Scripted installation of Nextcloud 23 in an iocage jail

I’ve written a script to install Nextcloud 23 in an iocage jail under FreeNAS 11.3/TrueNAS 12.0. This script uses the Caddy web server, which will manage Let’s Encrypt TLS certificates for you automatically. It creates the jail, installs and configures the web server, the database server, Nextcloud itself, and all its other dependencies. The script itself, and further instructions, are on GitHub:

1 Like

With the release of Nextcloud 17, I’ve created a new branch of this script to install that version. To try it out, run git clone -b nextcloud-17 https://github.com/danb35/freenas-iocage-nextcloud.git. It installs fine for me, but has had only minimal testing. I’ll probably merge this into master in a week or so if I don’t find or hear of any problems with it.

With this branch, I’ve also added a simple script to remove the Let’s Encrypt staging CA from your Caddyfile and obtain a trusted cert. See either the README or the end of the script’s output for more information.

I’ve made a few updates to the nextcloud-17 branch, mainly to update the Caddyfiles for pretty URLs and to increase some timeouts. It looks like it’s working well and will probably be merged into master shortly. In testing, I’ve been able to upload files up to 15 GB through the web UI without any problems.

The nextcloud-17 branch is now merged into master.

Big changes to this one lately–with the release of Caddy v2, lots has been rewritten. Major changes to the script, Caddyfile, and even the rc script, but it seems to be working well.

The changes last year continue to work well, and the script has now been updated to install Nextcloud 23.

First, I would like to thank you for this great scrip, for sharing it with the community and keep it updated.

I have a home nextcloud iocage made by this script working perfectly for almost 3 years. I did the updates from inside the nextcloud only, but never run this scrip again.

A few days ago, a friend of mine couldn’t access it because of lets encrypt certificates, claiming it’s been revoked, despite many others still using the site with no problem at all.

My question is, does this scrip is aware of the existing iocage, can it run to update the installation without delete any data, and re-create the certification part?

The script is (now; not sure if it was at the time you installed it) aware of an existing installation, so it’s capable of installing over it if desired, but that shouldn’t be necessary here. What’s likely going on is that your cert got caught up in the mass TLS-ALPN revocation, and for some reason caddy hasn’t caught up with that yet. So to fix it, you’ll need to wipe out the old cert, so that Caddy will order a new one. To do this:

  • Enter the jail with iocage console nextcloud
  • ls -aF and see if you see a .caddy directory. If not, stop and post what you did find there.
  • service caddy stop
  • mv .caddy caddy_old
  • service caddy start

In a matter of a few seconds, caddy should generate a new cert for you. You can check its validity using ssllabs.com.

Found this /.config/caddy/autosave.json. Is this the directory I should mv ?
Found this /usr/local/www/Caddyfile. Maybe is from a older version of caddy.

Found out this on the first lines of README.md, from the git i pulled when i installed with your script:

Script to create an iocage jail on FreeNAS for the latest Nextcloud 20 release, including Caddy 2.x, MariaDB 10.3/PostgreSQL 10, and Let’s Encrypt

You shouldn’t need to rebuild Caddy to make this work, though that would ensure you were using the most up-to-date version of Caddy. But the autosave.json file doesn’t contain the cert data, so removing it won’t cause the certs to be regenerated. And my installation doesn’t put the Caddy data in /.config, so I’m not sure why yours does.

Let’s see where the certs are actually stored in your install–run find / -name \*letsencrypt.org-directory.

Also, what’s the output of caddy version?

1 Like

Hi @danb35. I’ve been lurking around for a little over a month picking away at my first attempt at a truenas server and nextcloud.

I was able to install the original plugin and get it working on my lan. I then found your script. So, i blew away that jail and started over. Long story short, I successfully installed nextcloud and got a caddy cert with your script. I have my web address on cloudflare and pointed to my ipaddress.

I cannot for the life of me navigate to nextcloud in any way. 192.168.1.12 is what i set the lan ip to. I can ping it. I cannot even get the blue login screen. Entering my domain into a web browser routes me to my gateway login. (Though i believe that is because I’m doing it on my lan). If i do it from my phone it tries to go to my wan ipaddress but just never does anything.

I feel like im missing some obvious steps here that others may just inherently know. Any pointers?

I think the part you may be missing is to have the FQDN you’ve set up for your Nextcloud instance point to that instance, from inside your LAN. So, if it’s called cloud.yourdomain.net, inside your LAN, cloud.yourdomain.net needs to resolve to the IP address of your jail. Usually, you’d set that up on your router. If your router is brain-damaged and can’t serve local DNS records like this, another possibility would be to set up something like Pi-Hole as a local DNS server, and you can make that entry there.