Nextcloud not accessible in virtual host

NethServer Version: NethServer release 7.6.1810
Module: nethserver-nextcloud

Hi there,

there is big trouble in little china here :wink: I just installed nextcloud.

  • Installed nextcloud via web interface
  • got access via mydomain.tld
  • went to webpage, changed to mysql, got new admin user, …
  • everything went OK and works really fine

Then I created a new virtual host files.mydomain.tld. This is for historical reasons - my old owncloud installation ran on this (sub)domain. I do not want to change everything on my devices.

  • opened web-gui -> virtual host -> edit: enable ssl

  • web-gui certs -> got an letsencrypt cert -> added it to the virtual host

  • according to module configuration page I did:

    config setprop nextcloud VirtualHost files.mydomain.tld
    config setprop nextcloud TrustedDomains files.mydomain.tld
    signal-event nethserver-nextcloud-update

    [root@nethserver ~]# config show nextcloud
    nextcloud=configuration
    TrustedDomains=files.mydomain.tld
    VirtualHost=files.mydomain.tld
    Wellknown=disabled

When I look into the /etc/httpd/conf.d/zz_nextcloud.conf (see at the end) everything seams to be OK.

BUT, when I open the domain for the virtual host, files.mydomain.tld I only see the default webpage of nextcloud.

Any help would be appreciated.

In the next step I like to alter the installation for getting access to nextcloud only via VPN. Then there will be again a complete HowTo :wink:

Cheers Axel

P.S.:

[root@nethserver ~]# cat /etc/httpd/conf.d/zz_nextcloud.conf 
# ================= DO NOT MODIFY THIS FILE =================
# 
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
# 
<VirtualHost *:80>
    IncludeOptional conf.d/default-virtualhost.inc
</VirtualHost>

<VirtualHost *:80>
   ServerName files.mydomain.tld
   RedirectMatch 301 ^(?!/.well-known/acme-challenge/).* https://files.mydomain.tld
</VirtualHost>

<VirtualHost *:80>
  ServerName files.mydomain.tld
  Redirect / https://files.mydomain.tld/
</VirtualHost>

<VirtualHost *:443>
  ServerName files.mydomain.tld
  SSLEngine on
  RewriteCond %{HTTPS} !=on
  RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

  Alias / "/usr/share/nextcloud/"
  <Directory "/usr/share/nextcloud">
    Options +FollowSymLinks
    AllowOverride All
    Require all granted

    <IfModule mod_dav.c>
      Dav off
    </IfModule>

    <IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=15552000"
    </IfModule>

    <FilesMatch \.php$>
      SetHandler "proxy:fcgi://127.0.0.1:9002"
    </FilesMatch>

    SetEnv HOME /usr/share/nextcloud
    SetEnv HTTP_HOME /usr/share/nextcloud
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
  </Directory>

  <Directory "/usr/share/nextcloud/data/">
    # just in case if .htaccess gets disabled
    Require all denied
  </Directory>
</VirtualHost>

What do you mean? Can you post a screenshot?
Have you already tried to use another browser and restart httpd?

Hi Federico,

thanks for your answer.

I also tried index.php, index.html, /nextcloud/ … in the browser.

And yes, caching could be tricky: therefore tried chrome, chrome-private, firefox-private with the same result.

Httpd restarted, signal-events for httpd, for the zz_nextcloud.conf, … processed.

Reinstalled nethserver-nextcloud and nextcloud.

And that’s what I see: simply the default webpage.

And: when I remove the virtual host and the entries in the module configuration, it works … I am sure, we find the case, but I have to go to bed now. Tomorrow I’ll give it another try :wink:

Has the server the same fqdn as the files virtual host?
You can check the order the web server is parsing virtual hosts:

httpd -S

Ha: yes it has:

     #-> this one domain (of many)
     port 443 namevhost mydomain.tld (/etc/httpd/conf.d/virtualhosts.conf:171)  
     #-> this should be nextclouds domain 
     port 443 namevhost files.mydomain.tld (/etc/httpd/conf.d/virtualhosts.conf:280)

But in the Virtual Hosts page what do you see?

image

Sorry @Axel_Pospischil.
Could you post the result of db vhosts show ?

No problem. Your help is appreciated :wink: I stroke some domains:

[root@nethserver ~]# db vhosts show 
mydomain.tld=vhost
    Access=public
    Description=
    ForceSslStatus=enabled
    FtpPassword=
    FtpStatus=disabled
    Indexes=disabled
    PasswordStatus=disabled
    PhpAllowUrlfOpen=disabled
    PhpMaxExecTime=disabled
    PhpMaxFileUploads=disabled
    PhpMemoryLimit=0
    PhpPostMaxSize=0
    PhpUpMaxFileSize=0
    PhpVersion=php56
    ServerNames=mydomain.tld
    SslCertificate=/etc/letsencrypt/live/mydomain.tld/cert.pem
    status=enabled
default=vhost
    Description=Default virtual host
    FtpPassword=
    FtpStatus=disabled
files.mydomain.tld=vhost
    Access=public
    Description=Vhost for nextcloud
    ForceSslStatus=enabled
    FtpStatus=disabled
    Indexes=disabled
    PasswordStatus=disabled
    PhpAllowUrlfOpen=enabled
    PhpMaxExecTime=disabled
    PhpMaxFileUploads=disabled
    PhpMemoryLimit=0
    PhpPostMaxSize=0
    PhpUpMaxFileSize=0
    PhpVersion=default
    ServerNames=files.mydomain.tld
    SslCertificate=/etc/letsencrypt/live/files.mydomain.tld/cert.pem
    status=enabled
wiki.mydomain.tld=vhost
    Access=public
    Description=
    DirectoryMediawiki=enabled
    ForceSslStatus=enabled
    FtpStatus=disabled
    Indexes=disabled
    PasswordStatus=disabled
    PhpAllowUrlfOpen=enabled
    PhpMaxExecTime=disabled
    PhpMaxFileUploads=disabled
    PhpMemoryLimit=0
    PhpPostMaxSize=0
    PhpUpMaxFileSize=0
    PhpVersion=php70
    ServerNames=wiki.mydomain.tld
    SslCertificate=/etc/letsencrypt/live/wiki.mydomain.tld/cert.pem
    status=enabled

