Resource icon

Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

xiSlickix

Dabbler
Joined
Feb 5, 2014
Messages
47
Can anyone confirm LDAP working within Nextcloud? I am just getting a spin wheel. My previous deployment (Install 15/16 branch, upgraded to 19) worked fine, but 23 w/ Caddy v2 I can't get past the first configuration screen.

Just trying to sanity check.
 

InGenetic

Contributor
Joined
Dec 18, 2013
Messages
183
pm.max_children = 10 means, FPM will start at most 10 processes to handle requests. I would increase that to at least 100. As for your question about Caddy - I run Nextcloud with Ngninx, have never run Caddy, don't know anything about that product.

Hi Mr.Patrick,

really thanks for your help , now my nextcloud server never been 502 bad gateway anymore,already running normally almost 10 days , before i have to restart every 2-5 days .

i have one question ,: when i check the php-fpm.log , still has any notification like below :

[18-Dec-2021 02:03:07] WARNING: [pool www] seems busy (you may need to increase pm.start_servers, or pm.min/max_spare_servers), spawning 8 children, there are 0 idle, and 15 total children
[18-Dec-2021 19:54:46] WARNING: [pool www] seems busy (you may need to increase pm.start_servers, or pm.min/max_spare_servers), spawning 8 children, there are 0 idle, and 6 total children
[18-Dec-2021 19:54:47] WARNING: [pool www] seems busy (you may need to increase pm.start_servers, or pm.min/max_spare_servers), spawning 16 children, there are 0 idle, and 7 total children
[18-Dec-2021 19:54:48] WARNING: [pool www] seems busy (you may need to increase pm.start_servers, or pm.min/max_spare_servers), spawning 32 children, there are 0 idle, and 8 total children
[18-Dec-2021 19:54:49] WARNING: [pool www] seems busy (you may need to increase pm.start_servers, or pm.min/max_spare_servers), spawning 32 children, there are 0 idle, and 9 total children
[18-Dec-2021 19:54:50] WARNING: [pool www] seems busy (you may need to increase pm.start_servers, or pm.min/max_spare_servers), spawning 32 children, there are 0 idle, and 10 total children

and my www.conf for pm.start server is like this

; Note: This value is mandatory.
pm = dynamic

; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 100

; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 2

; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 1

; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 3

; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;

on what number of servers , that i have to change related the warning on php-fpm.log ?
i'm using xeon 4 core processor on my freenas .

please more advice,

Regards,
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
These messages just tell you that it's working as intended. "Ooops, I am busy - better start some more processes ...". Unless your users complain that the application is not "snappy" enough, there is no need to change anything. You can increase pm.start_servers to e.g. 50, of course if you expect a constant load of 50 during work hours.
 

InGenetic

Contributor
Joined
Dec 18, 2013
Messages
183
These messages just tell you that it's working as intended. "Ooops, I am busy - better start some more processes ...". Unless your users complain that the application is not "snappy" enough, there is no need to change anything. You can increase pm.start_servers to e.g. 50, of course if you expect a constant load of 50 during work hours.

oh i see,

Thanks a lot for your advice.

Regards,
 
Joined
Jan 27, 2020
Messages
577
Anyone already updated safely to php 8.0? Docs for nc 23 recommend using that over 7.4.
 

xiSlickix

Dabbler
Joined
Feb 5, 2014
Messages
47
Can anyone confirm LDAP working within Nextcloud? I am just getting a spin wheel. My previous deployment (Install 15/16 branch, upgraded to 19) worked fine, but 23 w/ Caddy v2 I can't get past the first configuration screen.

Just trying to sanity check.

If anyone else hits a wall with LDAP, this was the solution for me to get it to work.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
Anyone already updated safely to php 8.0? Docs for nc 23 recommend using that over 7.4.
I haven't tried it yet, but probably should. Replacing every mention of php74 with php80 in the script would be where I'd start.
 
