Scripted installation of Nextcloud 29 in iocage jail

There are a number of guides on the (old) forum to install Nextcloud, but they all rely on a lot of manual work. Where there’s manual work to be done, there are ways to get it wrong. Therefore, this guide is designed to minimize manual work–all that’s really needed is to download the script, set up a small configuration file, and run the script–it will do the rest of the work. And by “the rest of the work”, I mean that it will create the jail, download Caddy 2.7.6 (as of this writing), PHP 8.3, MariaDB 10.6 (or PostgreSQL if desired), and the latest Nextcloud 29 release; configure all of them; obtain and install a trusted TLS certificate for the jail (if desired); and automatically renew the certificate.

The most up-to-date instructions will be at

3 Likes

Thanks for helping port these over @dan! We really appreciate it.

@dan any thoughts on replacing Redis?

Personally I’m thinking about breaking out MariaDB and maybe KeyDB into its dedicated jail as I have multiple applications using them.

1 Like

Not as yet, though I’m aware of the kerfuffle. I think I’d want to wait for the dust to settle a bit before making any changes.

As to the database, I like the concept of having it in a separate jail, but I’m concerned that overly complicates setting up the jail. Great idea for a manual setup, but I’m not sure how well it would work for a scripted installation.

I installed Nextcloud using this script last year. The other day I updated Nextcloud to 29.0 through the UI and broke Security and Setup warnings. I’m using the self signed cert method because I’m using HAProxy and LetsEncrytp on pfSense.

NotAuthenticated
No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured
ConnectException
cURL error 28: Failed to connect to nextcloud.my-domain.com port 80 after 10039 ms: Timeout was reached (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for nextcloud.tunnel-home.us/.well-known/caldav
Can not connect to local server for running setup checks

are the errors I believe to be relevant. Any idea where I need to start looking or what to change?

You can’t connect to Nextcloud with LetsEncrypt certificate over port 80.
You need to setup HAProxy on pfSense to handle ssl/https transaction to happen on port 443.

HAProxy is set up using 443. I’m thinking maybe Nextcloud should be trying to check it’s self using “localhost” vs. nextcloud.my-domain.com. It worked before I updated Nextcloud so it has to be something trivial.

How do I go about wiping nextcloud and re-running the script for a fresh install without losing any of my data?

I usually rename my old jail, then run the script again overtop of my existing data.

If everything goes ok, I delete the old jail.

Funny enough, i am running the same set up and i also experienced some issues after upgrading to NC29. After doing the initial install of NC28 using Dan’s script (with noSSL as this is handled by pfSense), HAproxy was acting up and i couldn’t get access through the FQDN where i had no problem getting access through the local IP. I fixed it at the time by changing the backend from port 80 to 443 which seemed unlogical at the time but worked. After upgrading, that didn’t work anymore and i changed it back to port 80 and all was well again.

Hey nextclouders, I updated my nextcloud instance with : “pkg update” and “caddy update” in the jail’s shell, then i’ve updated from 28.0.4 to 28.0.6 and followed by 28.0.6 to 29.0.1 in the web UI of nextcloud. Everything ran super smoothly without issue. The nextcloud instance runs in a TrueNAS Core 13.0-U6.1.

Now the updater page shows me this error and these warnings :

  1. I’ve read the reverse proxy doc but am not sure I understand it well, and I don’t know where and what I should change. I’d appreciate a bit of enlightenment please :slight_smile:

  2. About the resolving well known URL with caldav and carddav, is that really useful for me, with a private nextcloud that only me and 3-4 friends use ?

  3. HSTS should be under control as I’m waiting for the ~60 days renewal period.

  4. might be a stupid question but, where do I run the missing index command ? in the nextcloud jail’s shell, it is not recognised.
    image

Thanks a lot guys, and sorry if my questions are stupid, i’m quite new in the server and nextcloud field …
Have a good evening

The way you’d run the occ command is the same as in the script: su -m www -c "php /usr/local/www/nextcloud/occ foo bar baz". The way to correct the proxies issue is one of those commands: su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_proxies 1 --value=\"127.0.0.1\"".

On the well-known URLs, it’s a false alarm, but changes I’ve recently committed to the Caddyfile resolve it.

I do have a question about the scripted installation: I did the installation when it was 28 with PHP 8.2. In the mean time i updated NC to 29.0.0.19 through the GUI which went fine. How do i go about with upgrading PHP to 8.3 now since it wasn’t installed as a FreeBSD package? I guess the same question is valid for Caddy, no?

Most package upgrades can be handled with a simple pkg upgrade, and Caddy can be upgraded by running caddy upgrade (both in the jail). But the upgrade from PHP 8.2 to 8.3 is trickier, since the package names are different (php82-foo vs. php83-foo). PHP 8.2 is still supported, so there’s no real urgency to replace it. If you feel you need to, you might be best just doing a new install over your existing data.

There is indeed no real urgency. i was just wondering. Can you really just do a new scripted install over the existing install and not lose data? I do have a backup but of course i would want to avoid having to go through all that if not really necessary.

Yes, the script is designed that way.

1 Like

I’ve done it many times…

1 Like

Hi,
Using Truenas core latest. In the past used the Nextcloud plugin but decided to follow the instructions for this script. Worked very well and can access the HTTPS site. Instructions say, “please use your old database and account credentials” but unfortunately login password not working. I don’t have an email attached to reset.
Could you advise how to progress from here.
Many thanks for your work in producing such a comprehensive setup page and in advance for your assistance.

Hi,
Using Truenas core latest. In the past used the Nextcloud plugin but decided to follow the instructions for this script. Worked very well and can access the HTTPS site. Instructions say, “please use your old database and account credentials” but unfortunately login password not working. I don’t have an email attached to reset.
Could you advise how to progress from here.
Many thanks for your work in producing such a comprehensive setup page and in advance for your assistance.

Did you do a fresh install, or did you install on top of the plug-in data?