Jail: cloud

first time
create

one time

<span class="pln">zfs create ship</span><span class="pun">/</span><span class="pln">cloud</span>

create jail

<span class="kwd">export</span><span class="pln"> JAIL</span><span class="pun">=</span><span class="pln">cloud
</span><span class="kwd">export</span><span class="pln"> JAILHOSTNAME</span><span class="pun">=</span><span class="pln">cloud
</span><span class="kwd">export</span><span class="pln"> JAILDOMAIN</span><span class="pun">=</span><span class="pln">ahlawat</span><span class="pun">.</span><span class="pln">com
</span><span class="kwd">export</span><span class="pln"> JAILIP</span><span class="pun">=</span><span class="lit">59</span><span class="pln">
</span><span class="kwd">export</span><span class="pln"> JAILUSER</span><span class="pun">=</span><span class="pln">X
</span><span class="kwd">export</span><span class="pln"> JAILUSERID</span><span class="pun">=</span><span class="lit">1000</span><span class="pln">
</span><span class="kwd">export</span><span class="pln"> JAILUSERVNC</span><span class="pun">=</span><span class="kwd">false</span><span class="pln">

</span><span class="pun">/</span><span class="pln">root</span><span class="pun">/</span><span class="typ">FreeBSD</span><span class="pun">/</span><span class="pln">jails</span><span class="pun">/</span><span class="pln">create</span><span class="pun">.</span><span class="pln">sh $JAIL $JAILHOSTNAME $JAILDOMAIN $JAILIP $JAILUSER $JAILUSERID $JAILUSERVNC

iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"mkdir /mnt/cloud"</span><span class="pln">
iocage fstab </span><span class="pun">-</span><span class="pln">a $JAIL </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">ship</span><span class="pun">/</span><span class="pln">cloud </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">cloud nullfs rw </span><span class="lit">0</span><span class="pln"> </span><span class="lit">0</span><span class="pln">
iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"mkdir /mnt/sharad"</span><span class="pln">
iocage fstab </span><span class="pun">-</span><span class="pln">a $JAIL </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">data</span><span class="pun">/</span><span class="pln">users</span><span class="pun">/</span><span class="pln">sharad </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">sharad nullfs rw </span><span class="lit">0</span><span class="pln"> </span><span class="lit">0</span><span class="pln">
iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"mkdir /mnt/rachna"</span><span class="pln">
iocage fstab </span><span class="pun">-</span><span class="pln">a $JAIL </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">data</span><span class="pun">/</span><span class="pln">users</span><span class="pun">/</span><span class="pln">rachna </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">rachna nullfs rw </span><span class="lit">0</span><span class="pln"> </span><span class="lit">0</span><span class="pln">
iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"mkdir /mnt/nivi"</span><span class="pln">
iocage fstab </span><span class="pun">-</span><span class="pln">a $JAIL </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">data</span><span class="pun">/</span><span class="pln">users</span><span class="pun">/</span><span class="pln">nivi </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">nivi nullfs rw </span><span class="lit">0</span><span class="pln"> </span><span class="lit">0</span><span class="pln">
iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"mkdir /mnt/rishabh"</span><span class="pln">
iocage fstab </span><span class="pun">-</span><span class="pln">a $JAIL </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">data</span><span class="pun">/</span><span class="pln">users</span><span class="pun">/</span><span class="pln">rishabh </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">rishabh nullfs rw </span><span class="lit">0</span><span class="pln"> </span><span class="lit">0</span><span class="pln">
iocage fstab </span><span class="pun">-</span><span class="pln">l $JAIL

iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"pkg install -y sudo apache24 redis ffmpeg php83 php83-bcmath php83-bz2 php83-ctype php83-curl php83-dom php83-exif php83-fileinfo php83-filter php83-ftp php83-gd php83-gmp php83-iconv php83-imap php83-intl php83-ldap php83-mbstring php83-mysqli php83-opcache php83-pcntl php83-pdo php83-pdo_mysql php83-pecl-APCu php83-pecl-imagick php83-pecl-mcrypt php83-pecl-redis php83-posix php83-session php83-simplexml php83-sodium php83-sysvsem php83-xml php83-xmlreader php83-xmlwriter php83-xsl php83-zip php83-zlib php83-pear-horde-Horde_HashTable"</span><span class="pln">

