Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.
Resource icon

Scripted installation of Nextcloud 19 in iocage jail 2018-03-23

wavesswe

Junior Member
Joined
Dec 2, 2020
Messages
20
What Nextcloud CLI commands are you running, and why?
as off now when i get spammed with this i dont run anything but i think its the cron.php causing this. earlier when i have seen this problem is when i locally moved alot of files in to a user and did a rescan of files.


EDIT:

I just saw that i had put the
*/10 * * * * php /usr/local/www/nextcloud/occ preview:pre-generate in the crontab system"etc/crontab". i now added it via "crontab -u www -e" or should this not effect?

i dont know if this is run as cli or web

EDIT 2:

its CLI, just got this after the change "Allowed memory size of 134217728 bytes exhausted (tried to allocate 1826816 bytes) at /usr/local/www/nextcloud/lib/private/legacy/OC_Image.php#649 " so changing it back. so its clearly the www cli that need more than 128M and i cant find where to increase it

Eidit 3.

Sorry for spam. I now se that it have probably never run because when i try from cli to run:
php /usr/local/www/nextcloud/occ preview:pre-generate
i promtps me to run as www. so it should be in the www crontab and now it a bigger problem in that case
 
Last edited:

wavesswe

Junior Member
Joined
Dec 2, 2020
Messages
20
as off now when i get spammed with this i dont run anything but i think its the cron.php causing this. earlier when i have seen this problem is when i locally moved alot of files in to a user and did a rescan of files.


EDIT:

I just saw that i had put the
*/10 * * * * php /usr/local/www/nextcloud/occ preview:pre-generate in the crontab system"etc/crontab". i now added it via "crontab -u www -e" or should this not effect?

i dont know if this is run as cli or web

EDIT 2:

its CLI, just got this after the change "Allowed memory size of 134217728 bytes exhausted (tried to allocate 1826816 bytes) at /usr/local/www/nextcloud/lib/private/legacy/OC_Image.php#649 " so changing it back. so its clearly the www cli that need more than 128M and i cant find where to increase it

Eidit 3.

Sorry for spam. I now se that it have probably never run because when i try from cli to run:
php /usr/local/www/nextcloud/occ preview:pre-generate
i promtps me to run as www. so it should be in the www crontab and now it a bigger problem in that case

Edit 4.

i think i solved a work around at least. i havent had any warnings in 20+min now. before they where every 5 / 10 min. i added
memory_limit=1G /usr/local/www/nextcloud/occ preview:pre-generate
memory_limit=1G -f /var/www/nextcloud/cron.php

in the cron.
 

LordPando

Newbie
Joined
Jan 12, 2021
Messages
1
Hi everyone, I've been trying to find an answer but I don't think I understand. I have installed nextcloud correctly. I have purchased a FQDN and set up (hopefully correctly) the DNS via cloudflare. I modified etc/hosts so that the FQDN points to the jail IP. I am able to access nextcloud from https://HOST_NAME. Everything works normally BUT I haven't figured out how to do the remote access (outside my local network). Is it possible to do it with just this script or do I have to do something else?
I definitely do other things in life and I might have missed some steps :)

these are the settings
Code:
JAIL_IP="192.168.1.XXX"
DEFAULT_GW_IP="192.168.1.XXX"
POOL_PATH="/mnt/XXXXX"
TIME_ZONE="Europe/Rome"
HOST_NAME="XXXXXX.xyz"
DNS_CERT=1
DNS_PLUGIN="cloudflare"
DNS_TOKEN="XXXXXXXXX"
CERT_EMAIL="XXXXXXX@gmail.com"

