I’ve recently build a freenas system and i would like to use the nextcloud plugin.
I was able to install it from the plugins page and i have set it up for ip xxx.xxx.xxx.xxx and port forwarded to a ddns service to be able to reach NC both local and external.
However since i’d like to be able to access NC from the net i would like to have a functioning encryption.
This error needs to be avoided:
SHA-1 Certificate
The certificate for this site expires in 2016, and the certificate chain contains a certificate signed using SHA-1.
Now seeing i have not found any proper guides that don’t skip random steps im at a loss…
I am able to use the freenas jail shell or putty to reach root@nextcloud
but im confused about what steps to take in order for me to either:
-generate a working self signed sha2 SSL
or -incert a CSR and Private key
ofcourse i’d also need to know how to force the https.
Could anyone help me out with this or atleast give me some proper pointers? since all i seem to find is pretty much outupdated stuff.
Please ask the FreeNAS community, they know better how their system is organised.
With the certificate you can use either a self-signed certificate (you need to import the certificate manually in each browser you want to use with your cloud), or you get an official certificate (the certificate signing request (CSR) is normally sent to the signing authority which gives you the signed certificate). For a public certificate, you need in general a domain name under your control.
Hi. Did you ever get this address? I built a freenas system and have nextcloud plugin active. I too want to make this accessible safely and privately through the internet. I’m looking for feedback on firewalls and really a cookbook if any… thanks
Yes i’ve been able to get this working by using a reversed nginx proxy
this method enables me to switch between multiple applications fast and easy by just appointing the application to a preset ip.
I think ZodiacHD’s guide on making a reversed nginx proxy with lets encrypt is a great starting point
otherwise you just replace the certs placed inside the NC plugin with your certs
Hello, I have pretty same problem I use NextCloud plugin in FreeNAS and it’s very good! But I want to use NextCloud via HTTPS. They say I have to configure Apache. But I don’t understand where I can find *.conf files of apache. NextCloud plugIn separated in FreeNAS-jail.
So, question is - how to configure apache on Freenas-jail?
Hello. Thanks q_fleuren for help.
I’ve found solution, and it works!
Go to FreeNAS WEB-interface -> Shell
Then go to needed jail
jexec 1 /bin/tcsh, where 1 is ID of your jail
jls - will print list of jails with IDs
Put certificate and key files into /etc/ssl/
I know three ways. But no one of them works 100% in different situations. Please do as you can.
Edit NextCloud config-file
4.1. Backup
cp nextcloud.conf nextcloud.conf-backup20200128
4.2. Edit
ee /usr/local/etc/nginx/conf.d/nextcloud.conf
4.3. Parameters:
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/ssl/CCCC.crt;
ssl_certificate_key /etc/ssl/KKKK.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server_name _;
Where “CCCC.crt” and “KKKK.key” files you’ve add in p.3
Add your domain name as trusted in NextCloud
cp /usr/local/www/nextcloud/config/config.php /usr/local/www/nextcloud/config/config.php-backup20200128
ee /usr/local/www/nextcloud/config/config.php
‘trusted_domains’ =>
array (
0 => ‘10.10.10.1’,
1 => ‘test.com’,
2 => ‘Put here your data - admin dose not allow me to do this’,
3 => ‘Put here your data - admin dose not allow me to do this’,
4 => ‘https://www.test.com/’,
),
