Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

[BestRaider]

Hi to all,,
After i install the script ...i can't connect to my host it's showing error ERR_CONNECTION_REFUSED on all browsers that I've tried
I have also forwarded ports 443 and 80 to the local Jail IP address.
Here my config file

JAIL_IP="192.168.1.50"
DEFAULT_GW_IP="192.168.1.1"
POOL_PATH="/mnt/Evelin"
TIME_ZONE="Europe/Bucharest"
HOST_NAME="example.host.ro"
STANDALONE_CERT=1

And also attached the caddy log

 

[danb35]

run: adapting config using caddyfile: parsing caddyfile tokens for 'email': /usr/local/www/Caddyfile:4 - Error during parsing: Wrong argument count or unexpected line ending after 'email'

You need to either provide an email address, or delete (or comment out) the line in the Caddyfile that's specifying the email address. In the jail, edit /usr/local/www/Caddyfile to do this. Then service caddy restart.

 

[BestRaider]

You need to either provide an email address, or delete (or comment out) the line in the Caddyfile that's specifying the email address. In the jail, edit /usr/local/www/Caddyfile to do this. Then service caddy restart.

Thank you very much ..that did the trick

 

[BestRaider]

One more thing.... How to change http to https redirect ...for example when i type in the browser example.domain.com ... a have to put https:// in front otherwise the browser sends ERR_CONNECTION_TIMED_OUT

 

[danb35]

I've updated the script and README to explain the requirement for CERT_EMAIL in the config file, and to enforce it in the script.

a have to put https:// in front otherwise the browser sends ERR_CONNECTION_TIMED_OUT

That doesn't sound right--is that happening from inside your LAN, or ourside?

 

[BestRaider]

I've updated the script and README to explain the requirement for CERT_EMAIL in the config file, and to enforce it in the script.


That doesn't sound right--is that happening from inside your LAN, or ourside?

Both inside and outside LAN

I also notice after the script install there is this error :

crontab: /mnt/includes/www-crontab: Permission denied
Command: crontab /mnt/includes/www-crontab failed!

i believe that's the reason that I'm getting this error in Web GUI on Security & setup warnings :

• Last background job execution ran 1 hour ago. Something seems wrong. Check the background job settings

and also

• The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.

this last one i can't find the file to input the module ( I've tried .htaccess but no succes).
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>

Thanks again,Dan

 

[danb35]

Both inside and outside LAN

What does your domain name (example.domain.com in the example you used above) resolve to inside your LAN?

crontab: /mnt/includes/www-crontab: Permission denied

I've seen this before, but it's intermittent and I haven't been able to track down the cause--and yes, it would be causing the issue you're seeing. To fix it, first enter the jail with iocage console nextcloud. Then edit www's crontab with EDITOR=nano crontab -u www -e. Paste in the following:

Code:

*/5 * * * * /usr/local/bin/php -f /usr/local/www/nextcloud/cron.php

Save and exit.

The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds.

This is addressed in the README:

 

[BestRaider]

This is addressed in the README:

My bad ...i wasn't paying attention ...now the error is gone.

Code:
*/5 * * * * /usr/local/bin/php -f /usr/local/www/nextcloud/cron.php

It's not working ..I've tried to edit with nano editor ..and it opens 2 files one named "crontab" and one "www"
I put the code in both ...but no luck because i run " # crontab -u www -l" for verification ..and the result "crontab: no crontab for www"
I've run also ls -l for finding the owner and it shows that owner is root .
I also tried to run nano crontab -u root - e i've edited the 2 file as mentioned ...but the same error occurs.

What does your domain name (example.domain.com in the example you used above) resolve to inside your LAN?

No ....the domain name is for connection from outside ( it's paired with my external ip ) ..also is the only way to connect to Nextcloud cause is cert.
My answer from above was mislead .

 

[danb35]

run nano crontab -u root - e i've edited the 2 file as mentioned

No, that won't work. I was thinking of a bash-ism, forgetting that the default shell in the jail is csh. Do this instead:

Code:

setenv EDITOR nano
crontab -u www -e

Then paste in the line I mentioned above.

the domain name is for connection from outside

That's a problem. Once again, this is discussed in the README:

If you fix this, it should work from inside your network. The problem you're seeing is likely that your ISP blocks port 80.

