Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

[xames]

I have version 19.0.5, can we upgrade to new 20 version or not yet? and how.

anyone?

 

[NasKar]

They typically roll out new updates slowly to their users so as to not overwhelm their servers. 20.x will show up eventually. I just wait. If you are in a hurray you can destroy your jail and re run the script. I don't know if there is another way.

 

[Darcon11]

Hey,

That's odd but I cannot edit my own post.... Anyway I'm guessing that you meant to quote lines from my caddy.log.

Well I'll edit previous one or delete when there will be an option so it will not mess up forum page.

Ok, so made a little progress... did a fresh install with NO_CERT. And it works flawlessly on my domain. Can access nextcloud on ip is correctly redirected to domain name.
Guess it's something my Cloudflare settings... tested API_TOKEN with curl command and it works fine. Still getting below errors with DNS_CERT config:

{"level":"error","ts":1607607926.0599313,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"nextcloud.emememsy.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for nextcloud.emememsy.com (probably OK if presenting failed)"}


{"level":"error","ts":1607607926.2351258,"logger":"tls.obtain","msg":"will retry","error":"[nextcloud.emememsy.com] Obtain: [nextcloud.emememsy.com] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.nextcloud.emememsy.com\": unexpected response code 'SERVFAIL' for _acme-challenge.nextcloud.emememsy.com. (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/17032130/199659972) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":11,"retrying_in":10800,"elapsed":10814.203219561,"max_duration":2592000}

Again any help would be much appreciated.

 

[Darcon11]

Hello,

another day another progress.... Managed to solve errors from log

{"level":"error","ts":1607607926.0599313,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"nextcloud.xxxxxxxx.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for nextcloud.xxxxxxxx.com (probably OK if presenting failed)"}


{"level":"error","ts":1607607926.2351258,"logger":"tls.obtain","msg":"will retry","error":"[nextcloud.xxxxxxxx.com] Obtain: [nextcloud.xxxxxxxx.com] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.nextcloud.xxxxxxxx.com\": unexpected response code 'SERVFAIL' for _acme-challenge.nextcloud.xxxxxxxx.com. (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/17032130/199659972) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":11,"retrying_in":10800,"elapsed":10814.203219561,"max_duration":2592000}

by enabling DNSSEC in Cloudflare and adding DS to my domain registrar. This was related to Let's Encrypt and my humbly proposal is to add this info to readme file in github, maybe in Prerequisites section.

Still getting not all running. First access nextcloud through domain address ends with 522 error and there is no reference to that in caddy.log Second thing when I try to access nextcloud page with JAIL IP address, it shows blank page with following response in caddy.log:

{"level":"info","ts":1607676261.8559482,"logger":"http.log.access","msg":"handled request","request":{"remote_addr":"192.168.1.25:58858","proto":"HTTP/2.0","method":"GET","host":"192.168.1.55","uri":"/","headers":{"Cookie":["nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; oc_sessionPassphrase=rXJyCxVBnTefvi%2FQpV86lvEwFJCH1SgbUtApHCRdzeJa1kx72kidHNF2jcjRTRx1ZjuNhkPuu09JZmmEWTuuISEv9W0nbmOTXrg%2FXnMDz%2BWmg4lbQFSnq8LHKmlgx9pt; ocl4qpukl5a2=3v4mn0lhbotuuauhitk740rnr8"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Safari/605.1.15"],"Accept-Language":["pl-pl"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":""}},"common_log":"192.168.1.25 - - [11/Dec/2020:09:44:21 +0100] \"GET / HTTP/2.0\" 0 0","duration":0.000004358,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}

And now I'm lost and would appreciate any help or suggestions

 

[xames]

Do you have a redirection of DNS internal and External? internally it have to resolve internal ip and external your external ip.

Example external: 44.55.66.77.88
Example internal: 192.168.0.69

You can look it by terminal on windows or mac: nslookup dnsname.yourdomain.com

 

[xames]

They typically roll out new updates slowly to their users so as to not overwhelm their servers. 20.x will show up eventually. I just wait. If you are in a hurray you can destroy your jail and re run the script. I don't know if there is another way.

Yestarday i have updated to 19.0.6, but never say me nothing about 20.xx

 

[Darcon11]

Do you have a redirection of DNS internal and External? internally it have to resolve internal ip and external your external ip.

