OwnCloud vhost setup is slow for NextCloud.
You can test it, but don't use it for the long run.
Double check your configuration.
It may take more than 2 or 3 times to get it right.
OwnCloud vhost setup is slow for NextCloud.
You can test it, but don't use it for the long run.
Double check your configuration.
It may take more than 2 or 3 times to get it right.
OwnCloud vhost setup is slow for NextCloud.
You can test it, but don't use it for the long run.
Would it make sense to do the setup with owncloud config and later paste the vhost config from the tutorial?
The config is the only thing, that I have changed now...
Double check your configuration.
It may take more than 2 or 3 times to get it right.
I am more around 10 to 15 times double checking and retrying. What else than the vhost config could I check/adapt? Could it also be an OMV3 vs OMV4 difference?
Would it make sense to do the setup with owncloud config and later paste the vhost config from the tutorial?
No. That's the reason I wrote the tutorial.
The tutorial work for OMV3 and OMV4.
OMV4 just need to install additional dependencies.
Check some the previous posts.
By the way, check your NC permissions.
Ensure it's www-data:www-data
Since you aren't using SSL at the moment, set : fastcgi_param HTTPS off
Copy and paste your vhost config here, maybe some other users can help you.
I just looked page 1, and one of the users had the same error like yours: https://forum.openmediavault.o…xtCloud-Installation-Q-A/
By the way, check your NC permissions.
Ensure it's www-data:www-data
Where exactly can I check this, here?
There it looks like this:
It looks similar with folder "www".
My vhost config:
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
# add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = /robots.txt {
log_not_found off;
allow all;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 50G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
#fastcgi_param HTTPS on;
fastcgi_param HTTPS off;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass $socket;
fastcgi_intercept_errors on;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
Alles anzeigen
Since you aren't using SSL at the moment, set : fastcgi_param HTTPS off
Already applied.
I just looked page 1, and one of the users had the same error like yours: forum.openmediavault.org/index…xtCloud-Installation-Q-A/
I found that too, yet I have used the method to upload that install php file. In my next try (tries ) I will try to use the download method.
If you find something wrong in the sharedfolders config or else, I am happy to learn by it!
Thanks again.
Ok, couple steps ahead I processed the downloader method, as described in the tutorial, from step 4 on, that worked finally! But I don't know why...
My procedure according to steps 4 to 7:
cd /srv/dev-disk-by-label-Testraid/www/nextcloud
wget https://download.nextcloud.com/server/releases/nextcloud-13.0.4.zip
apt-get install unzip # because it told me first, "command not found"...?
unzip nextcloud-13.0.4.zip
cp -r nextcloud/. /srv/dev-disk-by-label-Testraid/www/nextcloud
cd /srv/dev-disk-by-label-Testraid/www/nextcloud
After that, I was able to execute and finish the NC setup.
Next,I ran into problems with steps 8, 9 and 10 because I could not locate the files in my NC13 setup. I also had NC telling me in the security checks, that OPcache settings are not correct.
Following, my steps in a short how it worked out for me (after fiddling a lot in this many config files):
- after checking, installed redis-server and php7.0-redis
- in my: /srv/dev-disk-by-label-Testraid/www/nextcloud
- changed: config.php to (that is one part, that was quite unclear where and in which file to do)
<?php
$CONFIG = array (
'instanceid' => 'abcdefg12345',
'passwordsalt' => 'abcdefgh12345678',
'secret' => '12345678sdfghjkl',
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'some.domain.com',
2 => '192.168.x.x',
),
'datadirectory' => '/srv/dev-disk-by-label-Testraid/www/nextcloud/data',
'overwrite.cli.url' => 'http://192.168.x.x:90',
'dbtype' => 'mysql',
'version' => '13.0.4.0',
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'xyz',
'dbpassword' => '1234578dfghj32456',
'installed' => true,
'memcache.local' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,
),
);
Alles anzeigen
- removed nextcloud.zip and the nextcloud dir
- created the script for strong permissions (which hopefully helps for something):
#!/bin/bash
ocpath='/srv/dev-disk-by-label-Testraid/www/nextcloud'
htuser='www-data'
htgroup='www-data'
rootuser='root'
printf "Creating possible missing Directories\n"
mkdir -p $ocpath/data
mkdir -p $ocpath/updater
printf "chmod Files and Directories\n"
find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640
find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750
printf "chown Directories\n"
chown -R ${rootuser}:${htgroup} ${ocpath}/
chown -R ${htuser}:${htgroup} ${ocpath}/apps/
chown -R ${htuser}:${htgroup} ${ocpath}/config/
chown -R ${htuser}:${htgroup} ${ocpath}/data/
chown -R ${htuser}:${htgroup} ${ocpath}/themes/
chown -R ${htuser}:${htgroup} ${ocpath}/updater/
chmod +x ${ocpath}/occ
printf "chmod/chown .htaccess\n"
if [ -f ${ocpath}/.htaccess ]
then
chmod 0644 ${ocpath}/.htaccess
chown ${rootuser}:${htgroup} ${ocpath}/.htaccess
fi
if [ -f ${ocpath}/data/.htaccess ]
then
chmod 0644 ${ocpath}/data/.htaccess
chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
fi
Alles anzeigen
- executed: bash setstrongpermissionnc (couple of times)
- service nginx restart (couple of times)
- opcache problem solved by editing: etc/php/70/mods-available/opcache.ini
; configuration for php opcache module
; priority=10
zend_extension=opcache.so
zend_extension=/usr/lib/php/20151012/opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
Alles anzeigen
Now I need to take care about the message, that "files haven't passed the integrity check" - a lot of files indeed...
