Next Steps in NextCloud

Persephone · June 14, 2022, 7:07pm

I got NextCloud set up via Umbrel on a raspi, at least so that I can access it - required learning how to ssh into the pi from my laptop and then how to find and edit the trusted domains in my config file, and I learned a lot by working to get over that hurdle.

My next goal is be able to use the NC calendar instead of Cozi (both to secure my information and to stop paying for their service). However, on iPhone and Mac, I need to enable ssl on my raspi NC server to connect iCal to the NC calendar, which I want to do anyway to lock it all down. But in order to set up ssl, I need to set up ddns first, right? I found some instructions for the ddns set-up, but I’m getting a little confused (I think people who write these instructions don’t realize how little some of us know and they skip steps that they think of as intuitive, but they’re not for rank newbies).

(Eventually, I want not only to use the pi as a file server and app cloud, but I’d like to use it as my own email server and web server for my business website and maybe some other sites about local political civic engagement, but one step at a time!).

I think ddns and ssl are my next steps, but I thought I’d check here to see if I’m missing any steps that need to be completed first or if I need to go in a different direction.

Thanks in advance for your input and guidance.

vasileios · June 15, 2022, 10:38pm

Hey, @Persephone!
Did you set up NextCloud to be available on the Internet or simply on your local network? If it’s the latter, then you can bypass the entire process of the SSL by generating one yourself. That’s what I did for the local version of NextCloud I’m preparing for the LMS. The only difference is that the certificate is self-signed, but it offers encryption nonetheless and makes Brave Browser happy - up to a point!

I guess my question is: are you using a domain for NextCloud or are you accessing it via an IP address?

Persephone · June 15, 2022, 11:00pm

Right now, I’m using an IP address.

I also installed Tailscale. When I take my phone off my home network, it still connects - does that mean it’s connected to the internet?

I also watched the VPN lesson yesterday and am wanting to do that, but I’m not sure how that might interfere with Tailscale.

How do I set up a self-signed ssl certificate? If I can do that, I can connect iCal to the NC calendar and begin to move from Cozi so I can unsubscribe (and save some money).

Is this what I’m looking for?

https://linuxize.com/post/creating-a-self-signed-ssl-certificate/#:~:text=What%20is%20a%20Self-Signed%20SSL%20Certificate%3F%20A%20self-signed,of%20encryption%20as%20the%20trusted%20CA-signed%20SSL%20certificate.

vasileios · June 15, 2022, 11:36pm

Hey @Persephone,
It all depends on how you installed NextCloud to begin with. Is it a Snap? A Docker image? An install directly from their website by using repository dependencies?

Other than that, I wouldn’t recommend constructing a VPN tunnel directly inside your home, because it will serve no purpose. One of the main purposes of a VPN is to not reveal your home IP, by building an encrypted tunnel between your system, going through your ISP, and exiting to your VPN server. If you create a VPN server at home, the only encryption tunnel will be for one room or two. And your IP address will still be visible, so - no benefit.

Per the SSL certificate, yes, that’s the way for the self-signed, and well done! Just remember to copy it to the correct folders and inform your site’s (NextCloud) configuration to look for it there, by listening to the 443 port. Which web server is your NextCloud utilizing? Apache or Nginx?

Persephone · June 16, 2022, 10:57pm

It all depends on how you installed NextCloud to begin with. Is it a Snap? A Docker image? An install directly from their website by using repository dependencies?

I installed NextCloud via the Umbrel app store, soooo … d) none of the above.

Other than that, I wouldn’t recommend constructing a VPN tunnel directly inside your home, because it will serve no purpose. One of the main purposes of a VPN is to not reveal your home IP, by building an encrypted tunnel between your system, going through your ISP, and exiting to your VPN server. If you create a VPN server at home, the only encryption tunnel will be for one room or two. And your IP address will still be visible, so - no benefit. :wink:

I was thinking of the VPN to an outside server, not in relation to my home server, but for online security and privacy (although I have access to Protonmail’s VPN, doing it myself sounds cool; I also want as much security as I can get). I think I’m not understanding. I was trying to work through the lessons in the LMS in order, thinking that they built on one another … do they not?

Per the SSL certificate, yes, that’s the way for the self-signed, and well done! Just remember to copy it to the correct folders and inform your site’s (NextCloud) configuration to look for it there, by listening to the 443 port. Which web server is your NextCloud utilizing? Apache or Nginx?