</span><span class="com">## apache-openoffice optional</span><span class="pln">

iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"sysrc apache24_enable=YES"</span><span class="pln">
iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"cp /mnt/config/httpd.conf /usr/local/etc/apache24/"</span><span class="pln">
iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"cp /mnt/config/020_mod_ssl.conf /usr/local/etc/apache24/modules.d/"</span><span class="pln">
iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"cp /mnt/config/php.ini /usr/local/etc/php.ini"</span><span class="pln">

iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"sysrc php_fpm_enable=YES"</span><span class="pln">
iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"cp -f /mnt/config/www.conf /usr/local/etc/php-fpm.d/"</span><span class="pln">
iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"service php-fpm start"</span><span class="pln">

iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"sysrc redis_enable=YES"</span><span class="pln">
iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"cp /mnt/config/redis.conf /usr/local/etc/"</span><span class="pln">
iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"service redis start"</span><span class="pln">

iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"fetch -o /tmp https://download.nextcloud.com/server/releases/latest-28.tar.bz2"</span><span class="pln">
iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"tar xjf /tmp/latest-28.tar.bz2 -C /usr/local/www/apache24/data/"</span><span class="pln">
iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"chown -R www:www /usr/local/www/apache24/data /mnt/cloud"</span><span class="pln">

iocage </span><span class="kwd">exec</span><span class="pln"> $JAIL </span><span class="str">"service apache24 restart"</span><span class="pln">

</span><span class="com"># php -r "if (new Redis() == true){ echo \"OK \r\n\"; }"</span><span class="pln">

iocage console $JAIL

touch </span><span class="pun">/</span><span class="kwd">var</span><span class="pun">/</span><span class="pln">log</span><span class="pun">/</span><span class="pln">nextcloud</span><span class="pun">.</span><span class="pln">log
chown www</span><span class="pun">:</span><span class="pln">www </span><span class="pun">/</span><span class="kwd">var</span><span class="pun">/</span><span class="pln">log</span><span class="pun">/</span><span class="pln">nextcloud</span><span class="pun">.</span><span class="pln">log

cd </span><span class="pun">/</span><span class="pln">usr</span><span class="pun">/</span><span class="kwd">local</span><span class="pun">/</span><span class="pln">www</span><span class="pun">/</span><span class="pln">apache24</span><span class="pun">/</span><span class="pln">data</span><span class="pun">/</span><span class="pln">nextcloud</span><span class="pun">/</span><span class="pln">
sudo </span><span class="pun">-</span><span class="pln">u www php occ maintenance</span><span class="pun">:</span><span class="pln">install </span><span class="pun">--</span><span class="pln">database </span><span class="str">"mysql"</span><span class="pln"> </span><span class="pun">--</span><span class="pln">database</span><span class="pun">-</span><span class="pln">name </span><span class="str">"nextcloud"</span><span class="pln"> </span><span class="pun">--</span><span class="pln">database</span><span class="pun">-</span><span class="pln">host </span><span class="str">"db.ahlawat.com:3306"</span><span class="pln"> </span><span class="pun">--</span><span class="pln">database</span><span class="pun">-</span><span class="pln">user </span><span class="str">"nextcloud"</span><span class="pln"> </span><span class="pun">--</span><span class="pln">database</span><span class="pun">-</span><span class="kwd">pass</span><span class="pln"> </span><span class="str">"mysql__nextcloud"</span><span class="pln"> </span><span class="pun">--</span><span class="pln">admin</span><span class="pun">-</span><span class="pln">user </span><span class="str">"admin"</span><span class="pln"> </span><span class="pun">--</span><span class="pln">admin</span><span class="pun">-</span><span class="kwd">pass</span><span class="pln"> </span><span class="str">"REPLACEME"</span><span class="pln"> </span><span class="pun">--</span><span class="pln">data</span><span class="pun">-</span><span class="pln">dir </span><span class="str">"/mnt/cloud"</span><span class="pln">

su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ config:system:set trusted_domains 1 --value=cloud.ahlawat.com"</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ config:system:set trusted_domains 2 --value=192.168.0.59"</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ config:system:set overwrite.cli.url --value=\"https://cloud.ahlawat.com/\""</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ config:system:set htaccess.RewriteBase --value=/"</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">'php occ config:system:set filelocking.enabled --value=true'</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">'php occ config:system:set memcache.local --value="\OC\Memcache\APCu"'</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">'php occ config:system:set memcache.locking --value="\OC\Memcache\Redis"'</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">'php occ config:system:set redis host --value="/tmp/redis.sock"'</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">'php occ config:system:set redis port --value=0 --type=integer'</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ config:system:set dbhost --value=db.ahlawat.com"</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ config:system:set dbport --value=3306"</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ config:system:set logtimezone --value=America/Los_Angeles"</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ config:system:set log_type --value=file"</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ config:system:set logfile --value=/var/log/nextcloud.log"</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ config:system:set loglevel --value=2"</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ config:system:set logrotate_size --value=104847600"</span><span class="pln">

crontab </span><span class="pun">-</span><span class="pln">u www </span><span class="pun">/</span><span class="pln">mnt</span><span class="pun">/</span><span class="pln">config</span><span class="pun">/</span><span class="pln">crontab_add
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ background:cron"</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ maintenance:update:htaccess"</span><span class="pln">

</span><span class="com">#Disable SSL offload in jail environment</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ app:enable encryption"</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ encryption:enable"</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ encryption:disable"</span><span class="pln">

</span><span class="com">#Enable required modules</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ app:enable user_ldap"</span><span class="pln">
su </span><span class="pun">-</span><span class="pln">m www </span><span class="pun">-</span><span class="pln">c </span><span class="str">"php occ app:enable files_external"</span><span class="pln">

