Post by: baqwas on July 31, 2020, 10:09:02 pm
At System --> Configuration --> Backups, Download and Restore are working for me but the others fail after saving the settings.
Google Drive, Mailer and Nextcloud didn't work. For Mailer, I used telnet to confirm that the the LAN connectivity to the SMTP server is open (incidentially, the receiving mail server is the same instance and is working with other mail traffic). For Nextcloud, I used the same credentials to logon to Nextcloud server and to confirm that the Directory Name folder exists under the home folder. Don't know how to check Google Drive independently (but that come later). :)
The important one for me right now is backup to Nextcloud. What else can I check (or set) to enable this functionality, please? Thanks.
Kind regards.
Post by: fabian on August 01, 2020, 09:36:25 am
Post by: baqwas on August 01, 2020, 08:33:44 pm
The error message on the page is:
The following input errors were detected:
Saved settings, but remote backup failed.
There are two (I think, :) entries related to the attempt to setup the backup to Nextcloud:
- Settings in JSON format
- "Cannot get real username"
In my ignorance, I used an active Nextcloud username at the first attempt and then after some reading used an OAuth id generated by Nextcloud for access by apps. Both attempts resulted in the same status message. In response to the prompt for the username field "The name you use for logging into your Nextcloud account" I did confirm that I can logon to Nextcloud using this username and the specified folder exists in the Nextcloud instance under that user's home folder. Obviously, this is some user authentication issue owing to my inability to understand the backup credential requirement since not a single Nextcloud username (even one with elevated privileges) seems to work for this setup.
I am presently on OPNsense 20.7 and Nextcloud 19.0.1. How can I meet the requirement for username to backup the configuration, please? Thanks.
Kind regards.[/list][/list]
Post by: fabian on August 01, 2020, 11:04:45 pm
Post by: baqwas on August 02, 2020, 12:03:12 am
Not LDAP & didn't use uuid (via Nextcloud issued OAuth) until the three Nextcloud account usernames failed to work. I'll keep on tinkering to see where I entered incorrect data. Obviously some disconnect at my end.
Kind regards.
Post by: omnidelic on August 30, 2020, 11:28:21 pm
Did you ever figure this out? I'm having the exact same issue and have tried all the things you mentioned.
Post by: qinohe on August 31, 2020, 01:46:01 am
Don't forget to enable the backup before you test, if you don't and than test, it would be a reason to get that message you see ;)
Greetings, mark
Post by: omnidelic on September 01, 2020, 04:46:24 pm
Post by: qinohe on September 01, 2020, 08:45:21 pm
Have you tried to recreate the whole setup without touching your backup dir. on NC?
Like create a new app PW etc.?
Do you have a user setup on NC solely for OPNsense backups, if not try and recreate that setup...
I didn't have any problems updating, though, both my OPNsense and NC are running on Proxmox, so the situation is different but the purpose is the same ;D
Greetings. mark
Post by: omnidelic on September 01, 2020, 10:09:27 pm
Post by: qinohe on September 01, 2020, 11:05:09 pm
See, in basics it's actually a very simple construct, OPNsense makes a backup and uploads the file to an online filesystem, almost similar to a NAS - I know it's not the same but that's beside the point... ;D
Okay, are you able to address the backup account you created with some client on Linux, Android or whatever client and are you able to see the content of the backup dir.(OPNsense) on NC, can you send a file to it?
BTW. are you sure the URL is correct?, and not that it should be 'https://192.168.1.100/nextcloud' or 'https://nextcloud.subdomain.tld'??
Post by: omnidelic on September 01, 2020, 11:45:22 pm
Post by: qinohe on September 02, 2020, 12:57:09 am
BTW. you're not the only one having issues with logging there should be a fix in 20.7.2, lets hope it works for everyone..
Post by: ReDaLeRt on October 16, 2020, 11:24:24 am
Thx, @Fabian.
The error message on the page is:
The following input errors were detected:
Saved settings, but remote backup failed.
There are two (I think, :) entries related to the attempt to setup the backup to Nextcloud:
- Settings in JSON format
- "Cannot get real username"
(...)
This is still an issue for me on OPNsense 20.7.3 and Nextcloud 19.0.4.
