August 28, 20169 yr I got nextcloud to work by editing the nginx config file in the Nextcloud docker to set the web root one directory above where it was originally. Then I didn't need the rewrite rules. Can you share what you did for nginx and nextcloud?
August 28, 20169 yr try changing from 'trusted_domains' => array ( 0 => '192.168.0.190:446', 1 => 'www.xxxxx.com', ), to this 'trusted_domains' => array ( 0 => '192.168.0.190', 1 => 'www.xxxxx.com', ),
August 28, 20169 yr edit the nginx site-conf in the Nextcloud docker. It should be in your appdata folder. Change this # Path to the root of your installation root /config/www/nextcloud; to this # Path to the root of your installation root /config/www/; Then in the nginx conf file for lets encrypt, change this location /nextcloud/ { proxy_pass https://192.168.0.190:446/nextcloud; rewrite ^/nextcloud$ /nextcloud/ permanent; rewrite ^/nextcloud/(.*) /$1 break; } to this location /nextcloud { proxy_pass https://192.168.0.190:446/nextcloud; } This should get you back to the login screen with the css at either www.xxxx.com/nextcloud or 192.168.0.190:446/nextcloud.
August 28, 20169 yr Hi @kamhighway thanks for your work. I don't know what I've got going wrong, but I'm getting nothing with your edits. I've edited the letsencrypt docker to just that simple pass to /nextcloud. I've changed the root installation location to /config/www/ and my config.php is posted below. <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'oczmltajpdti', 'passwordsalt' => 'zzatfiwjAV0CPgMqay8ewbvahBwBj3', 'secret' => 'Yio64EkchFlzBg4GkKfsyjsktEaLmaSVu+q3LSmtBW/ZEgUu', 'trusted_domains' => array ( 0 => '172.16.100.5', 1 => 'https://domain.com' ), 'overwrite.cli.url' => 'https://172.16.100.5:8443', 'dbtype' => 'mysql', 'version' => '9.0.53.0', 'dbname' => 'NextCloud', 'dbhost' => '172.16.100.5:3306', 'dbtableprefix' => 'oc_', 'dbuser' => 'xxxx', 'dbpassword' => 'xxxxx', 'logtimezone' => 'UTC', 'installed' => true, 'trusted_proxies' => ['172.16.100.5'] 'overwritewebroot' => '/nextcloud', 'overwritehost' => 'https://domain.com', ); So at this point, my local 172.16.100.5:8443 returns a 404 Not Found. 172.16.100.5:8443/nextcloud returns 404 Not Found and finally domain.com/nextcloud gives the same. I'm certainly at a loss.
August 28, 20169 yr Can you try to add a ending / and see what happens ? Like this 172.16.100.5:8443/nextcloud/
August 28, 20169 yr @noja, Try Peter_SM's suggestion. But I see a couple of things that might also be causing you some trouble. <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'oczmltajpdti', 'passwordsalt' => 'zzatfiwjAV0CPgMqay8ewbvahBwBj3', 'secret' => 'Yio64EkchFlzBg4GkKfsyjsktEaLmaSVu+q3LSmtBW/ZEgUu', 'trusted_domains' => array ( 0 => '172.16.100.5', 1 => 'https://domain.com' #<-------------remove https:// and just leave domain.com ), 'overwrite.cli.url' => 'https://172.16.100.5:8443', 'dbtype' => 'mysql', 'version' => '9.0.53.0', 'dbname' => 'NextCloud', 'dbhost' => '172.16.100.5:3306', 'dbtableprefix' => 'oc_', 'dbuser' => 'xxxx', 'dbpassword' => 'xxxxx', 'logtimezone' => 'UTC', 'installed' => true, 'trusted_proxies' => ['172.16.100.5'] 'overwritewebroot' => '/nextcloud', 'overwritehost' => 'https://domain.com', #<-------------remove https:// and just leave domain.com );
August 28, 20169 yr Still the same 404 issue after adding the /nextcloud/ and removing the https://. I'm thinking of nuking the nextcloud instance in a bit and trying again from scratch. Interesting, the log on restart is giving these errors [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 40-config: executing... [cont-init.d] 40-config: exited 0. [cont-init.d] 50-install: executing... [cont-init.d] 50-install: exited 0. [cont-init.d] 60-memcache: executing... [cont-init.d] 60-memcache: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. PHP Parse error: syntax error, unexpected ''overwritewebroot'' (T_CONSTANT_ENCAPSED_STRING), expecting ')' in /config/www/nextcloud/config/config.php on line 24 PHP Parse error: syntax error, unexpected ''overwritewebroot'' (T_CONSTANT_ENCAPSED_STRING), expecting ')' in /config/www/nextcloud/config/config.php on line 24 PHP Parse error: syntax error, unexpected ''overwritewebroot'' (T_CONSTANT_ENCAPSED_STRING), expecting ')' in /config/www/nextcloud/config/config.php on line 24 PHP Parse error: syntax error, unexpected ''overwritewebroot'' (T_CONSTANT_ENCAPSED_STRING), expecting ')' in /config/www/nextcloud/config/config.php on line 24 PHP Parse error: syntax error, unexpected ''overwritewebroot'' (T_CONSTANT_ENCAPSED_STRING), expecting ')' in /config/www/nextcloud/config/config.php on line 24 [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing...
