Securely Login to Nextcloud Remotely on Openmediavault on a RPi

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Securely Login to Nextcloud Remotely on Openmediavault on a RPi

      So, I've successfully installed Nextcloud on OMV using a RPi, thanks to @'TechnoDadLife''s videos on YouTube!

      Now, I'd like to access my Nextcloud server securely from outside of my home network and was following another guide from TechnoDadLife, but I'm getting stuck on creating a letsencrypt certificate.
      I'm getting this error:

      Source Code

      1. Unable to register an account with ACME server
      2. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
      So, I guess it has to do with the port forwarding in my router, I'm not completely sure how to do this. I don't see an external/internal port option. Also, do I have to add my WAN IP Address to it as well? I have a ZyXEL VMG8324-B10A router (see image below)
      [Blocked Image: https://i.postimg.cc/MZst6D8X/Zy-XEL-Port-Forwarding.png]

      The guide focuses on creating a DNS at duckdns.org and in the letsencrypt container I have to add my email address I used to sign up for duckdns.org, but I didn't sign up with an email address, I used GitHub instead. So, what value should I put in there as EMAIL?
      Also, is it possible to use a subdomain to my own domain instead?
    • I've been meaning to secure my Nextcloud setup. I just finished a couple of hours ago and followed that video to the letter, and Nextcloud set up no problem.

      I'm sure it's possible to use your own subdomain, github name, etc.. but I'm not sure on the specifics.

      My main reason for posting.. if I'm looking at that picture of your router settings correctly, your ports are backwards. 80 should be triggered, and 90 should be the forwarded port....

      Port Forwarding on My Router
      Air Conditioners are a lot like PC's... They work great until you open Windows.

    • Morlan wrote:

      Make sure you used the newer videos by @TechnoDadLife duckdns letsencrypt
      You just have to add a valid email address of yours. No connection to duckdns necessary.

      Also you can read through this threat, which deals with similar problems: forum.openmediavault.org/index…nfigure-Remote-Nextcloud/

      I couldn't get the 2nd one to work.. wasn't sure if it was because I couldn't find the OpenVPN video or what.
      Air Conditioners are a lot like PC's... They work great until you open Windows.

    • KM0201 wrote:

      Morlan wrote:

      Make sure you used the newer videos by @TechnoDadLife duckdns letsencrypt
      You just have to add a valid email address of yours. No connection to duckdns necessary.

      Also you can read through this threat, which deals with similar problems: forum.openmediavault.org/index…nfigure-Remote-Nextcloud/
      I couldn't get the 2nd one to work.. wasn't sure if it was because I couldn't find the OpenVPN video or what.
      What exactly do you mean by 2nd? The letsencrypt video?
    • Morlan wrote:

      KM0201 wrote:

      Morlan wrote:

      Make sure you used the newer videos by @TechnoDadLife duckdns letsencrypt
      You just have to add a valid email address of yours. No connection to duckdns necessary.

      Also you can read through this threat, which deals with similar problems: forum.openmediavault.org/index…nfigure-Remote-Nextcloud/
      I couldn't get the 2nd one to work.. wasn't sure if it was because I couldn't find the OpenVPN video or what.
      What exactly do you mean by 2nd? The letsencrypt video?
      youtube.com/watch?v=pRt7UlQSB2g&t=

      Letsencrypt is working, but I can't figure out how to point it at my Nextcloud container. I've got a feeling something has changed a little more between the two videos that wasn't addressed. I went ahead and completely deleted my Nextcloud container, database, etc. and started over and got it working without https. I've got letsencrypt running w/o error... just not quite sure how to point it at my Nextcloud container.

      @TechnoDadLife any thoughts?
      Air Conditioners are a lot like PC's... They work great until you open Windows.

    • Morlan wrote:

      Did you join the nc container and the letsencrypt in a network? On my HC2 the clue was changing the

      Source Code

      1. proxy_max_temp_file_size 2048m; to proxy_max_temp_file_size 1024m;
      in the nextcloud.subdomains.conf
      Did you join the nc container and the letsencrypt in a network? On my HC2 the clue was changing the

      Morlan wrote:

      Source Code

      1. proxy_max_temp_file_size 2048m; to proxy_max_temp_file_size 1024m;
      in the nextcloud.subdomains.conf
      and this is why you don't work on things at 5am...lol

      I was so focused on figuring out the letsencrypt side of it, I was completely neglecting the edits that needed to be done to the nextcloud subdomains file.
      Air Conditioners are a lot like PC's... They work great until you open Windows.

