-
Important Announcement for The TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
Resource icon
- Thread starter danb35
- Start date
I am attempting to have it point to the correct domain name. I was not getting any results when I had it set up using the API token, the body within the heading in the Caddyfile was that I had copied when I made the API token with the following permissions...
This API token will affect the below accounts and zones, along with their respective permissions
All zones - Zone:Read, DNS:Edit
That was throwing the 400 responses. So something was incorrect somewhere, but I obtained thispermissions information from your GitHub ReadMe so what could I possibly be doing incorrectly?
Code:
tls
Code:
dns <long API token>
This API token will affect the below accounts and zones, along with their respective permissions
All zones - Zone:Read, DNS:Edit
That was throwing the 400 responses. So something was incorrect somewhere, but I obtained thispermissions information from your GitHub ReadMe so what could I possibly be doing incorrectly?
I updated my Caddyfile in accordance with your dns template after rolling my API token and testing it via the curl script and it seems to have worked. My apologies for being a pain. I have been trying to get nextcloud set up in order to share photos of our firstborn with family and the photos are adding up. Hopefully this latest config change sticks. I was wondering Dan, if you have looked into the use of the Zero Access Tunnels feature in Cloudflare in order to prevent the need to open 80 and 443?
- Joined
- Dec 31, 2021
- Messages
- 973
This is more or less out of curiosity.
I just destroyed a jail that was created about a year ago and tried to do a reinstall.
It installed, but then gave a 500 error when trying to access. I’ve done this before without errors but it was within a few days of each other.
I wonder if this is because of the new php81 packages, or something that changed in the script or Nextcloud.
Nextcloud version was 26 on both the install and reinstall.
I just destroyed a jail that was created about a year ago and tried to do a reinstall.
It installed, but then gave a 500 error when trying to access. I’ve done this before without errors but it was within a few days of each other.
I wonder if this is because of the new php81 packages, or something that changed in the script or Nextcloud.
Nextcloud version was 26 on both the install and reinstall.
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
I haven't. I think it'd be a helpful feature, but I don't want my script to be Cloudflare-specific if I can help it.
- Joined
- Dec 31, 2021
- Messages
- 973
This is actually really simple.
You can basically follow this guide, and use the cloudflared rc.d file linked in the last post, insted of running the commands.
Once you have placed your token in the YOURTOKENHERE field, you can just
service cloudflared start and it starts working.Here is a copy of that rc.d file. I'm using this right now.
Code:
#!/bin/sh
# PROVIDE: cloudflared
# REQUIRE: cleanvar SERVERS
#
# Options to configure cloudflared via /etc/rc.conf:
#
# cloudflared_enable (bool) Enable service on boot
# Default: NO
#
# cloudflared_conf (str) Config file to use
# Default: /usr/local/etc/cloudflared/config.yml
#
# cloudflared_mode (str) Mode to run cloudflared as (e.g. 'tunnel', 'tunnel run'
# or 'proxy-dns'). Should you use the default, a free
# tunnel is set up for you.
# Default: "tunnel"
. /etc/rc.subr
name="cloudflared"
rcvar="cloudflared_enable"
logfile="/var/log/cloudflared.log"
pidfile="/var/run/cloudflared.pid"
procname="/usr/local/bin/cloudflared"
load_rc_config $name
: ${cloudflared_enable:="NO"}
: ${cloudflared_conf:="/usr/local/etc/cloudflared/config.yml"}
: ${cloudflared_mode:="tunnel run"}
: ${cloudflared_token:="eyJhIjoiZjU2YzQ5MTk4ZGQ1NGY4ZjNlY2JjOGI3NjQxY2Y3ZGEiLCJ0IjoiMmQ4ZGVlMTUtODc3MS00OTJiLWFiZmItMGE1YTE5YTg4ODBhIiwicyI6Ik5qUXdOR1UyT1RNdE5XVTJNaTAwTVROakxXSTBNamd0TmpFNU56Y3daVGhtTTJNeCJ9"}
command="/usr/sbin/daemon"
command_args="-o ${logfile} -p ${pidfile} -f ${procname} ${cloudflared_mode} --token ${cloudflared_token}"
run_rc_command "$1"
- Joined
- Dec 31, 2021
- Messages
- 973
I think i found the issue as per this post.
Aephir
Dabbler
- Joined
- Apr 25, 2021
- Messages
- 47
I recently started getting loads of errors in the logs. Or, at least I recently noticed. I've added the latest few (non-duplicate) entries below.