Joined
Jan 27, 2020
Messages
577

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
Replacing every mention of php74 with php80 in the script would be where I'd start.
Someone else beat me to it and submitted a PR for PHP 8.0; that's merged now.
 

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
I want to upgrade to php8.0 from 7.4 with an existing Nextcloud installed with the script. Is the best way to destroy the jail and reinstall with the updated script?
I've tried it in a test jail and get these errors after trying to reinstall with existing data.
Code:
Reinstall detected, skipping generation of new config and database
RedisException: Permission denied in /usr/local/www/nextcloud/lib/private/RedisFactory.php:124
Stack trace:
#0 /usr/local/www/nextcloud/lib/private/RedisFactory.php(124): Redis->connect('/var/run/redis/...', 0, 0, NULL, 0, 0)
#1 /usr/local/www/nextcloud/lib/private/RedisFactory.php(164): OC\RedisFactory->create()
#2 /usr/local/www/nextcloud/lib/private/Memcache/Redis.php(43): OC\RedisFactory->getInstance()
#3 /usr/local/www/nextcloud/lib/private/Memcache/Factory.php(115): OC\Memcache\Redis->__construct('97f3861fc6f2679...')
#4 /usr/local/www/nextcloud/lib/private/Server.php(1070): OC\Memcache\Factory->createLocking('lock')
#5 /usr/local/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(160): OC\Server->OC\{closure}(Object(OC\Server))
#6 /usr/local/www/nextcloud/3rdparty/pimple/pimple/src/Pimple/Container.php(118): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}(Object(Pimple\Container))
#7 /usr/local/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(127): Pimple\Container->offsetGet('OCP\\Lock\\ILocki...')
#8 /usr/local/www/nextcloud/lib/private/ServerContainer.php(136): OC\AppFramework\Utility\SimpleContainer->query('OCP\\Lock\\ILocki...', false)
#9 /usr/local/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(56): OC\ServerContainer->query('OCP\\Lock\\ILocki...')
#10 /usr/local/www/nextcloud/lib/private/Server.php(2030): OC\AppFramework\Utility\SimpleContainer->get('OCP\\Lock\\ILocki...')
#11 /usr/local/www/nextcloud/lib/private/Files/View.php(118): OC\Server->getLockingProvider()
#12 /usr/local/www/nextcloud/lib/private/Server.php(439): OC\Files\View->__construct()
#13 /usr/local/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(160): OC\Server->OC\{closure}(Object(OC\Server))
#14 /usr/local/www/nextcloud/3rdparty/pimple/pimple/src/Pimple/Container.php(118): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}(Object(Pimple\Container))
#15 /usr/local/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(127): Pimple\Container->offsetGet('OC\\Files\\Node\\H...')
#16 /usr/local/www/nextcloud/lib/private/ServerContainer.php(136): OC\AppFramework\Utility\SimpleContainer->query('OC\\Files\\Node\\H...', false)
#17 /usr/local/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(56): OC\ServerContainer->query('OC\\Files\\Node\\H...')
#18 /usr/local/www/nextcloud/lib/private/Server.php(1393): OC\AppFramework\Utility\SimpleContainer->get('OC\\Files\\Node\\H...')
#19 /usr/local/www/nextcloud/lib/base.php(594): OC\Server->boot()
#20 /usr/local/www/nextcloud/lib/base.php(1087): OC::init()
#21 /usr/local/www/nextcloud/cron.php(43): require_once('/usr/local/www/...')
#22 {main}
Command: su -m www -c php -f /usr/local/www/nextcloud/cron.php failed!
 

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
Don't know if the reinstall feature is working but removed the old php74 pkgs and installed php8.0 and all works. Last 2 pkgs from each command are specific to mariadb option.

