TrueNAS CORE - Install Nextcloud and Deploying Let's Encrypt or ZeroSSL Certificates with Acme.sh

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone welcome back to another video from 102. in today's video I will show you how to install necklace on a true next core and also deploying the lead encrypt or SSL certificate zero SSL certificate with the Acme script so let's get started so first obviously you will need a net Cloud inside on your system so I'm going to select my cloud and select install plugin name you can name it whatever you want or keep the default name for the consistency of this video and the written tutorial I will name it exactly like I named it on the ringtone tutorial all right and we'll be using a DHCP you can set it at a static as well if you would like but we said that DHCP and I think in order to set static you have to uh you have to go to Advanced options but for this one we're gonna keep everything as a default all right I'm gonna do it one more time all right and DHCP all right now that we have a necklace and products and uh our two nests so these are the pulse insulation script they give you the some of the informations uh their admin portal what not and you close it and you see like a necklace that the admin portal where we can access a net cloud and the post install node it will give you the default database username database name database passwords and the next flower admin password it's only recommended that you change the default username and password for Office security reasons all right and let's just open up the portal veins and receipt all right and automatically you get the arrow message to stated that access to untrusted domain Don't Panic yeah um we're gonna address it in the the next few steps so let's see what kind of certificate it here it's a body for um two Nest using the search board and generated the sales certificate which is perfectly fine but uh it's sometimes I want to see it not secure and if you use this for commercial purpose like having customers using it uh you know it kind of freak them out let's say it's not secure but uh sales certificate is perfectly fine but you know a valid let encrypt or free uh zero SSL certificate and will make people likely this is a you know your actual website and not uh somebody here try to social engineering and make the same website like your try to trick them all right let's go back so the next step would be to enable editage service so you would have the services and edit Edge it's not recommended to uh you know log in with the root and password it should be just a regular user and then you can escape the root glitch by using the Su command however it's just for a quick tutorial I'm just going to enable a root login if you're not enable this um when you log in I believe you said the connection reviews or you're not authorized something like that but that's the reason why and let's turn it on okay and now let's open up our terminal so first we need to establish the edit Edge connection with the true net so that would be edit Edge root and tune s you can use the full qualified domain name or IP address or whatever what is what it would work uh-huh all right and in order to uh open up the jail shell you would use the command I okay console and the name of your jails so in this guy name is admin 102 cloud all right and with that uh you know this uh root and 102 cloud all right let's go back to my tutorial so uh in this step we're gonna add The Trusted domain so that's where you're able to access the admin portal before we do anything let's make a copy of the config file so that's why if anything goes wrong we can restore it there we go and next we're gonna use the CD command to change the directory to the config folder so CD there we go too in the argument oh yeah I copy the CDs two times there we go oh yes here we go so notice you have a backup config file the the First Command that create a backup file so anything happened you can copy this command it's gonna restore the config file all right and Next Step we're going to edit it using the viewing text uh easy text editor all right and you're gonna go down to uh light 30. so notice as I move the arrow dial key the line number changing all right so I'm gonna go down to light 30. there we go trusted domain if you are using just the IP address and you don't have the fqdn a fully qualified domain name you can skip the zero and cleared as a local house otherwise we would change it through your phone qualified domain name so for mine it would be the hostname dot the domain name so that would be six admin 102 file dot um says admin 102 .org and then the IP addresses would be the IP address show up on the uh trueness blocking so that's a 10.13.2.192 for whatever reason um when the next Cloud get installed on trueness it actually pull the trueness IP address instead of requesting for a new one all right so we're gonna go back here and we're gonna change this to the correct IP address all right and one more thing would you go down here and we're gonna change the override.cli.url https this is admin 102 clown dot sit at Main 102 .org all right and you would use a uh you would press on a Escape or ESC and you will tap into the toys it would save the changes all right now we're going to go back to the next file and we're going to refresh it and there we go the login portals show up and we're gonna access it using the fqdn as well oh this is because I have it before let's try and the Firefox browser and there we go you're able to access it all right all right so next step we're gonna install the Acme script so let's go back to the default folder so I'm going to do a CD command that will take us back to the uh before home folder and we're gonna download the acme.edx script in the last two in one of the last tutorial I actually show you how to use um the um I think at the fresh port for PSD to install the acme.h and a lot of you guys have each having issued downloading it well installing it so instead of installing the acme.nh probably easier just to download it from their official site so we can use the curve command to download it oh shoot I forgot all right it's easy I'm just gonna redo this again all right so I am dot Acme all right so I'm gonna just remove it and redo it I actually forgot so for the email this is the email that is gonna reassure uh an account would uh whether zero SSL or let encrypt which whichever free SSL server that you're going to select uh it's gonna let you know it's gonna give you notice of like certificate about the XY uh if certificate failed to renew or certificate XY so I'm gonna do my email like support at sysadmin102.com all right all right and next uh you need to get the correct parameter for your DNS so if you open up the link here on my blog I should okay here's all the DNS supported by acme.edh again if