Resource icon

Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

victort

Guru
Joined
Dec 31, 2021
Messages
951
On the reverse proxy warning, see:
Anything I need to be worried about for now?

As I understand, the reverse proxy I only so you can run multiple instances behind your reverse proxy using the same DNS name on each with different paths like

cloud.domain.com/nextcloud
cloud.domain.com/owncloud
Etc
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
Anything I need to be worried about for now?
Not that I know of--AFAICT, it's an overly-aggressive warning. The "stock" scripted installation doesn't use a reverse proxy at all.
As I understand, the reverse proxy I only so you can run multiple instances behind your reverse proxy
There are a number of purposes for a reverse proxy; a more common one would be to run multiple applications behind the proxy, and it's probably more common to run them with different DNS names. For example, I run HAProxy on my pfSense router, and I run Ombi and Bitwarden inside my LAN. HAProxy proxies traffic to those two systems by hostname--ombi.domain or bitwarden.domain, respectively. But there are lots of ways it could be done.
 
Joined
May 24, 2022
Messages
1
Hi,

The script worked beautifully. Thank you very much.

I want to expose this with a reverse proxy, namely nginx since i am already using that for plex. However, i'm having issues with getting this to work.
When i access https://cloud.mydomain.com i am greeted by a single blank page, no error in the nginx logs either.

I was wondering if i may have to tweak some of the config.php parameters that are set by this script?

Also, has anyone gotten nginx reverse proxy to work with this nextcloud installation?

Here is my nextcloud conf:
Code:
server {
    server_name cloud.domain.com;

    access_log /var/log/nginx/cloud.access.log;
    error_log /var/log/nginx/cloud.error.log;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/cloud.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/cloud.domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot

    ssl_trusted_certificate /etc/letsencrypt/live/cloud.domain.com/chain.pem; # managed by Certbot
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot

    client_max_body_size 0;
    underscores_in_headers on;

    location / {
        proxy_headers_hash_max_size 512;
        proxy_headers_hash_bucket_size 64;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        add_header Front-End-Https on;
        proxy_pass http://cloud.domain.home;

        proxy_redirect  off;
        proxy_buffering off;

        proxy_http_version 1.1;
        proxy_set_header Upgrade    $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_pass_header Authorization;
        proxy_request_buffering off;
        client_max_body_size 0;
        proxy_read_timeout  36000s;
        proxy_ssl_session_reuse off;

        fastcgi_param HTTPS on;
        fastcgi_param REQUEST_SCHEME https;
    }

    location /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
    }

    location /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav;
    }
}

server {
    if ($host = cloud.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name cloud.domain.com;
}


config.php:

Code:
<?php
$CONFIG = array (
  'passwordsalt' => 'redacted',
  'secret' => 'redacted',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'cloud.domain.home',
    2 => '192.168.1.55',
    3 => 'cloud.domain.com',
  ),
  'trusted_proxies' => ['192.168.1.30'],
  'datadirectory' => '/mnt/files',
  'dbtype' => 'mysql',
  'version' => '23.0.5.1',
  'overwrite.cli.url' => 'https://cloud.domain.com/',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost:/tmp/mysql.sock',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'redacted',
  'installed' => true,
  'instanceid' => 'oc466uj5ogz0',
  'logtimezone' => 'Europe/Stockholm',
  'default_phone_region' => 'SE',
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'loglevel' => '2',
  'logrotate_size' => '104847600',
 
 

victort

Guru
Joined
Dec 31, 2021
Messages
951
For some reason, when I reinstall the script on top of an existing data structure, I can’t bring up the instance. It just says connection refused.

I have not changed anything. I tried to upgrade to OS 13.1-RELEASE yesterday, and it didn’t seem to work, so I deleted the old jail, and installed the script again.
It is now not working at all.

Any ideas?
 

victort

Guru
Joined
Dec 31, 2021
Messages
951
For some reason, when I reinstall the script on top of an existing data structure, I can’t bring up the instance. It just says connection refused.

I have not changed anything. I tried to upgrade to OS 13.1-RELEASE yesterday, and it didn’t seem to work, so I deleted the old jail, and installed the script again.
It is now not working at all.

Any ideas?
Commenting out the line
format single_field common_log

Gets me to the page but with Internal Server Error.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
format single_field common_log
That line shouldn't be there any more--can you update the script before you run it again (git pull)? As to the internal server error, check the server logs--start with /var/log/caddy/caddy.log.
 

victort

Guru
Joined
Dec 31, 2021
Messages
951
We’re do i
That line shouldn't be there any more--can you update the script before you run it again (git pull)? As to the internal server error, check the server logs--start with /var/log/caddy/caddy.log.
How do I download the caddy file for upload. And how to upload.

I have looked through and nothing seems amiss.

Perhaps you could look through it.
 
