Host Nextcloud on TrueNAS 12 CORE // Secure Nextcloud with Nginx Proxy Manager

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone kevin stevenson here with getbeatthegeek.com and today we're going to look at truenas nextcloud and we're going to throw in some https to secure our next cloud install using nginx proxy manager we're going to set that all up running on our two nest box so let's get started alright here we go let's just go ahead and pull up our trunast box so here is our trueness i'm going to reload the page real quick uh because it'll probably want me to reinstall or you know log in okay here we go we're in our trueness and the first thing we want to do is if you followed on our last video we went and we created a virtual machine that has uh ubuntu on it and docker installed so if you missed that video go back and check that out because you're going to need to have that before we do this operation so what we're going to end up doing is going to the plugins and installing next cloud so we're going to go ahead and do that now just click the install nope i think i must have put the wrong thing click on next cloud click on install so you get your plugin you just need to give your jail a name next club jay or jail we're not going to change anything here we're going to nat it and click save that's going to take a few minutes to install and so it'll create a jail for the plug-in and install my sql server and next cloud all in one thing and it'll give it a port so i'll just let that happen okay here we go now this is all installed so now we have next cloud installed and you got all this stuff and you'll get an ip address which is going to be the same as this and then we're going to end up having a special port so we're going to close this that'll refresh and it'll tell us our port 82 so we can take that go down here and click manage and it's going to pop up next cloud in the window so you over here and post install notes will give you your database and user and database password and admin user and password for next cloud so this is uniquely generated for install and you know i'm showing you this on unblurred because i'm gonna blow this all away when it's all done so so you just take this password or username and the password you see here and you paste it in and boom you're logged in for the very first time you can go over here to your files and you will see that you have files we'll go ahead and just open up this image and boom there's a bird all right so our next step what we want to do is we need to go and do a little bit of prep so we're going to switch over to portainer which you have running right here on this machine so if i go down here the virtual machines you'll see this ubuntu docker that i created and open up a vnc shell for that i'm logged in and i might do an ip space a you're going to notice that the ip address of this virtual machine is 203. so that's why i'm in this portainer on 203 so like i said before if you missed my docker install on trunasco check that video out which will get you to this point and this is our docker install so what we want to do is go ahead and take a look at nginx proxy manager manager so nginx proxy manager is a wonderful product what it does is it is a proxy between your web servers that you have locally in your network and it'll do things such as get an ssl cert for you so we're gonna install proxy manager using docker and going to secure our next cloud instance with a let's encrypt ssl cert you created using proxy magic so go to proxymanagers.com scroll on down and you're going to see this docker compose file now if you're just want to run command line docker compose you can create this docker compose file at the command line of the simbutu virtual machine we had and it will give you this however we are going to use portainer so you take this right here and you copy it and i go over to our portainer instance and you go to stacks and i say add stack and now i want to point something out real quick here is that stacks deployed there is the equivalent of docker compose only compose formatted version 2 is supported so this is very important you look at this this is version 3 however the wonderful thing is that nothing in this docker compose is actually using version three um features so we can change this version from there the nginx proxy to version two without causing a problem so let's just look at our docker compose file for one second and see what it's doing number one it's going to install nginx proxy manager the latest version it's going to expose ports 8081 and 443 and it's going to use mysql database so you scroll on down here to the db and it's going to we're also going to pull a mariadb image and these are the root passwords so if you want to change all this stuff to be more secure not standard you should do that absolutely 100 percent when you deploy this for non-test purposes i'm just using this for test purposes and so i'm not going to change those in this instance but you should and that's all there is to it so what you need to do is give this a name we're going to call it nginx proxy manager stack and so now i have a name and i pasted it this all in here all i need to do is click deploy that'll take just a second to deploy because what it's going to do now is it's going to go all those images from from docker and then run them on this machine and that'll take it just a second your mileage will vary depending on how fast your machine is looking there it's all done so now we have this stack and you look at that here it is it just proxy manager stack you'll see that uh the first one the db is running the app one is starting so it's still running these things up by the way like i said about those port 81 80 and 443 what those ports are 80 is http 443 is https and 81 is the management stack for nginx proxy manager going back to our dashboard you will see one stack here and four containers so if i go to the containers um i already had a pertainer one pertainer container running and then i have a plain old http web one running and and now these are our two they were created from our docker uh compose file so now if i go over here to the management stack i click on that it's going to go pom pom pom because 0 0 0 because it doesn't actually give you the ip address so what we need to do is put that ip address in 203 and so now i know it's 203 because i have everything on this container running on 203. so i go over here and it says login well there is the default so if you scroll on down here you will notice that the default login is admin and change me so you're going to log in with that like i said change me the first thing it's gonna do is say hey you need to update this so we're going to go ahead and update [Music] and give it a new password and so now you have a new username and password so make these super secure so all right so now we go back to the dashboard i have zero hosts zero redirects zero stream serial four four so we have our basic proxy manager set up so next thing we're going to need to do is go ahead and take a look at what we need to do to this next cloud instance to make it work so we'll go back over here our trueness and if you go to jails you're going to find that there's a next cloud gel that was created with this so we're going to go and expand that and click on the shell and i'm going to make this a little bit bigger so we can see this easily now i'm going into the shell right here actually just hit ctrl 0 and look at this font size i can make this big from here i didn't realize that but hey so you can ssh into the truenet