Code: [Select]
2020-10-16T10:15:55 config[31428] {"url":"https:\/\/192.168.10.67:443\/ocs\/v1.php\/cloud\/user","content_type":null,"http_code":0,"header_size":0,"request_size":0,"filetime":-1,"ssl_verify_result":1,"redirect_count":0,"total_time":0.022022,"namelookup_time":6.4e-5,"connect_time":0.000381,"pretransfer_time":0,"size_upload":0,"size_download":0,"speed_download":0,"speed_upload":0,"download_content_length":-1,"upload_content_length":-1,"starttransfer_time":0,"redirect_time":0,"redirect_url":"","primary_ip":"192.168.10.67","certinfo":[],"primary_port":443,"local_ip":"192.168.10.1","local_port":33230,"http_version":0,"protocol":2,"ssl_verifyresult":0,"scheme":"HTTPS","appconnect_time_us":0,"connect_time_us":381,"namelookup_time_us":64,"pretransfer_time_us":0,"redirect_time_us":0,"starttransfer_time_us":0,"total_time_us":22022}
2020-10-16T10:15:55 config[31428] Cannot get real username
Post by: hauwech on November 26, 2020, 07:59:22 am
Some news avaliable?
Post by: Gauss23 on November 26, 2020, 09:42:29 am
I'm using NextCloud backup on multiple boxes. NextCloud instance has a valid SSL cert though and is reached by hostname instead of IP. No issues.
Post by: fabian on November 27, 2020, 07:53:38 pm
Post by: qinohe on November 27, 2020, 10:44:12 pm
Just a guess but https://192.168.1.100 or whatever private IP address will never have a valid SSL certificate. Maybe it's failing because of that? Does it matter if you enter a correct or a wrong username/password combination?Valid? Sure it's valid if it's a self signed cert. Using an IP just because it's a local, don't make it less valid, it's just local.
You're restriction is you can only use it locally.
I have no idea what you mean with 'wrong username/password combination'??
Quote
I'm using NextCloud backup on multiple boxes. NextCloud instance has a valid SSL cert though and is reached by hostname instead of IP. No issues.I guess by valid you mean signed by a trusted third party{where trusted is what you believe) A locally signed cert. is just as valid and let me remind you, it's trust value not measurable higher ;)
Quote from: fabian
In theory you can have an IP address in the SAN. But I guess this is not the case here.Not only in theory, it's no problem to sign the local cert. SAN with both local IP and local hostname or one of them.
Post by: Gauss23 on November 27, 2020, 11:17:35 pm
I wanted to know if the error message is the same if you enter a wrong username/password combination? This would show if the curl request is being completed or not.
Post by: qinohe on November 27, 2020, 11:45:53 pm
Of course a wrong Uname/paswd would break the action.
Nextcloud has the app. paswd for that, you'd never need to worry the curl would work just fine also using self signed certs. no problem.
If you setup your local env. correctly using self signed certs there are no complaints by apps servers phones or whatever, just don't use them remotely unless you have a very good reason to do so, in fact better don't.
I looked for 'ssl_verify_result":1' ; no list seems to explain the meaning for ''1'
Later on in the line 'ssl_verifyresult":0' there seems nothing wrong.
Post by: lfirewall1243 on November 28, 2020, 08:34:09 am
Valid and trusted are two very different things in the world of certificates.Just import your self signed cert into the OPNsense
Of course a wrong Uname/paswd would break the action.
Nextcloud has the app. paswd for that, you'd never need to worry the curl would work just fine also using self signed certs. no problem.
If you setup your local env. correctly using self signed certs there are no complaints by apps servers phones or whatever, just don't use them remotely unless you have a very good reason to do so, in fact better don't.
I looked for 'ssl_verify_result":1' ; no list seems to explain the meaning for ''1'
Later on in the line 'ssl_verifyresult":0' there seems nothing wrong.
