From README.md: create a file called nextcloud-config

[tido-]

Hi,

I am wondering why there is not a file called "nextcloud-config" and with the list you basically have in nextcloud-jail.sh ? Something like:

# Information to the lines below you find in the README.md
#############################################


# Network parameters:
####################################
JAIL_IP=""
JAIL_INTERFACES=""
JAIL_NAME="nextcloud"
DEFAULT_GW_IP=""
INTERFACE="vnet0"
VNET="on"
HOST_NAME=""


# your prefered Database ("mariadb" or "pgsql")
####################################
DATABASE="mariadb"


# Define your file locations
####################################
CONFIG_PATH=""
DB_PATH=""
FILES_PATH=""
PORTS_PATH=""
POOL_PATH=""
THEMES_PATH=""


# SSL Certificate - one of the below should carry a '1' 
####################################
STANDALONE_CERT=0
SELFSIGNED_CERT=0
DNS_CERT=0
NO_CERT=0


# I don't know what these are for
####################################
DL_FLAGS=""
DNS_SETTING=""```
TIME_ZONE=""

[danb35]

I am wondering why there is not a file called "nextcloud-config"

A couple of reasons:

• If the file is part of the repo, and you then change the file (as you would), it's going to prevent you from updating the script with a git pull.
• Very few of these actually need to be set, and giving a sample file increases the likelihood that options will be set that don't need to be, possibly incorrectly. A minimal config file is very short (exactly as shown in the README):

JAIL_IP="192.168.1.24"
DEFAULT_GW_IP="192.168.1.1"
POOL_PATH="/mnt/tank"
TIME_ZONE="America/New_York"
HOST_NAME="cloud.something.com"
STANDALONE_CERT=1
CERT_EMAIL="someone@yourdomain.com"

Everything else has sensible defaults that won't need to be changed in most cases.

[tido-]

I see. I didn't think about that. However, reading the README.md and looking afterwards at the repo's nextcloud-jail.sh , am I the only one questioning this :)

Suggestion then, instead of: It should look like this:
It could say, "below you find the minimum of lines/information needed for an install, for everthing else the install file contains sensible defaults hat won't need to be changed in most cases."

Last but not least, I would, as I did in my intital post, group the topics like:

DEFAULT_GW_IP="192.168.1.1"
HOST_NAME="YOUR_FQDN"  ... what does FQDN stand for?  Especially if you don't have a Domain, the README doesn't say what to put here.

STANDALONE_CERT=1
CERT_EMAIL="me@example.com"

POOL_PATH="/mnt/tank"
TIME_ZONE="America/New_York"

[tido-]

I am totally familiar with Debian Linux, not BSD. It says in the README.md git clone. So, I open the shell in the web UI: git clon hit TAB a few times. Nothing happens. I guess git is not installed, but wget :) how about using installed option instead with the unzip which is installed as well. Just thinking about your lines above: "" it's going to prevent you from updating the script with a git pull"" if I have it installed, why would I want to update the script as a user anyway?

My suggestion instead of or additionally to git clone:

mkdir -p nextcloud-config
cd nextcloud-config
wget https://github.com/danb35/freenas-iocage-nextcloud/archive/master.zip
unzip master.zip
cd freenas-iocage-nextcloud-master
ls -la

A simple editor to learn is ee(1), which stands for easy editor. To start this editor, type ee filename where filename is the name of the file to be edited. Once inside the editor, all of the commands for manipulating the editor's functions are listed at the top of the display. The caret (^) represents Ctrl, so ^e expands to Ctrl+e. To leave ee(1), press Esc, then choose the “leave editor” option from the main menu. The editor will prompt to save any changes if the file has been modified.

ee nextcloud-config

Is it recommended to use SSH instead of the Shell inside the WebUI?

POOL_PATH is it path to my data pool. .... in the FreeNAS menu "Storage > Pools" ?
To stay with the example from the Dataset above: POOL_PATH="/mnt/tank/nextcloud" ? or if you would build/create missing folders anyway, is it leave away: the path to your dataset "nextcloud" (excluding "nextcloud") so it is easier to understand. Then it is as it is right now.

HOST_NAME is the fully-qualified domain name you want to assign to your installation. You must own (or at least control) this domain, because Let's Encrypt will test that control.

What JAIL_IP=" should I choose on SELFSIGNED_CERT?
I doesn't say, If NC runs only locally with SELFSIGNED_CERT you can choose: nextcloud.home for example inside a small office... can I ?

