Resource icon

Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

InGenetic

Contributor
Joined
Dec 18, 2013
Messages
183
service php-fpm restart
service php-fpm restart
yes, i did
i have to go to iocage console nextcloud first .

root@freenas[/freenas-iocage-nextcloud]# iocage console nextcloud
Last login: Tue Nov 30 20:58:19 on pts/2
FreeBSD 11.3-RELEASE-p6 (FreeNAS.amd64) #0 r325575+d5b100edfcb(HEAD): Fri Feb 21 18:53:26 UTC 2020

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories: https://www.FreeBSD.org/security/
FreeBSD Handbook: https://www.FreeBSD.org/handbook/
FreeBSD FAQ: https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums: https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with: pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed: freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages: man man
FreeBSD directory layout: man hier

Edit /etc/motd to change this login announcement.
root@nextcloud:~ # service php-fpm restart
Performing sanity check on php-fpm configuration:
[09-Dec-2021 22:21:53] NOTICE: configuration file /usr/local/etc/php-fpm.conf te st is successful

Stopping php_fpm.
Waiting for PIDS: 26041.
Performing sanity check on php-fpm configuration:
[09-Dec-2021 22:21:53] NOTICE: configuration file /usr/local/etc/php-fpm.conf te st is successful

Starting php_fpm.
root@nextcloud:~ #

Thanks n regards,
 
Last edited:

xiSlickix

Dabbler
Joined
Feb 5, 2014
Messages
47
So I have an early install (May 2019) that's been going strong. This was a pre-Caddy deployment, so I believe Apache was the underlying web server used at that time. In light of the recent Log4J vulnerability, I went looking throughout the various systems I manage. On my Nextcloud instance I see Log4J exsits.

[root@nextcloud ~]# find / -name "log4j*" /usr/ports/devel/log4j /usr/ports/sysutils/graylog/files/log4j2.xml.in [root@nextcloud ~]#

Seems I may be affected here, though trying Huntress lab's vulnerability check against my log in screen (username and password fields) was unsuccess in tripping the vulnerability.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,466
/usr/ports/devel/log4j /usr/ports/sysutils/graylog/files/log4j2.xml.in
Those are ports; they just contain Makefiles to install log4j; they don't indicate that it's actually installed (earlier versions of this script installed the entire FreeBSD ports tree, but once again that doesn't install the underlying software).
 

Ivolve

Dabbler
Joined
Oct 13, 2015
Messages
20
I have been using the nextcloud installation for quite a while now. It has run very well untill recently I started noticing 2 problems:
1. I cannot see the log anymore in the nextcloud setting
2. I can no longer update nextcloud

Since I can no longer see the log in the gui i downloaded it from /var/log/nextcloud. It seems to have a problem with guzzlehttp or something.

I found something about a certificate in /mnt/files/files_external so i downloaded that from: /mnt/JAILS_SSD/iocage/jails/nextcloud/root/mnt/files/files_external. I attatched that as extra info cause I could not spot any obvious problem here but I am far from being an expert.

Is there anyone with a clue on how to fix this?
 
Last edited:

Ivolve

Dabbler
Joined
Oct 13, 2015
Messages
20
Additional (noob) question, I changed the contents of /usr/local/etc/pkg/repos/FreeBSD.conf to FreeBSD: {url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest. I'm not quite sure if this is what I wanted. I think this file is not in the initial installation, is it? Can I simply delete the file?
 

xiSlickix

Dabbler
Joined
Feb 5, 2014
Messages
47
And I am seeing probes against this NextCloud instance in /var/log from all over.

Those are ports; they just contain Makefiles to install log4j; they don't indicate that it's actually installed (earlier versions of this script installed the entire FreeBSD ports tree, but once again that doesn't install the underlying software).
Thanks for the clarification! I can take this one off the list.
 

xiSlickix

Dabbler
Joined
Feb 5, 2014
Messages
47
In general, between the Nextcloud updater and the occasional pkg upgrade, you should be fine. Where that won't help you is when there's a major transition, like from Apache to Caddy a couple of years back, or from Caddy1 to Caddy2 recently. It also won't upgrade Caddy, since that's built from source.