Example external: 44.55.66.77.88
Example internal: 192.168.0.69

You can look it by terminal on windows or mac: nslookup dnsname.yourdomain.com

here's nslookup response:

Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: nextcloud.xxxx.com
Address: 104.24.98.221
Name: nextcloud.xxxx.com
Address: 104.24.99.221
Name: nextcloud.xxxx.com
Address: 172.67.168.112

what looks odd, but im not an expert is that ok as it resolves with address 192.168.1.1 at port 53 which is my gateway. Shouldn't it show ip of jail? in my situation it's 192.168.1.55

 

[InGenetic]

Hi Mr.danb35,

How are you ? i've just build a new nextcloud on new freenas , i follow your guide .
and it's done well , i can access the my nextcloud : using my own domain and has an ip public address direct NAT forward to port 443 and 80
but, my nextcloud it seem can't get ssl from letsencrypt :

my config is like below :

how to get letsencrypt ssl right ,if the installation was done ?

Please advice,

Regards,

 

[sretalla]

how to get letsencrypt ssl right ,if the installation was done ?

Are you directing/forwarding port 80 from your router to the jail IP? and does your cloud.domain.com address point to your router's public IP?

 

[InGenetic]

Are you directing/forwarding port 80 from your router to the jail IP? and does your cloud.domain.com address point to your router's public IP?

Yes, right direct to my nextcloud ip. port 443 and port 80

you can look at the url ,

Please advice.

Regards,

 

[danb35]

From the README:

 

[InGenetic]

From the README:
View attachment 43467

so many thanks Mr.danb35

Solved now.

Regards,

 

[deltavlokkies]

Hello,

I installed the Nextcloud 3 month's ago, the cert for the ssl seems to be expired and isn't renewed auto.

How can I solve this? Did I do something wrong during the install?

 

[danb35]

the cert for the ssl seems to be expired and isn't renewed auto.

The Caddy log should show the error--in the jail, what are the contents of /var/log/caddy.log?

 

[deltavlokkies]

The Caddy log should show the error--in the jail, what are the contents of /var/log/caddy.log?

The log is actually huge, so I attached it in my reply.
Hope you can help me! :)

 

[danb35]

These errors in the log are suspicious:

Code:

2020/12/16 05:26:56 [ERROR] attempt 2: [cloud.vlokkiebox.nl] Renew: get directory at 'https://acme-staging-v02.api.letsencrypt.org/directory': Get "https://acme-staging-v02.api.letsencrypt.org/directory": dial tcp: lookup acme-staging-v02.api.letsencrypt.org on [::1]:53: read udp [::1]:33173->[::1]:53: read: connection refused -

It makes it sound like whatever's serving DNS for this jail isn't responding. What's the contents of /etc/resolv.conf in the jail?

 

[deltavlokkies]

These errors in the log are suspicious:

Code:

2020/12/16 05:26:56 [ERROR] attempt 2: [cloud.vlokkiebox.nl] Renew: get directory at 'https://acme-staging-v02.api.letsencrypt.org/directory': Get "https://acme-staging-v02.api.letsencrypt.org/directory": dial tcp: lookup acme-staging-v02.api.letsencrypt.org on [::1]:53: read udp [::1]:33173->[::1]:53: read: connection refused -

It makes it sound like whatever's serving DNS for this jail isn't responding. What's the contents of /etc/resolv.conf in the jail?

That file seems to be empty.
Only this :
# Generated by resolvconf
search local

 

[danb35]

That could be the problem. Add this line at the bottom:

Code:

nameserver 1.1.1.1

Then restart the jail and see if it works.

 

[deltavlokkies]

That could be the problem. Add this line at the bottom:

Code:

nameserver 1.1.1.1

Then restart the jail and see if it works.

That fixed the issue! Thank you so much!

 

[Darcon11]

here's nslookup response:


what looks odd, but im not an expert is that ok as it resolves with address 192.168.1.1 at port 53 which is my gateway. Shouldn't it show ip of jail? in my situation it's 192.168.1.55

Hey guys,

any thought about issue I'm experiencing? looks like only NO_CERT option works now, but it's not a solution I'd like to use...