August 28, 20169 yr @noja post your nginx conf file from letsencrypt, your nginx conf file from nextcloud, and your config.php from nextcloud. All three have to be in sync for this to work.
August 28, 20169 yr Ok! nginxletsencrypt default.conf server { listen 80; listen 443 ssl default_server; server_name _; ssl_certificate /config/keys/fullchain.pem; ssl_certificate_key /config/keys/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; location / { root /config/www; index index.html index.htm index.php; auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location /plexpy { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://172.16.100.5:8181/plexpy; } location /plexrequests { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass http://172.16.100.5:3000/plexrequests; } location /library { include /config/nginx/proxy.conf; proxy_pass http://172.16.100.5:2202/library; } location /nextcloud { include /config/nginx/proxy.conf; proxy_pass http://172.16.100.5:8443/nextcloud; } location /news { auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; include /config/nginx/proxy.conf; proxy_pass https://172.16.100.5:8787/news; } } Now the nextcloud nginx default.conf upstream php-handler { server 127.0.0.1:9000; # server unix:/var/run/php/php7.0-fpm.sock; } server { listen 80; server_name _; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name _; ssl_certificate /config/keys/cert.crt; ssl_certificate_key /config/keys/cert.key; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Path to the root of your installation root /config/www/; # set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; # Disable gzip to avoid the removal of the ETag header gzip off; # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; index index.php; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; rewrite ^/.well-known/carddav /remote.php/dav/ permanent; rewrite ^/.well-known/caldav /remote.php/dav/ permanent; # The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location / { rewrite ^/remote/(.*) /remote.php last; rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; try_files $uri $uri/ =404; } location ~ \.php(?|/) { fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice fastcgi_pass php-handler; fastcgi_intercept_errors on; } # Adding the cache control header for js and css files # Make sure it is BELOW the location ~ \.php(?|/) { block location ~* \.(?:css|js)$ { add_header Cache-Control "public, max-age=7200"; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } # Optional: Don't log access to other assets location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ { access_log off; } } and the nextcloud config.php <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => 'oczmltajpdti', 'passwordsalt' => 'zzatfiwjAV0CPgMqay8ewbvahBwBj3', 'secret' => 'Yio64EkchFlzBg4GkKfsyjsktEaLmaSVu+q3LSmtBW/ZEgUu', 'trusted_domains' => array ( 0 => '172.16.100.5', 1 => 'domain.com' ), 'overwrite.cli.url' => 'https://172.16.100.5:8443/nextcloud/', 'dbtype' => 'mysql', 'version' => '9.0.53.0', 'dbname' => 'NextCloud', 'dbhost' => '172.16.100.5:3306', 'dbtableprefix' => 'oc_', 'dbuser' => 'xxxxx', 'dbpassword' => 'xxxxx', 'logtimezone' => 'UTC', 'installed' => true, 'trusted_proxies' => ['172.16.100.5'] 'overwritewebroot' => '/nextcloud/', 'overwritehost' => 'comain.com', );
August 28, 20169 yr In the nextcloud config.php your trusted proxies are entered differently than mine. Here's what you have: 'trusted_proxies' => ['172.16.100.5'] Here's what I have: 'trusted_proxies' => array ( 0 => '192.168.183', ), You are missing a trailing comma, and I'm not sure what the square brackets do. If the square brackets are another way to specify an array, then they are fine. Also, you have 'overwritewebroot' => '/nextcloud/', I have 'overwritewebroot' => '/nextcloud', Your nextcloud nginx conf file looks identical to mine. Your letsencrypt nginx conf file looks like it should work.