# ./nextcloud-jail.sh
JAIL_INTERFACES not set, defaulting to: vnet0:bridge0
ls: /mnt/SSD_120GB/nextcloud/config: No such file or directory
nextcloud successfully created!

Testing Host DNS response to pkg.freebsd.org
Testing nextcloud's SRV response to pkg.freebsd.org
pkg.freebsd.org's SRV record could not be verified.

Testing nextcloud's DNSSEC response to pkg.freebsd.org
pkg.freebsd.org could not be reached via DNSSEC.

Testing nextcloud's DNS response to pkg.freebsd.org
pkg.freebsd.org could not be reached via DNS, check nextcloud's network configuration
Failed to create jail
root@freenas[

Weird, I can see the Jail in the WebUI.

Do you mind if I send a PR?

Last but not least, if I have already installed NC from Plugins of FreeNAS, what should I take care of to test/play with this script?

PS: first time user, wrote that down while walking through it.

[danb35]

I guess git is not installed

No, git is installed; the problem is (1) you're using the shell through the web GUI, which you should basically never do; and (2) there's no tab-completion for git commands--you need to type out git clone ... (or simply copy/paste it).

ee nextcloud-config

Use ee, nano, vi, or whatever else you like. I usually prefer nano. This guide is written on the assumption that the user knows how to use a text editor in FreeNAS.

POOL_PATH is it path to my data pool.

Yes, just like it says in the README. If your pool is called tank, POOL_PATH would be /mnt/tank. If you do not set any of the other _PATH settings, your data will go under four directories under $POOL_PATH/nextcloud/. Once again, as is already documented in the README.

What JAIL_IP=" should I choose on SELFSIGNED_CERT?

Any IP you like that's inside your network, just the same as you would for any of the other _CERT options. If you meant HOST_NAME instead, and you're using the self-signed cert, you can use any name you like, as long as it will resolve to your Nextcloud installation.

Last but not least, if I have already installed NC from Plugins of FreeNAS, what should I take care of to test/play with this script?

The only thing I think of is that you'd want to set the jail name to something other than nextcloud.

[tido-]

If you meant HOST_NAME instead, and you're using the self-signed cert,

Thank you for updating the ReadMe, now I understand. I will soon give it another try.

[tido-]

@danb35, This puzzled me a bit, why v1.0 and v2:

go: downloading github.com/caddyserver/caddy v1.0.5
go: downloading github.com/caddyserver/caddy/v2 v2.1.1
go: github.com/caddyserver/caddy/v2 upgrade => v2.1.1

=========
Is this okay?

Error updating .htaccess file, not enough permissions or "overwrite.cli.url" set to an invalid URL?
Command: su -m www -c php /usr/local/www/nextcloud/occ maintenance:update:htaccess failed!

I guess, before I can access NC via Webbrowser I need to add my SELFSIGNED_CERT ?

The install copied from the bash, here for 1 month: https://pastebin.com/KU1QQD8j

This time it ran through, brilliant!

[tido-]

Using the Plugin-install from FreeNAS for Nextcloud with Nginx I got the self-signed cert running. On Caddy, not ... yet

192.168.11.8 FreeNAS itself
192.168.11.14 Nextclould Jail

Caddy Log:
2020/09/19 23:11:55 http: TLS handshake error from 192.168.11.8:16044: no certificate available for '192.168.11.14'

I found this curl command here.
On the FreeNAS Box itself:

# curl -v --insecure https://192.168.11.14
*   Trying 192.168.11.14:443...
* TCP_NODELAY set
* Connected to 192.168.11.14 (192.168.11.14) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /usr/local/share/certs/ca-root-nss.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Unknown (21):
* TLSv1.2 (IN), TLS alert, internal error (592):
* error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
* Closing connection 0
curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

from the PC in the same network:

$ curl -v --insecure https://192.168.11.14/
*   Trying 192.168.11.14:443...
* TCP_NODELAY set
* Connected to 192.168.11.14 (192.168.11.14) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
* Closing connection 0
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error

According to the log file, the cert/pem files are somewhere else, if I am not wrong. Any tip what I should try?

[danb35]

This is far off the initial subject of this issue, and really much more a support question than a bug with the script. Discussion should continue on https://www.ixsystems.com/community/threads/scripted-installation-of-nextcloud-19-in-iocage-jail.62485/