Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

[Dellyjoe]

So atm the sever is up and running,

It is strange b/c it has my usernames and my external drives all ready maped.

Running 19.0.4 instead of 20.0.4 But seems to be working, I just have to add some mounting points and I will just about be up and running back to normal.

danb35 the only error I get that I didn't before is


Security & setup warnings
It's important for the security and performance of your instance that everything is configured correctly. To help you with that we are doing some automatic checks. Please see the linked documentation for more information.

There are some warnings regarding your setup.

• The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.

Please double check the installation guides ↗, and check for any errors or warnings in the log.

Check the security of your Nextcloud over our security scan ↗.


Joe

 

[danb35]

The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.

From the README:

 

[Dellyjoe]

From the README:
View attachment 42269

Thank you Dan,
You saved me a night of not sleeping and stress at work. Just getting my apps back on line on my nextcloud sever and then I will create a backup and be good to go !

Joe

 

[gt2416]

Hey Dan, thanks for the script worked perfectly,

Im using a sperate caddy jail as my reverse proxy so I can access my nextcloud with my FQDN/nextcloud.

To do this I am trying to get nextcloud to work locally first with internal-ip/nextcloud.

I tried setting in config.php
'overwritewebroot' => '/nextcloud', but that gives me too many redirect error
then tried
'htaccess.RewriteBase' => '/nextcloud',
then the occ maintenance:update:htaccess

but my nextcloud url stays at internal-ip/index.php not ip/nextcloud/index.php

Then I edited my nextcloud caddy file and added this under the root * blah/blah/ line I added

handle /nextcloud* {
root * /usr/local/www/nextcloud
file_server
php_fastcgi 127.0.0.1:9000 {
env front_controller_active true
}
}

This sort of works, I can access nextcloud using ip/nextcloud but nextcloud always rewrites the url back to ip without the /nextcloud base. I really dont know what else to do.

 

[arthertm]

Looks like I am still getting the cron message, any way I can fix this:

root@freenas[~]# iocage exec nextcloud crontab -u www -l
crontab: no crontab for www
Command: crontab -l failed!

Can I check if you did/how you fixed this? I have same error:

crontab: /mnt/includes/www-crontab: Permission denied
Command: crontab /mnt/includes/www-crontab failed!

My knowledge isnt great on this (previously Dans script has worked like a charm before I installed on TrueNAS 12) I believe my cert will not auto renew currently..

thank you

 

[danb35]

crontab: /mnt/includes/www-crontab: Permission denied

I'd appreciate any thoughts on this myself, as I'm not able to duplicate it under TN 12-RELEASE.

I believe my cert will not auto renew currently..

The cron job has nothing to do with cert renewal (that's handled automagically by Caddy), but rather with ongoing maintenance functions for Nextcloud. If the system's otherwise running (you can log in and everything), you can fix this manually. Enter the jail with iocage console nextcloud. Then edit the crontab with EDITOR=nano crontab -u www -e. Paste this in:

Code:

*/5 * * * * /usr/local/bin/php -f /usr/local/www/nextcloud/cron.php

Exit nano, and the crontab will be installed.

 

[danb35]

I've updated the script to install Nextcloud 20, and it's working, but there are issues with Redis. For the time being, I've disabled it. More to follow, probably.

 

[Dellyjoe]

Hello danb35 I have two interesting question, maybe you can help me understand.

1. When I reinstalled nextcloud two days ago, I didn't have to make a new user name/passwords, also the apps showed installed but really where not installed, and after disabling the app It prompted to redownload the app but interesting enough the settings were the same and I seem to have all my passwords as well, just like I left them?

How can this be I ended up wiping the whole jail and had to start over. Does this have to do with cookies? I'm able to see everything when I move to a different web browser so I'm guessing that isn't the cases any ideas?

2. When I head to the settings area and into the administration/Overview The Version of my sever is 19.0.4 and it says last time checked as this morning 10/27/2020, which I know isn't the case. The old nextcloud sever was 20.0.4 or 2.

My question to you is , why is the sever telling me that it is up to date?

Thank you for reading,
Joe

 

[danb35]

How can this be

Because all that information is stored in the database, which is outside of the jail.

The Version of my sever is 19.0.4 and it says last time checked as this morning 10/27/2020, which I know isn't the case.

Could be--there's often a bit of a delay before a major version upgrade is available through the built-in updater.

