Nextcloud Installation - Part 2 Creating a LetsEncrypt Certificate for NextCloud

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello guys welcome to the part two of the next Cloud installation series uh today we will be creating our um getting a TLS certificate from let's encrypt so we can secure our communication to our next Cloud instance in this case we're going to be using the snapped package and uh set bot to request a TLS certificate from let's encrypt without wasting any time we're going to go straight into the agenda of this video for us to start the first thing we want to do is log into our command line interface once you log in as the administrative user we created for the last video we're going to start by installing the snap package so we're going to run the command sudo apt install snapped and once we do that once that's complete the next thing we're going to do here is install uh the snap call and make sure it is up to date as we can see we already have that installed and it is up to date and now we're going to go ahead and install the set board package for me that's already installed but for you this may take some time for the installation to complete once we complete that installation we're gonna have to create a symbolic link for set part I already have that link created once again if this is the first time you're gonna have to that is gonna go incomplete and give you a successful message and once that's done there's two ways you can do to request a TLS certificate from let's encrypt it's all going to depend on your setup in this case I'm running this at home at about on a virtual machine so what I'm going to need to do is do a manual DNS verification so I can get my TLS certificate and then do a port forward on my router to be able to port forward Port 443 to my virtual machine in your case if you're running this on a VPS server all you need to do is open pot 53 and Port 443 and then we're going to go on to DNS management and create our hostname or DNS name for our next Cloud Server so we're going to start by showing you guys what you're going to do on the DNS management side before we get to the steps on requesting our TLS certificate in this case I'm using cloudflare so if you're using Google DNS or something else like GoDaddy the steps should be the same so the first thing we want to do is create an a record for our virtual machine or VPS server in this case I'm calling minecloud.geektogether.com so I'm just going to add an a record for cloud and then I'll enter my IP address and then I'm going to save that so for cloud Fair users only if you're going to proxy this um hostname you want to make sure that you set up your SSL and TLS setting to full if you set it to full Street there's some other configuration you need to do and install Cloud first certificates on your server but for this tutorial full should be good if you're going to proxy this connection if not you can turn the proxy off so once you have this completed you go back to the um command line and for those of you who are running this on a VPS you just need to run the command sudo set bot dash dash Apache once you run this command you want to follow the instructions and as you can see setbot has automatically detected the virtual host of our server which is cloud.geektogether.com based on the SSL um settings or the Apache settings that we configured earlier in the last video so you just need to select enter and follow through the steps and complete the certificate issuance in this case as is going to fail because we don't have Port 53 opened inbound we only want to do the port forwarding of 443 because I'm running this at home so this is not going to work for me in my case I got a failure because the challenge could not be um completed like I said because I'm running this on a virtual machine and I don't have Port 50 to reopen and Port 443 and an external IP address so what I'm going to do is I'm gonna use another option which is going to be the manual DNS verification since my virtual machine is running internally on my network and we have a private IP address and not a public IP address so I'm going to clear my command line and I'm going to paste the command if you're running this at a virtual machine 2 all you need to do is change the cloud.geektogether.com to the hostname or to the DNS name that you want to use for your next Cloud Server once you do that my bad I have to run that as sudo so once you do that it is going to provide you a txt record for you to put into your DNS management for said bot to be able to verify that you own the domain and issue the S the TLs certificate so we're going to copy um the txt record name we're going to go back to Cloud Fair I'm gonna paste the name on here and now we're going to copy the value we're going to paste that on here too then we're going to hit save and once you do that I'll say you give it a couple of seconds between 5 to 10 seconds you can give it up to a minute if you want to be safe and then you're going to press enter in order for um let's encrypt to verify as you can see