 

[BestRaider]

Code:
setenv EDITOR nano
crontab -u www -e

Perfect ...it works setting nano as default ..solve the problem

If you fix this, it should work from inside your network. The problem you're seeing is likely that your ISP blocks port 80.

No... my port are fine the port 80 is open ....this is not the problem ....i just want to redirect the example.domain.com to https://example.domain.com
For the first time when input the address for the first time in a new browser .....otherwise if already use the address in browser...the browser cache it...
and next time when you input example.domain.com .....it goes to secure https

 

[danb35]

i just want to redirect the example.domain.com to https://example.domain.ro

Caddy does that for you automatically. But in order for it to do that, it has to receive the HTTP connection on port 80. The "ERR_CONNECTION_TIMED_OUT" shows that that isn't happening.

 

[BestRaider]

Caddy does that for you automatically. But in order for it to do that, it has to receive the HTTP connection on port 80. The "ERR_CONNECTION_TIMED_OUT" shows that that isn't happening

I've modify the protocol on port 80 from TCP/UDP ..only TCP (i don't if that matter very much ) but now on example.domain.com (http)
i get this message from nginx "Welcome to nginx!, Thank you for using nginx."

 

[danb35]

Nginx has nothing to do with this script; sounds like you're running it as a reverse proxy. I'm afraid I can't help you there.

Edit: as an aside, this is why I recommend having the hostname resolve directly to the jail's internal IP address when inside your network--that would tend to avoid these kinds of problems.

 

[BestRaider]

Nginx has nothing to do with this script; sounds like you're running it as a reverse proxy. I'm afraid I can't help you there.

Edit: as an aside, this is why I recommend having the hostname resolve directly to the jail's internal IP address when inside your network--that would tend to avoid these kinds of problems.

that's what i was thinking also ..but it doesn't bother me much ...at least is working after the first input of the URL ...for the moment it's ok
Thanks you for the much needed support Dan

 

[danb35]

Merged a PR that enables APC for the PHP command-line. This is reported to help with "out of memory" errors when running CLI tasks like the cron task or any occ command.

 

[xames]

Can i change the default nextcloud port on client? i have a redirect on port 80 throught 800 and port 443 throught 4430, internally goes normal but external i want to syncronize with alternative ports because i have webserver using 80 and 443 on port redirect. Is posible?

 

[wxlsxn]

Not sure if it's been discussed but I was able to successfully migrate my previous Nextcloud installation to this one with minimal work.

Old install was based on Joshua Parker Ruehlig's popular Nextcloud thread:
https://www.truenas.com/community/threads/how-to-owncloud-using-nginx-php-fpm-and-mysql.17786/

If anyone is interested, I'll post my procedure.

 

[Aephir]

Sorry if this has been answered, I didn't find anything about it when searching the thread (this might be closing in on at least the reason I have, but had no answer).

Has anyone tried modifying the script to completely remove caddy? I tried what I thought would work, but I just end up breaking the script. And if this has been done, could someone point me to that version, and tell me what port the jail would serve nextcloud on (local_ip:port)?

 

[danb35]

Has anyone tried modifying the script to completely remove caddy?

Not to my knowledge, and since Caddy is the web server for this version I wouldn't see the value of such. The amount of manual work involved in removing Caddy and replacing it with a different web server would probably be more than just installing from scratch with whatever other server you had in mind.

 

[Aephir]

I wouldn't see the value of such.

OK, fair enough. The reason I ask is that I have a different machine running all my other services (web site, home assistant, octoprint, dokuwiki, deconz, VMs, etc.) via nginx, so no need for caddy. That server also used to run nextcloud, but for various reasons, it made sense to move it to the TrueNAS system.

Having zero experience with freebsd, an install script seemed nice (since I haven't been able to get the nextcloud plugin working when I move the config, themes, database to a different dataset). I guess I'll look over the script and see if I can gather what needs to be done manually instead. It's nicely commented, so thanks for that :)