Scripted installation of Nextcloud 28 in iocage jail 2018-03-23

[matteob86]

If you're going to open ports 80/443 to your Nextcloud jail, your DNS host doesn't matter, as Caddy doesn't need to interact with it to get a cert.

i have open the ports at jail ip

 

[Patrick M. Hausen]

mysql-server does not exist in /etc/rc.d or the local startup
directories (/etc/ix.rc.d /usr/local/etc/rc.d), or is not executable

So you don't have MySQL or MariaDB installed in your jail. You need that to run Nextcloud. You did enter the command in a shell inside the jail, yes?

 

[matteob86]

so i have to create a jail before launching the script? i had understood that the jail would be created by the script. i have run the commands in the folder inside dataset "nextcloud" from Putty.

 

[danb35]

i had understood that the jail would be created by the script.

It is.

i have run the commands in the folder inside dataset "nextcloud" from Putty.

No, inside the jail. If you're logged in via Putty (which isn't needed any more; Windows 10 includes its own SSH client), run iocage console nextcloud to enter the jail. Then run the command Patrick mentioned and see what the result is. And what are the contents of nextcloud-config (masking the domain name if you like, and certainly masking any credentials that might be there)?

 

[matteob86]

this is the feedback

root@NextCloud:~ # service mysql-server status
Cannot 'status' mysql. Set mysql_enable to YES in /etc/rc.conf or use 'onestatus' instead of 'status'.

and this is what i have in rc.conf

# Disable Sendmail by default
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

# Run secure syslog
syslogd_flags="-c -ss"

# Enable IPv6
ipv6_activate_all_interfaces="YES"


so what i have to do now?

 

[Patrick M. Hausen]

You are in the jail that danb's script created? This looks like an empty jail to me ...

 

[matteob86]

yes is the one created by the script. i just change the name in NextCloud

 

[matteob86]

No, inside the jail. If you're logged in via Putty (which isn't needed any more; Windows 10 includes its own SSH client), run iocage console nextcloud to enter the jail. Then run the command Patrick mentioned and see what the result is. And what are the contents of nextcloud-config (masking the domain name if you like, and certainly masking any credentials that might be there)?

this is my nextcloud.config file

JAIL_IP=192.168.178.43
DEFAULT_GW_IP=192.168.178.1
POOL_PATH="/mnt/home"
TIME_ZONE="Europe/Rome"
HOST_NAME="maxxxxxxx.ddns.net"
STANDALONE_CERT=1
CERT_EMAIL="xxxxxxxxxx@gmail.com"
JAIL_NAME="NextCloud"

Update: i managed to run mysql on the jail created by the script. so now how do i resume the script?

root@NextCloud:~ # service mysql-server status
mysql is running as pid 93883.

 

[Voithos]

I'm glad I'm not the only one having issues with this!

 

[Patrick M. Hausen]

Nextcloud is not a single "click setup.exe" Windows application.

As I have repeatedly pointed out it is a complex three-tier web application supposed to be run by people with system adminstration experience. You will at least need knowledge in

• networking
• web server operations
• PHP operations
• database operations

if you ever want to run your own Internet facing Nextcloud. If you don't and don't have the resources to learn or someone at hand, why not just rent a turnkey Nextcloud instance from some provider.

Even if you manage to get your instance running - and danb35 did a great amount of work to facilitate that - you absolutely must keep your installation up-to-date with updates. And each and every update requires knowledge in the areas cited above and manual steps on the command line that are not always clear before you start the update but need to be resolved after the fact by an experienced administrator.

I really start to wonder why people who clearly have no idea what they are getting into insist to run that product on premises.

It really is that complex and this is not going away. Running your own Wordpress, TYPO3, Joomla, ... is no different.

 

[matteob86]

first of all it seems to me that this is a forum.
consequently it is common for less able people to ask for help and support.
if you think you are so superior as to belittle those who may have different knowledge - just for the record I'm an aerospace engineer, I know mechanics and aerodynamics very well, minus the computer part - please avoid being so arrogant ... that's since I started ask questions that give you such answers.
i would like to understand why last week when i installed the first time it was successful while now that i am reinstalling it doesn't work. if you have a constructive answer to give well, otherwise, please, avoid issuing sentences.

thank you

 

[matteob86]

i get this allert everyday since I launched the script

2 SSH login failures: Apr 20 23:51:14 truenas 1 2022-04-20T23:51:14.598641+02:00 truenas.local sshd 6500 - - error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1" Apr 20 23:51:14 truenas 1 2022-04-20T23:51:14.598812+02:00 truenas.local sshd 6500 - - banner exchange: Connection from 89.248.163.173 port 44978: invalid format​

2022-04-21 00:00:16 (Europe/Rome)

could it be the cause of the installation failure?

 

[GJSchaller]

Apologies if this is already in this thread, 119 pages is a lot... if I am already running a Caddy jail for handling multiple other jails, do I need to do anything different for this install / config? I don't imagine we want two instances of Caddy running (one in each Jail). Given I am having issues with the official plugin, I am thinking this script may be a better solution, if it won't interfere with another Caddy.

 

[danb35]

A second Caddy won't interfere. If you're going to use my script, I'd suggest installing with no SSL at all (set NO_CERT=1 in the config file), because your other Caddy installation will be handling TLS termination. But beyond that, I haven't used it behind a reverse proxy, though I know others (who have replied to this thread) have--I hate to tell you to read through over 2000 messages, but I'm pretty sure other details are somewhere in this thread.

 

[GJSchaller]

Having issues with connecting to NextCloud after running the script. I've created the Datastores as recommended (1 top level, 4 sub-stores), and deployed the jail using the config below. It seems to finish without issue, and I can see the new jail and ping it. But when I browse to it from my local network (by using http://10.0.0.242/, I get "ERR_CONNECTION_REFUSED" in Chrome, for both http and https. Jail seems to be working otherwise, and is running 12.2-RELEASE-p15.

I just need to be able to connect locally for now, I will eventually connect via reverse proxy down the line.

Config file:

JAIL_IP="10.0.0.242"
DEFAULT_GW_IP="10.0.0.1"
POOL_PATH="/mnt/data"
TIME_ZONE="America/New_York"
HOST_NAME="nextcloud"
NO_CERT=1
COUNTRY_CODE="US"

 

[danb35]

Connection refused usually means Caddy isn't running--to check on this, enter the jail with iocage console nextcloud and check its status with service caddy status. If it isn't running, check for errors in /var/log/caddy/caddy.log.

 

[GJSchaller]

Thank you. The service is not running, the log has the following:

{"level":"info","ts":1651240508.224717,"msg":"using provided configuration","config_file":"/usr/local/www/Caddyfile","config_adapter":"caddyfile"}
run: adapting config using caddyfile: parsing caddyfile tokens for 'log': /usr/local/www/Caddyfile:10 - Error during parsing: getting module named 'caddy.logging.encoders.single_field': module not registered: caddy.logging.encoders.single_field
start: caddy process exited with error: exit status 1

 

[danb35]

Ah, yes, I need to update the Caddyfile templates. Try commenting out line 10 in the Caddyfile (/usr/local/www/Caddyfile in the jail), then service caddy start. Then see if you can reach it.

 

[GJSchaller]

Bingo, that did it! Thank you!

For documentation, the line I commented out is:

format single_field common_log

 

[GJSchaller]

You may want to add the IP address of the jail to the Trusted Domains in config.php, I had to add it manually.