</span><span class="com">#workaround for occ (in shell just use occ instead of su -m www -c "....")</span><span class="pln">
echo </span><span class="str">"alias occ=~/occ.sh"</span><span class="pln"> </span><span class="pun">&gt;&gt;</span><span class="pln"> </span><span class="str">/root/</span><span class="pun">.</span><span class="pln">bash_profile
echo </span><span class="str">'su -m www -c php\ ``/usr/local/www/apache24/data/nextcloud/occ\ "$*"``'</span><span class="pln"> </span><span class="pun">&gt;</span><span class="pln"> </span><span class="pun">~/</span><span class="pln">occ</span><span class="pun">.</span><span class="pln">sh
chmod </span><span class="lit">755</span><span class="pln"> </span><span class="pun">~/</span><span class="pln">occ</span><span class="pun">.</span><span class="pln">sh</span>

Notes:

SQLSTATE[HY001]: Memory allocation error: 1038 Out of sort memory, consider increasing server sort buffer size.
Set:
sort_buffer_size = 4M
in mysql my.cnf

Manual Upgrade Process
# Update Stuck: Parsing response failed - https://github.com/nextcloud/updater/issues/156
cd /usr/local/www/apache24/data/
curl -O https://download.nextcloud.com/server/releases/nextcloud-30.0.6.zip
cd nextcloud
#changed maintenance mode to true (ignore if occ already deleted by failed web upgrade process)
su -m www -c "php occ maintenance:mode --on"
cd ..
mv nextcloud nextcloud.old
unzip nextcloud-30.0.6.zip
cp nextcloud.old/config/config.php nextcloud/config
chown -R www:nogroup nextcloud
cd nextcloud
#changed maintenance mode to false
su -m www -c "php occ maintenance:mode --off"
cd ..
Browsed to main URL - redirected directly to database update procedure 
Now, its updated. After this procedure, you may delete some files:
rm -rf nextcloud.old
rm nextcloud-30.0.6.zip

Login as admin:
check settings overview for other operations
eg.: su -m www -c "php occ db:add-missing-indices"
check logs to fix any errors 

If updater is stuck
cd /usr/local/www/apache24/data/nextcloud/
su -m www -c "php occ maintenance:repair"

Manual Upgrade Process
https://docs.nextcloud.com/server/23/admin_manual/maintenance/manual_upgrade.html
https://docs.nextcloud.com/server/23/admin_manual/maintenance/backup.html

Need to reinstall disabled apps
calendar, contacts, tasks, rainloop, deck, groupfolders, talk, maps, news, splash
( sync CalDAV and CardDAV with DAVx and OpenTasks apps on Android - installed using F-Droid market place )

Disabled plugins: Federation, Monitoring, Nextcloud Announcements, Usage Survey
(need plugins support and recommendation for various administrative operations)

# Careful - these commands may damage DATA
su -m www -c "php occ maintenance:mode --on"
su -m www -c "php occ maintenance:data-fingerprint"
su -m www -c "php occ maintenance:mimetype:update-db"
su -m www -c "php occ maintenance:mimetype:update-js"
su -m www -c "php occ maintenance:theme:update"
su -m www -c "php occ maintenance:repair"
su -m www -c "php occ maintenance:mode --off"

su -m www -c "php occ files:scan --all"


Alternate CalDAV/CardDAV
#NOT INSTALLED - using NextCloud
# baikal:https://sabre.io/baikal/install/
# wget https://github.com/sabre-io/Baikal/archive/0.6.1.tar.gz
# cd /usr/local/www/apache24
# tar -xvzf /mnt/config/0.6.1.tar.gz
# chown -R www:www Baikal-0.6.1
# Composer is a tool for dependency management in PHP - https://getcomposer.org/download/
# pkg install php73-composer php73-simplexml php73-xmlwriter php73-xmlreader
# composer install
# ln -s /usr/local/www/apache24/Baikal-0.6.1/html cal

Showcased here is a capital and operational cost effective approach, using minimal server and networking hardware with multiple virtualized applications for Home and Business. This solution template can be easily scaled out and adapted for larger Enterprise deployments.

drop by the diyIT Matrix public room at #diyit:matrix.ahlawat.com
if you have any IT questions/feedback or to request pro bono consulting for a nonprofit

message me privately at @sharad:matrix.ahlawat.com
or email me at - sharad@ahlawat.com - pgpkey: 68DD6B89

Networking and Security Technologist.
Engineer and an avid Programmer.

https://sharad.ahlawat.com

strive to learn and pass on the knowledge to the next generation
one day humanity will understand the meaning of life and hopefully it will be more than ASCII 42 = "*" regex for whatever you want it to be,
and destiny is more than just a roll of a pair of dice with 42 dots (Lets nail down Quantum Entanglement)

May you Live Long (Intelligently) and Prosper and work on technology that matters.

No personal identifying data is collected or any form of analytics/metrics reported to a third-party by this website.