Have you created files.mydomain.ltd virtual host by yourself? Goes in Virtual Host page from Server Manager on port 980 and try disable files.mydomain.ltd Virtual Host. Then goes on nextcloud page.
It’s not necessary.

Yes/no :wink: - with the nethserver-webgui and the virtual hosts tool.

When I remove the vhost, the side ist not accessible at all (certificate failure).

Do you mean, it is enough to make the entries in the nethserver-nextcloud configuration on commandline?

config setprop nextcloud VirtualHost files.mydomain.tld

Probably it use the NethServer default certificate. Continue and you will see NextCloud login!
Check the default certificate at “Server Certificate” in the Server Manager. Set Let’s Encrypt as default :slight_smile:

With modern browsers one cannot simply continue any more - so no, won’t work. Would be fine (cert is cert). OK, so I will dig into this deeper. But a correct solution should use an letsencrypt cert.

I am sure, I will find the reason behind this. Could not be a real big deal.

Thanks a lot Federico and good night until these days …

Cheers, Axel

If you do this you’ll solve the problem :slight_smile: and can access your nextcloud over vaild HTTPS certificate.

1 Like

Hi Federico,

thanks for your kind advice. But 1. I could not get this running and 2. that’s not what I want (and I think is not the right thing how it should be done).

The way that should work is, that the “virtual host” mechanism can be used out of the box. The nethserver-handbook says about how to configure a custom virtual host with nextcloud:

config setprop nextcloud VirtualHost files.mydomain.tld config setprop nextcloud TrustedDomains files.mydomain.tld
signal-event nethserver-nextcloud-update

If you use let’s encrypt remember to add the domain name to the proper list.

Solution (partly):

After digging into the config files today, I could solve the problem very easily by adding the necessary certificates to the apache config file manually.

[root@nethserver conf.d]# pwd
/etc/httpd/conf.d

[root@nethserver conf.d]# vim zz_nextcloud.conf
<VirtualHost *:443>
    ServerName files.blue-it.org
    SSLEngine on
    RewriteCond %{HTTPS} !=on
    RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI}       [END,QSA,R=permanent]
 
SSLCertificateFile "/etc/letsencrypt/live/files.mydomain.tld/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/files.mydomain.tld/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/files.mydomain.tld/chain.pem"

Voilà. Works.

But there remain two problems

  1. Temporarily: how to make this permanent with e-smith
  2. Long term: why does this not work with the virtual hosts mechanism of nethserver as shown in the handbook? This would also make it possible to change the php version used. And I think, it is the right way to do it.

Any idea?

Cheers, Axel

You do not need to create a vhost in nethserver-webgui. Please delete it and try again. The apache vhost is created automatically and does not show up in the gui.

Hi Markus, thanks.

Yes I know. I forgot to mention this: the vhost is disabled. Also this is the only way it works at all.

[Update] I deleted the virtual host at all. Same problem.

But nevertheless I have to add the certs manually as shown above in zz_nextcloud.conf to get them to be used :roll_eyes:

You’re welcome to your opinion of how it “should” work, but that isn’t the way it does work, nor is it the way the documentation says it works. The documentation (which you quote) gives you three commands to run at the CLI. It doesn’t say “run these after creating the virtual host in the server manager.”

The handbook is correct; your addition to it of creating the virtual host in the Nethserver web GUI is what’s incorrect. That is both unnecessary and counterproductive.

The custom virtual host will use the system’s default TLS certificate–unfortunately that is not readily configurable at this time. That means that the virtual host name needs to be part of that certificate; you can’t use a separate cert for that virtualhost. If you must use a separate cert, then you’ll need to create a custom template fragment specifying that cert.

As discussed above, you’re misreading the handbook. Nowhere in there does it say you should use the virtual hosts panel to create a vhost for Nextcloud.

Is there a reason you want to do this?

1 Like

Hi Dan,

thanks for clarification. Yes, I deleted the “virtual host”. The caveats remain.

It would be helpful, if there would be a sentence in the manual that the “VirtualHost” in “db nextcloud VirtualHost” directive is NOT and has nothing to do with the virtual host mechanism of nethserver and should not be used at all. It is a little bit misleading if you went through configuring several websites (as I did) with VirtualHosts and e-smith.

And yes, indeed I think in most cases it makes sense to use a real certificate for every webservice. That’s why letsencrypt exists: to get a secure and barrier free internet communication and we should use it :wink: That is in this opinion a must.

As I said: so far it works and I can use a little bit of sed/bash magic every night, but I wouldn’t.

Probably someone could give me a hint where to get informations about how to configure a custom template fragment for zz_nextcloud.conf or the whole nextcloud stack?

I really like to contribute but I am a little bit lost. As far as I can see, this is not very well documented - not as well as for the virtualhost system which I figured out well. It is possible, that I simply don’t find the right path. I am fiddling around a few days how to get these three lines into zz_nextcloud.conf the e-smith way, when I understand the mechanisms you are using. Until then, a bash-script will do the thing.

Cheers
Axel