Post by: qinohe on November 28, 2020, 04:14:35 pm
Just import your self signed cert into the OPNsenseI'm not the one having problems ;D
Post by: lfirewall1243 on November 28, 2020, 06:37:41 pm
Ooops! Then the original poster !Just import your self signed cert into the OPNsenseI'm not the one having problems ;D
Post by: Flyinace2000 on March 12, 2021, 01:33:11 am
2021-03-11T19:26:40 config[36701] {"url":"https:\/\/nextcloud.willsisti.com\/ocs\/v1.php\/cloud\/user","content_type":null,"http_code":0,"header_size":0,"request_size":0,"filetime":-1,"ssl_verify_result":0,"redirect_count":0,"total_time":60.00686,"namelookup_time":0.000374,"connect_time":0,"pretransfer_time":0,"size_upload":0,"size_download":0,"speed_download":0,"speed_upload":0,"download_content_length":-1,"upload_content_length":-1,"starttransfer_time":0,"redirect_time":0,"redirect_url":"","primary_ip":"","certinfo":[],"primary_port":0,"local_ip":"","local_port":0,"http_version":0,"protocol":0,"ssl_verifyresult":0,"scheme":"","appconnect_time_us":0,"connect_time_us":0,"namelookup_time_us":374,"pretransfer_time_us":0,"redirect_time_us":0,"starttransfer_time_us":0,"total_time_us":60006860}
2021-03-11T19:26:40 config[36701] Cannot get real username
Post by: zibloon on March 24, 2021, 01:37:01 am
I can't get the Nextcloud backup feature to work either :(
- version of Nextcloud = 20.0.1 (hanssonit appliance) with a self-signed certificate
- version of OPNsense = 21.1-amd64
The log is:
Code: [Select]
Mar 23 21:55:27 OPNsense config[93546]: {"url":"https:\/\/192.168.8.13\/ocs\/v1.php\/cloud\/user","content_type":null,"http_code":0,"header_size":0,"request_size":0,"filetime":-1,"ssl_verify_result":18,"redirect_count":0,"total_time":0.024741,"namelookup_time":6.6e-5,"connect_time":0.000522,"pretransfer_time":0,"size_upload":0,"size_download":0,"speed_download":0,"speed_upload":0,"download_content_length":-1,"upload_content_length":-1,"starttransfer_time":0,"redirect_time":0,"redirect_url":"","primary_ip":"192.168.8.13","certinfo":[],"primary_port":443,"local_ip":"192.168.8.1","local_port":62449,"http_version":0,"protocol":2,"ssl_verifyresult":0,"scheme":"HTTPS","appconnect_time_us":0,"connect_time_us":522,"namelookup_time_us":66,"pretransfer_time_us":0,"redirect_time_us":0,"starttransfer_time_us":0,"total_time_us":24741} based on https://www.openssl.org/docs/man1.0.2/man1/verify.html "ssl_verify_result":18 means "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate"
I did create an exception in Firefox to accept my Nextcloud self signed certificate so I just exported the .pem certificate from Firefox and imported it in OPNsense (in System: Trust: Authorities). Now the log is:
Code: [Select]
Mar 23 23:41:26 OPNsense config[60343]: {"url":"https:\/\/192.168.8.13\/ocs\/v1.php\/cloud\/user","content_type":null,"http_code":0,"header_size":0,"request_size":0,"filetime":-1,"ssl_verify_result":1,"redirect_count":0,"total_time":0.023768,"namelookup_time":4.4e-5,"connect_time":0.00064,"pretransfer_time":0,"size_upload":0,"size_download":0,"speed_download":0,"speed_upload":0,"download_content_length":-1,"upload_content_length":-1,"starttransfer_time":0,"redirect_time":0,"redirect_url":"","primary_ip":"192.168.8.13","certinfo":[],"primary_port":443,"local_ip":"192.168.8.1","local_port":34026,"http_version":0,"protocol":2,"ssl_verifyresult":0,"scheme":"HTTPS","appconnect_time_us":0,"connect_time_us":640,"namelookup_time_us":44,"pretransfer_time_us":0,"redirect_time_us":0,"starttransfer_time_us":0,"total_time_us":23768} "ssl_verify_result":1 looks like a generic error so I don't know where else to search...
I read the documentation at https://docs.opnsense.org/manual/how-tos/self-signed-chain.html#a-chain-for-your-local-nextcloud-server but if I understand correctly, I don't need that as my Nextcloud server already has its own self-signed certificate.
Do you have any idea of what is happening?