    • KM0201 wrote:

      My main reason for posting.. if I'm looking at that picture of your router settings correctly, your ports are backwards. 80 should be triggered, and 90 should be the forwarded port....
      Tried to reverse it, but no luck. I'm getting the same error.

      Morlan wrote:

      Make sure you used the newer videos by @TechnoDadLife duckdns letsencrypt
      You just have to add a valid email address of yours. No connection to duckdns necessary.

      Also you can read through this threat, which deals with similar problems: forum.openmediavault.org/index…nfigure-Remote-Nextcloud/
      Thnx, will have a look!
    • As expected it had to do with my router. Apparently I had to change the WAN Interface from ADSL to VDSL.

      So I'm finally able to create a certificate now, also nginx seems to be working fine. It's show me the "Welcome to our server" message. But after changing the nextcloud.subdomain.conf and the config.php in my Nextcloud installation folder I'm getting an Unable to connect message instead.
    • Morlan wrote:

      A lot of other users reported this issue. Did you try connecting from outside your home network (e.g. mobile phone with mobile data)?

      I can get to my nextcloud just fine from my laptop. What I've found, is if I put in my nextcloud local address (192.168.1.xxx:port).. it just forwards automagically to my duckdns address and I just log in securely

      OP:

      Restart your letsencrypt container in the OMV webUI and give it about 2min to setup and start.

      SSh your server as root.

      Give it about 2min to run and start, and then type docker logs -f *letsencrypt_container_name*...

      So for example I named my letsencrypt container "lets"... docker logs -f lets


      Post the output here... just keep in mind it will show the email you registered with duckdns and your duckdns address, so you may want to edit out that specific info... before you paste. If there's an error it will say there. Here's mine running properly... (note I put the personal stuff in big caps, so you should see it easier if you want to edit yours)

      Display Spoiler
      root@openmediavault:~# docker logs -f lets
      [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
      [s6-init] ensuring user provided files have correct perms...exited 0.
      [fix-attrs.d] applying ownership & permissions fixes...
      [fix-attrs.d] done.
      [cont-init.d] executing container initialization scripts...
      [cont-init.d] 10-adduser: executing...

      -------------------------------------
      _ ()
      | | ___ _ __
      | | / __| | | / \
      | | \__ \ | | | () |
      |_| |___/ |_| \__/


      Brought to you by linuxserver.io
      We gratefully accept donations at:
      linuxserver.io/donate/
      -------------------------------------
      GID/UID
      -------------------------------------

      User uid: 1000
      User gid: 100
      -------------------------------------

      [cont-init.d] 10-adduser: exited 0.
      [cont-init.d] 20-config: executing...
      [cont-init.d] 20-config: exited 0.
      [cont-init.d] 30-keygen: executing...
      using keys found in /config/keys
      [cont-init.d] 30-keygen: exited 0.
      [cont-init.d] 50-config: executing...
      Variables set:
      PUID=1000
      PGID=100
      TZ=America/Indianapolis
      URL=duckdns.org
      SUBDOMAINS=MYSUBDOMAIN
      EXTRA_DOMAINS=
      ONLY_SUBDOMAINS=TRUE
      DHLEVEL=2048
      VALIDATION=http
      DNSPLUGIN=
      EMAIL=MYEMAIL@gmail.com
      STAGING=

      2048 bit DH parameters present
      SUBDOMAINS entered, processing
      SUBDOMAINS entered, processing
      Only subdomains, no URL in cert
      Sub-domains processed are: -d MYSUBDOMAIN.duckdns.org
      E-mail address entered: MYEMAIL@gmail.com
      http validation is selected
      Certificate exists; parameters unchanged; starting nginx
      [cont-init.d] 50-config: exited 0.
      [cont-init.d] done.
      [services.d] starting services
      [services.d] done.
      Server ready
      Air Conditioners are a lot like PC's... They work great until you open Windows.

      The post was edited 2 times, last by KM0201 ().

    • KM0201 wrote:

      OP:

      Restart your letsencrypt container in the OMV webUI and give it about 2min to setup and start.

      SSh your server as root.

      Give it about 2min to run and start, and then type docker logs -f *letsencrypt_container_name*...