Last edited:

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456

victort

Guru
Joined
Dec 31, 2021
Messages
951
Tail

Code:
{"level":"info","ts":1653496076.389043,"logger":"admin","msg":"admin endpoint st                                                                                arted","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//127.0                                                                                .0.1:2019","//localhost:2019","//[::1]:2019"]}
{"level":"info","ts":1653496076.3894901,"logger":"tls.cache.maintenance","msg":"                                                                                started background certificate maintenance","cache":"0xc00040efc0"}
{"level":"warn","ts":1653496076.3898542,"logger":"tls","msg":"stapling OCSP","er                                                                                ror":"no OCSP stapling for [nextcloud.ca]: no OCSP server specified                                                                                 in certificate"}
{"level":"info","ts":1653496076.3899279,"logger":"http","msg":"skipping automati                                                                                c certificate management because one or more matching certificates are already l                                                                                oaded","domain":"nextcloud.ca","server_name":"srv0"}
{"level":"info","ts":1653496076.3899484,"logger":"http","msg":"enabling automati                                                                                c HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1653496076.3910935,"logger":"tls","msg":"cleaning storage u                                                                                nit","description":"FileStorage:/var/db/caddy/data/caddy"}
{"level":"info","ts":1653496076.3911846,"logger":"tls","msg":"finished cleaning                                                                                 storage units"}
{"level":"info","ts":1653496076.3911924,"msg":"autosaved config (load with --res                                                                                ume flag)","file":"/var/db/caddy/config/caddy/autosave.json"}
{"level":"info","ts":1653496076.391235,"msg":"serving initial configuration"}
Successfully started Caddy (pid=83611) - Caddy is running in the background


Not sure what happened with the spaces there…

cat caddy.log

Code:
{"level":"info","ts":1653414083.749438,"msg":"using provided configuration","config_file":"/usr/local/www/Caddyfile","config_adapter":"caddyfile"}
run: adapting config using caddyfile: parsing caddyfile tokens for 'log': /usr/local/www/Caddyfile:11 - Error during parsing: getting module named 'caddy.loggin                                                    g.encoders.single_field': module not registered: caddy.logging.encoders.single_field
start: caddy process exited with error: exit status 1
{"level":"info","ts":1653496076.385186,"msg":"using provided configuration","config_file":"/usr/local/www/Caddyfile","config_adapter":"caddyfile"}
{"level":"info","ts":1653496076.389043,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//127.0                                                    .0.1:2019","//localhost:2019","//[::1]:2019"]}
{"level":"info","ts":1653496076.3894901,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00040efc0"}
{"level":"warn","ts":1653496076.3898542,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [nextcloud.ca]: no OCSP server specified                                                     in certificate"}
{"level":"info","ts":1653496076.3899279,"logger":"http","msg":"skipping automatic certificate management because one or more matching certificates are already l                                                    oaded","domain":"nextcloud.ca","server_name":"srv0"}
{"level":"info","ts":1653496076.3899484,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1653496076.3910935,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/db/caddy/data/caddy"}
{"level":"info","ts":1653496076.3911846,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1653496076.3911924,"msg":"autosaved config (load with --resume flag)","file":"/var/db/caddy/config/caddy/autosave.json"}
{"level":"info","ts":1653496076.391235,"msg":"serving initial configuration"}
Successfully started Caddy (pid=83611) - Caddy is running in the background


As I can tell the only error is the caddy.log… module not registered.
 
Last edited:

Aephir

Dabbler
Joined
Apr 25, 2021
Messages
47
Thanks a lot for this, I've been using for a while now, but I think I've managed to break something with PHP, and can no longer access UI (one of the many 502's I've found reported). I was looking into just starting over, and have a suggestion:

It would be really useful (at least to me, but likely also to others?) if the README.md had a section on "reinstalling". What to be aware of, what information/files to save (I know from last time that I need to find database passwords, for one), what can and cannot be retained in a re-install (e.g. can you retain Nextcloud users and their login credentials?) and stuff like that.

I've found a lot of this info from searching around (both in readme and elsewhere), but having it a bit more explicitly described in a dedicated section in the actual documentation would, I think, be really helpful. I'm always worried there's something I've missed when I come to this point (and there often is!).

Also, minor point, but still useful I think, a table of contents for the readme would be really nice, since it is a bit longer than a screen can fit (something like this?)

[EDIT]: I just did a re-install, and have made a couple of suggestions in github issues (and I made a version you can use, if you'd like), (1) the table of contents, and (2) a small section on rebuilding/reinstalling. It was pretty painless but I, for one, would be a lot more comfortable having this information in the readme :)
 
Last edited:

victort

Guru
Joined
Dec 31, 2021
Messages
951
Thanks a lot for this, I've been using for a while now, but I think I've managed to break something with PHP, and can no longer access UI (one of the many 502's I've found reported). I was looking into just starting over, and have a suggestion:

It would be really useful (at least to me, but likely also to others?) if the README.md had a section on "reinstalling". What to be aware of, what information/files to save (I know from last time that I need to find database passwords, for one), what can and cannot be retained in a re-install (e.g. can you retain Nextcloud users and their login credentials?) and stuff like that.