Post by: lfirewall1243 on March 24, 2021, 09:27:13 pm
Have you selected your NC IP address or FQND?
Post by: pankaj on March 25, 2021, 03:20:50 am
I think I’m having the same issue. I’ve tried w/ both my actual username/password and the application specific generated credentials. Here are the relevant logs
2021-03-11T19:26:40 config[36701] {"url":"https:\/\/nextcloud.willsisti.com\/ocs\/v1.php\/cloud\/user","content_type":null,"http_code":0,"header_size":0,"request_size":0,"filetime":-1,"ssl_verify_result":0,"redirect_count":0,"total_time":60.00686,"namelookup_time":0.000374,"connect_time":0,"pretransfer_time":0,"size_upload":0,"size_download":0,"speed_download":0,"speed_upload":0,"download_content_length":-1,"upload_content_length":-1,"starttransfer_time":0,"redirect_time":0,"redirect_url":"","primary_ip":"","certinfo":[],"primary_port":0,"local_ip":"","local_port":0,"http_version":0,"protocol":0,"ssl_verifyresult":0,"scheme":"","appconnect_time_us":0,"connect_time_us":0,"namelookup_time_us":374,"pretransfer_time_us":0,"redirect_time_us":0,"starttransfer_time_us":0,"total_time_us":60006860}
2021-03-11T19:26:40 config[36701] Cannot get real username
I was getting the same error and resolved it with following steps:
1. From profile icon (NextCloud account), under Security create an app specific password
2. In OPNSense add following items:
a. Enable backup under NextCloud
b. URL: https://nextcloud.willsisti.com (mine is with linuxfabrik.io just in case you want to give it a try)
c. Username: your email for NC account
d. Password: generated in step 1)
e. Encryption: leave it blank for now but change it later
f. Directory name: leave blank for now to save at the root but you can change it later
3.Click on Setup/Test, and wait few seconds for backup to be created and uploaded to root directory of NC account
The above steps worked for me, hope it solves your problem.
Post by: zibloon on March 27, 2021, 06:22:03 pm
Show your Backup config please.
- Enable = ticked
- URL = https://192.168.8.13
- User Name = <username>
- Password = <app_generated_password_for_username>
- Encryption Password = blank
- Directory Name = opnsense_backup
Have you selected your NC IP address or FQND?
I have selected the IP (192.168.8.13) because my nextcloud is only accessible through LAN (not opened to the internet)
I was getting the same error and resolved it with following steps:
1. From profile icon (NextCloud account), under Security create an app specific password
2. In OPNSense add following items:
a. Enable backup under NextCloud
b. URL: https://nextcloud.willsisti.com (mine is with linuxfabrik.io just in case you want to give it a try)
c. Username: your email for NC account
d. Password: generated in step 1)
e. Encryption: leave it blank for now but change it later
f. Directory name: leave blank for now to save at the root but you can change it later
3.Click on Setup/Test, and wait few seconds for backup to be created and uploaded to root directory of NC account
The above steps worked for me, hope it solves your problem.
I did exactly the same except I am using the IP of Nextcloud (it has no FQDN) and the Directory Name which can't be left blank (or it generates the error "The Backup Directory can only consist of alphanumeric characters, dash, underscores and slash. No leading or trailing slash.")
I am pretty sure this is a certificate issue. Again, my Nextcloud is not accessible from the internet so I am using self-signed certificate which was generated during installation of Nextcloud (not corresponding to a FQDN). I had no problem to import this certificate in Firefox or Thunderbird though...
Any clue?
Thanks for any help!
Post by: lfirewall1243 on March 28, 2021, 08:40:48 pm
Hello and thanks for your answers,You'll need to import your self signed cert on the OPNsenseShow your Backup config please.
- Enable = ticked
- URL = https://192.168.8.13
- User Name = <username>
- Password = <app_generated_password_for_username>
- Encryption Password = blank
- Directory Name = opnsense_backup
Have you selected your NC IP address or FQND?
