Register for the iXsystems Community to get an ad-free experience

SSL change after NextCloud Reboot.

Western Digital Drives - The Preferred Drives of FreeNAS and TrueNAS CORE

tux-box1

Dabbler
Joined
Jul 9, 2020
Messages
17
I've run in to this 2 times now.
I successfully used the py-certbot to setup let's encrypt on my next cloud (Ver> 22.1.1) and all is great.
If I reboot the silly thing reverts to the "truenas" cert.

I tried diving in to nginx configs in an effort to figure out where it's pulling it's cert, but I'm only familiar with Apache2 configs.
I looked at "https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html" and according to cat /usr/local/etc/nginx/config.d/nextcloud.conf which I noticed was reset after the reboot, (side question how do I make the changes permanent?) I don't find any reference to a SSL cert like I do in the url I referenced.

Can anyone answer my questions?
1. how to make changes with in a jail permanet so it's not resetting after a reboot
2. how is nginx referencing the ssl cert? I don't see any reference to it in the config "/usr/local/etc/nginx/config.d/nextcloud.conf" I'm not familure with bsd.
On the systems I'm used to /etc/apache2/sites-available or ../sites-enabled *.confg all had references to the ssl cert location.

thanks in advanced.
 

f4m1n3

Cadet
Joined
Oct 6, 2021
Messages
1
I don't have a solution for you but wanted to share that I'm having the exact same problem. I had tried setting up over a dozen times but each time after a reboot was experiencing the exact same issues you listed.
I most recently tried on TrueNAS 12.0-U5.1.
 

yuanjin

Cadet
Joined
Oct 8, 2021
Messages
1
Actually, I met exactly the same issue via the nextcloud in jails. And fortunately I figured it out.

Background:
- I created a nextcloud-ssl.conf and deleted the default nextcloud.conf file during the SSL certified procedure. Nextcloud worked fine.
- Then I someday reboot my TrueNAS. The nextcloud failed to be accessed.
- I tried many things without luck until I checked the status of NginX. It was not working!
- And I found the deleted nextcloud.conf AGAIN.

Reason:
- This problem is created by the NginX configuration file(named nextcloud.conf by default), which would be reset by trueNAS(or the nextcloud plugins whatever).

- The reset means what it looks, the system would put a default nextcloud.conf back to "/usr/local/etc/nginx/conf.d", no matter if there was one config file or NOT.

- I tried to renamed nextcloud-ssl.conf as nextcloud.conf. Then reboot, and the content of the nextcloud.conf was changed back to default again.
This is the reason why @tux-box1 met the SSL certified issue too when rebooting.

Solution:
- Add a cron task
- To delete the default config file of Nginx after rebooting
- To restart NginX service.

Good luck
 

tux-box1

Dabbler
Joined
Jul 9, 2020
Messages
17
Actually, I met exactly the same issue via the nextcloud in jails. And fortunately I figured it out.

Background:
- I created a nextcloud-ssl.conf and deleted the default nextcloud.conf file during the SSL certified procedure. Nextcloud worked fine.
- Then I someday reboot my TrueNAS. The nextcloud failed to be accessed.
- I tried many things without luck until I checked the status of NginX. It was not working!
- And I found the deleted nextcloud.conf AGAIN.

Reason:
- This problem is created by the NginX configuration file(named nextcloud.conf by default), which would be reset by trueNAS(or the nextcloud plugins whatever).

- The reset means what it looks, the system would put a default nextcloud.conf back to "/usr/local/etc/nginx/conf.d", no matter if there was one config file or NOT.

- I tried to renamed nextcloud-ssl.conf as nextcloud.conf. Then reboot, and the content of the nextcloud.conf was changed back to default again.
This is the reason why @tux-box1 met the SSL certified issue too when rebooting.

Solution:
- Add a cron task
- To delete the default config file of Nginx after rebooting
- To restart NginX service.

Good luck
Thank you.
I'll look into that.
 

Sho

Cadet
Joined
Oct 14, 2021
Messages
2
I'm facing the same issue after an upgrade of the plugin, and I for me this is a recent regression. I used a modifed nextcloud.conf for some time successfully and across several version upgrades, but now I see it being reverted on a jail restart.

I think this is a regression we need to report to the maintainer of the plugin.
 

asw2012

Contributor
Joined
Dec 17, 2012
Messages
181
This is an eerily similar problem I am having.... So it seems.

I am editing the nextcloud.conf in /usr/local/etc/nginx/conf.d/

after the edit/change, I have to restart nextcloud.

the changes I made are gone and file reverts back to default after the restart.

I'm stumped and could use some help.
 

asw2012

Contributor
Joined
Dec 17, 2012
Messages
181
It seems there's an update to nextcloud, swtiched to HTTPS. Instructions here, but I don't see a solution for static IP address, yet.


