KB450008 – Setting up HTTPS on Nextcloud 10

Last modified: February 25, 2019
You are here:
Estimated reading time: 2 min

If Nextcloud is not installed, navigate to the Plugins page on the FreeNAS dashboard. Find Nextcloud in the Available list and install it. Move to the Installed tab and turn on the new Nextcloud instance.

It is easiest to change the IP address immediately after creating the Nextcloud jail. To change the IP address, move to the Jails page. Change the IP address and restart the Nextcloud jail. You may have to turn the Plugin back on.

Note: This guide uses IP addresses throughout the setup. To use hostnames, see the Apache 2.4 documentation.

After finishing all tasks in the FreeNAS GUI, ssh into the main server and then access the jail with the following commands:

jls

jexec # (where # is listed by jls)

 

Download nano

FreeNAS comes with a poor text editor so download nano:

portsnap fetch extract; pkg install -y nano

 

Configure

Once Nano is installed, you can begin to easily edit the apache modules:

nano /usr/pbi/nextcloud-amd64/etc/apache24/extra/httpd-ssl.conf

Use ctrl+w to search the file.

Change “example.com” in the ServerName field to your IP address.

Add the following lines within the VirtualHost tags:

<IfModule mod_headers.c>

Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains”

</IfModule>

SSLProtocol -all +TLSv1 *** This should be updated

Save the file:w and then edit httpd.conf:

nano /usr/pbi/nextcloud-amd64/etc/apache24/httpd.conf

Add the following:

<VirtualHost *:80>

ServerName yourip

Redirect permanent / https://yourip/

</VirtualHost>

 

Like above, find the ServerName field already there, uncomment it and change its value to your IP address.

 

Note: If necessary, you can fine tune the Listen directives to only bind to certain IP address

 

Save the file and create a new directory for the key and certificate:

Mkdir aname

 

OpenSSL

Next, use the OpenSSL tool to generate a private key in the new folder:

openssl genrsa –out aname.key 2048

Once the private key is generated, you need to create a Certificate Signing Request (CSR). You can either send the CSR to a Certificate Authority for signing or perform self-signing.

To create a CSR:

openssl req -new -key aname.key –out aname.csr

Fill in the appropriate information. The most important field is the CN. For this case, use the jail IP address as CN.

To check is the CSR is correct:

openssl req -text -in aname.csr –noout

 

Alternatively, to self-sign:

openssl req -new -x509 -days 365 -key aname.key -out aname.crt

Add path of certificate and key to the following fields in httpd-ssl.conf

nano /usr/pbi/nextcloud-amd64/etc/apache24/extra/httpd-ssl.conf

 

SSLCertificateFile

SSLCertificateKeyFile

 

Enabling New Configuration

Be safe, use service apache24 stop then service apache24 start instead of service apache24 restart when changing port names

 

You now have to implement the certificate on client (Firefox is the easiest browser to use in this case).

Was this article helpful?
Dislike 0
Views: 57