I have selected the IP (192.168.8.13) because my nextcloud is only accessible through LAN (not opened to the internet)I was getting the same error and resolved it with following steps:
1. From profile icon (NextCloud account), under Security create an app specific password
2. In OPNSense add following items:
a. Enable backup under NextCloud
b. URL: https://nextcloud.willsisti.com (mine is with linuxfabrik.io just in case you want to give it a try)
c. Username: your email for NC account
d. Password: generated in step 1)
e. Encryption: leave it blank for now but change it later
f. Directory name: leave blank for now to save at the root but you can change it later
3.Click on Setup/Test, and wait few seconds for backup to be created and uploaded to root directory of NC account
The above steps worked for me, hope it solves your problem.
I did exactly the same except I am using the IP of Nextcloud (it has no FQDN) and the Directory Name which can't be left blank (or it generates the error "The Backup Directory can only consist of alphanumeric characters, dash, underscores and slash. No leading or trailing slash.")
I am pretty sure this is a certificate issue. Again, my Nextcloud is not accessible from the internet so I am using self-signed certificate which was generated during installation of Nextcloud (not corresponding to a FQDN). I had no problem to import this certificate in Firefox or Thunderbird though...
Any clue?
Thanks for any help!
Post by: pankaj on March 28, 2021, 08:58:13 pm
I did exactly the same except I am using the IP of Nextcloud (it has no FQDN) and the Directory Name which can't be left blank (or it generates the error "The Backup Directory can only consist of alphanumeric characters, dash, underscores and slash. No leading or trailing slash.")
I am pretty sure this is a certificate issue. Again, my Nextcloud is not accessible from the internet so I am using self-signed certificate which was generated during installation of Nextcloud (not corresponding to a FQDN). I had no problem to import this certificate in Firefox or Thunderbird though...
Any clue?
Since this (Next Cloud) is a built in integration it will not surprise me if the developers leaned in favor of security in which case self signed certificates may not work. Here are few ways to try different things:
1. Use a service like "Let's Encrypt" to make a FQDN work just in case above premise is true - https://www.youtube.com/watch?v=IR41duTqN6Y (https://www.youtube.com/watch?v=IR41duTqN6Y)
2. Since this is an internal LAN, there are other ways to make things reliable like isolating machines using VLANs and then you can use simple local archive or rsync to move configuration files between machines.
While I understand that https is more secure than http but overusing it on LAN is the equivalent of adding a bolted lock on each cabinet inside the house. But if there are legit reasons for you to use https for every service on LAN then you may want to rethink topology again.
In my house, I have few VLANs which provides such convenience:
- GuestWiFi is the most restrictive VLAN and does not have access to any other LAN/VLANs
- IoTs have some restricted services available (mostly on host basis)
- Working machines have most liberal access
- Management machines is also very restrictive and this VLAN is used for managing L2 switches and Idrac for server machines. On this VLAN, I collect all the logs centrally and do not feel the need to use https because it is isolated from other subnets using VLAN.
Hope this helps.
Post by: rwbrt on April 15, 2021, 08:42:59 pm
I'm facing the same issue or at least it looks the same from the error.
I'd like to backup to my self-hosted Nextcloud instance. It's publicly reachable with a valid Letsencrypt SSL certificate. There's a NAT in place mapping port 443 to the k8s ingress.
While it's working fine from the LAN, WAN and Guest-LAN I cannot reach the NC service from the OpnSense appliance itself:
Code: [Select]
root@OPNsense:~ # nc -v opnsense.org 443
Connection to opnsense.org 443 port [tcp/https] succeeded!
root@OPNsense:~ # nc -v my-nextcloud.xyz 443
nc: connect to my-nextcloud.xyz port 443 (tcp) failed: Operation timed out
I'm probably missing the obvious, but I just can't figure out why this wouldn't work.... :(
Update: I create a DNS override for *.my-nextcloud.xyz (this is just an example, obviously) which seems to do the trick. I'd still be interested why it didn't work without that, but at least it's working now... :)
Post by: drewhemm on May 12, 2021, 01:22:20 am
Code: [Select]
vi /usr/local/opnsense/mvc/app/library/OPNsense/Backup/Nextcloud.phpadd the following lines to the curl_setopt_array:
Code: [Select]
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false,This is how the array looks now:
Code: [Select]
curl_setopt_array($curl, array(
CURLOPT_URL => $url,
CURLOPT_CUSTOMREQUEST => $method, // Create a file in WebDAV is PUT
CURLOPT_RETURNTRANSFER => true, // Do not output the data to STDOUT
CURLOPT_VERBOSE => 0, // same here
CURLOPT_MAXREDIRS => 0, // no redirects
CURLOPT_TIMEOUT => 60, // maximum time: 1 min
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_USERPWD => $username . ":" . $password,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_HTTPHEADER => $headers
));After doing this, I was able to backup my config to my Nextcloud instance without error.