The `/var/log/nextcloud.log` has permissions 640, and there's no `/var/log/nextcloud.log.1` file. For the others, I don't evne know where to start.
Errors:
The `/var/log/nextcloud.log` has permissions 640, and there's no `/var/log/nextcloud.log.1` file. For the others, I don't evne know where to start.
Errors:
- Joined
- Nov 25, 2013
- Messages
- 7,776
Aephir
Dabbler
- Joined
- Apr 25, 2021
- Messages
- 47
Couldn't say, I just ran the script and let things be (well, with a few additions in the config.php).
Any idea about the others? I started getting notifications that Nextcloud has "not been able to check for updates" for 12 days (which is why I looked at the logs in the first place).
- Joined
- Nov 25, 2013
- Messages
- 7,776
Looks like your jail does not have full Internet connectivity. Can you ping google.com from a shell in the jail? Can you pong 8.8.8.8? What is the default gateway set to? Can you ping that? What's in /etc/resolv.conf? All inside the jail, of course.
Aephir
Dabbler
- Joined
- Apr 25, 2021
- Messages
- 47
There might be something about that.
my /etc/resolv.conf is:
Code:
# Generated by resolvconf search local nameserver 10.0.30.43 nameserver 1.1.1.1
Which fits (10.0.30.43 is my PiHole/DNSMasq and I use Cloudfare as backup).
Ping [anything, IP or fqdn] from within the jail returns
Code:
root@nextcloud:~ # ping 8.8.8.8 ping: ssend socket: Operation not permitted
From the shell of the TrueNAS:
Code:
root@truenas[~]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes ping: sendto: No route to host
Gateway is 10.0.30.1, and I can ping that just fine (from TrueNAS shell, still not permitted from Nextcloud jail shell).
- Joined
- Nov 25, 2013
- Messages
- 7,776
iocage get ip4_addr <name of nextcloud jail>; iocage get defaultrouter <name of nextcloud jail>
Aephir
Dabbler
- Joined
- Apr 25, 2021
- Messages
- 47
IP of jail is 10.0.30.67 (lagg1|10.0.30.67/24), and of router is 10.0.30.1.
- Joined
- Nov 25, 2013
- Messages
- 7,776
Sorry, not a routing problem at all, possibly. To use ping you need to permit raw sockets in the jail settings.
Aephir
Dabbler
- Joined
- Apr 25, 2021
- Messages
- 47
It was a reinstall around May/June 2022.
As I remember, the edits to config were mostly adding trusted domains/proxy, and at least one of the `overwrite`-something (one of them, can't remember which one, was giving problems). But here's the full config (keep in mind though, that it has been running almost a year with this config and no errors in the logs):
Code:
<?php
$CONFIG = array (
'passwordsalt' => 'REDACTED',
'secret' => 'REDACTED',
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'next.MY.DOMAIN',
2 => '10.0.10.*',
3 => '10.0.30.67',
4 => '10.0.30.21',
),
'trusted_proxies' =>
array (
0 => '10.0.30.21',
1 => '127.0.0.1',
),
'forwarded_for_headers' =>
array (
0 => 'HTTP_X_FORWARDED_FOR',
),
'datadirectory' => '/mnt/files',
'dbtype' => 'mysql',
'version' => '24.0.12.1',
'overwrite.cli.url' => 'https://next.MY.DOMAIN',
'overwriteprotocol' => 'https',
'dbname' => 'nextcloud',
'dbhost' => 'localhost:/tmp/mysql.sock',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => 'REDACTED'
'installed' => true,
'instanceid' => 'REDACTED',
'logtimezone' => 'Europe/Copenhagen',
'default_phone_region' => 'DK',
'log_type' => 'file',
'logfile' => '/var/log/nextcloud.log',
'loglevel' => 3,
'logrotate_size' => '104847600',
'memcache.local' => '\\OC\\Memcache\\APCu',
'mail_smtpmode' => 'smtp',
'mail_sendmailmode' => 'smtp',
'mail_smtphost' => '10.0.30.21',
'maintenance' => false,
'theme' => '',
'twofactor_enforced' => 'true',
'twofactor_enforced_groups' =>
array (
),
'twofactor_enforced_excluded_groups' =>
array (
0 => 'no-TOTP',
),
'mail_smtpport' => '25',
'app_install_overwrite' =>
array (
0 => 'files_texteditor',
),
'mail_from_address' => 'mail',
'mail_domain' => 'MY.DOMAIN',
);@Patrick M. Hausen I'm still a bit warm on your networking explanation; I can't say for sure that it coincided, but I did replace a dead EdgeRouter X for an UniFi USG (3p) not that long ago. Also, I tried stopping the jail to enable `raw_sockets`, and it seems like I can't change this setting (after jail creation?). BUT, when I clicked Edit for the stopped jail, I got this error shown:
Code:
Error: Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 156, in _new_conn
conn = connection.create_connection(
File "/usr/local/lib/python3.9/site-packages/urllib3/util/connection.py", line 84, in create_connection
raise err
File "/usr/local/lib/python3.9/site-packages/urllib3/util/connection.py", line 74, in create_connection
