Resource icon

Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
wonder where they came from.
Probably let over from when I ran a different script. Caddy was running. Made some progress got nextcloud to do a clean install. Had to comment out the overwrite.cli.url and overwritehost lines from the config.php to get it to run. My data is from version 20.0.4 so I think I have to install that version in order to restore my data. Change to FILE variable #FILE="latest-${NEXTCLOUD_VERSION}.tar.bz2" FILE="nextcloud-20.0.4.tar.bz2"
but getting errors dropping the old DB
Code:
Dropping old Nextcloud DB...
ERROR 1045 (28000): Access denied for user 'nextcloud'@'localhost' (using password: YES)
Done

Creating new DB for Nextcloud...
ERROR 1045 (28000): Access denied for user 'nextcloud'@'localhost' (using password: YES)
Done

Restoring backup DB...
ERROR 1045 (28000): Access denied for user 'nextcloud'@'localhost' (using password: YES)
Done

Will keep working on it and then move on to getting your caddy reverse proxy working with it again.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
Joined
Jan 4, 2014
Messages
1,644
Having recently completed my server migrations from FreeNAS 11.3-U5 to TrueNAS 12.0-U3, I then progressively upgraded all jails from FreeBSD 11.3 to 12.2. My Nextcloud jail, built using this resource, was the last jail I migrated. I thought it might be useful to provide some feedback of my experience for others considering updating their Nextcloud jail.

First, a context...

I haven't used the latest version of this script. I probably used a version of this resource's script post the Caddy v1 to v2 changeover. My Nextcloud version prior to the jail upgrade was 20.0.9. My Nextcloud jail sits behind a separate Caddy reverse proxy so I used the NO_CERT option when I originally ran the script. This is a copy of the nextcloud-config that I used.
Code:
JAIL_IP="10.1.1.29"
DEFAULT_GW_IP="10.1.1.1"
POOL_PATH="/mnt/tank"
TIME_ZONE="Australia/Perth"
HOST_NAME="cloud.udance.com.au"
NO_CERT=1
DB_PATH="/mnt/tank/apps/nextcloud/db"
FILES_PATH="/mnt/tank/apps/nextcloud/files"
CONFIG_PATH="/mnt/tank/apps/nextcloud/config"
THEMES_PATH="/mnt/tank/apps/nextcloud/themes"
PORTS_PATH="/mnt/tank/portsnap"


Next, the jail upgrade...

Of all my jails, I left the Nextcloud jail upgrade to last as I wasn't sure what to expect and I feared there would be complications as the Nextcloud ecosystem is complex with lots of package dependencies. Fortunately, my fears were unfounded.

For jail upgrades, I used PuTTY to SSH into the server. All commands were issued in a terminal session.
  1. Stop the jail iocage stop nextcloud.
  2. Take a copy of the jail, just in case I needed to revert back iocage export nextcloud.
  3. Upgrade the jail OS iocage upgrade nextcloud -r 12.2-RELEASE. This will take some time to complete.
  4. Start the jail iocage start nextcloud.
  5. Enter the jail iocage console nextcloud.
  6. Upgrade packages pkg upgrade. This will also take some time to complete, though not as long as the jail OS upgrade.
  7. Upgrade MariaDB mariadb-upgrade -p root.
  8. Exit the jail exit.
  9. Restart the jail iocage restart nextcloud.
From a browser window (fingers crossed!), I was able to access my Nextcloud without any issue whatsoever. My Nextcloud version remains at 20.0.9. Nextcloud 21 is still in the beta channel for me so I guess I'll wait a while longer before upgrading to it.
 
Last edited:

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
I thought it might be useful to provide some feedback of my experience for others considering updating their Nextcloud jail.
Appreciate your workflow, unfortunately 1 week to late for me. My nextcloud jail broke after the upgrade to 12.2U3 and my backup wouldn't reinstall. I had to copy the files from the backup to the nextcloud files directory and then run the occ command to scan the files. Couldn't access the NC install via IP or FQDN without commenting out the overwriteprotocol and overwrite.cli.url from the config.php. Now no access thru the FQDN just the IP address.

With the caddy jail not working for NC it gave me the excuse to try HA Proxy on my pfsense router. Got it working giving NC an https with the lock symbol but only locally on my network. From the internet I can't ping the FQDN. Any thoughts on what to look for?
 
Joined
Jan 4, 2014
Messages
1,644

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
From the internet I can't ping the FQDN.
If you can't ping from the Internet, that's going to depend on your router, and it may be normal--my pfSense router doesn't respond to pings from the Internet either.
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
You need a real domain name and a fixed IP address or a dynamic DNS provider. Then you can use Letsencrypt, either built in to Caddy or with e.g. Dehydrated and Nginx (which is what I use). Dehydrated is essentially install and go - trivial to setup.
 

Titch1987

Cadet
Joined
May 12, 2021
Messages
5
Hello.
I had to redo nextcloud and with the current plug in rained I found your guide. Which is great. However I do have 2 small issues which may be linked:

1 - where would the config file be to edit trusted domains (there may have been an error on the config file I made ).