It would be nice if this was driven by a 'Skip SSL verification' checkbox in the UI, which would require the following changes in the PHP code:
Code: [Select]
public function curl_request(
$url,
$username,
$password,
$method,
$error_message,
$postdata = null,
$headers = array("User-Agent: OPNsense Firewall"),
$verify_ssl = true # additional parameter
) {
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => $url,
CURLOPT_CUSTOMREQUEST => $method, // Create a file in WebDAV is PUT
CURLOPT_RETURNTRANSFER => true, // Do not output the data to STDOUT
CURLOPT_VERBOSE => 0, // same here
CURLOPT_MAXREDIRS => 0, // no redirects
CURLOPT_TIMEOUT => 60, // maximum time: 1 min
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_USERPWD => $username . ":" . $password,
CURLOPT_SSL_VERIFYHOST => $verify_ssl, // verify ssl unless explicitly asked not to
CURLOPT_SSL_VERIFYPEER => $verify_ssl, // same here
CURLOPT_HTTPHEADER => $headers
));
// Code continues as before...
}
Alternatively, it is possible to tell curl which CA certificate to trust:
Code: [Select]
curl_setopt($ch, CURLOPT_CAINFO, '/etc/ssl/certs/cacert.pem');That way, verification can be kept on, but a custom CA cert can be used.
One of these methods will be required when using a Nextcloud instance in an isolated network where Let's Encrypt won't work (because it requires a publicly-resolvable DNS record) and self-signed or private CA certs will not work out of the box.
Post by: shelter_ on May 16, 2021, 10:21:05 pm
Post by: fabian on May 17, 2021, 10:42:53 am
Post by: mainmachine on November 01, 2021, 06:04:46 pm
I had the same "Cannot get real username" error, but in my case I was already using an FQDN and a trusted Letsencrypt cert.
The root cause for me was that the directory I chose already existed, and the solution was to remove that directory in NC and then re-run the "Setup/Test" again. Doing so, the test succeeded and the directory was created and populated with a single XML backup on my NC server.
Post by: Flyinace2000 on November 21, 2021, 01:54:55 am
I've registered just to add this:
I had the same "Cannot get real username" error, but in my case I was already using an FQDN and a trusted Letsencrypt cert.
The root cause for me was that the directory I chose already existed, and the solution was to remove that directory in NC and then re-run the "Setup/Test" again. Doing so, the test succeeded and the directory was created and populated with a single XML backup on my NC server.
I'm back working on this. This still returned the same error for me in the logs.
My NC instance is running on an UnRaid server (docker) and uses SWAG (letsencrypt) for the reversely proxy and cents. Both machines are on the same subnet.
Post by: fabian on November 21, 2021, 06:42:07 pm
https://github.com/opnsense/plugins/blob/master/sysutils/nextcloud-backup/src/opnsense/mvc/app/library/OPNsense/Backup/Nextcloud.php#L283
It is used to get the real user id if the user is an LDAP user.
However it might be a sign, that your server is misconfigured, not reachable or OPNsense does not trust that particular certificate (afaik there was an issue with some LE certificates).
Post by: slackadelic on December 20, 2021, 09:46:46 pm
I then decided to check https://docs.opnsense.org for Backup configuration when it comes to Nextcloud.
Right there in the docs was the smoking gun. Generating an app password.
Once I generated the app password, submitted that to Nextcloud, then updated OPNsense configuration to use that for the account for backup, WHAM! Works a charm.
Hope this helps someone else!
Post by: ChrisChros on February 03, 2022, 09:10:18 pm
@drewhemm by default, curl uses the system's cert store. Where you can install the certificates and it will work. It is far better than building a backdoor or use it in a way that it will not survive the next update.
