-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
Resource icon
- Thread starter danb35
- Start date
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
That's really up to you. If you're the only one who's going to be using it, and you're going to confirm the cert fingerprint before you accept it, it could be more secure, because there's no way anyone else could spoof that same certificate fingerprint--but you're going to have certificate errors with any browser or other device that you use to access it.
OTOH, if you can expose it to the Internet on standard ports, it's trivial to get a trusted cert for it.
OTOH, if you can expose it to the Internet on standard ports, it's trivial to get a trusted cert for it.
Can I just follow the instructions from the link you have provided or is it going to break since I previously used your script to install nextcloud? It might be a lot to ask, but could you put together a guide on how to this for people that already used your script to install nextcloud and have everything running?
- Joined
- Dec 31, 2021
- Messages
- 973
Also, would raising the memory limit from 512 speed things up?
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
I don't know, try it?
- Joined
- Dec 31, 2021
- Messages
- 973
The only thing I can find in caddy log is “listening only on https but has no tls connection policies”
- Joined
- Dec 31, 2021
- Messages
- 973
Cert is verified, but can’t connect.
- Joined
- Dec 31, 2021
- Messages
- 973
So the issue seems to have been in the data somewhere. Because of a reinstall it was messing something up.
I had to create everything from scratch.
I also tried going back and deleting config and db, then installing, but that didn’t help. I’m assuming I should have left the db as I was met with some errors concerning it.
Reinstall and new datasets worked.
Question is, what’s the best practice for backup and restore of the data?
- Joined
- Nov 25, 2013
- Messages
- 7,776
ZFS snapshot and replication tasks, probably.
- Joined
- Dec 31, 2021
- Messages
- 973
I have read about those, but have never been able to do them correctly…
Could you direct me to a forum?
Does anyone use encryption on nextcloud itself?
Am I correct in understanding that a certificate ensures encryption of the data travelling back and forth, whereas nextcloud encryption would encrypt the data on the instance itself?
Would the selfsigned cert still encrypt the data, or does a standalone or dns cert need to be there?
Last edited:
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Not unusual; Caddy will get certs from either CA. You can force one CA or the other (or any other ACME CA, for that matter) in the Caddyfile.
- Joined
- Dec 31, 2021
- Messages
- 973
Ok.
I assume both are secure enough.
Would it play back and forth with them or simply go with the one obtained from the start?
How would I force LetsEncrypt?
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Both validate domain control in the same way, and both will sign a cert with any reasonable key length you want. There's no difference in security.
Put this at the top of your Caddyfile:
Code:
{
acme_ca https://acme-v02.api.letsencrypt.org/directory
email youremailhere
}
- Joined
- Dec 31, 2021
- Messages
- 973
So, as near as I can tell, going from a selfsigned cert to a standalone cert will give you an internal server error. This is when you run the script over top of an already configuring nextcloud dataset.
Besides having to backup files, rebuild the jail with a standalone, and putting the files back in place, is there a way to do this?
Would recreating the config dataset do the trick?
I have tried up to 6 times, and have always been met with an internal error when trying to access the instance.
I now have a running jail with standalone, but only after having to recreate everything.
Besides having to backup files, rebuild the jail with a standalone, and putting the files back in place, is there a way to do this?
Would recreating the config dataset do the trick?
I have tried up to 6 times, and have always been met with an internal error when trying to access the instance.
I now have a running jail with standalone, but only after having to recreate everything.
- Joined
- Dec 31, 2021
- Messages
- 973
I don’t know much about CPU statistics, but according to this, the Intel Core is better and newer than the Xeon as compared in the study.
I would like a professional opinion if two of the above Xeons together would outperform one of the above Core.
I can’t seem to find many of any forums about this.
Also, what’s the minimum RAM anyone should use in an instance of max 20 users.
I would like a professional opinion if two of the above Xeons together would outperform one of the above Core.
I can’t seem to find many of any forums about this.
Also, what’s the minimum RAM anyone should use in an instance of max 20 users.
weingeist
Dabbler
- Joined
- Feb 6, 2017
- Messages
- 30
@danb35 you sir, are an absolute hero for making this script. While deploying a new Nextcloud instance used to take me an afternoon, this script allows for making a Nextcloud sandbox in five minutes to test new options.
However, ther is one thing I still keep struggling since I use Nextcloud. I want smb shares from my datasets for local access with shadow copies, and Nextcloud for cloud access of the same data. Seems like external storage is THE way to go here. But Nextcloud writes new files and folders as www:www with 755 permissions. I changed the www primary group to my home group, but there is still readonly access on Nextcloud created data from the smb shares. A cron job resets all user data to 770 every night. Not elegant, and often too slow.
I have tried changing the umask of www user, tried setting it in the designated line in the php-fpm deamon, but no luck.
There is a thread over at the Nextcloud forum for changing the umask in an apache server. Would you know where and how this could be done in a caddy server? Or whre would I need to change this?
However, ther is one thing I still keep struggling since I use Nextcloud. I want smb shares from my datasets for local access with shadow copies, and Nextcloud for cloud access of the same data. Seems like external storage is THE way to go here. But Nextcloud writes new files and folders as www:www with 755 permissions. I changed the www primary group to my home group, but there is still readonly access on Nextcloud created data from the smb shares. A cron job resets all user data to 770 every night. Not elegant, and often too slow.
I have tried changing the umask of www user, tried setting it in the designated line in the php-fpm deamon, but no luck.
There is a thread over at the Nextcloud forum for changing the umask in an apache server. Would you know where and how this could be done in a caddy server? Or whre would I need to change this?