this is the caddy log
Code:
Successfully started Caddy (pid=24050) - Caddy is running in the background
{"level":"info","ts":1610576266.0714552,"logger":"tls.obtain","msg":"lock acquired","identifier":"burnedpalace.xyz"}
{"level": "info", "ts":1610576266.0905328, "logger": "tls.issuance.acme", "msg": "waiting on internal rate limiter", "identifiers":["burnedpalace.xyz"]}
{"level": "info", "ts":1610576266.0906112, "logger": "tls.issuance.acme", "msg": "done waiting on internal rate limiter", "identifiers":["burnedpalace.xyz"]}
{"level": "info", "ts":1610576268.6415346, "logger": "tls.issuance.acme.acme_client", "msg": "trying to solve challenge", "identifier": "burnedpalace.xyz", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1610576284.0642955,"logger":"tls.obtain","msg":"will retry","error":"[burnedpalace.xyz] Obtain: [burnedpalace.xyz] solving challenges: waiting for solver *certmagic.DNS01Solver to be ready: checking DNS propagation>.
{"level": "info", "ts":1610576345.3277524, "logger": "tls.issuance.acme.acme_client", "msg": "validations succeeded; finalizing order", "order": "https://acme-staging-v02.api.letsencrypt.org/acme/order/17461564/220609565"}
{"level": "info", "ts":1610576346.7117436, "logger": "tls.issuance.acme.acme_client", "msg": "successfully downloaded available certificate chains", "count":2, "first_url": "https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa54a66310baa589>
{"level": "info", "ts":1610576346.7123878, "logger": "tls.issuance.acme", "msg": "waiting on internal rate limiter", "identifiers":["burnedpalace.xyz"]}
{"level": "info", "ts":1610576346.7124574, "logger": "tls.issuance.acme", "msg": "done waiting on internal rate limiter", "identifiers":["burnedpalace.xyz"]}
{"level": "info", "ts":1610576347.7839518, "logger": "tls.issuance.acme.acme_client", "msg": "trying to solve challenge", "identifier": "burnedpalace.xyz", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1610576357.6998992,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-v02.api.letsencrypt.org/acme/order/109414159/7297095096"}
{"level": "info", "ts":1610576358.6930654, "logger": "tls.issuance.acme.acme_client", "msg": "successfully downloaded available certificate chains", "count":2, "first_url": "https://acme-v02.api.letsencrypt.org/acme/cert/03f9e753b8e82617cb5baa85>
{"level": "info", "ts":1610576358.6939416, "logger": "tls.obtain", "msg": "certificate successfully obtained", "identifier": "burnedpalace.xyz"}
{"level":"info","ts":1610576358.693978,"logger":"tls.obtain","msg":"releasing lock","identifier":"burnedpalace.xyz"}
{"level": "info", "ts":1610619466.091817, "logger": "tls", "msg": "cleaned up storage units"}
{"level":"info","ts":1610635374.751547,"logger":"http.log.access","msg":"handled request","request":{"remote_addr":"192. 168.1.156:57071","proto":"HTTP/2.0","method":"GET","host":"192.168.1.137","uri":"/","headers":{"User-Agent":["Mozill>
{"level":"info","ts":1610635374.8719957,"logger":"http.log.access","msg":"handled request","request":{"remote_addr":"192. 168.1.156:57071","proto":"HTTP/2.0","method":"GET","host":"192.168.1.137","uri":"/favicon.ico","headers":{"Referer">
{"level":"info","ts":1610635378.9645216,"logger":"http.log.access","msg":"handled request","request":{"remote_addr":"192. 168.1.156:57071","proto":"HTTP/2.0","method":"GET","host":"192.168.1.137","uri":"/","headers":{"Accept-Language":[">
{"level": "error", "ts":1610635390.9789357, "logger": "http.handlers.reverse_proxy", "msg": "aborting with incomplete response", "error": "http2: stream closed"}
 

danb35

Wizened Sage
Joined
Aug 16, 2011
Messages
11,877
BUT I haven't figured out how to do the remote access (outside my local network).
That's going to be a function of your router--you'd need to forward ports 80 and 443 to your Nextcloud jail. And if you have a dynamic IP address, you'll need to come up with a way to update your DNS records when your IP address changes.
 
Joined
Jan 15, 2021
Messages
5
I installed with the script many times and each time I get the same problem.
I get "ERR_SSL_PROTOCOL_ERROR " from browser both internal ip, hostname or external domain.
I use TrueNAS-12.0-U1
My domain has its nameserver point to cloudflare and has dns-o-matic auto update the ip.
I am using DNS only in cloudflare, but i tried turning on the proxy icon and it does not change anything.