"Destroy jail, update script, reinstall jail over existing data" will give the most comprehensive update, but it's probably a bit extreme for regular use.

So In attempting to update php I've rather hosed an (admittedly) outdated NC 19 deployment. This was originally setup on version 15 or 16, with an older version of your script. Apache is the web server and it seems to be hanging on an expired Let's Encrypt CA.

So, I thought, let's just rerun the script. Then I noticed the dataset layout recommendations have changed a bit. Can you give some guidance on what I should add / modify so rerunning the script will pull in my data cleanly? I recognize I may need to reference an older version of NC for the install to not screw up database structure, and then upgrade in place from there.

Thanks!
 

Attachments

  • dataset layout.png
    dataset layout.png
    61.2 KB · Views: 164

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,466
According to this thread, you can move a dataset using the zfs rename command. So here's what I'd probably do:
  • Stop your current jail, and take a snapshot of it.
  • Create datasets nextcloud, nextcloud/config, and nextcloud/themes
  • Copy the nextcloud config file into nextcloud/config, and any contents of the themes directory into nextcloud/themes
  • From the CLI, zfs rename Rotational/db Rotational/nextcloud/db
  • Likewise, zfs rename Rotational/files Rotational/nextcloud/files
  • Your paths will now match the script defaults. You should be able to run the script with NEXTCLOUD_VERSION set to 19 in the config file. Set the jail name to something different, just in case this borks something.
 

Ivolve

Dabbler
Joined
Oct 13, 2015
Messages
20
Hi DanB,

So i have been investigating a little bit further. The main problem is the certificate, if I fix this and clear the log I'm confident it will work again. I found this thread on the nextcloud forum:


It says some certificate expired on 30.09.2021.

Some guy says:

15 dagen later

nsalleron
10 nov.

Hi,
with a Nextcloud 21.0.4 jail installation on a TrueNas server i had to replace the jail file
/etc/ssl/cert.pem
here are the commands:
jls 1 sh
sudo su
mv /etc/ssl/cert.pem /etc/ssl/cert.pem.bkp
curl https://curl.se/ca/cacert.pem >> /etc/ssl/cert.pem

hope this help!
As I mentioned I'm a noob so I wanted to double check if I should do this.
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
There has been a major messup with a root certificate change by Letsencrypt. Rather well planned and executed, but they did not take into account how many outdated client systems might be out there. OTOH this only hits you if you have an outdated root certificate cache. So @Ivolve, what version of FreeNAS/TrueNAS are you running and what version of FreeBSD is your Nextcloud jail?
 

Ivolve

Dabbler
Joined
Oct 13, 2015
Messages
20
There has been a major messup with a root certificate change by Letsencrypt. Rather well planned and executed, but they did not take into account how many outdated client systems might be out there. OTOH this only hits you if you have an outdated root certificate cache. So @Ivolve, what version of FreeNAS/TrueNAS are you running and what version of FreeBSD is your Nextcloud jail?
Yes, this is indeed what I found. My nextcloud version is still on 20.0.12 and my freenas jail is on 11.2.

So is the above method a good way to update the certificate mess up or are there other preferred methods to get my installation up-to-date?
 

xiSlickix

Dabbler
Joined
Feb 5, 2014
Messages
47
According to this thread, you can move a dataset using the zfs rename command. So here's what I'd probably do:
  • Stop your current jail, and take a snapshot of it.
  • Create datasets nextcloud, nextcloud/config, and nextcloud/themes
  • Copy the nextcloud config file into nextcloud/config, and any contents of the themes directory into nextcloud/themes
  • From the CLI, zfs rename Rotational/db Rotational/nextcloud/db
  • Likewise, zfs rename Rotational/files Rotational/nextcloud/files
  • Your paths will now match the script defaults. You should be able to run the script with NEXTCLOUD_VERSION set to 19 in the config file. Set the jail name to something different, just in case this borks something.
Super helpful info, thanks.

First try no go - looks like this... (log attached)
Lots of python errors it would seem.


