Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - Nextcloud

Featured Replies

@CorneliousJD your config was the same as mine.

 

Likely its from a previous nextcloud config as mine was.

 

Updated to their latest format in the link above and it worked fine.

  • Replies 7.1k
  • Views 1.7m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Here's my list of instructions....    Use them at your own risk.....   If upgrading to v12 please see here:   ##Turn on maintenance mode docker exec -it nextcloud occ m

  • When i did enter the docker container with ssh and did run the following command the error message was gone   sudo -u abc php /config/www/nextcloud/occ db:add-missing-indices   Onl

  • gustomucho
    gustomucho

    After tinkering with this for a while, it seems the solution is much simpler than I thought. For some reason, the only step required is to modify the config.php file. No need to install ffmp

Posted Images

1 hour ago, almulder said:

LOL yep that was it, that's what I get for copying and pasting from the nextcloud site, they have it with a $ bold note section, but without it in the file section. Thanks!

 

Also it seem to run twice as fast not with the changes. not instead of 10-20 seconds delay when switching screens it like only 5 or less. :)

Did you have you change anything in your appdata\nginx\site-confs\default or was it just from appdata\nextcloud\site-confs\default? I tried to follow the config as well and this is what I tried changing it to but it doesn't seem to be working. Can you see if I did anything wrong?

 

Old Config:

location / {

    rewrite ^/remote/(.*) /remote.php last;

    rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

    try_files $uri $uri/ =404;
  }

  location ~ \.php(?:$|/) {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
  }

New Config:

location / {

     rewrite ^ /index.php;
  }

  location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
    fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
    try_files $fastcgi_script_name =404;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPTFILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATHINFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    # Avoid sending the security headers twice
    fastcgi_param modHeadersAvailable true;
   # Enable pretty urls
    fastcgi_param front_controller_active true;
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
    fastcgi_request_buffering off;
  }

 

1 hour ago, CorneliousJD said:

My file is VASTLY different here than yours. 

 


upstream php-handler {
  server 127.0.0.1:9000;
# server unix:/var/run/php/php7.0-fpm.sock;
}

server {
  listen 80;
  server_name _;
  # enforce https
  return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl;
  server_name _;

  ssl_certificate /config/keys/cert.crt;
  ssl_certificate_key /config/keys/cert.key;

  # Add headers to serve security related headers
  add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
  add_header X-Content-Type-Options nosniff;
  # add_header X-Frame-Options "SAMEORIGIN";
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Robots-Tag none;
  add_header X-Download-Options noopen;
  add_header X-Permitted-Cross-Domain-Policies none;

  # Path to the root of your installation
  root /config/www/nextcloud/;
  # set max upload size
  client_max_body_size 10G;
  fastcgi_buffers 64 4K;

  # Disable gzip to avoid the removal of the ETag header
  gzip off;

  # Uncomment if your server is build with the ngx_pagespeed module
  # This module is currently not supported.
  #pagespeed off;

  index index.php;
  error_page 403 /core/templates/403.php;
  error_page 404 /core/templates/404.php;

  rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
  rewrite ^/.well-known/caldav /remote.php/dav/ permanent;

  # The following 2 rules are only needed for the user_webfinger app.
  # Uncomment it if you're planning to use this app.
  #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
  #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

  location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;
  }

  location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
  }

  location / {

    rewrite ^/remote/(.*) /remote.php last;

    rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

    try_files $uri $uri/ =404;
  }

  location ~ \.php(?:$|/) {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
	
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
  }

  # Adding the cache control header for js and css files
  # Make sure it is BELOW the location ~ \.php(?:$|/) { block
  location ~* \.(?:css|js)$ {
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    # Optional: Don't log access to assets
    access_log off;
  }

  # Optional: Don't log access to other assets
  location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
    access_log off;
  }
}

 

You may want to look at Nextcloud's new format, your config.php is probably from and older version. My config for from the 17.0 version.

 

https://docs.nextcloud.com/server/17/admin_manual/installation/nginx.html

When I try to open the url remotely, such as yourname.duckdns.org, I get the following:


 

Quote

 

This site is not secure

 

This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.

 

Go to your Start page

Details

Your PC doesn’t trust this website’s security certificate.
The hostname in the website’s security certificate differs from the website you are trying to visit.

Error Code: DLG_FLAGS_INVALID_CA
DLG_FLAGS_SEC_CERT_CN_INVALID

Go on to the webpage (Not recommended)


 

 

I can click through it, but how do I correct it so that it doesn't show up?

20 minutes ago, levster said:

When I try to open the url remotely, such as yourname.duckdns.org, I get the following:


 

 

I can click through it, but how do I correct it so that it doesn't show up?

Did you reboot letsencrypt docker container? it may need to re generate certs.

3 minutes ago, Smooth Beaver said:

Did you reboot letsencrypt docker container? it may need to re generate certs.

Yes. still the same issue - This site is not secure, message.

3 minutes ago, levster said:

Yes. still the same issue - This site is not secure, message.

What exactly did you change? Is this a new installed old install?

6 minutes ago, Smooth Beaver said:

What exactly did you change? Is this a new installed old install?

This is not a new install and has been running well for over a year, perhaps longer. I mainly use it to sync various devices to a central server. However, when I do send a link to a friend, I've always encountered this issue. It's more of a nuisance than a true hindrance, but I was wondering how to completely fix it.

1 minute ago, levster said:

This is not a new install and has been running well for over a year, perhaps longer. I mainly use it to sync various devices to a central server. However, when I do send a link to a friend, I've always encountered this issue. It's more of a nuisance than a true hindrance, but I was wondering how to completely fix it.