you're not supported by acme.edxg will not be able to use this you would look it up like for the assemble this is for Lao flare which is uh the one I'm using these are the parameter required for it um the first one key and email and uh token account ID not really it's recommended options using the token account ID and Zone ID to limited the access to the zone so for this one it can only edit a specific zone so if you get all that uh parameter requirement then you can edit the well not edit but modify the account and add it in there it required for the Acme script to execute the issuing uh well locking in and issuing verifying that you own the domain to issue you a certificate and if you use a cloud flare these are the recommended permission for your API token all right all right and I'm going to use a CD command to change the directory to the hcme.edh folder and we're gonna using the ee command to edit the excel.config foreign CF tokens account ID and Zone ID and then once you're done with this you would select obviously I'm not going to put the ID in here it takes time to you know try to cover up the the informations so it's easier just to cut it out completely so yeah if you have everything ready what you're gonna do is you're gonna click ESC or Escape key again and you would tap the enter key points that will save all the changes all right and after you uh modify the account.com next step is to keep the execute and read permissions to the acme.edx script so what you're going to do is you're going to run the CH mode 755 there we go that will give it permissions and then we will uh issuing the certificate so there's uh two different one it's gonna be a single host certificate so whatever name for that house for example you know uh nextcloud dot sysadmin102.com if you issue it it's how we go the uh the parent domain and then you know the sub domain the so domain and then support sub domain uh that single whole certificate it will only work with that particular subdomain it would be invalid for another sub domain so let's say the next file dot you know sysadmin102.org it would not be a valid certificate for um let's say openvpn.cism in102.org and if you use issuing the Wild Card certificate uh that's certificate for will work for any sub domain regardless of what it is as long as it belongs to assist admin102.org that certificate would be valid for it and wild card certificate you will have to check with your DNS server provider to see if they actually support a wild card certificate and some DNA provider for I think it uh duck DNS I believe you will have the issue the the domain for the the certificate for the domain first and then after that you you have you can do the Wild Card certificate all right and for the example we're gonna do the Wild Card certificate then and actually one more thing and if you wanna you know uh body 4 Acme 8X used to um you let encrypt server by default however they are risk they change their default server to zero SSL so if you run the command with our specify the server you will get the zero SSL certificate all right and with that let's get started I'm gonna copy this one so again the DNS uh you will have to uh look it up on the Acme official wiki page to determine which is the name for your DNS provider like for example this one it give me um this is the command for the cloudflare DNS so DNS underscore CF all right the copy this Dash D and the domain name and which is admin 102.org and then Dash D and then we're gonna do a wild card quotation mark dot access admin 102.org quotation mark and let's just do uh let encrypt server then there we go and you notice the account ratio would let encrypt instead of the default zero SSL so you look in the my tutorial I'm actually using the default without specifying the server so it's automatically ratio with the zero SSL instead all right and we successfully uh obtaining the certificate room let encrypt servers these are their location where the certificate is stored you unique the the patch to the key the search the key and the ca so I'm going to copy um the locations you needed to modify the config file all right that's one yeah the second one took one all right so we're gonna go to the next step step number six uh again before we start editing anything let's make a backup of the NGA index config so if anything goes wrong you can restore it there we go and you can restore it using that command and next we're going to modify the nginx config actually I should have modified this it's not going to open the file just like this so first let's do the CD command to change the directory to the NTI index all right and next we're gonna do the e in g i n x.com all right and let's see I believe line 95 to 98 that's why we need to change all right so the SSL certificate uh we're gonna release this with the location that we uh recorded earlier all right and open up the text file so that's the first one all right and then we go down to the second one that the certificate key all right and lastly that the ca certificate Authority copy that uh oh look like I copy the other one as well so I'm gonna delete it now all right okay which is the last line and there we go and when you click Escape enter when you set up changes ngi NX automatically going to run a sanity check and it will tell you at the something wrong with it or if it's successful actually it's not going to change until we uh we restart the NGA NX service all right there we go service nginx three star so the test is successful would mean that we successfully config our net Cloud so let's try to access it now this is admin 102 cloud and there we go uh it no longer not secure and now you have a padlock connection is secure let's see the certificate and the certificate issued by R3 less encrypt and again if you skip uh specifying which server you will get zero SSL certificate so this can load my uh tutorial on how to install netcloud and deploying the free SSL certificate either um let encrypt or zero SSL like always if you think the tutorial is helpful don't forget to subscribe like and share thank you for watching and I'll see you in the next video bye bye
Info
Channel: SYSADMIN102™
Views: 3,166
Rating: undefined out of 5
Keywords: Nhan, Nguyen, Sysadmin102, let's encrypt, how to secure proxmox with let's encrypt, nextcloud, wildcard certificates, generating ssl certificates, replace proxmox ssl certificates, certificate authority, certificates, ssl certificates, certificate, captive portal, usb installer, encryption, data storage, cloudns, owncloud, home networking, proxmox tutorial, cloud, router, hosting, networking, domain san list, virtualization, dns-01 challenge, netgate, mesh vpn, tutorial, firewall
Id: ccdxeu3oY2k
Channel Id: undefined
Length: 24min 15sec (1455 seconds)
Published: Thu Aug 31 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.