Here is my config
Code:
JAIL_IP="192.168.1.114"

DEFAULT_GW_IP="192.168.1.1"

POOL_PATH="/mnt/Disk2_6TB/AppData"

TIME_ZONE="America/Toronto"

HOST_NAME="xxx.xyz"

DNS_CERT=1

DNS_PLUGIN="cloudflare"

DNS_TOKEN="xxx"

CERT_EMAIL="abc@xxx.xyz"


And here is part of the caddy.log. It just repeating having the same error.
{"level":"info","ts":1610729193.9171922,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"xxx.xyz","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1610729195.0712128,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"xxx.xyz","challenge_type":"dns-01","error":"no memory of presenting a DNS record for xxx.xyz (probably OK if presenting failed)"}
{"level":"error","ts":1610729195.1618423,"logger":"tls.obtain","msg":"will retry","error":"[xxx.xyz] Obtain: [xxx.xyz] solving challenges: presenting for challenge: adding temporary record for zone xxx.xyz.: got error status: HTTP 403: [{Code:9109 Message:Invalid access token}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/17539050/221731997) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":6,"retrying_in":1200,"elapsed":1212.263813501,"max_duration":2592000}
 

danb35

Wizened Sage
Joined
Aug 16, 2011
Messages
11,877
{Code:9109 Message:Invalid access token}
This looks like it would be your problem. Confirm that you're using an API Token (not the global API key), and that it has the appropriate permissions.
 
Joined
Jan 15, 2021
Messages
5
This looks like it would be your problem. Confirm that you're using an API Token (not the global API key), and that it has the appropriate permissions.
I logged into cloudflare and it seems that I cannot view the existing token, so i rolled it.
Now I have no idea how to update the nextcloud with the new token. :(
I checked in the caddyfile, but there is nothing like token in there.
Sorry. i am very new to this.

Here is the api token setting from cloudflare. Is this right?
apitoken.jpg

apitoken.jpg
 

danb35

Wizened Sage
Joined
Aug 16, 2011
Messages
11,877
I checked in the caddyfile, but there is nothing like token in there.
There should be. It'd be in a section like this:
Code:
    tls {
        dns cloudflare api_token
    }


Where "api_token" represents the token itself. If you've generated a new token, you'll need to change it in the Caddyfile. The permissions you show above look correct.
 
Joined
Jan 15, 2021
Messages
5
There should be. It'd be in a section like this:
Code:
    tls {
        dns cloudflare api_token
    }


Where "api_token" represents the token itself. If you've generated a new token, you'll need to change it in the Caddyfile. The permissions you show above look correct.
Thanks!
Now I can reach the login page from external domain name, but I still cannot reach it from my internal hostname or jail ip.
Is there a way to fix it?
 
Joined
Jan 15, 2021
Messages
5
For some reason, I have to port forward 443 to the jail ip to work.
Isnt there a reverse proxy?
Also, in cloudflare, should I enable the proxy or dns only?
 

danb35

Wizened Sage
Joined
Aug 16, 2011
Messages
11,877
Joined
Jan 15, 2021
Messages
5
I'd hope you'd know your network better than mine--this script certainly doesn't install one.

I don't know that it much matters--very little will be cached there in any event.
Thanks for the reply. I read more and realize reverse proxy is not part of the script. My mistake.
I think I will use dns only in cloudflare for now. I tried to turn on the proxy and it stopped working.
Big help! Thanks.
 

InGenetic

Member
Joined
Dec 18, 2013
Messages
132
Hi mr.danb35,

I just create new nextcloud on other place, using your script, and i create forwarding port 80 and 443 from router to nextcloud freenas machine, it's work .

I can access this nextcloud from internet, but i can't access to this nextcloud from internal lan,

I try using domain name and ip public address, and also using nextcloud lan ip, but still can't access.