August 28, 20169 yr Thanks! Unfortunately I think its time to nuke it and start again. Nothing but 400 Bad Requests
August 28, 20169 yr @noja, I think the missing trailing comma for your 'trusted_proxies' in your nextcloud nginx conf file is causing a lot of your problems. It may be preventing Nextcloud from starting up.
August 28, 20169 yr @kamhighway Success!! I just needed to nuke it and start over. As a note, I did make those changes you suggested before nuking with no luck. This time - I did the exact same thing with the changes you wrote out and nextcloud didn't return any errors in the startup logs. However - I was still getting error 400. Thats when I realized that my letsencrypt settings didn't have that damn 's'. So I changed my line from http:// to https:// Wow, a bit of a learning curve on this one for me. Thanks a lot for your herculean efforts. Time to fiddle with Nextcloud now!
August 28, 20169 yr @noja, glad you got it to work. Sometimes nuking things and starting over is the best way to go. Since there is such a learning curve on this one, I wrote a post to describe the whole process while it is fresh in my mind. Here is the link: http://lime-technology.com/forum/index.php?topic=51466.0 Hope it is helpful to others.
August 29, 20169 yr After the update of this container I can't get it to work with a duckdns.org subdomain. I get the following error. What is wrong with my configuration? Failed authorization procedure. xxxxxx.duckdns.org (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested 230a025c5004f7396f708827c4fadcf3.1806e186eac08a8f7xxxxxxxe4e41d.acme.invalid from xx.xx.xx.xx:443. Received certificate containing '' Thank you for your help!
August 29, 20169 yr After the update of this container I can't get it to work with a duckdns.org subdomain. I get the following error. What is wrong with my configuration? Failed authorization procedure. xxxxxx.duckdns.org (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested 230a025c5004f7396f708827c4fadcf3.1806e186eac08a8f7xxxxxxxe4e41d.acme.invalid from xx.xx.xx.xx:443. Received certificate containing '' Thank you for your help! What settings did you use?
