Resource icon

Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,466
There are lots of ways of installing Nextcloud on TrueNAS; this thread deals with only one of them. If you followed another guide, there may be a different thread here about it, or you could certainly start a new thread if you can't find an existing one.
 

asaayo

Dabbler
Joined
Jan 7, 2021
Messages
13
I'm getting what appears to be a weird permission issue when trying to run the script. The jail is created successfully but it fails when it tries to start mysql the first time with a permission error. Here's the output of /var/db/mysql/nextcloud.err from within the jail
Code:
2022-07-09 18:05:55 0 [Warning] You need to use --log-bin to make --binlog-format work.
2022-07-09 18:05:55 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2022-07-09 18:05:55 0 [Note] InnoDB: Uses event mutexes
2022-07-09 18:05:55 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2022-07-09 18:05:55 0 [Note] InnoDB: Number of pools: 1
2022-07-09 18:05:55 0 [Note] InnoDB: Using SSE2 crc32 instructions
2022-07-09 18:05:55 0 [ERROR] mysqld: Can't create/write to file '/tmp/ib1HVp7B' (Errcode: 13 "Permission denied")
2022-07-09 18:05:55 0 [ERROR] InnoDB: Unable to create temporary file; errno: 13
2022-07-09 18:05:55 0 [ERROR] mysqld: Can't create/write to file '/tmp/ibXk0H7e' (Errcode: 13 "Permission denied")
2022-07-09 18:05:55 0 [ERROR] InnoDB: Unable to create temporary file; errno: 13
2022-07-09 18:05:55 0 [ERROR] InnoDB: Plugin initialization aborted with error Generic error
2022-07-09 18:05:55 0 [Note] InnoDB: Starting shutdown...
2022-07-09 18:05:55 0 [ERROR] Plugin 'InnoDB' init function returned error.
2022-07-09 18:05:55 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
2022-07-09 18:05:55 0 [Note] Plugin 'FEEDBACK' is disabled.
2022-07-09 18:05:55 0 [ERROR] Unknown/unsupported storage engine: InnoDB
2022-07-09 18:05:55 0 [ERROR] Aborting


And here are the contents of my nextcloud-config

Code:
JAIL_IP="192.168.2.98"
DEFAULT_GW_IP="192.168.2.1"
POOL_PATH="/mnt/Pool/Apps"
TIME_ZONE="America/New_York"
HOST_NAME="legitfqdn.com"
DNS_CERT=1
DNS_PLUGIN="cloudflare"
DNS_TOKEN="totallylegitimatetoken"
CERT_EMAIL="me@legittfqdn.com"


And for good measure, permissions on /tmp within the jail

Code:
root@nextcloud:~ # ll /tmp
total 137512
drwxrwxrwt  2 root  wheel          2 Jul  9 18:05 .font-unix/
drwxrwxrwt  2 root  wheel          2 Jul  9 18:05 .ICE-unix/
drwxrwxrwt  2 root  wheel          2 Jul  9 18:05 .X11-unix/
drwxrwxrwt  2 root  wheel          2 Jul  9 18:05 .XIM-unix/
-rw-r--r--  1 root  wheel  140681183 Jun 20 10:51 latest-23.tar.bz2
-rw-r--r--  1 root  wheel        833 Jun 20 10:51 latest-23.tar.bz2.asc
-rw-r--r--  1 root  wheel       3100 May  2 07:02 nextcloud.asc


I assume there's something wrong with permissions at some level but I'm unsure which.
 

asaayo

Dabbler
Joined
Jan 7, 2021
Messages
13
I'm guessing you meant within the jail?
Code:
root@nextcloud:~ # ll /
total 102
-rwxr-xr-x   2 root  wheel  1089 Oct 23  2020 .cshrc*
-rwxr-xr-x   2 root  wheel   470 Oct 23  2020 .profile*
drwxr-xr-x   2 root  wheel    46 Mar 22 10:30 bin/
drwxr-xr-x  10 root  wheel    63 Mar 22 10:30 boot/
-rwxr-xr-x   1 root  wheel  6177 Oct 23  2020 COPYRIGHT*
dr-xr-xr-x  14 root  wheel   512 Jul 11 10:01 dev/
drwxr-xr-x  25 root  wheel   106 Jul 11 10:01 etc/
drwxr-xr-x   5 root  wheel    62 Mar 22 10:30 lib/
drwxr-xr-x   3 root  wheel     5 Oct 23  2020 libexec/
drwxr-xr-x   2 root  wheel     2 Oct 23  2020 media/
drwxr-xr-x   4 root  wheel     4 Jul 11 09:57 mnt/
drwxr-xr-x   2 root  wheel     2 Oct 23  2020 net/
drwxr-xr-x   2 root  wheel     2 Oct 23  2020 proc/
drwxr-xr-x   2 root  wheel   150 Mar 22 10:30 rescue/
drwxr-xr-x   5 root  wheel    11 Jul 11 10:01 root/
drwxr-xr-x   2 root  wheel   137 Oct 31  2021 sbin/
lrwxr-xr-x   1 root  wheel    11 Jan  6  2021 sys@ -> usr/src/sys
drwxr-xr-x   6 root  wheel     9 Jul 12 03:21 tmp/
drwxr-xr-x  14 root  wheel    14 Oct 23  2020 usr/
drwxr-xr-x  25 root  wheel    25 Jul 11 10:01 var/
 

asaayo

Dabbler
Joined
Jan 7, 2021
Messages
13
Sorry, I probably glossed over the fact that the error is occurring during setup. This is from nextcloud.log/the setup log

Code:
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
Command: mysql -e CREATE DATABASE nextcloud; failed!
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
Command: mysql -e GRANT ALL ON nextcloud.* TO nextcloud@localhost IDENTIFIED BY 'NVlQi7SJkrG342kTmQAZrQ=='; failed!
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
Command: mysql -e DELETE FROM mysql.user WHERE User=''; failed!
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
Command: mysql -e DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1'); failed!
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
Command: mysql -e DROP DATABASE IF EXISTS test; failed!
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
Command: mysql -e DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'; failed!
mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)'
Check that mysqld is running and that the socket: '/tmp/mysql.sock' exists!
Command: mysqladmin --user=root password bHHdprHIldoCV4ksMiK15Q== reload failed!


Once that fails and I iocage console nextcloud and look in /var/db/mysql/nextcloud.err that's the cause of the error.
 

asaayo

Dabbler
Joined
Jan 7, 2021
Messages
13
In the interest of troubleshooting, I ran chmod 1777 /var within the jail and restarted, then checked the log. Here's the output from cat /var/db/mysql/nextcloud.err as well as ll /var

Code:
2022-07-14  9:28:43 0 [Warning] You need to use --log-bin to make --binlog-format work.
2022-07-14  9:28:43 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2022-07-14  9:28:43 0 [Note] InnoDB: Uses event mutexes
2022-07-14  9:28:43 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2022-07-14  9:28:43 0 [Note] InnoDB: Number of pools: 1
2022-07-14  9:28:43 0 [Note] InnoDB: Using SSE2 crc32 instructions
2022-07-14  9:28:43 0 [ERROR] mysqld: Can't create/write to file '/tmp/ib7ffw5X' (Errcode: 13 "Permission denied")
2022-07-14  9:28:43 0 [ERROR] InnoDB: Unable to create temporary file; errno: 13
2022-07-14  9:28:43 0 [ERROR] mysqld: Can't create/write to file '/tmp/ibY2BySc' (Errcode: 13 "Permission denied")
2022-07-14  9:28:43 0 [ERROR] InnoDB: Unable to create temporary file; errno: 13
2022-07-14  9:28:43 0 [ERROR] InnoDB: Plugin initialization aborted with error Generic error
2022-07-14  9:28:43 0 [Note] InnoDB: Starting shutdown...
2022-07-14  9:28:43 0 [ERROR] Plugin 'InnoDB' init function returned error.
2022-07-14  9:28:43 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
2022-07-14  9:28:43 0 [Note] Plugin 'FEEDBACK' is disabled.
2022-07-14  9:28:43 0 [ERROR] Unknown/unsupported storage engine: InnoDB
2022-07-14  9:28:43 0 [ERROR] Aborting

root@nextcloud:~ # ll /
total 102
-rwxr-xr-x   2 root  wheel  1089 Oct 23  2020 .cshrc*
-rwxr-xr-x   2 root  wheel   470 Oct 23  2020 .profile*
drwxr-xr-x   2 root  wheel    46 Mar 22 10:30 bin/
drwxr-xr-x  10 root  wheel    63 Mar 22 10:30 boot/
-rwxr-xr-x   1 root  wheel  6177 Oct 23  2020 COPYRIGHT*
dr-xr-xr-x  14 root  wheel   512 Jul 14 09:28 dev/
drwxr-xr-x  25 root  wheel   106 Jul 14 09:28 etc/
drwxr-xr-x   5 root  wheel    62 Mar 22 10:30 lib/
drwxr-xr-x   3 root  wheel     5 Oct 23  2020 libexec/
drwxr-xr-x   2 root  wheel     2 Oct 23  2020 media/
drwxr-xr-x   4 root  wheel     4 Jul 12 18:44 mnt/
drwxr-xr-x   2 root  wheel     2 Oct 23  2020 net/
drwxr-xr-x   2 root  wheel     2 Oct 23  2020 proc/
drwxr-xr-x   2 root  wheel   150 Mar 22 10:30 rescue/
drwxr-xr-x   5 root  wheel    12 Jul 14 09:28 root/
drwxr-xr-x   2 root  wheel   137 Oct 31  2021 sbin/
lrwxr-xr-x   1 root  wheel    11 Jan  6  2021 sys@ -> usr/src/sys
drwxr-xr-x   6 root  wheel     9 Jul 14 09:28 tmp/
drwxr-xr-x  14 root  wheel    14 Oct 23  2020 usr/
drwxrwxrwt  25 root  wheel    25 Jul 14 09:28 var/
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
Your /tmp directory needs 1777, not your /var directory.
 

asaayo

Dabbler
Joined
Jan 7, 2021
Messages
13
You're right.... I can read I swear.

I updated that and it looks like mysql successfully started. The nextcloud installation doesn't appear to be working properly, though. So I'm re-running the install with an addition of the chmod 1777 /tmp to see if that makes a difference.
 

asaayo

Dabbler
Joined
Jan 7, 2021
Messages
13
That got me through the install successfully, but I'm still getting an SSL fail when trying to browse to the jail Error code: SSL_ERROR_INTERNAL_ERROR_ALERT . I figured the issue is probably in obtaining the cert, so I found caddys log and that does seem to be the case. Before I go any further - does this script out of the box support using caddy to also manage dynamic dns for the nextcloud instance? If not, I'm thinking that might be where my issue is and I need to get that hooked up before anything else.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,466
does this script out of the box support using caddy to also manage dynamic dns for the nextcloud instance?
No, that isn't part of Caddy's configuration as done by this script.
 

asaayo

Dabbler
Joined
Jan 7, 2021
Messages
13
That makes sense. Even without ddns set up, I would think caddy would at least be able to obtain a cert through cloudflare if I manually set my dns records. Is that correct?
 

asaayo

Dabbler
Joined
Jan 7, 2021
Messages
13
Here's the output of my caddy log as well as the cloudflare API token. I think everything should be properly configured so I'm scratching my head right now.

root@freenas[/usr/freenas-iocage-nextcloud]# iocage exec nextcloud cat /var/log/caddy/caddy.log {"level":"info","ts":1657914818.9381704,"msg":"using provided configuration","config_file":"/usr/local/www/Caddyfile","config_adapter":"caddyfile"} {"level":"info","ts":1657914818.9405901,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]} {"level":"info","ts":1657914818.9407241,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0003a3e30"} {"level":"info","ts":1657914818.940819,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443} {"level":"info","ts":1657914818.9408433,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"} {"level":"info","ts":1657914818.9414766,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["legitfqdn.com"]} {"level":"info","ts":1657914818.9415927,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/db/caddy/data/caddy"} {"level":"info","ts":1657914818.9416406,"msg":"autosaved config (load with --resume flag)","file":"/var/db/caddy/config/caddy/autosave.json"} {"level":"info","ts":1657914818.9416482,"logger":"tls","msg":"finished cleaning storage units"} {"level":"info","ts":1657914818.9416513,"msg":"serving initial configuration"} Successfully started Caddy (pid=87091) - Caddy is running in the background {"level":"info","ts":1657914818.9419012,"logger":"tls.obtain","msg":"acquiring lock","identifier":"legitfqdn.com"} {"level":"info","ts":1657914818.9540036,"logger":"tls.obtain","msg":"lock acquired","identifier":"legitfqdn.com"} {"level":"info","ts":1657914818.9547076,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["legitfqdn.com"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"my@email.com"} {"level":"info","ts":1657914818.9547293,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["legitfqdn.com"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"my@email.com"} root@freenas[/usr/freenas-iocage-nextcloud]# iocage exec nextcloud cat /var/log/caddy/caddy.log {"level":"info","ts":1657914818.9381704,"msg":"using provided configuration","config_file":"/usr/local/www/Caddyfile","config_adapter":"caddyfile"} {"level":"info","ts":1657914818.9405901,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]} {"level":"info","ts":1657914818.9407241,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0003a3e30"} {"level":"info","ts":1657914818.940819,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443} {"level":"info","ts":1657914818.9408433,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"} {"level":"info","ts":1657914818.9414766,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["legitfqdn.com"]} {"level":"info","ts":1657914818.9415927,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/db/caddy/data/caddy"} {"level":"info","ts":1657914818.9416406,"msg":"autosaved config (load with --resume flag)","file":"/var/db/caddy/config/caddy/autosave.json"} {"level":"info","ts":1657914818.9416482,"logger":"tls","msg":"finished cleaning storage units"} {"level":"info","ts":1657914818.9416513,"msg":"serving initial configuration"} Successfully started Caddy (pid=87091) - Caddy is running in the background {"level":"info","ts":1657914818.9419012,"logger":"tls.obtain","msg":"acquiring lock","identifier":"legitfqdn.com"} {"level":"info","ts":1657914818.9540036,"logger":"tls.obtain","msg":"lock acquired","identifier":"legitfqdn.com"} {"level":"info","ts":1657914818.9547076,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["legitfqdn.com"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"my@email.com"} {"level":"info","ts":1657914818.9547293,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["legitfqdn.com"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"my@email.com"} {"level":"info","ts":1657914824.523008,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"legitfqdn.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"} {"level":"error","ts":1657914824.6923845,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"legitfqdn.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for legitfqdn.com (probably OK if presenting failed)"} {"level":"error","ts":1657914824.778099,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"legitfqdn.com","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[legitfqdn.com] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.legitfqdn.com\": unexpected response code 'SERVFAIL' for _acme-challenge.legitfqdn.com. (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/60950124/3205145384) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"} {"level":"info","ts":1657914824.7784033,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["legitfqdn.com"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"my@email.com"} {"level":"info","ts":1657914824.7784214,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["legitfqdn.com"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"my@email.com"} {"level":"info","ts":1657914825.2626982,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"legitfqdn.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"} {"level":"error","ts":1657914825.4083707,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"legitfqdn.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for legitfqdn.com (probably OK if presenting failed)"} {"level":"error","ts":1657914825.4902375,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"legitfqdn.com","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[legitfqdn.com] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.legitfqdn.com\": unexpected response code 'SERVFAIL' for _acme-challenge.legitfqdn.com. (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/60950124/3205145504) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"} {"level":"error","ts":1657914825.490318,"logger":"tls.obtain","msg":"will retry","error":"[legitfqdn.com] Obtain: [legitfqdn.com] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.legitfqdn.com\": unexpected response code 'SERVFAIL' for _acme-challenge.legitfqdn.com. (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/60950124/3205145504) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":6.536283503,"max_duration":2592000}

1657921508571.png
 

asaayo

Dabbler
Joined
Jan 7, 2021
Messages
13
You'll have to forgive me, I'm learning some of this as I go but I believe the answer to your question is yes.

Non-authoritative answer: legitfqdn.com primary name server = apollo.ns.cloudflare.com responsible mail addr = dns.cloudflare.com serial = 2283389409 refresh = 10000 (2 hours 46 mins 40 secs) retry = 2400 (40 mins) expire = 604800 (7 days) default TTL = 3600 (1 hour)
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,466
OK, got your PM, and yes, Cloudflare is your authoritative DNS. Can you post your Caddyfile (mask the DNS token)? You'll find it in the jail at /usr/local/www/Caddyfile.
 

asaayo

Dabbler
Joined
Jan 7, 2021
Messages
13
Here it is.

Code:
root@nextcloud:/usr/local/www # cat Caddyfile
{
        # debug
        acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
        email me@email.com
        # default_sni legitfqdn.com
}

legitfqdn.com {
        root * /usr/local/www/nextcloud
        file_server
        log {
                output file /var/log/legitfqdn.com.log
        }

        php_fastcgi 127.0.0.1:9000 {
                env front_controller_active true
        }

        tls {
                dns cloudflare TOTALLY-MY-TOKEN
        }

        header {
                # enable HSTS
                # Strict-Transport-Security max-age=31536000;
        }

        # client support (e.g. os x calendar / contacts)
        redir /.well-known/carddav /remote.php/dav 301
        redir /.well-known/caldav /remote.php/dav 301
        redir /.well-known/webfinger /index.php/.well-known/webfinger 301
        redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301

        # .htaccess / data / config / ... shouldn't be accessible from outside
        @forbidden {
                path /.htaccess
                path /data/*
                path /config/*
                path /db_structure
                path /.xml
                path /README
                path /3rdparty/*
                path /lib/*
                path /templates/*
                path /occ
                path /console.php
        }

        respond @forbidden 404
}
 
Top