I've found a lot of this info from searching around (both in readme and elsewhere), but having it a bit more explicitly described in a dedicated section in the actual documentation would, I think, be really helpful. I'm always worried there's something I've missed when I come to this point (and there often is!).

Also, minor point, but still useful I think, a table of contents for the readme would be really nice, since it is a bit longer than a screen can fit (something like this?)

[EDIT]: I just did a re-install, and have made a couple of suggestions in github issues (and I made a version you can use, if you'd like), (1) the table of contents, and (2) a small section on rebuilding/reinstalling. It was pretty painless but I, for one, would be a lot more comfortable having this information in the readme :)
All good ideas.

You actually only need to run
Code:
git pull
from the freenas-iocage-nextcloud directory to update the repo.

Also, I have never been able to successfully reinstall it except once.
But maybe this is because the times I’ve reinstalled was when the server quit working.

I’ll see what danb35 says about the caddy log I posted.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
I’ll see what danb35 says about the caddy log I posted.
I don't see any obvious errors there either. Next place to look would be in the Nextcloud access log or in the Nextcloud log itself.
 

victort

Guru
Joined
Dec 31, 2021
Messages
951
I don't see any obvious errors there either. Next place to look would be in the Nextcloud access log or in the Nextcloud log itself.
The nextcloud log is empty. This might be because of a fresh install.
Where is the access log located?

This is my sub.domain.tld.log

This section just repeats.

Code:
{"level":"error","ts":1653496088.1994646,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.1.122","remote_port":"65250","proto":"HTTP/2.0","method":"GET","host":"nextcloud1.ca","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Cookie":[],"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-CA,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"101\", \"Google Chrome\";v=\"101\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Site":["none"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"nextcloud1.ca"}},"user_id":"","duration":0.201184836,"size":289,"status":500,"resp_headers":{"Status":["500 Internal Server Error"],"Content-Type":["text/plain; charset=utf-8"],"X-Powered-By":["PHP/8.0.18"],"Server":["Caddy"]}}
 
Last edited:

victort

Guru
Joined
Dec 31, 2021
Messages
951
When attempting to run occ commands, i get this

Code:
RedisException: Permission denied in /usr/local/www/nextcloud/lib/private/RedisFactory.php:132


Redis log is normal though.

The command i ran was
Code:
sudo -u www php occ app:list
from the /usr/local/www/nextcloud

When commenting out these lines

Code:
#  'memcache.local' => '\\OC\\Memcache\\APCu',
#  'memcache.distributed' => '\\OC\\Memcache\\Redis',
#  'memcache.locking' => '\\OC\\Memcache\\Redis',
#  'overwritehost' => 'nextcloud1.ca',
#  'overwriteprotocol' => 'https',

in usr/local/www/nextcloud/config/config.php

the instance has started working. But when saving the file, these lines have now disappeared from the config file. Are they important?
 
Last edited:

bobmarley

Cadet
Joined
Jun 5, 2022
Messages
1
Unsure if I'm posting in the correct section or if it should be under a new thread.
I installed nextcloud via the script which was working fine for a long time and I could even update it via the Web UI but now it keeps failing at the create back up stage.
I'm new to all this and unsure where to begin.
 

Adecarcer

Cadet
Joined
Jan 27, 2020
Messages
5
I have just installed the latest version of Nextcloud in a TrueNAS jail, using @danb35 's script. It didn't go very promising at the beginning (see below), but, for the time being, my new Nextcloud instance is running pretty well.

Thank you, danb35

Code:
Script started on Fri Apr  1 11:35:50 2022
Command: ./nextcloud-jail.sh
cannot open 'Creating': dataset does not exist
cannot open 'Creating': dataset does not exist
cannot open 'Creating': dataset does not exist
cannot open 'Creating': dataset does not exist
cannot open 'Creating': dataset does not exist
cannot open 'Creating': dataset does not exist
cannot open 'Creating': dataset does not exist
cannot open 'Default': dataset does not exist
cannot open 'configuration': dataset does not exist
cannot open 'missing,': invalid character ',' in name
cannot open 'creating': dataset does not exist
cannot open 'one': dataset does not exist
JAIL_INTERFACES not set, defaulting to: vnet0:bridge0
Fetching: 12.2-RELEASE
[...]
Hi Felipe

I'm having the same issue installing nextcloud using Dan's script. How did you solve it?

Thanks in advance
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.
This is discussed in the README. The .htaccess file won't do anything; you aren't using Apache.
Your web server is not properly set up to resolve "/.well-known/webfinger". Further information can be found in the documentation ↗.
This one and the next (and the one about the phone region, for that matter) sound like you aren't running the latest version of the script.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
I read the readme and made the required changes
What exactly did you change and how? And are you seeing all of the same errors, or only some of them?
 
Top