nas box and then get into these gels but i find this pretty easy the first thing we want to do is i am a big fan of not using buy vi hate it so we're going to install nano so easiest thing to do with that is just go to pkg update and that's going to call upon the repos and make sure that everything is up to date we just created this so it probably is anyway and then you can do pkg install nano so that's going to go out get the nano program and install it and now life is easy so we're going to go and change to the next cloud config location which is usr local www next cloud config oops and that switches us to that directory now you'll see that there are several in there we actually want the config.php this is where we use the nano boom so this is our config for php so we're going to end up doing two things first thing we're going to do here is i'm going to give this an actual could i'm going to we're going to have it to to trust a domain and so i've created a domain so we're going to go over here input 2 and then equals and what were what that domain is to okay so beaker it services charles missouri.com that is what we have so that does one thing for us when we actually do get it forwarded to the actual domain name that you have permission to access it and then we're gonna go down here and we're gonna add a trusted proxy so you might be asking yourself where did i get that information well our proxy manager is on this ip address right here so that's the ip address we're going to put in for the product proxy um get back 192.168.11.203 and that's all we need to change so we hit control x and save it and boom now you're out of there okay and so i can go ahead and refresh our next cloud instance and it still works here's we're going to go back over to the nginx proxy manager there's no host we're going to add a proxy host so that's the domain and now what about this next part well that's a good question so if we go back over here to our next cloud you're going to notice that this is this 8282 so let's just take that go back over here and we're going to paste that in now we really just need the ip address in there because http is here so if you're actually running https you can select https from here but it is doing http and then we have those ports 82 82. so we go back over here that's the 82 to 82 is the port and this is the ip address so that's what you fill out here then we're going to click a few of these things uh public accessible and then we're going to go over the ssl and we want to go request a let's encrypt ssl and we're going to you have to agree pick an email address we're going to go ahead and put http support force ssl you can do this hsts i'm not going to do it in this particular challenge if you use the challenge this is interesting you if you flip this back and use a challenge you can pick a dns provider so if you're using cloudflare or something like that then you can choose those and it will automatically do a dns challenge and that's good if you want to do http with a domain and you don't actually want it publicly accessible so just keep in mind with it that's one of the reasons why i would choose that and so request new cert ssl http 2 blah blah details over here you're good just go ahead and hit save what's going to happen is it's going to go out there and request that so internal error [Music] the reason why i got this is because i already have a cert because i've done this recently so we're going to go and just real quick i'll pause this we're going to set up a different dns record and i'll be good okay we're back so i've changed what we're gonna do we're gonna change our new name to muppet and so let me go back in here to the shell and cd back here and then editor to config we're going to go ahead and change this to mop bit and ctrl x yes boom there you go now we can go back over here and we're going to change this okay so everything is the same this will be that uh ssl request forces see all this good stuff like if you're gonna run this um long term you're gonna wanna enable hsts um so we're going to try this one more time hit save it's trying and thinking about it we just updated the dns record so it might take it just a second boom there we go this first one i can go ahead and delete all right so here we have let's encrypt all set let's just go ahead and edit this and take a look so again it's just here ssl is in there boom if you have extra stuff that you need to do in the nginx configuration you can stick it right here all right so here it is so you see this config that and muppet so did i not do it m-u-p-p-e-t ah i misspelled boy oh boy yes all right so there you go all right so we're going to go ahead and log in one more time so go back over here and first of all i can exit out of my gel go back into the plugins it's going to take it a second you'll populate yours go down here and post install to get our username and passwords again close that one so zoom that's the username here is the password and [Music] boom so here we are again now we're logged in to this next cloud instance using https so let's just go ahead and look at that see secured and if you want to go ahead and you can take a look at that cert you will see that it is for this i for this domain and you will see that the issuer issuer statement or you can go to that um but if you go over the the details and everything you're going to see let's encrypt so that's how it was created using the let's encrypt and so there we go here's a document let's just you know let's open up this pdf boom there's a pdf uh maybe let's just go ahead and upload a file so let's just do that let me go and i will grab a picture real quick yeah here's a docker or how how's this one let's just go ahead and we just drag that on there boom had it uploaded by the way this is a great video check it out so that's all there is to setting this up and the important thing here is that you're now running securely your next cloud instance using https and a valid let's encrypt cert and so moving forward you can just use this next cloud and if you've never used next cloud you you may want to check that out it has a lot of great features if you're familiar with google drive or onedrive or all that other cloud drives this is a great open source alternative that can do all those good things you can install the the mobile app the desktop app and anything so check it out all right this has been another next next cloud docker trueness beehive hypervisor all kinds of technology uh tutorial at basically uh uh from xero to install of setting up next cloud instance to host your files you can backup your phone photos especially now that google is no longer giving you free storage for all your photos check out this next cloud and it will be secured on your truenast box and that is a beautiful thing i'm kevin stevenson with getwithgeek.com thanks for joining us for this tutorial

Info

Channel: PhasedLogix IT Services

Views: 15,523

Rating: undefined out of 5

Keywords: GetMeTheGeek, PhasedLogix, freenas, truenas, Linux, Proxmox, Docker, Virtualization, Portainer, virtual machines, server, virtual machine, create a vm, ubuntu, virtual, network, Tutorial, Container, proxmox virtual environment tutorial, virtual machines for beginners, truenas core, truenas core 12, bhyve, NextCloud, nextcloud freenas, nextcloud freenas setup, nextcloud freenas plugin setup, nextcloud freenas plugin, nextcloud freenas jail, nextcloud, network attached storage, open source, freebsd

Id: hxSAGY5zRwQ

Channel Id: undefined

Length: 23min 16sec (1396 seconds)

Published: Fri Dec 18 2020