Resource icon

Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

xames

Patron
Joined
Jun 1, 2020
Messages
235
Results again:

Code:
PHP Fatal error: Allowed memory size of 1073741824 bytes exhausted (tried to allocate 266240 bytes) in /usr/local/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php on line 133
 

xames

Patron
Joined
Jun 1, 2020
Messages
235
This solution on nextcloud forums, but i don't know how to apply.

This is what fixed it for me, the -d memory_limit=-1

me@server:/var/www/nextcloud$ sudo -u www-data php -d memory_limit=512M ./cron.php

or actually what I was initially after …

me@server:/var/www/nextcloud$ sudo -u www-data php -d memory_limit=-1 ./occ db:add-missing-indices

A very frustrating experience. Now to deal with the “A background job is pending that checks for user imported SSL certificates” problem

and this
Try to enable apc.enable_cli=1 in /etc/php/8.0/cli/conf.d/20-apcu.ini. After I added that line to the file occ worked and the memory didn't get filled anymore.
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
i only found memory_limit, memory_size inside php.ini cannot found.
Yes, my bad. Use that if you have not already.
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
PHP Fatal error: Allowed memory size of 1073741824 bytes exhausted
It says that it needs more than 1G. My Nextcloud installation is running fine with 1024M. Try 2G ...
 

danieltik

Cadet
Joined
Apr 22, 2021
Messages
2
Hi danb35,

I have encountered some errors using your install script new version for Nextcloud 20, and I would appreciate any help.

I need to point out that this is the second time I am using it. First time, it was more than 6 months ago with version 19, when it all worked like a charm, and still running stable. My system is a Freenas 11.3-U5 installed on bare metal HP proliant microserver Gen10 with 32GB of ECC RAM. I am trying to install a second instance on the same freenas host, using a bridgevlan interface with different JAIL_NAME and POOL_PATH and all goes perfectly, until at some point, pretty close to the end of install script, I see a bunch of Redis exception, connection refused thrown messages starting with the redis part, and after, install script reports that install ended successfully. However, when trying to access the https staging url, once continued with staging untrusted certificate, all I have is an internal server error. I have attached the specific part in the nextcloud log. The Redis errors are quite a few all the way until the Successfully removed mount from fstab and final Install complete messages followed by the database Information and credentials tables.
 

Attachments

  • nextcloud.log.txt
    793 bytes · Views: 241

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
I'd merged a PR to "fix" the Redis configuration--apparently it didn't actually fix it. I've reverted that--if you update the script (change to its directory and run git pull), it should now work.
 

cellardoor

Dabbler
Joined
Jul 21, 2017
Messages
25
redis is ok now.
But now I have:
Fehlercode: SSL_ERROR_INTERNAL_ERROR_ALERT
and it is impossible for me to log in because the browser cannot make a save connection.
Is it me or is it the script?
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
Fehlercode: SSL_ERROR_INTERNAL_ERROR_ALERT
That sounds like a problem with Caddy, most likely in its obtaining a certificate. Inside the jail, what's in /var/log/caddy.log?
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
So I'm looking a little further into the Redis issue, and it's a little bit of a head-scratcher. I'd merged a PR a few days ago that told Nextcloud to use Redis. That caused problems with the install script because those commands happened a little too early, so I reverted it, and now installation completes successfully again.

But it should work--after all, Redis is installed and running in the jail; it should be doing something useful. So I moved those couple of lines down a little bit in the script, and now installation completes without errors--but Nextcloud itself isn't accessible; it gives an "internal server error". So taking a look at nextcloud.log (and using jsonformatter.org to make its 6000-character lines readable), I see this:
1619195061160.png

OK, it's a permissions problem on redis.sock. So I check its permissions:
Code:
root@nextcloud:/var/run/redis # ll -h
total 1
-rw-r--r--  1 redis  redis     6B Apr 23 07:09 redis.pid
srwxrwx---  1 redis  redis     0B Apr 23 07:09 redis.sock=

Readable only by the redis user and group. What user is php running as?
Code:
root@nextcloud:/var/run/redis # ps aux | grep php
root  34424  0.0  0.5 256024  45056  -  SsJ  07:09   0:00.57 php-fpm: master process (/usr/local/etc/php-fpm.conf) (php-fpm)
www   34425  0.0  0.9 269784  78692  -  SJ   07:09   0:01.36 php-fpm: pool www (php-fpm)
www   34426  0.0  0.8 258556  65180  -  SJ   07:09   0:00.17 php-fpm: pool www (php-fpm)
root  37756  0.0  0.0  11512   2840  0  S+J  09:03   0:00.00 grep php

It's running as the www user. Is that user part of the redis group?
Code:
root@nextcloud:/var/run/redis # groups www
www redis

Indeed it is. So where's the problem?

Now, I can set permissions on redis.sock to 777, and it works just fine. That's what I'd done in earlier versions of the script, but it really isn't ideal from a security perspective. But it does prove that access to this socket is the problem. But why?

Php-fpm is running as the www user, which is a member of the redis group, so it should have access to the socket. Caddy is running as root (necessary for it to bind to ports 80 and 443). So what else is trying to access that socket?
 

cellardoor

Dabbler
Joined
Jul 21, 2017
Messages
25
Without generating any ssl certificate, it is working for me.
I am able to log in.
So it might be possible that the problem is only on my side and a sign that
MY configuration is broken.
 
