-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
Resource icon
- Thread starter danb35
- Start date
Code:
FreeBSD 11.1-STABLE (FreeNAS.amd64) #0 r321665+de6be8c8d30(freenas/11.1-stable): Tue Feb 20 02:38:09 UTC 2018 Welcome to FreeBSD! Release Notes, Errata: https://www.FreeBSD.org/releases/ Security Advisories: https://www.FreeBSD.org/security/ FreeBSD Handbook: https://www.FreeBSD.org/handbook/ FreeBSD FAQ: https://www.FreeBSD.org/faq/ Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/ FreeBSD Forums: https://forums.FreeBSD.org/ Documents installed with the system are in the /usr/local/share/doc/freebsd/ directory, or can be installed later with: pkg install en-freebsd-doc For other languages, replace "en" with a language code like de or fr. Show the version of FreeBSD installed: freebsd-version ; uname -a Please include that output and any error messages when posting questions. Introduction to manual pages: man man FreeBSD directory layout: man hier Edit /etc/motd to change this login announcement.
Code:
google.com has address 74.125.126.138 google.com has address 74.125.126.139 google.com has address 74.125.126.100 google.com has address 74.125.126.113 google.com has address 64.233.184.100 google.com has address 108.177.12.138 google.com has address 108.177.12.101 google.com has address 64.233.184.101 google.com has address 64.233.184.113 google.com has address 64.233.184.138 google.com has address 108.177.12.100 google.com has address 108.177.12.102 google.com has address 64.233.184.139 google.com has address 108.177.12.139 google.com has address 74.125.126.101 google.com has address 108.177.12.113 google.com has address 74.125.126.102 google.com has address 64.233.184.102 google.com has IPv6 address 2a00:1450:400c:c0b::8a google.com mail is handled by 10 aspmx.l.google.com. google.com mail is handled by 40 alt3.aspmx.l.google.com. google.com mail is handled by 20 alt1.aspmx.l.google.com. google.com mail is handled by 50 alt4.aspmx.l.google.com. google.com mail is handled by 30 alt2.aspmx.l.google.com.
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
OK, networking from inside the jail seems to be working properly. Let's make sure Apache is running--still inside the jail, run
service apache24 status. If that shows it's running, what happens when you try to browse to it from inside your network? If you go to https://192.168.0.11, what do you see?
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Assuming you're using the legacy GUI, that's normal. What about
service apache24 status from inside the jail?Ah okay ...
apache24 is not running
EDIT:
apache24 is not running
EDIT:
service apache24 start
Performing sanity check on apache24 configuration:
AH00526: Syntax error on line 25 of /usr/local/etc/apache24/Includes/*IP*.conf:
SSLCertificateFile: file '/usr/local/etc/pki/tls/certs/fullchain.pem' does not exist or is empty
Starting apache24.
AH00526: Syntax error on line 25 of /usr/local/etc/apache24/Includes/*IP*.conf:
SSLCertificateFile: file '/usr/local/etc/pki/tls/certs/fullchain.pem' does not exist or is empty
/usr/local/etc/rc.d/apache24: WARNING: failed to start apache24
Last edited:
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
This is a problem. Do you not have a domain name? If not, you won't be able to get a cert, and therefore this script won't work for you.
I have a domain, had the script already executed once on another test system. After that I used the IP instead of the domain, because I did not receive a new certificate for the domain I already used, as I understood it.
Is it possible to change this afterwards or do I have to perform the installation again?
EDIT:
I also completed the move of DNS to Cloudflare today. What I would be interested in is whether I can explicitly update just one entry.
For example cloud.domain.com = Home IP and leave the rest on default *, www. and so on.
Is it possible to change this afterwards or do I have to perform the installation again?
EDIT:
I also completed the move of DNS to Cloudflare today. What I would be interested in is whether I can explicitly update just one entry.
For example cloud.domain.com = Home IP and leave the rest on default *, www. and so on.