Hi,
I am also not able to store my backup within Nextcloud. Nextcloud is running as a plugin in TrueNAS with its own IP. It looks like that SSL is activated during the installation process. When I type in the IP to the browser it will show https://192.168.1.18.
Within TrueNAS I exported the certificate and the privat key. In OPNsense I added a new certificat in SYSTEM: TRUST: CERTIFICATES and imported the content of both files to the related fields.
After that I tried to save and test my nextcloud backup configuration but I still get the message
Code: [Select]
The following input errors were detected:
Saved settings, but remote backup failed.
Can someone please assist to get every thing running without creating backdoors
Post by: fabian on February 04, 2022, 07:23:07 pm
Post by: MarBec on March 07, 2022, 02:14:25 pm
Our nextcloud runs with a valid Let's Encrypt certificate and is available over the internet.
I imported the certificates into opnsense, just to test. The whole chain and even the server certificate.
That didn't work.
Interestingly our ssl_verify_result is *1* . One is not even a valid error, according to some documentation the command should return 0 for "AOK" or 2+ for various error codes. 1 seems to be a "misc error".
Nextcloud is set up with LDAP. The user used has been logged in once and has all needed permissions and enough space provisioned.
Tested with the target folder existing and not existing.
Tested with the "CURL_SSL" options further up in this thread, but that changed nothing.
Here is the whole edited result:
Code: [Select]
{"url":"https:\/\/[URL REDACTED]\/ocs\/v1.php\/cloud\/user","content_type":null,"http_code":0,"header_size":0,"request_size":0,"filetime":-1,"ssl_verify_result":1,"redirect_count":0,"total_time":0.009638,"namelookup_time":0.000617,"connect_time":0.00078,"pretransfer_time":0,"size_upload":0,"size_download":0,"speed_download":0,"speed_upload":0,"download_content_length":-1,"upload_content_length":-1,"starttransfer_time":0,"redirect_time":0,"redirect_url":"","primary_ip":"[IP REDACTED]","certinfo":[],"primary_port":443,"local_ip":"[IP REDACTED]","local_port":13732,"http_version":0,"protocol":2,"ssl_verifyresult":0,"scheme":"HTTPS","appconnect_time_us":0,"connect_time_us":780,"namelookup_time_us":617,"pretransfer_time_us":0,"redirect_time_us":0,"starttransfer_time_us":0,"total_time_us":9638}I don't like to necro a thread, but this seems to be something else wrong with the plugin?
Post by: olafj on April 20, 2022, 08:14:59 pm
Post by: t-i-m on April 21, 2022, 11:44:34 am
We are on OPNsense 22.1.6-amd64 with OpenSSL and facing this problem, too.
Our Nextcloud is a plain stand-alone installation, no NAS plugin, Docker or something else.
The Nextcloud's certificate was created with our OPNsense internal CA. Nevertheless the backup on our Nextcloud fails with "ssl_verify_result":20.
A quick test via SSH with curl und openssl s_client also fails.
Code: [Select]
curl: (60) SSL certificate problem: unable to get local issuer certificate
openssl: Verify return code: 21 (unable to verify the first certificate)As the Nextcloud’s certificate was provided by OPNsense internal CA it looks like OPNsense doesn’t trust itself anymore.
THX
Tim
Post by: fabian on April 22, 2022, 08:37:38 pm
Post by: olthana on May 22, 2022, 01:29:13 am
I had the same issue and find a way throught. If like me you are on local env and don't want to struggle with cert, in opnsense backup config for nextcloud, just remove the "s" of https of your NextCloud URL. It works for me.
