TrueNAS Nginx Proxy Jail with Let's Encrypt for your NextCloud

blog-image

Introduction

What we are going to be doing is creating a low resource FreeBSD Jail used as a docker or container system to host our Nginx Proxy. You could do this same let’s encrypt on the actual NextCloud instance. The reason we’re doing it this way is because when the jail or plugins update, it can possibly break some customizations and such.

Creating your Jail

  1. Get logged into your TrueNAS.
  2. Go to “Jails” on the left hand side.
  3. Add a jail using the “Add” button at the top right.
  4. Give it a name, leave jail type on default, select version, and click next. (We are using version 12.2-RELEASE)
  5. We are selecting “DHCP Autoconfigure IPv4” as ours is temporary but you can set up a static IP here, then click next.
  6. This will bring you to a summary of what you have selected and then choose submit.
  7. Select your new jail you created and choose “Start”.

Turning on SSH

  1. In the TrueNAS, go to “Services” tab on the left.
  2. Scroll down until you find “SSH” and click “Configure” (Pencil Icon).
  3. Check “Log in as Root with Password”.
  4. Click Save, and turn it on by selecting the slider to run.

SSH into TrueNAS

  1. SSH into the TrueNAS using ssh root@192.168.11.171 (IP will most likely be different for you. Change accordingly).
  2. Run the command iocage list to show all of the Jails that are running.
  3. To get into the jail, type jexec 1 tcsh (You will change the number depending on what jail you are trying to get into from the list).

Running Updates and Installs

  1. To update, you will run pkg update
  2. For installs, we will run pkg install nginx nano python (This will install nginx, nano, and python)
  3. Type “Y” to confirm the installs
  4. Input sysrc nginx_enable=yes (This tells nginx to start when the Jail does).
  5. Type pkg install py38-certbot openssl (You can tell which python version to pick by scrolling up a bit until you see the standard python modules. Yours may differ).

Starting the nginx Web Server

  1. Grab the ip by typing ifconfig
  2. Start nginx using service nginx onestart
  3. Type the IP gotten from step 1 into a web browser. If you see a “Welcome to nginx” then it has been successfully installed and is working. Now all it needs is to be configured.
  4. Stopping nginx can be done using service nginx onestop

You will need to port forward in your router both port 80 and port 443 to the ip address of the nginx jail.

Cert Setup

  1. You will need to purchase a domain if you do not already have one.
  2. After that is done we need to create a cert. We will do this in the SSH client by typing certbot certonly --standalone -d 'Domain' (Input your domain name in ‘Domain’).
  3. Take note of where your Certificates are located (Should be .pem files)

Configuring nginx

  1. Get into the config for nginx by going typing cd /usr/local/etc/nginx then ls to show files inside.
  2. We will then use nano to configure nginx. You do this by typing nano nginx.conf
  3. Scroll through your file until you find server.
  4. Input listen 443 ssl; underneath listen 80;

listen

  1. Scroll down to HTTPS server and copy from ssl_certificate cert.pem; to ssl_prefer_server_ciphers on;
  2. Scroll back up to server and paste that under server_name localhost; delete the # from the front.

ssl_certs

  1. Grab and copy cert location and paste the entire location where cert.pem is in nano. The location’s you copy should look like /usr/local/etc/letsencrypt/live/gg132.get2.li/fullchain.pem and /usr/local/etc/letsencrypt/live/gg132.get2.li/privkey.pem.
  2. Press Ctrl+X to save the configuration.

Setting up NextCloud Instance

  1. Nano into the nginx.conf file once again and scroll down to Server once again.
  2. Input the proxy pass. Your location should look similar to this

proxy_pass

  1. Start nginx using service nginx onestart
  2. Open your domain name in a web browser using https and you should now be able to login to your NextCloud.

location / { # root /usr/local/www/nginx; # index index.html index.htm; proxy_pass http://192.168.11.171:8282; }

Full Video

SUPPORT MY WORK

Hire US Buy Me a Coffee TECH I USE AND RECOMMEND Tech Kits [Domain Registrar](https://hover.evyy.net/YGg4j

  • Kevin Stevenson
  • Tuesday, Nov 23, 2021
View All Post