there is big trouble in little china here I just installed nextcloud.
Installed nextcloud via web interface
got access via mydomain.tld
went to webpage, changed to mysql, got new admin user, âŚ
everything went OK and works really fine
Then I created a new virtual host files.mydomain.tld. This is for historical reasons - my old owncloud installation ran on this (sub)domain. I do not want to change everything on my devices.
opened web-gui -> virtual host -> edit: enable ssl
web-gui certs -> got an letsencrypt cert -> added it to the virtual host
[root@nethserver ~]# config show nextcloud
nextcloud=configuration
TrustedDomains=files.mydomain.tld
VirtualHost=files.mydomain.tld
Wellknown=disabled
When I look into the /etc/httpd/conf.d/zz_nextcloud.conf (see at the end) everything seams to be OK.
BUT, when I open the domain for the virtual host, files.mydomain.tld I only see the default webpage of nextcloud.
Any help would be appreciated.
In the next step I like to alter the installation for getting access to nextcloud only via VPN. Then there will be again a complete HowTo
Cheers Axel
P.S.:
[root@nethserver ~]# cat /etc/httpd/conf.d/zz_nextcloud.conf
# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
#
<VirtualHost *:80>
IncludeOptional conf.d/default-virtualhost.inc
</VirtualHost>
<VirtualHost *:80>
ServerName files.mydomain.tld
RedirectMatch 301 ^(?!/.well-known/acme-challenge/).* https://files.mydomain.tld
</VirtualHost>
<VirtualHost *:80>
ServerName files.mydomain.tld
Redirect / https://files.mydomain.tld/
</VirtualHost>
<VirtualHost *:443>
ServerName files.mydomain.tld
SSLEngine on
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
Alias / "/usr/share/nextcloud/"
<Directory "/usr/share/nextcloud">
Options +FollowSymLinks
AllowOverride All
Require all granted
<IfModule mod_dav.c>
Dav off
</IfModule>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000"
</IfModule>
<FilesMatch \.php$>
SetHandler "proxy:fcgi://127.0.0.1:9002"
</FilesMatch>
SetEnv HOME /usr/share/nextcloud
SetEnv HTTP_HOME /usr/share/nextcloud
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
</Directory>
<Directory "/usr/share/nextcloud/data/">
# just in case if .htaccess gets disabled
Require all denied
</Directory>
</VirtualHost>
And: when I remove the virtual host and the entries in the module configuration, it works ⌠I am sure, we find the case, but I have to go to bed now. Tomorrow Iâll give it another try
#-> this one domain (of many)
port 443 namevhost mydomain.tld (/etc/httpd/conf.d/virtualhosts.conf:171)
#-> this should be nextclouds domain
port 443 namevhost files.mydomain.tld (/etc/httpd/conf.d/virtualhosts.conf:280)
Have you created files.mydomain.ltd virtual host by yourself? Goes in Virtual Host page from Server Manager on port 980 and try disable files.mydomain.ltd Virtual Host. Then goes on nextcloud page.
Itâs not necessary.
Probably it use the NethServer default certificate. Continue and you will see NextCloud login!
Check the default certificate at âServer Certificateâ in the Server Manager. Set Letâs Encrypt as default
With modern browsers one cannot simply continue any more - so no, wonât work. Would be fine (cert is cert). OK, so I will dig into this deeper. But a correct solution should use an letsencrypt cert.
I am sure, I will find the reason behind this. Could not be a real big deal.
Thanks a lot Federico and good night until these days âŚ
thanks for your kind advice. But 1. I could not get this running and 2. thatâs not what I want (and I think is not the right thing how it should be done).
The way that should work is, that the âvirtual hostâ mechanism can be used out of the box. The nethserver-handbook says about how to configure a custom virtual host with nextcloud:
If you use letâs encrypt remember to add the domain name to the proper list.
Solution (partly):
After digging into the config files today, I could solve the problem very easily by adding the necessary certificates to the apache config file manually.
Temporarily: how to make this permanent with e-smith
Long term: why does this not work with the virtual hosts mechanism of nethserver as shown in the handbook? This would also make it possible to change the php version used. And I think, it is the right way to do it.
You do not need to create a vhost in nethserver-webgui. Please delete it and try again. The apache vhost is created automatically and does not show up in the gui.
Youâre welcome to your opinion of how it âshouldâ work, but that isnât the way it does work, nor is it the way the documentation says it works. The documentation (which you quote) gives you three commands to run at the CLI. It doesnât say ârun these after creating the virtual host in the server manager.â
The handbook is correct; your addition to it of creating the virtual host in the Nethserver web GUI is whatâs incorrect. That is both unnecessary and counterproductive.
The custom virtual host will use the systemâs default TLS certificateâunfortunately that is not readily configurable at this time. That means that the virtual host name needs to be part of that certificate; you canât use a separate cert for that virtualhost. If you must use a separate cert, then youâll need to create a custom template fragment specifying that cert.
As discussed above, youâre misreading the handbook. Nowhere in there does it say you should use the virtual hosts panel to create a vhost for Nextcloud.
thanks for clarification. Yes, I deleted the âvirtual hostâ. The caveats remain.
It would be helpful, if there would be a sentence in the manual that the âVirtualHostâ in âdb nextcloud VirtualHostâ directive is NOT and has nothing to do with the virtual host mechanism of nethserver and should not be used at all. It is a little bit misleading if you went through configuring several websites (as I did) with VirtualHosts and e-smith.
And yes, indeed I think in most cases it makes sense to use a real certificate for every webservice. Thatâs why letsencrypt exists: to get a secure and barrier free internet communication and we should use it That is in this opinion a must.
As I said: so far it works and I can use a little bit of sed/bash magic every night, but I wouldnât.
Probably someone could give me a hint where to get informations about how to configure a custom template fragment for zz_nextcloud.conf or the whole nextcloud stack?
I really like to contribute but I am a little bit lost. As far as I can see, this is not very well documented - not as well as for the virtualhost system which I figured out well. It is possible, that I simply donât find the right path. I am fiddling around a few days how to get these three lines into zz_nextcloud.conf the e-smith way, when I understand the mechanisms you are using. Until then, a bash-script will do the thing.
I just installed nextcloud.
I stroke some domains:
