Resource icon

Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,458
I can't access nextcloud even with the internal ip address as it does not resolve from the DNS (I also tried to edit my host file on my PC but still nothing)
You can't use the IP address. But what do you mean by "it does not resolve from the DNS"?
 
Joined
Jan 27, 2020
Messages
577
Not at all in my plans. The plugin structure is very different, and much more limited--for example, AFAIK, you can't feed a FQDN to a plugin installation, so that it will configure the instance you're installing to use that FQDN. There's already a Nextcloud plugin, so if you want a plugin, use that.

  • I use Caddy as the webserver; the plugin (IIRC) uses nginx
  • Partially as a result of the above, the installation created by my script will automatically obtain and renew TLS certificates from Let's Encrypt and/or ZeroSSL. Last I checked, the plugin doesn't support TLS at all.
  • My script completely installs Nextcloud--once the script finishes, it's ready for you to log in. Last I checked, the plugin gives you a half-assed installation where you still need to enter database credentials, create an admin user, point Nextcloud to where its data is stored.
  • My script stores all the data--the database, the uploaded files, any themes, even the Nextcloud config file--outside of the jail. That means that you can destroy the jail without losing your data, and reinstall in a new jail and have it pick up your existing data. Last I checked, the plugin doesn't do any of this.
Doubtless there are others, but that's what comes to mind. You'll notice a lot of "last I checked"--I'm not too interested in the Nextcloud plugin, so I don't pay a lot of attention to it other than what I see reported in various threads here. Maybe some of this has changed.

Probably. Stop the existing jail, turn off "start on boot" for that jail in the GUI, change JAIL_NAME in the config file, and then run the new installation. If it doesn't work, you can revert to the old jail.
@victor1597
I'd like to add some points because this script is so much better than anything else (maybe even docker on linux?):
  • it's well maintained (unlike the plugin), through this community and because dan constantly tries to improve and update stuff, which is pretty rare for freebsd anyway
  • it's versatile - you can have lot's of different implementations matching your use-case with a simple config file, and in the end it's still a "one-click-solution"
  • support!!! - in this thread a bunch of people - including the creator - are giving support to everyone whos seeking it
I myself just used this very script to update a nc-installation once created with an older version of this script and it went flawlessly - including a new jail, new datasets and a new config.
 

T_T

Explorer
Joined
Jul 24, 2018
Messages
64
You can't use the IP address. But what do you mean by "it does not resolve from the DNS"?
I think I might get my terminology mixed up. What I meant was the default router configuration will just use att DNS and not 8.8.8.8.

I also got an email about Let’s Encrypt revoking certificates. What do I have to do on my end to get all of this fix.

Much appreciated!
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,458

T_T

Explorer
Joined
Jul 24, 2018
Messages
64
As I just posted earlier this morning, nothing; Caddy will handle it automatically.

I'm not sure what that has to do with local name resolution. What happens when you try to access your Nextcloud installation?
I’m not really sure either. But when I try to access my nextcloud by typing the address. It said ERR_NAME_NOT_RESOLVED (on my phone) and DNS_PROBE_FINISHED_NXDOMAIN (on my PC). I don't know if they both mean the same thing.

I’m not sure if I setup my domain name correctly. But this is what I have
 

Attachments

  • 03E72668-5C62-4777-8CFF-7AC0588DFBDA.jpeg
    03E72668-5C62-4777-8CFF-7AC0588DFBDA.jpeg
    45.3 KB · Views: 130
Last edited:

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,458
I'm also not able to resolve that domain name. I'm able to resolve www.safecloud, but not safecloud itself. So that makes it seem like you haven't set up your DNS correctly.
 

T_T

Explorer
Joined
Jul 24, 2018
Messages
64
I'm also not able to resolve that domain name. I'm able to resolve www.safecloud, but not safecloud itself. So that makes it seem like you haven't set up your DNS correctly.
I can't even resolve www.safecloud
It didn't even give me anything. Originally, I would just have to type in safecloud.us and it would work.
So what you're saying is that I only need to configure it some how on my domain name service provider which is namecheap?
I do have a dynamic IP address and I did set up a cron job for it to automatically update the IP when it changes. Should I need to update or change anything?
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,458