Code:
pkg remove -qy php74-dom php74-gd php74-iconv php74-json php74-mbstring php74-posix php74-simplexml php74-xmlreader php74-xmlwriter php74-zip php74-zlib php74-xml php74 php74-pecl-redis php74-session php74-xsl php74-filter php74-pecl-APCu php74-curl php74-fileinfo php74-bz2 php74-intl php74-openssl php74-ldap php74-ftp php74-imap php74-exif php74-gmp php74-pecl-memcache php74-pecl-imagick php74-pecl-smbclient php74-opcache php74-pcntl php74-bcmath php74-pecl-APCu php74-pdo_mysql php74-mysqli

pkg install -qy php80 php80-ctype php80-curl php80-dom php80-filter php80-gd php80-xml php80-mbstring php80-openssl php80-posix php80-session php80-simplexml php80-xmlreader php80-xmlwriter php80-zip php80-zlib php80-fileinfo php80-bz2 php80-intl php80-ldap php80-pecl-smbclient php80-ftp php80-imap php80-bcmath php80-gmp php80-exif php80-pecl-APCu php80-pecl-memcache php80-pecl-redis php80-pecl-imagick php80-pcntl php80-phar php80-iconv php80-xsl php80-opcache php80-pdo_mysql php80-mysqli
 

wavesswe

Dabbler
Joined
Dec 2, 2020
Messages
21
Hi!

Im a long time user of this script and it have been working well!

But since a couple of moths ago NC just goes offline and restarting the jail makes it work again. But now it have become more frekvent, like every two days. I have gone thru Caddy, PHP-FPM, Nextcloud logfiles and cant find anything until today when it went down again.

After just restarting the Caddy service from the jail it went back online. (Tried PHP-FPM first with no difference)

In the Caddy logfile in the same time frame i have this:

"set tcp "internalip:443->somexternalip:19461: setsockopt: connection reset by peer"

When the issue occurs NC becomes unreachable from all my devices

Does any one have any idea on what can cause this and what i can try to do? My install was done via the script back in 2020 so i guess its Caddy v1. Is there an easy way to upgrade to V2 if this is maybe a bug?

I feel really lost here, and all help is appreciated

BR
 

victort

Guru
Joined
Dec 31, 2021
Messages
952
Is there a way you can add this script to the community plug-ins to do the same thing? It would simplify things a bit more as I have very little experience using cli or shell.

Also, what are the key differences between the official plugin and this script?
 

victort

Guru
Joined
Dec 31, 2021
Messages
952
I have installed the script with no certificate, and it went well. But i would like to now rebuild my jail with a self signed certficate.
Should i just run the script again?
Will it break anything?
Will it create a new admin user and password?

Thanks
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
Is there a way you can add this script to the community plug-ins to do the same thing?
Not at all in my plans. The plugin structure is very different, and much more limited--for example, AFAIK, you can't feed a FQDN to a plugin installation, so that it will configure the instance you're installing to use that FQDN. There's already a Nextcloud plugin, so if you want a plugin, use that.
Also, what are the key differences between the official plugin and this script?
  • I use Caddy as the webserver; the plugin (IIRC) uses nginx
  • Partially as a result of the above, the installation created by my script will automatically obtain and renew TLS certificates from Let's Encrypt and/or ZeroSSL. Last I checked, the plugin doesn't support TLS at all.
  • My script completely installs Nextcloud--once the script finishes, it's ready for you to log in. Last I checked, the plugin gives you a half-assed installation where you still need to enter database credentials, create an admin user, point Nextcloud to where its data is stored.
  • My script stores all the data--the database, the uploaded files, any themes, even the Nextcloud config file--outside of the jail. That means that you can destroy the jail without losing your data, and reinstall in a new jail and have it pick up your existing data. Last I checked, the plugin doesn't do any of this.
Doubtless there are others, but that's what comes to mind. You'll notice a lot of "last I checked"--I'm not too interested in the Nextcloud plugin, so I don't pay a lot of attention to it other than what I see reported in various threads here. Maybe some of this has changed.
Should i just run the script again?
Probably. Stop the existing jail, turn off "start on boot" for that jail in the GUI, change JAIL_NAME in the config file, and then run the new installation. If it doesn't work, you can revert to the old jail.
 

victort

Guru
Joined
Dec 31, 2021
Messages
952
Not at all in my plans. The plugin structure is very different, and much more limited--for example, AFAIK, you can't feed a FQDN to a plugin installation, so that it will configure the instance you're installing to use that FQDN. There's already a Nextcloud plugin, so if you want a plugin, use that.

  • I use Caddy as the webserver; the plugin (IIRC) uses nginx
  • Partially as a result of the above, the installation created by my script will automatically obtain and renew TLS certificates from Let's Encrypt and/or ZeroSSL. Last I checked, the plugin doesn't support TLS at all.
  • My script completely installs Nextcloud--once the script finishes, it's ready for you to log in. Last I checked, the plugin gives you a half-assed installation where you still need to enter database credentials, create an admin user, point Nextcloud to where its data is stored.
  • My script stores all the data--the database, the uploaded files, any themes, even the Nextcloud config file--outside of the jail. That means that you can destroy the jail without losing your data, and reinstall in a new jail and have it pick up your existing data. Last I checked, the plugin doesn't do any of this.
Doubtless there are others, but that's what comes to mind. You'll notice a lot of "last I checked"--I'm not too interested in the Nextcloud plugin, so I don't pay a lot of attention to it other than what I see reported in various threads here. Maybe some of this has changed.

Probably. Stop the existing jail, turn off "start on boot" for that jail in the GUI, change JAIL_NAME in the config file, and then run the new installation. If it doesn't work, you can revert to the old jail.
This is why I prefer this script. It’s just that right now I can’t get the standalone or self signed certificates to work properly. When I press proceed to “domain” it doesn’t go there. It hangs on “this site cannot provide a secure connection”

With the plug-in this wasn’t an issue.

Any ideas?
 

victort

Guru
Joined
Dec 31, 2021
Messages
952
Wh
This is why I prefer this script. It’s just that right now I can’t get the standalone or self signed certificates to work properly. When I press proceed to “domain” it doesn’t go there. It hangs on “this site cannot provide a secure connection”

With the plug-in this wasn’t an issue.

Any ideas?
When using the self signed I get a prompt saying Internal Server Error

edit
After a fresh install the error is not longer present.
 
Last edited:

ThatGuyAZ

Dabbler
Joined
Apr 28, 2021
Messages
32
Team I don't know if anyone else got this but I received an email stating the following:
Code:
Hello,

Please immediately renew your TLS certificate(s) that were issued from
Let's Encrypt using the TLS-ALPN-01 validation method and the following
ACME registration (account) ID(s):

 XXXXXXX

We've determined that an error made it possible for TLS-ALPN-01
challenges, completed before today, to not comply with certificate
issuance requirements. We have remediated this problem and will revoke
all unexpired certificates that used this validation method at 16:00 UTC
on 28 January 2022. Please renew your certificates now to ensure an
uninterrupted experience for your site visitors.


Can anyone advise how I could get this to "renew?" Thank you in advance.
 

T_T

Explorer
Joined
Jul 24, 2018
Messages
64
Hi all,
So I have recently switched ISP from Cox to Att and of course I was expecting things to break down. So my question is what do I need to do to get my nextcloud jail working again. I have put some notes as to how my nextcloud was working prior to switching ISP
  • I opened port 443 and 80 (checked again today and my ISP did not block these ports)
  • I purchased my domain name on namcheap and reconfigure the A record + dynamic DNS to a new IP address
  • I did login the console by doing iocage console nextcloud and ping 8.8.8.8
    • Everything is still working with no package lost but I can't access nextcloud even with the internal ip address as it does not resolve from the DNS (I also tried to edit my host file on my PC but still nothing)
Please help!!!
 
Last edited:

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,456
Can anyone advise how I could get this to "renew?" Thank you in advance.
See:

Looks like it should be automatic as long as you have at least Caddy v2.4.2.
 
Top