 
Last edited:

asw2012

Contributor
Joined
Dec 17, 2012
Messages
181
Make changes to nextcloud.conf.template, which I am guessing gets copied to nextcloud.conf after every boot. I did that and it survives a reboot.
That did work. I purposefully rebooted the TrueNAS server, and the nextcloud.conf stays with my server name. I tried to connect from outside of my LAN, and can't connect. Still have to SSH in and re-install cert or get a new one (this time I just re-installed). Any way of automating this too?

thanks :)
 

vidx

Dabbler
Joined
Oct 16, 2021
Messages
37
Create a reverse proxy jail and set up SSL there for nextcloud.
 

debsahu

Cadet
Joined
Nov 9, 2021
Messages
3
That did work. I purposefully rebooted the TrueNAS server, and the nextcloud.conf stays with my server name. I tried to connect from outside of my LAN, and can't connect. Still have to SSH in and re-install cert or get a new one (this time I just re-installed). Any way of automating this too?

thanks :)
One way is to create mount points on the jail to your certificates on NAS. That way they are mounted in the same location inside the jail, every time the jail starts. You can point to these locations in the conf file.
 

asw2012

Contributor
Joined
Dec 17, 2012
Messages
181
Create a reverse proxy jail and set up SSL there for nextcloud.
Thanks for the help, I'm going to try this on a separate box with proxmox : pfSense installed already on a VM and will just add another VM with Ubuntu server or something similar for the reverse proxy.
 

CrownedMartyr

Dabbler
Joined
Nov 20, 2021
Messages
21
I'm a newbie, so apologies if this has already been covered or isn't exactly what you all are looking for. I was running into a similar issue after finally figuring out how to install Nextcloud via the TrueNAS plugin and get the SSL cert installed. I came across the following guide which had some extra steps I hadn't seen elsewhere: https://sysadmin102.com/2021/11/how...l-certificate-from-lets-encrypt-with-certbot/

The author includes the following warning: "If you try to access your Nextcloud using FQDN, you will receive “ERR_TOO_MANY_REDIRECTS” message. That is because Certbot automatically added server settings to your config file."

The proposed solution is to edit the Nginx config file:
ee /usr/local/etc/nginx/nginx.conf

Replace the values for "truenas" with your FQDN for the certificate, key, and trusted certificate records under the #SSL section.

So from this:

Screenshot_2021-11-20_14-41-49.png


to this:

Screenshot_2021-11-20_14-48-40.png


I followed these steps and now I have no issues with my SSL cert post-reboots.
 

CrownedMartyr

Dabbler
Joined
Nov 20, 2021
Messages
21
@sysadmin102 I didn’t expect you to read my post! I’ve seen your YouTube guides and articles and they’ve been invaluable in my journey to setting up Nextcloud - thank you!
 

CrownedMartyr

Dabbler
Joined
Nov 20, 2021
Messages
21
Well, I'm actually still having issues. I thought I had an alert that there was an update to the Nextcloud plugin, so I ran the updater and selected the option to update the jail at the same time (I'm not 100% clear on when you would or wouldn't select that).

It ran for a while and then informed me no update was available. Fine. But then I was back to being unable to access the site. I went back and looked at the /usr/local/etc/nginx/nginx.conf file and sure enough, all of the SSL cert records were reset to the "truenas" path. I changed them to my domain which fixed the issue, following a restart.

I also noticed that my cronjob to renew the cert was missing.

After reading these forums and other articles, I feel as though the plugin route may be riddled with these types of headaches. That's a shame, because I don't have unlimited time to muck around with this stuff and it's 95% close to being exactly what I need. It's confusing to me that a simple update check would wipe out some custom configs like this.

Hopefully someone can shed some light onto this. Or better yet, maybe it's a bug that will be fixed by Nextcloud/iXsystems soon.
 

sysadmin102

Cadet
Joined
Nov 21, 2021
Messages
1
The plugin approach is fine. The installation script is the issue. Setting up SSL for Nginx is not an easy task, the installation script helps automate that process by generating a self-signed certificate; but unintentionally overwrite the existing config settings. Once Jail is configured, you should use the Nextcloud web interface update utility vice using the plugin update to avoid this issue.
 

CrownedMartyr

Dabbler
Joined
Nov 20, 2021
Messages
21
Okay, it's reassuring to hear you say that and very helpful to know that's what's going on behind the scenes. As someone still very new to TrueNAS and Nextcloud, it seemed to me the "safer" approach was to NOT update from within Nextcloud and to rely on the plugin/jail updates through TrueNAS. If updating through Nextcloud is the the way to go, I'll do that going forward.

All in all, if all I have to do is a little re-config. even on the plugin update, it's not the end of the world - so long as that's all that's getting reset!
 

codebuddha

Cadet
Joined
Jan 7, 2018
Messages
2
Anyone have a recommendation for removing https entirely?
I've been running nextcloud on my private network for two years without a problem and the first time I decide to update it, it gets BRICKED!

I've tried the following articles with no luck:
- https://help.nextcloud.com/t/how-disable-https-for-nginx/52718/2
- https://help.nextcloud.com/t/i-dont-want-to-use-https/3969

Carrying some findings forward:
- https://www.truenas.com/community/threads/enable-lets-encrypt-ssl-in-nextcloud-on-freenas.78734/
- https://github.com/freenas/iocage-plugin-nextcloud/issues/45
 
Top