FreeNAS: Nextcloud Install with SSL

Nextcloud is a suite of client-server software for creating and using file hosting services. This FreeNAS: Nextcloud Install with SSL article will show you how to configure your Nextcloud application securely. Nextcloud functionally is similar to Dropbox, however unlike Dropbox, Nextcloud does not offer off-premises file storage hosting. Instead, Nextcloud is free and open-source, which means that anyone is allowed to install and operate it on their own private server devices. In contrast to proprietary services like Dropbox, the open architecture allows adding functionality to the server in the form of applications and enables users to have full control of their data.

I made the switch from DropBox to NextCloud for two reasons. For a long time I was uncomfortable having my data with a big company like Dropbox who has been widely criticized for security and privacy breaches. The second reason is that there is no good implementation of DropBox for FreeNAS, at least at this point. You can sync data one way to dropbox, but there is no good way to sync two ways.

This article was originally written for FreeNAS version 11.2-U6 and has been updated for 11.3-U9. It will show you how to install Nextcloud on your FreeNAS server, secure it and then access it remotely. Following the install of Nextcloud, you will want to follow this article FreeNAS: NextCloud Access to Mount Points using External Storage and Proper Permissions which shows you how to setup external storage with proper permissions.

This is part of my ongoing series of TrueNAS and FreeNAS setup, configuration and install articles.

Installing NextCloud

The first step in this FreeNAS: Nextcloud Install with SSL article is to (surprise!) install Nextcloud, which is actually pretty simple. Just do the standard plug-in install of Nextcloud from the FreeNAS WebUI plugins tab. Click Plugins -> Available -> Nextcloud -> Three dots on the right -> Install.

Follow the instructions and once it is done a popup window will appear with critical information. Copy all of the information that is displayed in the window to a text document so we can use it later.

Make sure you are happy with the IP which will be assigned to the jail; if you change it later you have to a do a bunch of additional reconfiguration work. Once you are happy, start the jail.

Now login to to the Nextcloud WebUI page by navigating to the ip that has been assigned to your jail and you will see the following.

Create an admin username and password, and then enter the database name, user and password which you copied into a text document in the step above. Leave localhost. Click ‘Finish Setup’ and it will log into your Nextcloud server.

If you’re getting an “Access through untrusted domain” Nextcloud error message, then you will need to edit the /usr/local/www/nextcloud/config/config.php file. I use the nano text editor and you may need to install it first using pkg install nano. In this file after a line which includes ‘trusted_domains’ there will be a lines which starts with 0 =>, 1 =>,etc and you will need to put the local ip address assigned to your jail on a new line below which starts with the next subsequent number. In my case I added a line which reads: 2 => '192.168.1.127',. Pay close attention to the syntax. When you’re done, it should look something like the image below.

Save the file, exit the editor and restart your jail/plugin. You should now be able to navigate to the Nextcloud WebUI.

If, when accessing the WebUI, you aren’t prompted to create a user, you are likley going to have to do it from the command line. So head to your shell (or SSH) and complete the following steps:

1. The commands have to be run as the www user so, switch to that user using: su -m www
2. Create the user ‘admin’ using the OCC (Nextcloud’s command-line interface) by running: php /usr/local/www/nextcloud/occ user:add admin
3. Now you need to give the user admin privileges by adding them to the admin group by running (first ‘admin’ is the group name and second is the username: php /usr/local/www/nextcloud/occ group:adduser admin admin

You will be prompted to insert a password. Of course you can replace admin with any username you would like.

Setting Up HTTPS

Now for the securing part of this FreeNAS: Nextcloud Install with SSL article. We are now going to setup HTTPS for more secure access and so passwords are not sent plain text. So you will need to drop to a shell of your Nextcloud jail and we will create an SSL key. Once at the command prompt let’s create a directory for your SSL keys and then navigate there:

mkdir -p /usr/local/etc/ssl/nginx
cd /usr/local/etc/ssl/nginx

Generate an SSL key:
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout nextcloud.key -out nextcloud.crt

Following the command prompt instructions and enter in the location and organization information you would like to have associated with your server.

Set the correct security for you keys:
chmod 400 /usr/local/etc/ssl/nginx/nextcloud.key

Edit the nginx config file using nano /usr/local/etc/nginx/nginx.conf by after this line:

# Basic settings
# ———-

paste the following:

server {
listen 80;
listen [::]:80;
server_name [server name];
return 301 https://$server_name$request_uri;
}

It should look like what is included in the following image:

Now we need to edit the Nextcloud config file using this command:
nano /usr/local/etc/nginx/conf.d/nextcloud.conf

At the start of the file, replace:

server {
listen 80;
server_name _;

with:

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name [servername];
ssl_certificate /usr/local/etc/ssl/nginx/nextcloud.crt;
ssl_certificate_key /usr/local/etc/ssl/nginx/nextcloud.key;
add_header Strict-Transport-Security “max-age=15768000; includeSubDomains; preload;”;

Save the file and that should be it. Now you can restart your Nextcload jail/plugin and login to your site using https://[ipaddress].

If things don’t work, check your error log at: /var/log/nginx/error.log

External Access

If you want to add the ability to connect externally, you will need to add the external domain or ip address to the /usr/local/www/nextcloud/config/config.php file. Edit this file using nano, and add the this line1 => 'your ip or domain name', to the file below the line which starts something like 0 => '192.168.1.203',. This line that you are looking for should have the local ip address for your server. In the example image below, I’ve entered ‘8.8.8.8’ in the spot in which you should put your external ip (or domain name, if you have one).

Save the file, exit the editor and restart your jail/plugin. You should now be able to navigate to your server from your external ip address with https://[externalipaddress].

Optional Configuration

If you want to edit the location of the data directory from default (/usr/local/www/nextcloud/data), then edit the config file by runinng:

nano /usr/local/www/nextcloud/config/config.php

and change the ‘datadirectory’ variable to the path of your choice.

Linking NextCloud to Jail Mount Points

Linking Nextcloud to the rest of your FreeNas server through mount points is probably the most powerful way to use Nextcloud. I’ve put together an article which will describe exactly how to do this, with the correct permissions: FreeNAS: NextCloud Access to Mount Points using External Storage and Proper Permissions

OK, so that’s it for this FreeNAS: Nextcloud Install with SSL article and you should now be up and running with your own cloud server using Nextcloud.

Happy Nextcloudin’

~digiMoot

Sources:
https://www.youtube.com/watch?v=QhUhZA28Xn8
https://docs.nextcloud.com/server/15/admin_manual/configuration_server/occ_command.html#user-commands-label

Liked it? Take a second to support digiMoot on Patreon!