Hello Everyone,
I’m pretty new to everything related to linux, networks and webservers in general so I’ll hopefully only ask simple questions after a lot of text.
I used to have a nextcloudpi installed on my RaspberryPi2B, which I needed to reinstall. Therefore I cleanly re-installed Raspbian and tried to get Nextcloudpi again, which failed due to ownyourbits & co being down (at the moment?). Sorry, if there’s a super easy way to circumvent this - I don’t really know what I’m doing on unix.
I then decided to manually install nextcloud(withoutpi) and after several attempts and a lot of googling stuff everything works except the letsencrypt/certbot business to reach the nc via https from the internet.
Maybe someone can help me understand which files I need to edit in which way?
Details on installation/configuration:
I installed nc according to Installing NextCloud on Your Raspberry Pi (2 ways) – RaspberryTips :
sudo apt-get update
sudo apt-get upgradesudo apt install apache2 mariadb-server libapache2-mod-php
sudo apt install php-gd php-json php-mysql php-curl php-mbstring php-intl php-imagick php-xml php-zipcd /var/www/html
sudo wget https://download.nextcloud.com/server/releases/nextcloud-24.0.1.zip
sudo unzip nextcloud-24.0.1.zip
sudo chmod 750 nextcloud -R
sudo chown www-data:www-data nextcloud -Rsudo mysql
CREATE USER “nextcloud” IDENTIFIED BY “passwordxyz”;
CREATE DATABASE nextcloud;
GRANT ALL PRIVILEGES ON nextcloud.* TO “nextcloud”@localhost IDENTIFIED BY “passwordxyz”;
FLUSH PRIVILEGES;
quitsudo reboot
My data directory is on an external ssd (/media/raspi-nc/nc_data), so i changed the ownership of this dir to www-data, so that apache(?) could write there:
sudo chown www-data /media/raspi-nc
sudo chown www-data /media/raspi-nc/nc_dataIn order to reach the nc via the local ipv4 and not end up at the default apache debian html page, I changed:
sudo nano /etc/apache2/sites-available/000-default.conf
→ attached “/nextcloud” to DocumentRootThe installation/initial login as admin via the webbrowser (via in my case 192.168.178.21) then works nicely. I can access and setup the cloud with everything related to users, apps, etc…
As a new user in the forum, I unfortunately only can post up to 4 links per post, so I’ll replace my domain TestMe.dynv6.net by domain in the rest of the text:
Now in order to make the NC reachable from outside my home network, i registered a “zone” at dynv6.com, which points to my raspi:
domain
IPv4 Address 192.168.178.21
IPv6 Prefix xxxx:xxxx:xxxx:xxxx::
i found the ipv6 in my (german) avm fritzbox router under “Heimnetz–>Netzwerk–>raspberrypi”
I created an AAAA-record on dynv6 pointing to the ipv6:
AAAA domain xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
Then the fritzbox needs to forward the ports 80 and 443:
Fritzbox → Internet → Freigaben → Portfreigaben
I created a HTTP (80) and HTTPS(443) forwarding:
Bezeichnung Protokoll IP-Adresse im Internet Port extern vergeben
HTTPS-Server TCP 192.168.178.21 443
HTTP-Server TCP 192.168.178.21 80
HTTPS-Server TCP xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx 443
HTTP-Server TCP xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx 80
I then added the domain to the array of trusted domains in my nc in the pi terminal:
sudo nano /var/www/html/nextcloud/config/config.php
1 => “domain”,
Now, i had to enable DynDNS in the fritzbox as well:
Internet → Freigaben → DynDNS
–>Enable DynDNS
Following the instructions on dynv6 I chose a “Benutzerdefiniert” provider and entered the update url WITHOUT the ipv4 part (since my ISP only provides a Dualstack-Lite connection).
dynv6. com/api/update?hostname=<domain>&token=<username>&ipv6=<ip6addr>&ipv6prefix=<ip6lanprefix>*
with the respective values for <domain>, <username>, <ip6addr> and <ip6lanprefx>
for me it eventually looks like this:
dynv6.com/api/update?hostname=*domain*&token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&ipv6=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx&ipv6prefix=xxxx:xxxx:xxxx:xxxx::/64
Now i can enter domain into any browser and access my nc without ssl:
domain
As final step, I thought I’d install certbot and let it handle all the crazy mumbo-jumbo-network-ssl stuff, but i ran into problems:
sudo apt-get install certbot python3-certbot-apache
sudo certbot --apache
resulted in:
Waiting for verification…
Challenge failed for domain domain
http-01 challenge for domain
Cleaning up challenges
Some challenges have failed.IMPORTANT NOTES:
The following errors were reported by the server:
Domain: domain
Type: connection
Detail: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx: Fetching
http://domain/.well-known/acme-challenge/mfbliltl3ulZeGYeEa_arUpGfIR9CjZmm12X0_QURoY:
Error getting validation dataTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
I spent some days googling about which config files in the nc dir to edit, but eventually I think I ran into a dead end. I could use nc without https, but I’m not feeling particularly good with that.
Can someone help me please? Thank you so much in advance