Posted   by 

Install Apache In Freenas Jail Host

Install freenas on freebsd

The FreeNAS Nextcloud plugin installation works great with automatic configuration thanks to a recent pull request. But, you don’t get SSL enabled by default. This is critical, especially for a system exposed to the internet.

In this post you’ll see how to:

  • Install the Nextcloud plugin in a FreeNAS BSD jail
  • Add an extra NAT port for SSL to the jail
  • Configure NGINX inside the jail by adding a customised configuration with SSL enabled
  • Apply a free SSL certificate using Lets Encrypt and DNS-01 challenge validation
  • Look at some options for setting up home networking for public access

— Installing Apache 2.4. The Apache web server is currently one of the most popular web servers in. # you may have to install curl and nano and some other tools into the jail pkg install curl wget nano curl localhost:8086/query -data-urlencode 'q=show databases' Step 3: create the databases We’ll need 2 databases: one that will receive collectd data from the various rasperry pi’s and other things that support collectd, and one that will.

Install Apache and enable it to start on boot. root@stratus# pkg install apache24 root@stratus# sysrc apache24enable = YES root@stratus# service apache24 start. Navigate to the jail’s ip and, “It Works!” should be displayed. TLS Certificate. With Apache up and running, I configured https using let’s encrypt. Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un.x-like operating systems. It only takes a minute to sign up.

Start off by Installing the Nextcloud Plugin in a jail. Choose NAT for networking mode. It defaults to port 8282:80 (http).

Stop the jail once it’s running and edit it. Add another NAT rule to point 8443 to 443 for SSL.

The reason for selecting port 8443 for Nextcloud is because the FreeNAS web UI listens on port 443 for SSL too.

An alternative could be to use DHCP instead of NAT for the jail. I chose NAT for my setup as I prefer using one internal IP address for everything I run on the FreeNAS server.

Shell into the Nextcloud jail, and rename the default nginx configuration.

Install

NGINX will load all .conf files in this directory. Hence the reason you’ll create a new configuration for your SSL setup here.

Populate it with the contents of the gist below, but replace server_name, ssl_certificate, and ssl_certificate_key with your own hostname.

Generate a free SSL certificate with Lets Encrypt

Freenas Jail Network Configuration

To configure the Nextcloud plugin on FreeNAS with SSL you don’t need to break the bank on SSL certificate costs from traditional CAs. Lets Encrypt it free, but you’ll need to renew your certificate every three months.

DNS-01 challenge certificate generation for Lets Encrypt is a great way to get SSL certificates without a public web server.

Install Apache In Freenas Jail Hostel

It entails creating a TXT/SPF record on the domain you own, with a value set to a code that certbot gives you during the certbot request process.

Install Apache In Freenas Jail Host

Install certbot if you don’t already have it installed. On a debian based system:

Request a certificate for your desired hostname using certbot with dns as the preferred challenge.

Follow the prompts until you receive a code to setup your own TXT record with. Go to your DNS provider control panel and create it with the code you’re given as the value.

After creating the record, finish the certificate request. Lets Encrypt will confirm the DNS TXT record and issue you a certificate. You’ll get a chain file called fullchain.pem, along with a private key file called privkey.pem.

Upload the SSL certificate files to Nextcloud

Upload both to your Nextcloud Jail. Use SCP to copy them up, renaming them as follows:

  • /etc/ssl/nginx/yournextcloud.example.net.crt (certificate chain file)
  • /etc/ssl/nginx/yournextcloud.example.net.key (private key file)

Rename them as per your chosen hostname to keep things organised, and so that they match your nextcloud-ssl.conf file entries.

Port forwarding / NAT setup

This is the part that comes down to your own network setup. I use a double NAT setup, so I NAT traffic from my external router interface, through to another internal router.

From my internal router, I port forward / NAT from the internal router interface through to my FreeNAS box on port 8443.

Install Apache In Freenas Jail Host

From there, the Nextcloud jail does NAT to take the TCP traffic from 8443 to 443 inside the jail (where NGINX is listening on 443).

This is how my NAT and port forwarding chain looks:

Public_IP:29123 (WAN interface) -> Internal_IP:29123 (Internal router LAN interface) -> Internal_IP:8443 (FreeNAS LAN interface) -> Internal_IP:443 (Nextcloud Jail)

If you’re lucky enough to have a static IP address then you can point your DNS host record to your static IP. Otherwise you’ll neee to use some form of dynamic DNS service.

At this point you should have everything in place.

Final steps

Using a shell in the Nextcloud jail, restart nginx with service nginx restart. If all goes well you’ll see nginx started in the output of that command.

Install Drivers Freenas

If not, you’re likely to have an NGINX configuration syntax error.

The logs are usually good about pinpointing these, so read them to see where you might have missed something obvious in the nextcloud-ssl.conf file. Adjust any errors and restart again.

The default credentials that for Nextcloud are in the home directory of the jail (/root). To retrieve them:

Freenas Ssh Into Jail

Test logging in, and get started with personalising your Nextcloud system and adding some users.

Install Apache In Freenas Jail Host Guide

Now you can enjoy the Nextcloud plugin on FreeNAS with SSL enabled.