Post by: Vexz on October 23, 2022, 08:51:15 pm
Code: [Select]
{"url":"https:\/\/nextcloud.alnas.myds.me\/remote.php\/dav\/files\/Alex\/","content_type":"application\/xml; charset=utf-8","http_code":401,"header_size":1498,"request_size":183,"filetime":-1,"ssl_verify_result":20,"redirect_count":0,"total_time":0.269697,"namelookup_time":0.000562,"connect_time":0.201475,"pretransfer_time":0.204676,"size_upload":0,"size_download":299,"speed_download":1108,"speed_upload":0,"download_content_length":299,"upload_content_length":0,"starttransfer_time":0.269635,"redirect_time":0,"redirect_url":"","primary_ip":"10.0.0.2","certinfo":[],"primary_port":443,"local_ip":"10.0.0.1","local_port":56185,"http_version":2,"protocol":2,"ssl_verifyresult":0,"scheme":"HTTPS","appconnect_time_us":204594,"connect_time_us":201475,"namelookup_time_us":562,"pretransfer_time_us":204676,"redirect_time_us":0,"starttransfer_time_us":269635,"total_time_us":269697}and
Code: [Select]
Error while fetching filelist from Nextcloud '/.' path
Post by: Vexz on November 06, 2022, 03:01:56 pm
I get the following error(s). Does anybody know what to do to fix it/them?I figured it out now. Nextcloud is a bit tricky.Code: [Select]{"url":"https:\/\/nextcloud.alnas.myds.me\/remote.php\/dav\/files\/Alex\/","content_type":"application\/xml; charset=utf-8","http_code":401,"header_size":1498,"request_size":183,"filetime":-1,"ssl_verify_result":20,"redirect_count":0,"total_time":0.269697,"namelookup_time":0.000562,"connect_time":0.201475,"pretransfer_time":0.204676,"size_upload":0,"size_download":299,"speed_download":1108,"speed_upload":0,"download_content_length":299,"upload_content_length":0,"starttransfer_time":0.269635,"redirect_time":0,"redirect_url":"","primary_ip":"10.0.0.2","certinfo":[],"primary_port":443,"local_ip":"10.0.0.1","local_port":56185,"http_version":2,"protocol":2,"ssl_verifyresult":0,"scheme":"HTTPS","appconnect_time_us":204594,"connect_time_us":201475,"namelookup_time_us":562,"pretransfer_time_us":204676,"redirect_time_us":0,"starttransfer_time_us":269635,"total_time_us":269697}
andCode: [Select]Error while fetching filelist from Nextcloud '/.' path
You have to create an app password and use that instead of the password of your username. To create it you need to go to your user settings in your Nextcloud account and there to the security tab. Scroll all the way down. On the bottom you'll see a text field for an app-name and a button to create the password. Choose a speaking app-name. I named mine "OPNsense".
Now on your OPNsense you have to use your username and instead of your password from your login credentials you need to use the app-password you've just created.
I hope this helps a lost soul.
Post by: ChrisChros on November 07, 2022, 10:29:11 pm
Post by: dudeman21 on February 02, 2023, 02:46:05 pm
I have a nextcloud instance that is working correctly with a lets encrypt certificate. I remade the app password incase that was the issue. I also told it to use another directory since the default backup directory is what was previously being used and had lots of backup files already. None of these options worked.
Code: [Select]
2023-02-02T05:40:53-08:00 Error php-cgi Check Nextcloud configuration parameters
2023-02-02T05:40:53-08:00 Error php-cgi {"url":"https:\/\/nextcloud.redacted.ca:8443\/remote.php\/dav\/files\/apps\/","content_type":null,"http_code":0,"header_size":0,"request_size":0,"filetime":-1,"ssl_verify_result":0,"redirect_count":0,"total_time":60.01651,"namelookup_time":0.000639,"connect_time":0,"pretransfer_time":0,"size_upload":0,"size_download":0,"speed_download":0,"speed_upload":0,"download_content_length":-1,"upload_content_length":-1,"starttransfer_time":0,"redirect_time":0,"redirect_url":"","primary_ip":"","certinfo":[],"primary_port":0,"local_ip":"","local_port":0,"http_version":0,"protocol":0,"ssl_verifyresult":0,"scheme":"","appconnect_time_us":0,"connect_time_us":0,"namelookup_time_us":639,"pretransfer_time_us":0,"redirect_time_us":0,"starttransfer_time_us":0,"total_time_us":60016510}
2023-02-02T05:40:53-08:00 Error php-cgi Error while fetching filelist from Nextcloud '/.' pathanyone know why it would be working before but not with the new nextcloud plugin?
Post by: Tismofied on March 26, 2023, 12:23:15 am
Same here. Nextcloud runs in Proxmox in the home network. A solution would be very nice.
did you ever find a solution?