2 - I did the install last night. Doing a self signed cert. After completing I went to access the GUI on jail internal IP and got (again last night so going off memory) ssl error internal error alert.

Am I correct in reading in previous comments that you cannot connect through internal ip? Only through domain? If so then I would just need to edit the trusted domains.

IF I am supposed to be able to enter the nextcloud GUI through jail internal IP then I dunno what went wrong here.
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
where would the config file be to edit trusted domains
In the jail, it's at /usr/local/www/nextcloud/config/config.php
Am I correct in reading in previous comments that you cannot connect through internal ip?
Pretty much--Caddy is serving a hostname, not an IP address.
 

Titch1987

Cadet
Joined
May 12, 2021
Messages
5
In the jail, it's at /usr/local/www/nextcloud/config/config.php

Pretty much--Caddy is serving a hostname, not an IP address.

Thank you both for the reply. I'll edit the trusted domains once I get home from work. Hopefully this will resolve my issue *fingers crossed*
 

xames

Patron
Joined
Jun 1, 2020
Messages
235
I have thes warnings on admin overview:

not resolving your server "/.well-known/webfinger".
and the same with /.well-known/nodeinfo" and "default_phone_region"

How i can resolve? Thanks.
 

MZRR

Cadet
Joined
Jul 7, 2019
Messages
7
I have thes warnings on admin overview:
not resolving your server "/.well-known/webfinger".
and the same with /.well-known/nodeinfo" and "default_phone_region"

You need to edit your caddy configuration (nano /usr/local/www/Caddyfile) as follows:
# client support (e.g. os x calendar / contacts)
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
redir /.well-known/webfinger /index.php/.well-known/webfinger 301
redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301

Make sure to remove the exisiting webfinger part and to stop / start your caddy service.


The 'default_phone_region' needs to be set in your config.php (nano /usr/local/www/nextcloud/config/config.php):
'default_phone_region' => 'DE',
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
These should be set already, right?
Make sure to remove the exisiting webfinger part
There is no existing webfinger part, which is apparently one of the issues--perhaps that's new with NC21.
 

MZRR

Cadet
Joined
Jul 7, 2019
Messages
7
I did my installation with NC 19 and had a broken webfinger part. Yes, carddav and caldav where already set, too.

Thank you for your work and commitment, danb35!
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
Strange, I can't repeat this. I just did a clean installation with NC21 and the default Caddyfile, which reads in relevant part:
Code:
        }

        redir /.well-known/carddav /remote.php/dav 301
        redir /.well-known/caldav /remote.php/dav 301

        # .htaccess / data / config / ... shouldn't be accessible from outside


When I log in, the only warnings I'm seeing are:
1621089522785.png


If I add the two suggested lines, it doesn't seem to hurt anything, but I'm not getting the warnings mentioned to begin with.

Now, the default phone region is another question, and that's likely something I'll be able to add to the script easily enough. To fix it on an existing installation, from the FreeNAS shell prompt, run iocage exec nextcloud su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set default_phone_region --value="US"' (replacing US with your two-letter country code).
 

xames

Patron
Joined
Jun 1, 2020
Messages
235
Ok i resolve the region, but not the other two, i cannot find nothing about webfinger inside caddyfile.
 

curtmoore

Cadet
Joined
May 18, 2021
Messages
1
I know a little, but I can't seem to guess the rest...

I have used the most recent version of the script. I've gone thru all of log files in /var/log and don't see any issues. I also did not have any errors while the script was installing. However, when I try to go to NextCloud using the local IP address assigned, I get Error code: SSL_ERROR_INTERNAL_ERROR_ALERT.

When I try to access NextCloud from my Host name, the connection times out. I figured I should handle accessing NextCloud via the local IP address and then try to figure out connecting outside my network using cloudflare.

I have run the "iocage exec nextcloud /root/remove-staging.sh" command and still cannot connect. I have also forwarded ports 443 and 80 to the local Jail IP address.

My apologies if I have not provided enough information or communicated the issue effectively. This is my first time posting on a discussion board. If I need to be lined out, I can probably take it.

Here's my nextcloud-config:

JAIL_IP="192.168.0.203"
DEFAULT_GW_IP="192.168.0.1"
POOL_PATH="/mnt/tank"
TIME_ZONE="America/Chicago"
HOST_NAME="www.curtmoore.net"
DNS_CERT=1
DNS_PLUGIN=cloudflare
DNS_TOKEN="REDACTED"
CERT_EMAIL="moorecurt@icloud.com"

I've also attached the caddy.log file.
 

Attachments

  • caddy.log.txt
    9 KB · Views: 188

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
when I try to go to NextCloud using the local IP address
The installation from the script is not designed or expected to work when accessing via the IP address. You need to make sure that your hostname resolves to the internal ip address of your jail on your LAN.
 
Top