Hello ladies and gents,
Iâve been using nextcloud for about a year. Started with vm had issues(https),moved to snap (http) worked great at first but now realize the limitations and its slow, wanting to move back to the VM with https. Issue is I already have a webserver running on 443 and 80 and my first VM I ruined trying to renew the letsencrypt via DNS, so here I am again I have Google DNS and am hoping for some commands for a techie but not a Linuxie. Iâm not strong in Linux. Iâm running on a SUPERMICRO 4u dual Xeon server with no current restrictions on ram or cpu (have plenty to throw at it) and a few TB of harD drives in RAID6 all in ESXI 6.7. but not trying to brag just give a background I could use help like step by step please of setting up letâs encyrpt with auto renewing DNS challenge. Anyone that has done it please give details. Last I looked at letsencrypt site I was very confused on how to implement the DNS challenge. Once that is up and working I need to figure out how to migrate all data but I donât think that will be hard
Many thanks,
Steve
P.S. I tried searching both the forum and Google without confidence in what I found.
apt -y install certbot / yum -y install certbot
certbot --some-options-depending-on-your-domain-and-webserver
Wow your guide is AMAZING,
Quick question:
What is meant by
Install restic backup tool if backup_folder is not empty
backup_folder = ââ # e.g. /var/nc-backup
crontab settings restic for restic
backup_day = *
backup_hour = 4
backup_minute = 0
If not empty? does that mean that if there is files in the backup folder it will auto import?
AlsoFor ubuntu 1804 which do you suggest postgresql or mariadb and why
quick answer:
postgresql/mysql/mariadb
i read somewhere that postgres has better utf-8 support.
both (all three) are supported by nextcloud. both are working well.
if you have an existing nextcloud and you want to move you have no choice. you canât import a postgres dump into mysql/mariadb. (itâs possible but complicate.)
if you start a new small home nextcloud. donât care. i guess you wonât see any difference. i could find one.
if you start an enterprise class installation and plan to move to aws aurora i would advice postgres. (i attended a tech session where the differences between postgres and aurora were introduced and i understood that aurora has some advantages when it come to heavy load.)
p.s.: right now in the playbook postgres is implemented as a docker container. there is a version without the docker container. but iâm still testing.
you can try it by using:
git clone https://github.com/ReinerNippes/nextcloud
# change to nextcloud directory
cd nextcloud
git checkout postgres.socket
# install ansible and needed python modules
./prepare_system.sh
# edit variables
vim inventory
ansible-playbook nextcloud.yml
restic.
i removed the link to my playbook because it didnât feed to dns challenge question.
if you want to use it anyway:
you have to change the following line to get dns challenge to work
is short for if the variable backup_folder is not empty
in the playbook is a when clause checking if backup_folder =! '' then install restic
normally you mount an external disc/nfs share to /var/nc-backup (or where you) and would get a restic repo there. check the restic docs for more info.
Hi orm1server,
I see you want to start from square one directly on a decent hardware? Hereâs my M.O. that has proven to work great for me ( and hopefully for you aswell ).
I have started to install Debian Stretch as a minimum with SSH and Standard system Utilities ( No Desktop ).
Next in line was âapt install snapdâ ( Notice the âdâ at the end? )
Followed by âsnap install nextcloudâ ( no âdâ this time! ), wait for somewhat 250MB of installation data rolling down and moving into your new server. You may need to reboot once after that, or wait some 60 secs for the server to settle in.
Then call up your serverâs IP you have given during installation. If the NextCloud admin account creation page shows up, youâre all set so far.
SSH into your server, switch to root user if necessary, âcd /snap/binâ and ânextcloud.enable-https lets-encryptâ to obtain a Letâs Encrypt certificate ( Keep port 80 & 443 open on your router(s) ) and youâre good to go.
If Iâm not mistaken, then the certificate auto-renewal also takes place without the server admin ( in this case YOU ) being obliged to manually renew them every 2 months.
Good luck with that one! 
-Bandi
Thank you. But I currently have the snap on http installed though itâs not performing to my liking wanted to move to VM but wanted to use letâs encrypt DNS since port 443 and 80 are used. Any walkthrough available for nextcloud to use letâs encyrpt DNS validation?
Another possibility would be to manually enter the FQDN ( Fully Qualified Domain Name ) in the config.php file in order for your NextCloud server to accept being logged in from.
Example: myserver.domain.com
The file is located at â/var/snap/nextcloud/XXXXX/nextcloud/config/config.phpâ ( XXXXX = Build number, like 11336 ). Once in, locate a section called âtrusted_domainsâ =>. The first line below sould read your serverâs IPv4 address, such as " 0 => â192.168.1.254â, ". Add another line below as follows: " 1 => âmyserver.domain.comâ, ". Save the file ( and eventually reboot your server ). Now your server should accept your FQDN without any hassle.
Hello Bandicoot,
I think you have my issue confused with another. I donât need any help logging in I ONLY need help ATM with using letâs encrypt with DNS validation
Thank you,
Do you have any guidance on what to change L27 to to use DNS validation and would any other software or packages be needed?
youâll find that in the docs of the certbot dns plugin (second link in my first post). it depends on your dns registrar.
you can test it on the command line. just install certbot as described in the certbot manual and follow the instructions in the below linked chapter.
https://certbot-dns-google.readthedocs.io/en/stable/
(and you donât need my playbook in your existing installation. itâs just usefull if you decide to septup a complete new nectcloud.)
(and maybe itâs easier to setup your first webserver additional as reverse proxy. then only this server what need certificates from letsencrypt. )
I want to use your guide and DNS letâs encyrpt validation but have some basic questions that I donât want to fill this topic with simple back and forth. Anyway to PM you? Once I get it sorted out I will add to topic with final result so everyone can see
Thanks,
Steve
here is the list with 5 steps to migrate your SSL certs to a new server
- Archive certificates on the old servers
- Move them to a new server
- Extract to the correct location
- Create symlinks
- Redirect domain