When you look at the letsencrypt log are there any errors? Can you post a screen shot of your letsencrypt docker config?

1 minute ago, Smooth Beaver said:

When you look at the letsencrypt log are there any errors? Can you post a screen shot of your letsencrypt docker config?

I'll do it in a few hours. Thank you. 

@CorneliousJD My config looked exactly the same like yours. I did what @local.bin and @Smooth Beaver suggested.

 

1. Backup of my current running Nextcloud 17 install

2. grabbed the config template for nginx from https://docs.nextcloud.com/server/17/admin_manual/installation/nginx.html

3. adjusted a couple things so it matches the old config like

 

uncommented IPv6 access and adjusted the server_name _ without a domain name

server {
    listen 80;
    # listen [::]:80;
    # server_name cloud.example.com;
	server_name _;

adjusted the cert path

ssl_certificate /config/keys/cert.crt;
ssl_certificate_key /config/keys/cert.key;

changed the path for Nextcloud

# Path to the root of your installation
root /config/www/nextcloud;

changed the max upload size to my old settings

# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;

included the full path for fastcgi_params "/etc/nginx/fastcgi_params"

location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
        include /etc/nginx/fastcgi_params;

and finally checked if all the settings for for "Strict-Transport-Security" and "X-Frame-Options" are the same as before.

 

4. restarted Nextcoud docker

5. restarted letsencrypt docker

6. logged into Nextcloud and checked the logs and disabled the "Nextcloud announcements" app because it spammend the logs with

Symfony\Component\Routing\Exception\RouteNotFoundException: Unable to generate a URL for the named route "ocs.provisioning_api.AppsController.disable" as such route does not exist.

Looks this a known issue and will be addressed with an later update.

https://github.com/nextcloud/nextcloud_announcements/issues/54

Are we affected by this bug


Yes. Only new installations are patched. You must implement the patch manually.


Sent from my iPhone using Tapatalk
1 minute ago, Smooth Beaver said:

 


You must implement the patch manually.


Sent from my iPhone using Tapatalk

 

Any steps on how to do it? Thanks.

Any steps on how to do it? Thanks.

Go up a few posts directions are given already. If you have an older version of the config file@bastl just posted directions on that as well.


Sent from my iPhone using Tapatalk

Since the docker image has been updated with the fix I just deleted /config/nginx/site-confs/default and restarted the container. The container will recreate it with the fixes in place.

9 hours ago, Smooth Beaver said:

When you look at the letsencrypt log are there any errors? Can you post a screen shot of your letsencrypt docker config?

Here is the log from the Letsencrypt. Also, slightly modified docker config page.

letsencrypt.txt

Tower_UpdateContainer_updated.pdf

Edited by levster

Anyone using redis with nextcloud is this the correct setup for the docker? Or do I have to specify a path for the cache?

Redis.jpg

Now getting this
 

The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin", "strict-origin-when-cross-origin" or "same-origin". This can leak referer information

and I have this in the new default.

add_header Referrer-Policy no-referrer;

found the fix here

 

Quote

Try to remove the entry in your NGINX configuration. The .htaccess includes this header already. I had to do that as well.

 

Edited by H2O_King89
found fix

im getting this

 

The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

 

Even with the settings included in the new config file. And strangely when i F12 in chrome on my nextcloud tab it appears to be set to SAMEORIGIN... 

 

default

Edited by tazire

2 hours ago, tazire said:

im getting this

 

The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

 

Even with the settings included in the new config file. And strangely when i F12 in chrome on my nextcloud tab it appears to be set to SAMEORIGIN... 

 

default 5.93 kB · 1 download

comment out the line 38 with #

22 hours ago, Niklas said:

Since the docker image has been updated with the fix I just deleted /config/nginx/site-confs/default and restarted the container. The container will recreate it with the fixes in place.

Thanks... haha this was by FAR the easiest solution. Worked great. Can confirm the newly generated default site conf looks like it has the fixes in place! :)

 

EDIT: Although after doing this now I'm getting one small error on the security check page.

The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin", "strict-origin-when-cross-origin" or "same-origin".

 

But as H2O_King89 noted above, this is an easy fix.

I just commented out line #21 on the newly generated config!

 

Quote

Try to remove the entry in your NGINX configuration. The .htaccess includes this header already. I had to do that as well.

 

Edited by CorneliousJD

1 hour ago, bobokun said:

comment out the line 38 with #

cheers. that did the job

I am trying to setup fail2ban with the nextcloud, letsencrypt and OnlyOffice Document Server dockers, (Nextcloud, letsencrypt & ONLYOFFICE currently work perfectly)  When I look at Nextcloud's log file it shows all logins are coming from a single IP, probably because of the letsencrypt reverse proxy. So I found this page but it says I need a subscription to view it.

 

692901391_ScreenShot2019-10-27at4_24_14PM.thumb.png.057161f6b73679b7428abf0e923383ee.png

 

 

Can anyone help with allowing the reverse proxy to pass the client IP so I can configure fail2ban to work using this as a rough guide:

 

https://dennisnotes.com/note/20180831-nextcloud-docker-nginx-reverse-proxy/

 

Are these the lines that I need to add to the letsencrypt conf file for nextcloud that will do the client IP passthrough?

 

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

Do I need to add all three or just one or etc? I am not exactly sure what they do which is why I don't want to add them....

Edited by Smooth Beaver

I have two questions to improve my speed with webdav.

 

1 - Can we speed up the transfer between letsencrypt and nexcloud during an upload? I have half the /tmp on my ssd it helps, but under windows you have to wait a long time with big files before the transfer window disappears

 

2 - Locally, can we use nextcloud without using letsencrypt? I can't do it...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.