JAIL_IP="192.168.13.13"
DEFAULT_GW_IP="192.168.13.1"
INTERFACE="igb0"
VNET="off"
POOL_PATH="/mnt/Rotational"
JAIL_NAME="nextcloudv2"
TIME_ZONE="America/New_York"
HOST_NAME="my.fqdn.com"
DATABASE="mariadb"
STANDALONE_CERT=1
DNS_CERT=0
SELFSIGNED_CERT=0
NO_CERT=0
NEXTCLOUD_VERSION=19
CERT_EMAIL="admin@fqdn.com"
 

Attachments

  • dataset layout - updated.png
    dataset layout - updated.png
    57.7 KB · Views: 157
  • nextcloud.log.txt
    5 KB · Views: 152

Ivolve

Dabbler
Joined
Oct 13, 2015
Messages
20
The information provided by Patrick led me to this thread. After this nextcloud let me update my instance from 20.0.12 to 20.0.14. After that I was able to update to 21.0.7.But i noticed there were still quite some error messages in the log caused by the upgrade:

Error: Cannot modify header information - headers already sent by (output started at /usr/local/www/nextcloud/lib/private/legacy/OC_EventSource.php:118) at /usr/local/www/nextcloud/lib/private/User/Session.php#1008

nextcloud errors.png
 

Attachments

  • nextcloud.zip
    12.3 KB · Views: 130

Ivolve

Dabbler
Joined
Oct 13, 2015
Messages
20
Ok so i have manged to upgrade nextcloud now. I am getting the log entries during the upgrade but no longer in regular use. But now I'm running into the next problem, at the overview page It's saying:

Last background job execution ran 2 days ago. Something seems wrong. Check the background job settings ↗.

I kind of feel like this is turing out to be one big shitshow where I am running from one error to the next. As this is the most busy time of the year for me I kinda think i should give up and just move everything to onedrive...
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,466
This is an easy fix. Enter the jail with iocage console nextcloud. Then edit the www user's crontab with setenv EDITOR nano; su -m www -c 'crontab -e'. For its contents, enter */5 * * * * /usr/local/bin/php -f /usr/local/www/nextcloud/cron.php
 

xiSlickix

Dabbler
Joined
Feb 5, 2014
Messages
47
According to this thread, you can move a dataset using the zfs rename command. So here's what I'd probably do:
  • Stop your current jail, and take a snapshot of it.
  • Create datasets nextcloud, nextcloud/config, and nextcloud/themes
  • Copy the nextcloud config file into nextcloud/config, and any contents of the themes directory into nextcloud/themes
  • From the CLI, zfs rename Rotational/db Rotational/nextcloud/db
  • Likewise, zfs rename Rotational/files Rotational/nextcloud/files
  • Your paths will now match the script defaults. You should be able to run the script with NEXTCLOUD_VERSION set to 19 in the config file. Set the jail name to something different, just in case this borks something.

so I've performed the reinstall, but somewhere along the lines I goofed on the database.
When I tried to initially run the script it threw an error stating it could not find a "mariadb" folder in a specific location. There was a mysql folder in that location. I know overtime the directory name references between mysql and mariadb have gotten a bit messy, so I copied the mysql folder and renamed it 'mariadb' and the script ran fine from there.

The script properly recognized this was a reinstall and I was able to provide my old DB credentials at the Nextcloud setup screen.

Despite the script mentioning that it detected that this is a reinstall, I have a "blank" Nextcloud. The application / webserver run, but I do not have any of my previous data. I can navigate to cd /mnt/Rotational/nextcloud/files/ and see my users and their data.

Any recommendations on getting the correct database in use?
 

Ivolve

Dabbler
Joined
Oct 13, 2015
Messages
20
This is an easy fix. Enter the jail with iocage console nextcloud. Then edit the www user's crontab with setenv EDITOR nano; su -m www -c 'crontab -e'. For its contents, enter */5 * * * * /usr/local/bin/php -f /usr/local/www/nextcloud/cron.php
Hi Dan,

Thanks for the reply but this is already the contents of the cron file.
 
Joined
Jul 23, 2017
Messages
34
I have been using a Caddy v1 version of the jail for a couple of years. Is there a guide how to upgrade to the newer one, to take care of the newer config (like .well-known), PHP 7.4 etc? I would like to keep my Nextcloud config as-is, because it is working well. Many thanks!
 
Top