sock.connect(sa)
OSError: [Errno 65] No route to host
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 665, in urlopen
httplib_response = self._make_request(
File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 376, in _make_request
self._validate_conn(conn)
File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 994, in _validate_conn
conn.connect()
File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 334, in connect
conn = self._new_conn()
File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 168, in _new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x82c54c6d0>: Failed to establish a new connection: [Errno 65] No route to host
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line 719, in urlopen
retries = retries.increment(
File "/usr/local/lib/python3.9/site-packages/urllib3/util/retry.py", line 436, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='www.freebsd.org', port=443): Max retries exceeded with url: /security/unsupported.html (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x82c54c6d0>: Failed to establish a new connection: [Errno 65] No route to host'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 138, in call_method
result = await self.middleware._call(message['method'], serviceobj, methodobj, params, app=self,
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1224, in _call
return await self.run_in_executor(prepared_call.executor, methodobj, *prepared_call.args)
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1128, in run_in_executor
return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))
File "/usr/local/lib/python3.9/concurrent/futures/thread.py", line 52, in run
result = self.fn(*self.args, **self.kwargs)
File "/usr/local/lib/python3.9/site-packages/middlewared/schema.py", line 979, in nf
return f(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/jail_freebsd.py", line 827, in releases_choices
choices = {str(k): str(k) for k in ListableReleases(remote=remote)}
File "/usr/local/lib/python3.9/site-packages/iocage_lib/release.py", line 47, in __init__
self.eol_list = IOCFetch.__fetch_eol_check__()
File "/usr/local/lib/python3.9/site-packages/iocage_lib/ioc_fetch.py", line 114, in __fetch_eol_check__
req = requests.get(_eol)
File "/usr/local/lib/python3.9/site-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='www.freebsd.org', port=443): Max retries exceeded with url: /security/unsupported.html (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x82c54c6d0>: Failed to establish a new connection: [Errno 65] No route to host'))
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
That's where my script sets it, because that's where log files generally go--but I hadn't considered permissions in there to rename/create files. Most likely this problem has been there for a long time, and nobody's noticed it. I'm thinking the fix is going to be to create /var/log/nextcloud/, set its permissions appropriately, and put the log file there--I'll see if I can get that into the script in the next few days.
Great script, the explanation was clear as well and everything seemed to be going pretty smooth. The only thing is that now the Jail doesn't seem to be responding to a request towards the FQDN. What I did:
- I went through this thread (sort off, it's 133 pages)
- I already found out at first that DHCP was not supported, I fixed that by adding a DHCP reservation
- I made sure DNS is set correctly
- I can ping/resolve DNSthe Jail and I can ping/resolve DNS from the Jail
- I searched in /var/log, nextcloud.log seems to be empty
- I restarted the Jail multiple times, also went through the installation log, I don't see any errors.
Can anybody point me in the right direction how I can troubleshoot this? Sadly I don't know Nextcloud good enough yet to understand how it works under the hood. Thanks!
- I went through this thread (sort off, it's 133 pages)
- I already found out at first that DHCP was not supported, I fixed that by adding a DHCP reservation
- I made sure DNS is set correctly
- I can ping/resolve DNSthe Jail and I can ping/resolve DNS from the Jail
- I searched in /var/log, nextcloud.log seems to be empty
- I restarted the Jail multiple times, also went through the installation log, I don't see any errors.
Can anybody point me in the right direction how I can troubleshoot this? Sadly I don't know Nextcloud good enough yet to understand how it works under the hood. Thanks!
- Joined
- Dec 31, 2021
- Messages
- 973
The log file that will help the most would be at /var/log/caddy/caddy.log