August 30, 20169 yr After the update of this container I can't get it to work with a duckdns.org subdomain. I get the following error. What is wrong with my configuration? Failed authorization procedure. xxxxxx.duckdns.org (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested 230a025c5004f7396f708827c4fadcf3.1806e186eac08a8f7xxxxxxxe4e41d.acme.invalid from xx.xx.xx.xx:443. Received certificate containing '' Thank you for your help! What settings did you use? This are the settings I did use:
August 30, 20169 yr After the update of this container I can't get it to work with a duckdns.org subdomain. I get the following error. What is wrong with my configuration? Failed authorization procedure. xxxxxx.duckdns.org (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested 230a025c5004f7396f708827c4fadcf3.1806e186eac08a8f7xxxxxxxe4e41d.acme.invalid from xx.xx.xx.xx:443. Received certificate containing '' Thank you for your help! What settings did you use? This are the settings I did use: Is this a new install? If it's an update, did you change the settings? Is your port 443 forwarded properly? Is your domain spelled correctly? Does your domain forward to unraid correctly? It could be a lot of things
September 3, 20169 yr Hi, Im having a problem with subdomains using this container. SSL working just fine, but when I try to work with subdomains what happens is all subdomains behaves like the domain itself... it ignores config files and no maptter what subdomain i enter, it all goes to default server config and its locations... Config files for my subdomains which I use are the same I used for my previous NGINX container where it was working correctly. Can you please advise what should I do to make it work? Default: server { listen 80 default_server; #listen [::]:80 default_server ipv6only=on; listen 443 ssl; index index.html index.htm index.php; server_name _; ssl_certificate /config/keys/fullchain.pem; ssl_certificate_key /config/keys/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; location / { root /config/www; try_files $uri $uri/ /index.html /index.php?$args =404; } } MyDomain: server { listen 80; server_name inside.xxxxx.com; location /jenkins { include /config/nginx/proxy.conf; proxy_pass http://192.168.100.210:8080/jenkins/; } }
September 3, 20169 yr Hi, Im having a problem with subdomains using this container. SSL working just fine, but when I try to work with subdomains what happens is all subdomains behaves like the domain itself... it ignores config files and no maptter what subdomain i enter, it all goes to default server config and its locations... Config files for my subdomains which I use are the same I used for my previous NGINX container where it was working correctly. Can you please advise what should I do to make it work? Default: server { listen 80 default_server; #listen [::]:80 default_server ipv6only=on; listen 443 ssl; index index.html index.htm index.php; server_name _; ssl_certificate /config/keys/fullchain.pem; ssl_certificate_key /config/keys/privkey.pem; ssl_dhparam /config/nginx/dhparams.pem; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; client_max_body_size 0; location / { root /config/www; try_files $uri $uri/ /index.html /index.php?$args =404; } } MyDomain: server { listen 80; server_name inside.xxxxx.com; location /jenkins { include /config/nginx/proxy.conf; proxy_pass http://192.168.100.210:8080/jenkins/; } } Several issues with your config files. Each server block has to have its own cert, cipher, port, etc. settings. Your subdomains don't have those and they are only set up to use port 80 You are also mixing subdomains with url prefix redirection. The way it is set up, http://inside.xxxxxxxx.com/jenkins will be forwarded to http://192.168.100.210:8080/jenkins/ and only on port 80, not using the certs or https. I think you should follow some guides for setting this up correctly
September 4, 20169 yr How do I just password protect a certain subdirectory of the site? I've been looking at nginx guides but haven't made any progress. This is part of my config file, location / { root /config/www; index index.html index.htm index.php .htaccess; # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; } location /admin { include /config/nginx/proxy.conf; proxy_pass http://example.com/admin; auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; } I'm looking to restrict the /mnt/cache/appdata/nginx/www/admin directory. I'm probably doing this wrong. I get a username/password prompt but my credentials don't work. I assume its something to do with why I can't access the site when browsing from my internal network I just get a password prompt where my credentials don't work either. Any help would be much appreciated!
September 4, 20169 yr How do I just password protect a certain subdirectory of the site? I've been looking at nginx guides but haven't made any progress. This is part of my config file, location / { root /config/www; index index.html index.htm index.php .htaccess; # auth_basic "Restricted"; # auth_basic_user_file /config/nginx/.htpasswd; } location /admin { include /config/nginx/proxy.conf; proxy_pass http://example.com/admin; auth_basic "Restricted"; auth_basic_user_file /config/nginx/.htpasswd; } I'm looking to restrict the /mnt/cache/appdata/nginx/www/admin directory. I'm probably doing this wrong. I get a username/password prompt but my credentials don't work. I assume its something to do with why I can't access the site when browsing from my internal network I just get a password prompt where my credentials don't work either. Any help would be much appreciated! Look into htpasswd as well as the example configs I posted on page 5 of this thread
Archived
This topic is now archived and is closed to further replies.