 

[Dellyjoe]

Because all that information is stored in the database, which is outside of the jail.

So I thank you for building this into your build, this made my life really easy, and now moving forward if I ever have to rebuild again It really isn't that big of a deal.

Could be--there's often a bit of a delay before a major version upgrade is available through the built-in updater.

Ok No problem, I will wait that isn't an issue.

Thank you again sir, I hope I can stop bothering you for a little.

Joe

 

[listhor]

Maybe it's not the right thread to ask about it but I'll try
I have noticed that after installing Maps application, browsing Nextcloud is considerably slower. After uninstalling/disabling all came back to normal.
Has anybody seen similar occurence?

 

[dimitrow]

Hello @danb35 and thanks for this scripted installation! Installed in my system two weeks ago and everything work perfect to this day. Today I noticed that my NextCloud page does not open. I checked the logs in /root/var/log but I didn't find any error message. I also checked the redirection in my router, as well as the dns records in the domain - everything is ok. (Setup is FQDN + Let's Encrypt)

I'm not very familiar with the processes here, so please direct me where to start with troubleshooting. Thanks in advance :)

 

[tebra]

Hi all, I’m back ;-)
I’m planning to install a jail to do reverse proxy and Let’s encrypt with this script https://github.com/danb35/freenas-iocage-caddy
Before doing that I have some questions :
- How to disable Let’s encrypt function in this Nextcloud jail? Just run « service caddy disable « inside the jail ?
- Is it possible to transfer my certificate from this Nextcloud jail to the new one ? If yes, how?
- I suppose it’s better to renew my dyndns directly from my ISP modem ?

Thanks

 

[danb35]

How to disable Let’s encrypt function in this Nextcloud jail?

It would take a few edits to the Caddyfile--use the Caddyfile-nossl from the script package for a template.

Just run « service caddy disable « inside the jail ?

Definitely not; Caddy is the webserver--if it isn't running, Nextcloud isn't running.

Is it possible to transfer my certificate from this Nextcloud jail to the new one ?

In theory it would be, but there's no reason to--just let the reverse proxy generate a new cert.

I suppose it’s better to renew my dyndns directly from my ISP modem ?

Or your router, if possible.

 

[tebra]

It would take a few edits to the Caddyfile--use the Caddyfile-nossl from the script package for a template.

Definitely not; Caddy is the webserver--if it isn't running, Nextcloud isn't running.

In theory it would be, but there's no reason to--just let the reverse proxy generate a new cert.

Or your router, if possible.

Thank you for your answers.
One more question : My Nextcloud jail is still working with caddy v1. Is it a problem ? Caddyfile-nossl template is a good exemple for caddy v1 ?

 

[danb35]

Caddyfile-nossl template is a good exemple for caddy v1 ?

The one with the version of the script you currently have should be.

 

[G8One2]

Would it be possible to add a DHCP option to the script?

 

[danb35]

Would it be possible to add a DHCP option to the script?

I'm sure it would be possible, but I'm not sure I see why it would be desirable. Why would you want a server running on a dynamic IP?

 

[G8One2]

Well, because my skills lack a bit in many areas and I don't always know how to go about fixing things. Running the script, would always fail due to VNET failures. So to get around that, I set a static IP in the DHCP server, which would give the jail the same IP even though DHCP was enabled. Probably not the correct way to do this, but the only reason DHCP wouldn't work with the script, was because there was no setting to enable it. It would fail the script because of DHCP errors, simply because it wasn't enabled in the jail during creation.

To clarify my situation a bit, I had recently upgraded from FreeNas 11.3 to TrueNas core. I was in process of upgrading jails when something happened and I started getting VNET failures when running the script to do a reinstall. It did work a few times at first, but I deleted the jail a few times because I was having trouble with folder permissions. So I screwed something up, idk what, which is why I was attempting to use DHCP. Yes, I know... probably the wrong way do do things, but it's how I learn. By screwing thing up lol

 

[Basil Hendroff]

DHCP IP reservation is equivalent to setting a static IP.

I suggest figuring out what the problem is. What about running the script script nextcloud.log ./nextcloud-jail.sh and then presenting your nextcloud-config and nextcloud.log redacting any sensitive information in both. Make sure you supply the details within code blocks.

While DHCP IP reservation is relatively easy to use, it is router specific, and can be problematic later if you have to change your router.