KB450008 – Setting up HTTPS on Nextcloud 10

Last modified: October 23, 2019
You are here:
Estimated reading time: 2 min

If Nextcloud is not installed, navigate to the Plugins page on the FreeNAS dashboard. Find Nextcloud in the Available list and install it. Move to the Installed tab and turn on the new Nextcloud instance.

It is easiest to change the IP address immediately after creating the Nextcloud jail. To change the IP address, move to the Jails page. Change the IP address and restart the Nextcloud jail. You may have to turn the Plugin back on.

Note: This guide uses IP addresses throughout the setup. To use hostnames, see the Apache 2.4 documentation.

After finishing all tasks in the FreeNAS GUI, ssh into the main server and then access the jail with the following commands:


jexec # (where # is listed by jls)


Download nano

FreeNAS comes with a poor text editor so download nano:

portsnap fetch extract; pkg install -y nano



Once Nano is installed, you can begin to easily edit the apache modules:

nano /usr/pbi/nextcloud-amd64/etc/apache24/extra/httpd-ssl.conf

Use ctrl+w to search the file.

Change “example.com” in the ServerName field to your IP address.

Add the following lines within the VirtualHost tags:

<IfModule mod_headers.c>

Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains”


SSLProtocol -all +TLSv1 *** This should be updated

Save the file:w and then edit httpd.conf:

nano /usr/pbi/nextcloud-amd64/etc/apache24/httpd.conf

Add the following:

<VirtualHost *:80>

ServerName yourip

Redirect permanent / https://yourip/



Like above, find the ServerName field already there, uncomment it and change its value to your IP address.


Note: If necessary, you can fine tune the Listen directives to only bind to certain IP address


Save the file and create a new directory for the key and certificate:

Mkdir aname



Next, use the OpenSSL tool to generate a private key in the new folder:

openssl genrsa –out aname.key 2048

Once the private key is generated, you need to create a Certificate Signing Request (CSR). You can either send the CSR to a Certificate Authority for signing or perform self-signing.

To create a CSR:

openssl req -new -key aname.key –out aname.csr

Fill in the appropriate information. The most important field is the CN. For this case, use the jail IP address as CN.

To check is the CSR is correct:

openssl req -text -in aname.csr –noout


Alternatively, to self-sign:

openssl req -new -x509 -days 365 -key aname.key -out aname.crt

Add path of certificate and key to the following fields in httpd-ssl.conf

nano /usr/pbi/nextcloud-amd64/etc/apache24/extra/httpd-ssl.conf





Enabling New Configuration

Be safe, use service apache24 stop then service apache24 start instead of service apache24 restart when changing port names


You now have to implement the certificate on client (Firefox is the easiest browser to use in this case).

Was this article helpful?
Dislike 0
Views: 789
Unboxing Racking Storage Drives Cable Setup Power UPS Sizing Remote Access