altmann_ta
Cadet
- Joined
- Sep 6, 2019
- Messages
- 1
First off, apologies I don't explain everything perfectly, I will try my best.
Constructive criticism is always welcome.
Prerequisites:
Must have a FQDN that points to your outside IP address, duckdns.org is a good place to start.
Test this by pinging your FQDN ("ping example.duckdns.org") from the internet and check that it resolves to your outside IP.
MUST HAVE port forwarded :80 and :443 on your router to your NextCloud jail IP.
If not cert creation will fail.
Instructions:
1. SSH into your FreeNAS as root user
"SSH root@ip_of_your_freenas"
2. SSH into nextcloud jail
"iocage console nextcloud"
3. install nano text editor so we can edit a few config files.
"pkg update -f"
"portsnap fetch extract"
"cd /usr/ports/editors/nano/ && make install clean BATCH=yes"
4. Edit nginx.conf to add our FQDN
"nano /usr/local/etc/nginx/nginx.conf"
Then add and change example.duckdns.org to your FQDN name you created earlier;
server {
listen 80;
listen [::]:80;
server_name example.duckdns.org;
return 301 https://$server_name$request_uri;
}
Be sure to save the file when finished.
5. Restart the nextcloud jail from your freenas webGUI, then log back into nextcloud SSH.
6. install ACME.SH
You can either run this script,
"curl https://get.acme.sh | sh"
or checkout the git page, https://github.com/Neilpang/acme.sh
8. Issue a CERT
change example.duckdns.org to your FQDN name you created earlier;
"acme.sh --issue -d example.duckdns.org -w /home/wwwroot/example.duckdns.org"
9. Copy the output of the cert to notepad to refer to later, taking special note of the locations of
Your cert is in /root/.acme.sh/example.duckdns.org/example.duckdns.org.cer
and
Your cert key is in /root/.acme.sh/example.duckdns.org/example.duckdns.org.key
10. Edit nextcloud.conf to enforce HTTPS
"nano /usr/local/etc/nginx/conf.d/nextcloud.conf"
Change example.duckdns.org to your FQDN
ssl_certificate is your .cer file location from acme.sh output
ssl_certificate_key is your .key file location from acme.sh output
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.duckdns.org;
ssl_certificate /root/.acme.sh/example.duckdns.org/example.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/example.duckdns.org/example.duckdns.org.key;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
Be sure to save the file when finished.
11. Add your new FQDN to nextcloud trusted domains.
"nano /usr/local/www/nextcloud/config/config.php"
then add;
1 => 'example.duckdns.org',
You could also remove the local IP and just have your FQDN here.
Be sure to save the file when finished.
12. Restart the nextcloud jail from your freenas webGUI.
13. Test by going to your FQDN example.duckdns.org
If I missed something please let me know and I will edit accordingly.
Hope this helps someone :)
Constructive criticism is always welcome.
Prerequisites:
Must have a FQDN that points to your outside IP address, duckdns.org is a good place to start.
Test this by pinging your FQDN ("ping example.duckdns.org") from the internet and check that it resolves to your outside IP.
MUST HAVE port forwarded :80 and :443 on your router to your NextCloud jail IP.
If not cert creation will fail.
Instructions:
1. SSH into your FreeNAS as root user
"SSH root@ip_of_your_freenas"
2. SSH into nextcloud jail
"iocage console nextcloud"
3. install nano text editor so we can edit a few config files.
"pkg update -f"
"portsnap fetch extract"
"cd /usr/ports/editors/nano/ && make install clean BATCH=yes"
4. Edit nginx.conf to add our FQDN
"nano /usr/local/etc/nginx/nginx.conf"
Then add and change example.duckdns.org to your FQDN name you created earlier;
server {
listen 80;
listen [::]:80;
server_name example.duckdns.org;
return 301 https://$server_name$request_uri;
}
Be sure to save the file when finished.
5. Restart the nextcloud jail from your freenas webGUI, then log back into nextcloud SSH.
6. install ACME.SH
You can either run this script,
"curl https://get.acme.sh | sh"
or checkout the git page, https://github.com/Neilpang/acme.sh
8. Issue a CERT
change example.duckdns.org to your FQDN name you created earlier;
"acme.sh --issue -d example.duckdns.org -w /home/wwwroot/example.duckdns.org"
9. Copy the output of the cert to notepad to refer to later, taking special note of the locations of
Your cert is in /root/.acme.sh/example.duckdns.org/example.duckdns.org.cer
and
Your cert key is in /root/.acme.sh/example.duckdns.org/example.duckdns.org.key
10. Edit nextcloud.conf to enforce HTTPS
"nano /usr/local/etc/nginx/conf.d/nextcloud.conf"
Change example.duckdns.org to your FQDN
ssl_certificate is your .cer file location from acme.sh output
ssl_certificate_key is your .key file location from acme.sh output
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.duckdns.org;
ssl_certificate /root/.acme.sh/example.duckdns.org/example.duckdns.org.cer;
ssl_certificate_key /root/.acme.sh/example.duckdns.org/example.duckdns.org.key;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
Be sure to save the file when finished.
11. Add your new FQDN to nextcloud trusted domains.
"nano /usr/local/www/nextcloud/config/config.php"
then add;
1 => 'example.duckdns.org',
You could also remove the local IP and just have your FQDN here.
Be sure to save the file when finished.
12. Restart the nextcloud jail from your freenas webGUI.
13. Test by going to your FQDN example.duckdns.org
If I missed something please let me know and I will edit accordingly.
Hope this helps someone :)