-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
Resource icon
- Thread starter danb35
- Start date
Hello everyone,
i'm following this thread for a while now. It sounds like the script is working very well! I would like to use it in the next few days.
The only thing i was wondering is the port forwarding.
"The only hard prerequisite is that you must own or control a domain name, and
But my Router does not allow that, because there is no valid Jail IP-Address yet.
Where is my misunderstanding?
Thanks & Greeting
Nico
i'm following this thread for a while now. It sounds like the script is working very well! I would like to use it in the next few days.
The only thing i was wondering is the port forwarding.
"The only hard prerequisite is that you must own or control a domain name, and
- That domain name can reach your jail on ports 80 and 443 from the public Internet--if an Internet user browses to http://domain_name, he'll reach your jail;"
But my Router does not allow that, because there is no valid Jail IP-Address yet.
Where is my misunderstanding?
Thanks & Greeting
Nico
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Yes. You'll be assigning a static IP address to your jail, and ports 80 and 443 will need to be forwarded to that IP address. The router shouldn't know or care whether there's something active on that IP address at the time you set up the forwarding. If it does, honestly, that's a problem with your router. However, you can set up the forward while the script is running. The jail is created (and thus the IP address activated) at the beginning (you'll see the output of "nextcloud successfully created"), and as long as you have the forwarding set up by the time acme.sh tries to obtain your certificate, you should be fine--you should have at least 10 minutes.
Thank you! Setting the port forwarding was possible after starting the script and the script finished successful!
But now i'm getting redirected to the Freenas Gui (not to nextcloud) if i type in my Jail IP. In the Freenas Gui i suddenly found this:
Usually i reach the Gui only under 192.168.178.2.
My Config for Nextcloud was like this:
JAIL_IP="192.168.178.15"
DEFAULT_GW_IP="192.168.178.1"
INTERFACE="igb0"
That really confuses me. May be it's an iocage problem?!
Thanks & Greetings
Nico
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Strange--which version of FreeNAS are you running? IIRC, @cunningorb reported the same thing under 11.1-U2, but said it worked under 11.1-U4. I haven't seen this behavior under either version.
Can you try using virtual networking? Change the interface to "vnet0" and set VNET="yes" in nextcloud-config, clear out the db/ dataset, destroy the jail (
iocage destroy -f nextcloud), and run the script again.
TimvH
Dabbler
- Joined
- Mar 28, 2018
- Messages
- 25
That's probably due to the virtualhost file not being bound to the domain name. We'll need to fix that.Thank you! Setting the port forwarding was possible after starting the script and the script finished successful!
But now i'm getting redirected to the Freenas Gui (not to nextcloud) if i type in my Jail IP. In the Freenas Gui i suddenly found this:
Usually i reach the Gui only under 192.168.178.2.
My Config for Nextcloud was like this:
JAIL_IP="192.168.178.15"
DEFAULT_GW_IP="192.168.178.1"
INTERFACE="igb0"
That really confuses me. May be it's an iocage problem?!
Thanks & Greetings
Nico
Try the following:
iocage exec ${JAIL_NAME} sed -i '' "s/*/${HOST_NAME}/" /usr/local/etc/apache24/Includes/${HOST_NAME}.confChange ${JAIL_NAME} to your jail name and ${HOST_NAME} to your FQDN(domain.extension)
Edit: Sent a pull request using the vhost workaround only when vnet used, otherwise nextcloud will be bound to the domain name like before. Should fix the problem
Last edited:
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Why do you think that's the case? The Apache docs seem to prefer the IP address, permit the wildcard, and state the FQDN is "not recommended." But if the FreeNAS web GUI is responding instead, it seems we're dealing with a completely different issue than Apache configuration.
TimvH
Dabbler
- Joined
- Mar 28, 2018
- Messages
- 25
That's probably because Freenas is bound to whatever network interface is connected by default, vnet's are always seperated and imo the way to go.
When you open the FreeNAS webui and go to the network summary as posted by @nocin you can see the interface has two ip adresses and when you look at FreeNAS's nginx config
cat /usr/local/etc/nginx/nginx.conf you can tell it listens to every attached nic on port 80/443. When you configure a NIC through the webui you can specify the IP you want it to listen to and then it should work like intended.
TimvH
Dabbler
- Joined
- Mar 28, 2018
- Messages
- 25
I have just installed the latest FreeNAS nightly on a vm in which the new ui is default, and there are plugins, Nextcloud included!
So if you can wait then wait for the release of 11.2.
I'm going to migrate my data to the plugin when 11.2 is released and I'll probably write a script/guide on how to migrate if there's people that want it.
So if you can wait then wait for the release of 11.2.
I'm going to migrate my data to the plugin when 11.2 is released and I'll probably write a script/guide on how to migrate if there's people that want it.
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Cool--as long as it uses a sensible database implementation (at least at one point, the Owncloud plugin was using SQLite, which just isn't) and webserver setup.
TimvH
Dabbler
- Joined
- Mar 28, 2018
- Messages
- 25
It appears to be using nginx and mysql.
PHP-FPM is configured to use 127.0.0.1 instead of a unix socket, but that can be changed to match your config.
https://github.com/freenas/iocage-plugin-nextcloud
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Seems reasonable. Wonder if nginx is configured for http/2, but that's a lower-priority performance issue, and nginx is often reported to perform better than Apache anyway.
TimvH
Dabbler
- Joined
- Mar 28, 2018
- Messages
- 25
It seems a very basic install though, they haven't even configured https.
I'm forking the repo and I'll make some changes in the coming weeks to make it at least as secure as your script.
I'm trying to edit @danb35 script to use nginx instead of apache. I can't get the pkg.json file made with the echo command as it gives the error to long. Is there a way round the issue?
echo '{"pkgs":["nano","nginx","mariadb101-server","redis","php70-bz2","php70-ctype","php70-curl","php70-dom","php70-exif","php70-fileinfo","php70-filter","php70-gd","php70-hash","php70-iconv","php70-intl","php70-json","php70-mbstring","php70-mcrypt","php70-pdo_mysql","php70-openssl","php70-posix","php70-session","php70-simplexml","php70-xml","php70-xmlreader","php70-xmlwriter","php70-xsl","php70-wddx","php70-zip","php70-zlib","php70-opcache"]}' > /tmp/pkg.json
Last edited:
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
I know next to nothing about json, but is it essential that everything be on a single line? Or can it be broken into several lines? If the latter, you could do something like this:
I also note that you have a single quote before nano--if this is a copy/paste from what you're running, it might explain what's happening.
Edit: example above updated--need to use cat, not echo.
Code:
cat <<__EOF__ >/tmp/pkg.json
{"pkgs":["nano","nginx" ...
...
...
"php70-opcache"]}
__EOF__
I also note that you have a single quote before nano--if this is a copy/paste from what you're running, it might explain what's happening.
Edit: example above updated--need to use cat, not echo.
Last edited:
the single quote was a typo as I added it after the copy/paste.
The code is the same as yours with different commands loaded into the /tmp/pkg.json file to be used by
iocage create --name "${JAIL_NAME}" -p /tmp/pkg.json -r 11.1-RELEASE ip4_addr="${INTERFACE}|${JAIL_IP}/24" defaultrouter="${DEFAULT_GW_IP}" boot="on" host_hostname="${JAIL_NAME}" vnet="${VNET}"
Jailer
Not strong, but bad
- Joined
- Sep 12, 2014
- Messages
- 4,977
It's a simple fix if it isn't.
Change
Code:
listen 443 ssl;
to
Code:
listen 443 ssl http2;
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Yes, a good bit simpler than changing that with Apache.