      So for example I named my letsencrypt container "lets"... docker logs -f lets


      Post the output here... just keep in mind it will show the email you registered with duckdns and your duckdns address, so you may want to edit out that specific info... before you paste. If there's an error it will say there. Here's mine running properly... (note I put the personal stuff in big caps, so you should see it easier if you want to edit yours)
      Display Spoiler
      root@raspberrypi:/srv/dev-disk-by-label-Files/AppData/Letsencrypt# docker logs -f letsencrypt
      [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
      [s6-init] ensuring user provided files have correct perms...exited 0.
      [fix-attrs.d] applying ownership & permissions fixes...
      [fix-attrs.d] done.
      [cont-init.d] executing container initialization scripts...
      [cont-init.d] 10-adduser: executing...

      -------------------------------------
      _ ()
      | | ___ _ __
      | | / __| | | / \
      | | \__ \ | | | () |
      |_| |___/ |_| \__/


      Brought to you by linuxserver.io
      We gratefully accept donations at:
      linuxserver.io/donate/
      -------------------------------------
      GID/UID
      -------------------------------------

      User uid: 1000
      User gid: 100
      -------------------------------------

      [cont-init.d] 10-adduser: exited 0.
      [cont-init.d] 20-config: executing...
      [cont-init.d] 20-config: exited 0.
      [cont-init.d] 30-keygen: executing...
      generating self-signed keys in /config/keys, you can replace these with your own keys if required
      Generating a RSA private key
      .........+++++
      ...................+++++
      writing new private key to '/config/keys/cert.key'
      -----
      [cont-init.d] 30-keygen: exited 0.
      [cont-init.d] 50-config: executing...
      Variables set:
      PUID=1000
      PGID=100
      TZ=Europe/Amsterdam
      URL=duckdns.org
      SUBDOMAINS=MY-SUBDOMAIN
      EXTRA_DOMAINS=
      ONLY_SUBDOMAINS=true
      DHLEVEL=2048
      VALIDATION=http
      DNSPLUGIN=
      EMAIL=MY-EMAIL@GMAIL.COM
      STAGING=

      Created donoteditthisfile.conf
      Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed
      Generating DH parameters, 2048 bit long safe prime, generator 2
      This is going to take a long time
      ....+..........................................................................................................................................................................................................................................................................................................+................................................................................................................................................................................................................................................+........................................................................................................................++*++*++*++*
      DH parameters successfully created - 2048 bits
      SUBDOMAINS entered, processing
      SUBDOMAINS entered, processing
      Only subdomains, no URL in cert
      Sub-domains processed are: -d MY-SUBDOMAIN.duckdns.org
      E-mail address entered: MY-EMAIL@GMAIL.COM
      http validation is selected
      Generating new certificate
      Saving debug log to /var/log/letsencrypt/letsencrypt.log
      Plugins selected: Authenticator standalone, Installer None
      Obtaining a new certificate
      Performing the following challenges:
      http-01 challenge for MY-SUBDOMAIN.duckdns.org
      Waiting for verification...
      Cleaning up challenges
      IMPORTANT NOTES:
      - Congratulations! Your certificate and chain have been saved at:
      /etc/letsencrypt/live/MY-SUBDOMAIN.duckdns.org/fullchain.pem
      Your key file has been saved at:
      /etc/letsencrypt/live/MY-SUBDOMAIN.duckdns.org/privkey.pem
      Your cert will expire on 2019-07-22. To obtain a new or tweaked
      version of this certificate in the future, simply run certbot
      again. To non-interactively renew *all* of your certificates, run
      "certbot renew"
      - Your account credentials have been saved in your Certbot
      configuration directory at /etc/letsencrypt. You should make a
      secure backup of this folder now. This configuration directory will
      also contain certificates and private keys obtained by Certbot so
      making regular backups of this folder is ideal.
      - If you like Certbot, please consider supporting our work by:

      Donating to ISRG / Let's Encrypt: letsencrypt.org/donate
      Donating to EFF: eff.org/donate-le

      New certificate generated; starting nginx
      [cont-init.d] 50-config: exited 0.
      [cont-init.d] 90-config: executing...

      ******************************************************
      ******************************************************
      * *
      * *
      * This image has been deprecated *
      * *
      * Use the multi-arch images at *
      * *
      * linuxserver/letsencrypt *
      * *
      * hub.docker.com/r/linuxserver/letsencrypt*
      * *
      * github.com/linuxserver/docker-letsencrypt*
      * *
      * *
      * *
      ******************************************************
      ******************************************************
      [cont-init.d] 90-config: exited 0.
      [cont-init.d] done.
      [services.d] starting services
      [services.d] done.
      Server ready
    • Users Online 1

      1 Guest