Last edited:

danieltik

Cadet
Joined
Apr 22, 2021
Messages
2
Well, thanks a lot danb35!
The fix made it so it was successfully install all the way. Caddy for Letsencrypt works also. Just taken out from the staging phase and all looks good! Yaay!!! I now have two instances in separate VLANs ...one for my wife and her colleagues and one for me.

What I have been reading in trying to figure out on my own..is that Redis does not have very well written documentation yet. Maybe this is the reason for those memcaching errors. I have also noticed that it points to some access denied errors so I was thinking the same, maybe permission issues....

Anyway, thanks again!!!
 

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
Updating to 12.2U3 broke my nextcloud behind a reverse proxy. After doing a git pull to update both the nextcloud and caddy scripts. I tried to destroyed the jails and re ran the scripts. Still no luck. I have a backup of the nextcloud so I decided to see if I could wipe my nextcloud data and do a fresh install. Still not working when going to the IP of the nextcloud jail I get.
Code:
This site can’t be reached 192.168.5.81 refused to connect.
My caddy.log file from the nextcloud jail.
Code:
{"level":"info","ts":1619349985.0317822,"msg":"using provided configuration","config_file":"/usr/local/www/Caddyfile","config_adapter":"caddyfile"}
{"level":"info","ts":1619349985.0342257,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1619349985.0344737,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0003cec40"}
{"level":"info","ts":1619349985.046344,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}
{"level":"warn","ts":1619349985.0643094,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"}
2021/04/25 07:26:25 Note: NSS support is not available on your platform
2021/04/25 07:26:25 define JAVA_HOME environment variable to use the Java trust
{"level":"error","ts":1619349985.0644894,"logger":"pki.ca.local","msg":"failed to install root certificate","error":"trust not supported","certificate_file":"storage:pki/authorities/local/root.crt"}
{"level":"info","ts":1619349985.0646603,"logger":"tls","msg":"cleaned up storage units"}
{"level":"info","ts":1619349985.0647213,"msg":"autosaved config","file":"/.config/caddy/autosave.json"}
{"level":"info","ts":1619349985.0647376,"msg":"serving initial configuration"}
Successfully started Caddy (pid=10826) - Caddy is running in the background
{"level":"info","ts":1619349996.5769763,"msg":"not implemented","signal":"SIGHUP"}
root@cloud:~ # cat /var/log/caddy.log
{"level":"info","ts":1619349985.0317822,"msg":"using provided configuration","config_file":"/usr/local/www/Caddyfile","config_adapter":"caddyfile"}
{"level":"info","ts":1619349985.0342257,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1619349985.0344737,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0003cec40"}
{"level":"info","ts":1619349985.046344,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}
{"level":"warn","ts":1619349985.0643094,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"}
2021/04/25 07:26:25 Note: NSS support is not available on your platform
2021/04/25 07:26:25 define JAVA_HOME environment variable to use the Java trust
{"level":"error","ts":1619349985.0644894,"logger":"pki.ca.local","msg":"failed to install root certificate","error":"trust not supported","certificate_file":"storage:pki/authorities/local/root.crt"}
{"level":"info","ts":1619349985.0646603,"logger":"tls","msg":"cleaned up storage units"}
{"level":"info","ts":1619349985.0647213,"msg":"autosaved config","file":"/.config/caddy/autosave.json"}
{"level":"info","ts":1619349985.0647376,"msg":"serving initial configuration"}
Successfully started Caddy (pid=10826) - Caddy is running in the background
{"level":"info","ts":1619349996.5769763,"msg":"not implemented","signal":"SIGHUP"}


Here is my config file.
Code:
JAIL_IP="192.168.5.81"
DEFAULT_GW_IP="192.168.5.1"
#JAIL_INTERFACES="vnet0"
JAIL_NAME="cloud"
POOL_PATH="/mnt/v1"
TIME_ZONE="America/New_York"
HOST_NAME="cloud.xxxxxxxxxx.com"
DNS_CERT=0
STANDALONE_CERT=0
CERT_EMAIL="xxxxxxxx@gmail.com"
DATABASE="mariadb"
VNET="on"
TEST_CERT="--staging"
TYPE_CERT="--webroot"
C_NAME="US"
ST_NAME="xxxxxxx"
L_NAME="xxxxx"
O_NAME="xxxx"
OU_NAME="xxxx"
EMAIL_NAME="xxxxx@gmail.com"
NO_CERT=1
USE_BASEJAIL="-b"


I assume I should get nextcloud working first and then look at the reverse proxy?
BTW I have a redirect line in my pfsense router resolver that redirects cloud.xxxxxxxx.com to 192.168.5.83 the IP of the caddy RP jail.
 

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
dan35 btw when you clone the github there are no execute permissions on nextcloud-jail.sh by default. Must have gotten messed up when you fixed the master branch. You have to run chmod +x nextcloud-jail.sh as a temporary fix.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
I assume I should get nextcloud working first and then look at the reverse proxy?
I'd think so, and I guess the first thing to check is whether Caddy's actually running in your jail. But you have a lot of options in your config file that just aren't supported (and never have been) by this script. They shouldn't hurt anything, but I have to wonder where they came from.
 
Top