Please advice
 
Last edited:

Patrick M. Hausen

Dedicated Sage
Joined
Nov 25, 2013
Messages
2,767
I can access this nextcloud from internet, but i can't access to this nextcloud from internal lan,
I try using domain name and ip public address, and also using nextcloud lan ip, but still can't access.
This is probably a problem with your home router not permitting traffic originating on the "inside" to loop back to the "outside", i.e. your public IP address. You should check with that router's documentation first.

If that does not get you anywhere, we would need more information. Precise error message you are seeing, logfiles of the webserver in your Nextcloud installation, ...
 

InGenetic

Member
Joined
Dec 18, 2013
Messages
132
This is probably a problem with your home router not permitting traffic originating on the "inside" to loop back to the "outside", i.e. your public IP address. You should check with that router's documentation first.

If that does not get you anywhere, we would need more information. Precise error message you are seeing, logfiles of the webserver in your Nextcloud installation, ...
yes Patrick , i think the problem from my router configuration , i'm using mikrotik using 2 WAN dan 1 LAN (seem like PCC but not fail over) , and from IP address WAN 2 setting port forward to my nextcloud port
we can access it from internet but can not accessible from LAN it self, i try to ping from lan ip to WAN2 IP address it's not reply .
i dunno how to figure it out , or maybe there's another way for my LAN IP can connect to my nextcloud using LAN IP ?
the situation here :

1. LAN IP can't ping WAN 2 IP Public Address
2. LAN IP can ping to LAN IP of my nextcloud server,

please advice.
 

InGenetic

Member
Joined
Dec 18, 2013
Messages
132
yes Patrick , i think the problem from my router configuration , i'm using mikrotik using 2 WAN dan 1 LAN (seem like PCC but not fail over) , and from IP address WAN 2 setting port forward to my nextcloud port
we can access it from internet but can not accessible from LAN it self, i try to ping from lan ip to WAN2 IP address it's not reply .
i dunno how to figure it out , or maybe there's another way for my LAN IP can connect to my nextcloud using LAN IP ?
the situation here :

1. LAN IP can't ping WAN 2 IP Public Address
2. LAN IP can ping to LAN IP of my nextcloud server,

please advice.
hi mr.danb35,

at last , i move my freenas with nextcloud inside to another router , which has public address and set port forwarding from public address to ip lan for port : 80 and 443 , and then i changed A record IP address of my nextcloud domain name to the new public ip address, also lan IP

and please correct me if i am wrong :

if i changed my lan IP and my public IP address, what i have done is change my nextcloud config ,

<?php
$CONFIG = array (
'passwordsalt' => 'BhkLKHks3HQSp5jaToBL2VrXa/FMhd',
'secret' => 'AabTW+XLdtiA75o5wWCcEuprrzg5WyPxcnLm1EMaA2a8v1P3',
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'cloud.mydomain.com', <-- still the same name
2 => '192.168.10.12', <-- before 192.168.100.12
3 => '2xx.1xx.2x.xxx', <--- before 2xx.1xx.2x.yyy

is that right ? is any other setting that i have to change ?

please advice.


Regards,
 

Patrick M. Hausen

Dedicated Sage
Joined
Nov 25, 2013
Messages
2,767
@InGenetic Sirry, you will have to find someone who knows this mikrotik router since this is clearly not a TrueNAS problem and probably not even a Nextcloud one. Your chances of competent help are probably much higher in the mikrotik forum ...
 

danb35

Wizened Sage
Joined
Aug 16, 2011
Messages
11,877
3 => '2xx.1xx.2x.xxx', <--- before 2xx.1xx.2x.yyy
I don't think this should be there--you shouldn't ever be accessing your Nextcloud installation using its public IP address.
 

xames

Member
Joined
Jun 1, 2020
Messages
156
When i try to put on maintenance mode on it says that:

su -m www -c 'php /usr/local/www/nextcloud/occ maintenance:mode --on'

No such file or directory
 

Patrick M. Hausen

Dedicated Sage
Joined
Nov 25, 2013
Messages
2,767
su -m www -c '/usr/local/bin/php /usr/local/www/nextcloud/occ maintenance:mode --on'
 
Top