Absolutely awesomeIt seems like there are lot of guides here on installing Nextcloud, and a number of people reporting problems with many of them. So, I figured, why not write another one? This is inspired by the work of @kjake in his scripts to build jails for Unifi and Crashplan, and largely follows the process that @dureal99d documented here. The difference between this method and the others is that this method employs a script to create the jail, install all the relevant packages, and configure them. My thought/hope is that by scripting the installation and setup, a lot of the PEBCAK-type errors that come up in such a complex installation can be avoided.
This script uses acme.sh to get a certificate for your jail. In order to obtain the cert, one of two things must be true:
You'll specify which of these is the case in the script's configuration file. In addition, $FQDN
- You have a fully-qualified domain name ("$FQDN") that points to your jail, and the jail is reachable from the public Internet with ports 80 and 443 open to the jail--that is, if an Internet user browses to http://$FQDN, they'll reach your jail. -or-
- Your DNS host has an API that's supported by acme.sh, allowing automated updates to your DNS records. Cloudflare has such an API, and provides DNS hosting for free. Many other DNS hosts' APIs are also supported; see https://github.com/Neilpang/acme.sh/tree/master/dnsapi
needs toshould resolve to your jail from inside your network; this is something you'd set up in your router configuration (in pfSense, for example, you'd set it up as a host override under Services -> DNS Resolver). Edit: It's no longer essential that $FQDN resolve to your jail from inside your network, but it's still preferred. You can use the IP address of your jail inside your network, but you'll get certificate errors that way.
This script installs and configures Nextcloud and all its dependencies.
Script and more details here: https://github.com/danb35/freenas-iocage-nextcloud
Edit: This has been tested on just one system right now, using the DNS validation for the cert. But it ran from start to finish, created the jail, installed everything, configured everything, obtained the cert, made the database changes, etc. Do not try this in production at this point.
Thanks, but it was mostly a matter of automating the work you'd already done.Absolutely awesome
Bother. I'd seen that there were networking issues in 11.1-U3; apparently they didn't fix those in 11.1-U4. I'll see if I can figure out a workaround. Edit: Bug submitted as #30672, but I've attached a debug file so it will be marked private for the time being.KeyError: 'vnet_interfaces'
nextcloud is not running, starting jail
No; in fact, it shouldn't be. It should be the path to the pool on which you want your data stored.Does POOL_PATH in nextcloud-config need to be inside the FreeNas jail root?
Bother. I'd seen that there were networking issues in 11.1-U3; apparently they didn't fix those in 11.1-U4. I'll see if I can figure out a workaround. Edit: Bug submitted as #30672, but I've attached a debug file so it will be marked private for the time being.
No; in fact, it shouldn't be. It should be the path to the pool on which you want your data stored.
cd /tmp
git clone --recursive https://github.com/iocage/iocage
cp -R iocage/iocage/lib/ /usr/local/lib/python3.6/site-packages/iocage/lib
To fix the iocage issues, you can manually update the script files using git.
cd /tmp
git clone --recursive https://github.com/iocage/iocage
cp -R iocage/iocage/lib/ /usr/local/lib/python3.6/site-packages/iocage/lib
Everything should be working now.
Edit:
Somehow there's something wrong with the database...
I also tried it with mariadb102-server but that does not change anything.
Complete install log with a little snip of the nextcloud folder structure(which is huge!) https://pastebin.com/eJVjK3ay
Hope anyone can find the problem here... been looking for hours.
This seems to do the trick--I'll probably want to test a little more before I merge your pull request, but certainly the jail is created and has network access.cd /tmp
git clone --recursive https://github.com/iocage/iocage
cp -R iocage/iocage/lib/ /usr/local/lib/python3.6/site-packages/iocage/lib
I can't duplicate this with MariaDB101, which is what my script uses. From your log output, it appears that 10.2 wants the system .my.cnf file to be in /usr/local/etc/ or /usr/local/etc/mysql/, rather than in /var/db/mysql/ where my script puts it (and where 10.1 will look for it). You can make those changes on lines 127 and 130 of my script. I'll see if those locations work with 10.1 as well; if so I'll update the script accordingly. Edit: They don't. What happens if you try it with mariadb101 rather than 102?Somehow there's something wrong with the database.
Interesting. It wasn't doing this previously, but I can now duplicate this behavior. It also doesn't seem to be handling php files properly. Time for some more digging...SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
At one point it served me php files as a download, yes. I can't say if it's something I did and can't say what I did exactly.It also doesn't seem to be handling php files properly.
After I made my changes to use PHP-FPM, I commented out the line to copy the mod_php config file. Apparently that (somehow) broke both PHP and SSL. If you uncomment line 124 (which is copying 001_mod_php.conf), it should work. Edit: Updated the script on GitHub to incorporate this change.At one point it served me php files as a download, yes.
The log output of mariadb101 was exactly the same, accidentally uploaded the mariadb102 log.This seems to do the trick--I'll probably want to test a little more before I merge your pull request, but certainly the jail is created and has network access.
I can't duplicate this with MariaDB101, which is what my script uses. From your log output, it appears that 10.2 wants the system .my.cnf file to be in /usr/local/etc/ or /usr/local/etc/mysql/, rather than in /var/db/mysql/ where my script puts it (and where 10.1 will look for it). You can make those changes on lines 127 and 130 of my script. I'll see if those locations work with 10.1 as well; if so I'll update the script accordingly. Edit: They don't. What happens if you try it with mariadb101 rather than 102?
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2 "No such file or directory")
They're already in different datasets, but I think you meant on different pools. That should be do-able. Might take a couple of days before I get the change made, though.As a suggestion only it'd be sweet if you'd make us able to store the files, sql files and the port files in different datasets.
Yes, that's correct--this is following @kjake's idea in the scripts he's done. Doesn't seem to be any sense in keeping multiple copies of that information.If I read other posts correctly the port dataset could be shared between iocages. Is that correct?
SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )"
and now it mounts the config dir fine.?U2 doesn't work with the repo
That should work, with the workaround now suggested in the README.md file.I then updated to U4