How to manually install Nextcloud on FreeNAS in an iocage jail with hardened security

This resource was originally created by user: samuel-emrys on the TrueNAS Community Forums Archive. Please DM this account or comment in this thread to claim it.

The Guide:…n-FreeNAS-iocage-jail-with-hardened-security/

This guide will show you how to manually set up and configure a Nextcloud server in an iocage jail, as well as how to harden your security to make sure your information is safe. Specifically, this guide covers:

  • Organise your datasets
  • Set up and configuration of a FAMP (FreeBSD, Apache, MySQL, PHP) web server stack
  • Optimise your database
  • Install and configure Nextcloud to remove all security warnings and adhere to Nextcloud’s suggested best practice
  • Configure HTTPS (configuring a reverse proxy, and the Nextcloud specific configuration)
  • Configure tamper detection
  • Configure DDNS
  • Guidance on upgrading and maintaining your server

Importantly, I attempt to make this beginner friendly by explaining exactly what happens in each of the commands I present, so that this is as much a way to gain familiarity with *nix configuration as it is a way to set up Nextcloud.

Changelog (22/06/2020):

  • Modified installation method to use a tarball directly from Nextcloud instead of the FreeBSD package manager
  • Added upgrade instructions
  • Presents installation of Nextcloud 19 and PHP 7.4
  • Modified to explicitly create directories within the jail before attempting to mount
  • Changed SSL configuration to use an nginx reverse proxy to improve HTTPS certificate maintainability when multiple services are being managed

This guide is also under version control on GitHub. Please feel free to raise issues if you find any bugs or just have suggestions. If you’re even keener, feel free to raise a Pull Request with any suggested changes.