Last edited:
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Well, you could have issued another certificate--Let's Encrypt will let you issue up to 5 identical certs within a week. That would have been the simplest way to avoid the issue. However, since the jail's set up, there's no real reason to destroy the jail and start over. You'll just need to issue a new cert for this jail. Since you're now using cloudflare for your DNS, I'd suggest using DNS validation to get the cert. Log in to your cloudflare account, go to your control panel, and get your global API key. Then, do:
Code:
iocage console nextcloud export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" export CF_Email="xxxx@sss.com" acme.sh --issue --dns dns_cf -d your_fqdn --fullchain-file /usr/local/etc/pki/tls/certs/fullchain.pem --key-file /usr/local/etc/pki/tls/private/privkey.pem --reloadcmd "service apache24 reload"
This should issue the cert and get apache running.
Hi,
Installed twice, but same time the same error:
Any idea what I do wrong?
Installed twice, but same time the same error:
Code:
Performing sanity check on apache24 configuration: AH00112: Warning: DocumentRoot [/usr/local/www/apache24/data/nextcloud] does not exist AH00112: Warning: DocumentRoot [/usr/local/www/apache24/data/nextcloud] does not exist Syntax OK
Any idea what I do wrong?
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Not really; that shouldn't be possible. You downloaded the script and its supporting files by
git clone https://github.com/danb35/freenas-iocage-nextcloud? Can you confirm that lines 149-150 look like this:Code:
iocage exec ${JAIL_NAME} tar xjf /tmp/latest-13.tar.bz2 -C /usr/local/www/apache24/data/
iocage exec ${JAIL_NAME} fetch -o /tmp https://download.nextcloud.com/server/releases/latest-13.tar.bz2
Thank you for your help. I will then make an external post on this subject.
He can't find a package with imagick.
And pecl is unknown to him.
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
I've recently become aware that the script didn't set up acme.sh properly for automatic renewal if you initially obtained your cert in standalone mode. If you haven't run the script yet, it's updated to correct this. If you have, the following command from the shell of your FreeNAS installation should fix things:
Replacing ${JAIL_NAME} with the name of your jail (most likely nextcloud), and ${HOST_NAME} with the FQDN you used for your Nextcloud installation.
If you used DNS validation to get your cert, you should be unaffected.
Code:
iocage exec ${JAIL_NAME} sed -i '' "s|Le_Webroot=\'no\'|Le_Webroot=\'/usr/local/www/apache24/data\'|g" /root/.acme.sh/${HOST_NAME}/${HOST_NAME}.conf
Replacing ${JAIL_NAME} with the name of your jail (most likely nextcloud), and ${HOST_NAME} with the FQDN you used for your Nextcloud installation.
If you used DNS validation to get your cert, you should be unaffected.
@danb35
One question I have: Jails I create have frequent connection issues. I strongly suspect this is due to something in my router, as I use a rater rare type. Consequestly, every jail I have ever managed to get working reqired som manual twaeking to talk to the network. Hence I wonder if it is possible to run the scrip on an already exiting jail, provided one coments out the bits that create it?
Also, I know this is an OT thing, but I am really curious about your pfSense setup.
One question I have: Jails I create have frequent connection issues. I strongly suspect this is due to something in my router, as I use a rater rare type. Consequestly, every jail I have ever managed to get working reqired som manual twaeking to talk to the network. Hence I wonder if it is possible to run the scrip on an already exiting jail, provided one coments out the bits that create it?
Also, I know this is an OT thing, but I am really curious about your pfSense setup.
Yaguznal
Explorer
- Joined
- Dec 23, 2013
- Messages
- 63
Trying to get a reverser proxy cage running with nginx now. It's needed for collabora anyway and I can proxy some other services I've got running through there as well, all ssl encrypted. Awesome! I should probably disable the cronjob in the nextcloud cage and get certbot or acme to do its job in the proxycage. Am I correct?
Another feature I am looking at at the moment is the integration of zfs snapshotting / file rollback. At least that's what I think the nextcloud snapshot settings are ment for. Is it?
There is little documentation I found about it regarding freenas. There's something with "iocage set jail_zfs=on <jailname>" but the "Snapshot format" field still puzzles me. Has anyone got an inkling of how to tackle this?
It would be awesome if you could incorporate this in your script @danb35
Another feature I am looking at at the moment is the integration of zfs snapshotting / file rollback. At least that's what I think the nextcloud snapshot settings are ment for. Is it?
There is little documentation I found about it regarding freenas. There's something with "iocage set jail_zfs=on <jailname>" but the "Snapshot format" field still puzzles me. Has anyone got an inkling of how to tackle this?
It would be awesome if you could incorporate this in your script @danb35