Cool, I’ll follow the directions at the link. However, I don’t know which folders I need to edit or how to do the port thingy. And I have no idea what my NextCloud is using - whatever is on my raspi installation of Umbrel.

Edit: I got the ssl cert set up on my Umbrel. I copied the path from the calendar in NC, but it’s not working. I’m not sure which password to use, the one for Umbrel? the one for NC? or a new one for the calendar app? None of them seem to be working.

vasileios · June 18, 2022, 3:09am

I just looked at Umbrel. It’s based on Ubuntu, so whatever commands and folder structure Ubuntu (and packages), the same are for your Umbrel as well.

On the VPN side, yes, you can build it on a Virtual Private Server. We have Course number 17 for that. I was under the impression you wanted to turn your Umbrel also to a VPN server.

The way you can determine which web server you are using, the following commands will help. Whichever produces a result is the web server you have installed.

sudo systemctl list-unit-files | grep nginx

If the above produces a result, you are running NGINX.

sudo systemctl list-unit-files | grep apache

If the above produces a result, you are running Apache2.

Those are the two main web server configurations that NextCloud runs on.

Regarding the SSL, we’ll need terminal access to see how apps are installed (the real back end the app store uses). If it allows you to open up a terminal and run commands, then do the following:

sudo apt update
sudo apt install mlocate
sudo updatedb
locate nextcloud

One line at a time (press Enter at the end of each). The results will probably be far too many, but what is important to locate which folder NextCloud is under. Is it a Snap or something else? This will also determine how the SSL directories are structured. I have an ARM installation of Ubuntu 22.04 and there are a lot of Snaps there!

Re the LMS courses, most of them function independently, minus the ones that speak of the VPN and the CyberPanel, which rely on having some knowledge of the SSH.

Persephone · June 20, 2022, 10:43pm

Sorry, all this is making my brain feel like the ball in a pinball machine, first I bounce off of one idea, then I get hit by another one and I’m off in yet another direction, and then it all happens again. I want to do all the stuff!

And with that, I’ll try to take a little time to follow your patiently-provided directions.

Persephone · June 20, 2022, 10:48pm

vasileios:

The way you can determine which web server you are using, the following commands will help. Whichever produces a result is the web server you have installed.
sudo systemctl list-unit-files | grep nginx
If the above produces a result, you are running NGINX.
sudo systemctl list-unit-files | grep apache
If the above produces a result, you are running Apache2.

Those are the two main web server configurations that NextCloud runs on.

Neither gave a result. What now?

Persephone · June 20, 2022, 11:05pm

vasileios:

Regarding the SSL, we’ll need terminal access to see how apps are installed (the real back end the app store uses). If it allows you to open up a terminal and run commands, then do the following:
sudo apt update
sudo apt install mlocate
sudo updatedb
locate nextcloud
One line at a time (press Enter at the end of each). The results will probably be far too many, but what is important to locate which folder NextCloud is under. Is it a Snap or something else? This will also determine how the SSL directories are structured. I have an ARM installation of Ubuntu 22.04 and there are a lot of Snaps there!

That pulled up what looks like thousands of files. How do I figure out where it is?

I also searched for docker and snap and things came up, but it looked like more in docker.

vasileios · June 21, 2022, 12:09pm

I had a feeling it would pull a lot of options out. Basically, it’s looking at the directories.
However, we’ll need to know which engine is used as a web server, otherwise we’ll just produce a lot of errors on the certbot command, which can trigger a waiting period if too many requests are made. That’s if your system goes online.

On the simpler, local OpenSSL, we still need to learn the engine used so that we know which configuration file to engage with. That way we will know in which directory to issue the certificates and apply them to the respective configuration file. The following might help:

locate /etc/nginx

Or

locate /etc/apache2

Hopefully, one of the two will pop with a result or a few. Those are the normal directories that these two main engines reside in when installed on the root of a system. In the Docker version, they are just inside another set of folders.

Persephone · June 21, 2022, 4:05pm

Awesome! Apache2 it is!

vasileios · July 1, 2022, 2:47am

Apache2 is a better choice in my opinion. I’m actually at the editing of the new video on NextCloud on Apache2. I believe you’ll find everything you need there!