search

danb35 / freenas-iocage-nextcloud

Script to create an iocage jail on FreeNAS for the latest Nextcloud 28 release, including Caddy, MariaDB or PostgreSQL, and Let's Encrypt
GNU General Public License v3.0
258 stars 71 forks source link

Cannot reach my nextcloud instance... restarting Caddy fixes it. #78

Closed vroomr closed 4 years ago

vroomr commented 4 years ago

Have it with some regularity, and I do not know why.

Try to access my Nextcloud, and it is not running. I enter a shell, service caddy restart and everything is great.

Don't know where to look to fix. Tried adding caddy-restart.sh to crontab, but does not seem to help.

Currently on FreeNAS 11.3 Beta, with NC17.

danb35 commented 4 years ago

Don't know where to look to fix.

Start with the Caddy log at /var/log/caddy.log--it should tell you why it's stopping.

On Thu, Dec 12, 2019 at 8:04 AM vroomr notifications@github.com wrote:

Have it with some regularity, and I do not know why.

Try to access my Nextcloud, and it is not running. I enter a shell, service caddy restart and everything is great.

Don't know where to look to fix. Tried adding caddy-restart.sh to crontab, but does not seem to help.

Currently on FreeNAS 11.3 Beta, with NC17.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/danb35/freenas-iocage-nextcloud/issues/78?email_source=notifications&email_token=AC4PNH6H7QDC4XLKTAN6BXTQYIZGTA5CNFSM4JZ6GWQKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IABOMSQ, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC4PNHYKMCG4NHFXUMUECUTQYIZGTANCNFSM4JZ6GWQA .

vroomr commented 4 years ago

hmmmm. Currently not working. Last lines are: 2019/12/13 03:56:16 set tcp 192.XXX.XXX.XXX:XXXX->82.202.249.205:39251: setsockopt: connection reset by peer 2019/12/13 04:21:56 [INFO][cache:0xc0000d2a50] Scanning for stale OCSP staples 2019/12/13 04:21:56 [INFO][cache:0xc0000d2a50] Done checking OCSP staples 2019/12/13 05:21:56 [INFO][cache:0xc0000d2a50] Scanning for stale OCSP staples 2019/12/13 05:21:56 [INFO][cache:0xc0000d2a50] Done checking OCSP staples 2019/12/13 06:21:56 [INFO][cache:0xc0000d2a50] Scanning for stale OCSP staples 2019/12/13 06:21:56 [INFO][cache:0xc0000d2a50] Done checking OCSP staples 2019/12/13 07:21:56 [INFO][cache:0xc0000d2a50] Scanning for stale OCSP staples 2019/12/13 07:21:56 [INFO][cache:0xc0000d2a50] Done checking OCSP staples 2019/12/13 08:21:56 [INFO][cache:0xc0000d2a50] Scanning for expiring certificates 2019/12/13 08:21:56 [INFO][cache:0xc0000d2a50] Done scanning certificates 2019/12/13 08:21:56 [INFO][cache:0xc0000d2a50] Scanning for stale OCSP staples 2019/12/13 08:21:56 [INFO][cache:0xc0000d2a50] Done checking OCSP staples 2019/12/13 09:21:56 [INFO][cache:0xc0000d2a50] Scanning for stale OCSP staples 2019/12/13 09:21:56 [INFO][cache:0xc0000d2a50] Done checking OCSP staples 2019/12/13 10:21:56 [INFO][cache:0xc0000d2a50] Scanning for stale OCSP staples 2019/12/13 10:21:56 [INFO][cache:0xc0000d2a50] Done checking OCSP staples 2019/12/13 11:21:56 [INFO][cache:0xc0000d2a50] Scanning for stale OCSP staples 2019/12/13 11:21:56 [INFO][cache:0xc0000d2a50] Done checking OCSP staples 2019/12/13 12:21:56 [INFO][cache:0xc0000d2a50] Scanning for stale OCSP staples 2019/12/13 12:21:56 [INFO][cache:0xc0000d2a50] Done checking OCSP staples 2019/12/13 13:21:56 [INFO][cache:0xc0000d2a50] Scanning for stale OCSP staples 2019/12/13 13:21:56 [INFO][cache:0xc0000d2a50] Done checking OCSP staples 2019/12/13 13:50:32 [INFO] SIGTERM: Shutting down servers then terminating 2019/12/13 13:50:32 [INFO][cache:0xc0000d2a50] Stopped certificate maintenance routine

Also, maybe noteworthy, maybe not, but there is lots of noise about stuff not looking like a TLS handshake.

2019/12/13 03:55:30 http: TLS handshake error from 76.65.215.21:48796: tls: first record does not look like a TLS handshake 2019/12/13 03:55:31 http: TLS handshake error from 93.115.28.171:63375: EOF 2019/12/13 03:55:36 http: TLS handshake error from 139.162.108.129:38768: EOF 2019/12/13 03:55:36 http: TLS handshake error from 139.162.108.129:44472: tls: first record does not look like a TLS handshake 2019/12/13 03:55:42 http: TLS handshake error from 139.162.108.129:44562: unexpected EOF 2019/12/13 03:55:42 http: TLS handshake error from 139.162.108.129:46506: tls: first record does not look like a TLS handshake 2019/12/13 03:55:42 http: TLS handshake error from 139.162.108.129:46690: tls: first record does not look like a TLS handshake 2019/12/13 03:55:48 http: TLS handshake error from 112.85.42.195:64418: tls: first record does not look like a TLS handshake

Any ideas?

PrivatePuffin commented 4 years ago

Okey looking at this again we need a few things to be able to help and/or reproduce:

  1. Your config for running this script.
  2. The error log (including startup of caddy would be nice)

Tried installing with quite a few configurations... Never had this issue.

PrivatePuffin commented 4 years ago

@vroomr I know yours issue: 2019/12/13 03:55:30 http: TLS handshake error from 76.65.215.21:48796: tls: first record does not look like a TLS handshake

Is the error you get when SNI mismatches. This happens for example when you put a reverse proxy in front of Nextcloud that doesn't forward SNI correctly.

Simply put: Caddy (by default) requires the SSL request to include a reference to the domain name, if it doesn't it freaks out. A fix for this is to set "default-sni" in the caddy config. Sadly enough @danb35 Rejected my proposal to include this. But that being said: This most likely your issue and/or your solution.

As this is quite old, you got a proposed solution now and we didn't hear anything, I think this can be closed... agree @danb35 ?

vroomr commented 4 years ago

Thanks @Ornias1993 . Good with me to close it :)