we were able to successfully verify and our certificates were issued there's one more change we need to do so as of right now we can still access our next Cloud Server using HTTP so we're going to configure our host to only accept um connections from Port 443 so we're going to redirect everything to port forward so for us to do this we're gonna have to go back to our configuration file so we're going to do sudo Nano and then we go to sites available and we want to go to our configuration file and the first thing we need to do on the the virtual host for Port 80 we want to add a redirect rule permanently so you can copy and paste this I'll leave the commands in the description section below and then you're gonna change this to the hostname that you'll be using and once you have that changed you want to calm down at the end of um the virtual host setting and we're going to add another virtual host configuration for 443 okay we're gonna add that on there and then at this point you just want to change the server name and the several alias so we're gonna do cloud.geek together.com and we'll do the same thing here okay I'm just gonna copy and paste that and so once you paste that we're going to save that and then we're gonna restart Apache okay okay at the end of my password correctly so I'm going to do that again and that restarted this time with no errors so I'm going to go back to my browser so we're going to try that with our internal IP as we can see when we do that we're now presented with a certificate it says it's not private because the IP address is different from the host name in the certificate so the browser doesn't recognize it but notice right now we're accessing the the next Cloud using https so I'm going to close that and now we're going to go try to access it with the hostname since we have our port forwarding rule active in here so I try to access with the host name you can see it fails because the browser sometimes caches the request still things that the domain name is not available so what I'm gonna do is I'm gonna go and open a different browser in this case I'm going to use Safari and now we're going to run this on a different browser and you should see this work right now now we're able to access our next Cloud Server externally with a valid certificate but the only problem we're having right now is because our next Cloud doesn't recognize the domain so there's one more thing we need to do we need to go and use your favorite browser and or your favorite text editor that we need to go into the VAR www.directory into our next Cloud directory right here and then you want to go to config directory and this 2000 here there's a config.php file and there's a config.sample.php we want to make sure we open up the config.php because that's where we're going to be making a lot of our configuration changes and once you do that you want to come over to trusted domains and add a one under arrays and now we're gonna add our cloud.geek together.com so you replace this with whatever you're using for your hostname or domain name once that's complete make sure to include the comma you're going to save that you don't need to do any reboots or restart for services and once you refresh that now you can see we can access our next our next Cloud instance securely over https with a value TLS certificate so thank you for watching I hope you enjoyed this video if you have any questions please leave it down in the comment section below and please do not forget to like And subscribe to the channel
Info
Channel: #geek2gether
Views: 5,269
Rating: undefined out of 5
Keywords: letsencrypt, nextcloud
Id: uk5orkS6hgE
Channel Id: undefined
Length: 11min 56sec (716 seconds)
Published: Tue Jul 25 2023
Related Videos
NextCloud Installation - Part 3 Removing the index.php in Login URL
#geek2gether
2.5K
How to Get Fully Automated Let's Encrypt SSL Renewal (no coding)
Tony Teaches Tech
52K
Nextcloud Installation - Part 7 Nextcloud External Storage Support (SMB/CIFS)
#geek2gether
14K
Ultimate Beginner's Guide to OpnSense - Installation - Part 1
Jim's Garage
64K
Secure NEXTCLOUD with HTTPS - Domain name, DNS, and certificate
The Linux Experiment
67K
Installing OnlyOffice Document server Ubuntu 22.04
#geek2gether
10K
How to create a valid self signed SSL Certificate?
Christian Lempa
343K
How to Install Free SSL Certificate with Let's Encrypt on Ubuntu 22.04 | Running NGINX
ZacsTech
10K
ownCloud Vs Nextcloud
Pro Tech Show
199K
Install Nextcloud Using linux snap package (Ubuntu Server 22.04) Part 1
#geek2gether
9.5K
Build your OWN WireGuard VPN! Here's how
Jeff Geerling
317K
Nextcloud Installation - Part 12 Setup TURN Server for Nextcloud Talk
#geek2gether
3.5K
How to Install Nextcloud on Ubuntu, Move Data Directory, Setup Free DDNS Domain & SSL Certificate
Game Guides
143K
How to Access your Nextcloud Outside with Tunneling
Novaspirit Tech
25K
Install NextCloud on Proxmox in under 10 Min
virtualize everything
33K
How to install TrueNAS Scale: Complete Setup Tutorial
Distro Domain
9.8K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.