using the free "letsencrypt" provider.

They seem to wind up in /usr/local/etc/letsencrypt/live once they're generated, inside a folder named with the domain name you specified.

That's about as far as I've gotten so far. (Well, except for setting up port forwarding on my router so both 80 and 443 point to my jail's IP running nextcloud.)

Thanks! I had the same issue and changing the session.save_path, *and* deleting the /usr/local/www/nextcloud/tmp directory, got it going a bit further.

But in my case, it fails at the next step, saying that it doesn't have write permission on pretty much all files in /usr/local/www/nextcloud/updater/../*

Looking at the file system, most of these files / folders are owned by root, except a few directories such as apps, config, data which are owned by www.
I was wondering if yours is the same?

 

[H3ll3r]

Thanks for the info! I'll go try the chown now. I thought about doing that before but was afraid of messing the whole thing up. Happy to see it should work!

I had the same issue with making it work with SSL.
I installed acme.sh as described here: https://github.com/Neilpang/acme.sh
I didn't come across the certbot package info, and that was likely what was missing... because no matter how I tried, I couldn't get the acme.sh script to work in nginx mode. It would always time out during the verification. I ended up being able to get it to work with one of its DNS modes (I used dynu.com, which is free and has an API I was able to get to work). I wasted time beforehand with noip (not supported by acme.sh) and freedns (only works if you own the top level domain).

With dynu, the commands were:
setenv Dynu_ClientId "<ID provided by Dynu API>"
setenv Dynu_Secret "<Secret key provided by Dynu API>"
acme.sh --issue --dns dns_dynu -d my.domain.com

Then I had to edit /usr/local/etc/nginx/conf.d/nextcloud.conf
and just below the listen 80; entry, add:
listen 443 ssl;
server_name my.domain.com;
ssl_certificate /root/.acme.sh/my.domain.com/my.domain.com.cer;
ssl_certificate_key /root/.acme.sh/my.domain.com/my.domain.com.key;

 

[OdyMan]

Yes, you're correct. I neglected to mention that step.

I had to go in to the shell and "chown -R www:www /usr/local/www/nextcloud" to give the www user permissions to that whole folder and the subfolders and files underneath it.
And additionally, yes, you have to delete that original "tmp" folder and any contents in it once you've gotten it running with the session.save_path properly modified.

Now, the only challenge I've got left is figuring out how to make nextcloud work via https protocol (port 443) instead of only on the regular web http port 80, like they've preconfigured it in this plug-in.

By reading through other tutorials designed for nextcloud setups in other environments (such as Ubuntu Linux), I was able to piece together that I needed to install the "certbot" package first. (This worked for me by issuing the following command:
"pkg install py27-certbot".)

When that installation completed, it showed several lines of notes about optional plug-in packages available. One was for the nginx web server, and the other was for apache web server. This configuration of nextcloud runs nginx as its web server instead of apache, so I went ahead and did the pkg install command to download the nginx plug-in it referenced. (I believe the benefit that gives me is the ability to run certbot to request a new cert, or to update an existing one, without having to shut down nextcloud first. The nginx plug-in seems to let it communicate THROUGH the nginx web server that's already hosting the nextcloud pages.)

To run certbot to make your SSL certificate, you do this:

certbot certonly -d yourdomain.com

It asks to confirm some terms of service stuff, asks you for an email address you can be reached at, and then proceeds to make a new SSL certificate for you using the free "letsencrypt" provider.

They seem to wind up in /usr/local/etc/letsencrypt/live once they're generated, inside a folder named with the domain name you specified.

That's about as far as I've gotten so far. (Well, except for setting up port forwarding on my router so both 80 and 443 point to my jail's IP running nextcloud.)

How did you get "pkg install py27-certbot " to work?


On mine it said:

root@nextcloud:~ # pkg install py27-certbot
Updating iocage-plugins repository catalogue...
iocage-plugins repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'py27-certbot' have been found in the repositories

 

[samuel-emrys]

How did you get "pkg install py27-certbot " to work?


On mine it said:

root@nextcloud:~ # pkg install py27-certbot
Updating iocage-plugins repository catalogue...
iocage-plugins repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'py27-certbot' have been found in the repositories

You need to switch to the FreeBSD repository. This error message indicates you're using the iocage-plugins repository, which does not contain the certbot pkg. I provide some brief instructions on switching in this post.