DevlshOne

Cadet
Joined
Jan 27, 2022
Messages
1
Starting php_fpm.
/usr/local/sbin/php-fpm: Undefined symbol "setproctitle_fast@FBSD_1.5"
[18-Nov-2019 09:16:54] ERROR: no data have been read from pipe
/usr/local/etc/rc.d/php-fpm: WARNING: failed to start php_fpm
[/CODE]
I have this same issue. TrueNAS-12.0-U6 PHP7.4 trying to install a WP instance. Is there a fix?
 

victort

Guru
Joined
Dec 31, 2021
Messages
952
@victor1597
I'd like to add some points because this script is so much better than anything else (maybe even docker on linux?):
  • it's well maintained (unlike the plugin), through this community and because dan constantly tries to improve and update stuff, which is pretty rare for freebsd anyway
  • it's versatile - you can have lot's of different implementations matching your use-case with a simple config file, and in the end it's still a "one-click-solution"
  • support!!! - in this thread a bunch of people - including the creator - are giving support to everyone whos seeking it
I myself just used this very script to update a nc-installation once created with an older version of this script and it went flawlessly - including a new jail, new datasets and a new config.
Awesome. I have it up and running for a few days now with 0 issues.

Question though. If I go to run a new script on top of an already installed instance, and go from one of the four certificate options to another one, will that break anything? I am on a self signed right now, and want to go to a stand-alone…

Also, in nextcloud the database version says mysql, shouldn’t it say mariadb?
 
Last edited:

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,458
If I go to run a new script on top of an already installed instance, and go from one of the four certificate options to another one, will that break anything?
It shouldn't.
Also, in nextcloud the database version says mysql, shouldn’t it say mariadb?
I don't think so; it's still using the MySQL database connector.
 

victort

Guru
Joined
Dec 31, 2021
Messages
952
I’m using a filter that blocks all by default, and uses AI Whitelisting to unblock domains. It’s called adam:networks.

This also has a feature that blocks all traffic that was not resolved using dns, which make it possible to block any and all VPNs. But this also interferes with this script as it appears to download caddy from an IP and not a domain.

Would anyone know what these IPs are? Is there a list perhaps of need domains and IPs?

Currently I have my NextCloud instance on a policy that allows any and all traffic, but that is extremely dangerous.
I have tried running the script a couple times and each time I get a new blocked IP that I have to add, it never uses the same one.
 
Joined
Jan 27, 2020
Messages
577
Currently I have my NextCloud instance on a policy that allows any and all traffic, but that is extremely dangerous.
Why's that? As long as you have proper SSL/TLS set up you should be fine.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,458
But this also interferes with this script as it appears to download caddy from an IP and not a domain.
The script builds Caddy from source, which should be downloaded from github.com. Everything my script does is by domain name, though I confess I don't know all the internals of the Go build process.
Currently I have my NextCloud instance on a policy that allows any and all traffic, but that is extremely dangerous.
It's "extremely dangerous" to allow the jail to connect to anywhere without filtering? How do you figure?
 

victort

Guru
Joined
Dec 31, 2021
Messages
952
The script builds Caddy from source, which should be downloaded from github.com. Everything my script does is by domain name, though I confess I don't know all the internals of the Go build process.

It's "extremely dangerous" to allow the jail to connect to anywhere without filtering? How do you figure?
What I meant was the policy of my filter, not necessarily the jail itself.
 

victort

Guru
Joined
Dec 31, 2021
Messages
952
Why's that? As long as you have proper SSL/TLS set up you should be fine.
I don’t have it set up, that is why I was wanting to switch to a standalone certificate.
 

InGenetic

Contributor
Joined
Dec 18, 2013
Messages
183
Hi all ,

please help, suddenly my nextcloud page have an error , it'said untrustworthy some kind of certificate, if user try to access to my nextcloud URL the page shown like below :

nextcloud.PNG

I'm using SSL letsencrypt, please advice how to solve this ?

Thanks n regards,
 
Joined
Jan 27, 2020
Messages
577
Hi all ,

please help, suddenly my nextcloud page have an error , it'said untrustworthy some kind of certificate, if user try to access to my nextcloud URL the page shown like below :

View attachment 52734
I'm using SSL letsencrypt, please advice how to solve this ?

Thanks n regards,
Yesterday some certificates got revoked by lets encrypt. Have you checked your certificates against non-complaince with ALPN TLS versions by letsencrypt? (https://tls-alpn-check.letsencrypt.org/)
You can do that with: curl -X POST -d 'fqdn=YOURFQDN' https://tls-alpn-check.letsencrypt.org/checkhost
 

T_T

Explorer
Joined
Jul 24, 2018
Messages
64
Top