And finally to enable SSL with my existing lets-encrypt certficate.
If my notes help others, my pleasure.
thanks especially to tinh_x7
Glad you got NC working.
To view permissions, connect to your server via SSH with Putty or Terminal (Mac/Linux).
1. cd srv/dev-disk-by-label-Testraid/www/nextcloud
2. ls -la
"files haven't passed the integrity check" : telling you that some files integrity don't match with it's original hash.
You may have to copy & replace those files from the nextcloud-vXYZ.zip into your server. Next, chown entire NC dir to www-data:www-data.
Then re-scan the files from NC admin panel.
- executed: bash setstrongpermissionnc (couple of times)
- service nginx restart (couple of times)
When your NC is working like you wanted, then run this script only once.
Hi and thanks for the tutorial! It worked very well in omv 3, now I upgraded to omv 4 and I run into problems.
Whenever I try to access nextcloud after the upgrade I get a bad gateway error which can be traced back to this (see below).
2018/07/28 16:17:45 [crit] 2617#2617: *9 connect() to unix:/var/run/fpm-34c7e7c6-933e-424b-97ee-8b5c99892767.sock failed (2: No such file or directory) while connecting to upstream, client: 192.168.XXX, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/fpm-34c7e7c6-933e-424b-97ee-8b5c99892767.sock:", host: "192.168.XXX", referrer: "https://192.168.XXX/"
I also tried to deinstall and reinstall nginx but the error is still the same. I assume there is something broken with php but I am still new to linux and not sure what to do. Any help is highly appreciated.
Check your Nginx socket variable: fastcgi_pass $socket;
Thanks for the quick reply!
Unfortunately, when I use fastcgi_pass $socket; the system tells me that the command cannot be found. I also went back to my working omv 3.0 installation and there I get the same error.
Back in the upgraded omv 4 installation I found in etc/nginx/sites-available & etc/nginx/sites-enabled a zzz-omv-nginx file in which the broken sock file is mentioned set $socket "unix:/var/run/fpm-65c47d61-df16-43b9-bb80-e098bd11a952.sock";. I replaced it with set $socket "unix:/var/run/php/php7.0-fpm.sock but somehow it is not used. After restarting the whole system, again I find the old broken sock file in it.
Hi
Same problem. I wrote a reply with my environment and summary at https://forum.openmediavault.org/index.php/SearchResult/1777880/?highlight=.
In my case, replacing the line fastcgi_pass $socket; makes the OMV4 gui to stop working. I did not reset the system, just restarted nginx and php7.0-fpm
No one can help? Perhaps somebody has at least an idea how to proceed? Again, many thanks in advance!
Double check your Nginx settings.
Guten Abend,
Ich habe gestern ein Update auf die Version 13.0.5 gemacht.
Und nun bekomme ich einen 500er Error gemeldet.
Folgende Konfigurationen habe ich:
OMW 4:
Server:
Zusätzliche Optionen:
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
client_max_body_size 10G; # set max upload size
fastcgi_buffers 64 4K;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
deny all;
}
location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ index.php;
}
location ~ ^(.+?\.php)(/.*)?$ {
try_files $1 = 404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$1;
fastcgi_param PATH_INFO $2;
fastcgi_param HTTPS on;
fastcgi_pass $socket;
}
# Optional: set long EXPIRES header on static assets
location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
# Optional: Don't log access to assets
access_log off;
}
Alles anzeigen
PHP Pool:
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
Nextcloud Config:
<?php
$CONFIG = array (
'instanceid' => 'xxxxx',
'passwordsalt' => 'xxxxxx',
'secret' => 'xxxxxxx',
'trusted_domains' =>
array (
0 => 'xxxx:8444',
1 => 'xxxxx:8444',
),
'datadirectory' => '/srv/dev-disk-by-label-xxxx/www/nextcloud/data',
'overwrite.cli.url' => 'https://xxxxxx:8444',
'dbtype' => 'mysql',
'version' => '13.0.5.2',
'dbname' => 'next',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'next',
'dbpassword' => 'xxxxx',
'installed' => true,
'theme' => '',
'loglevel' => 0,
'maintenance' => false,
'updater.release.channel' => 'stable',
'updater.secret' => 'xxxx',
);
Alles anzeigen
Hat jemand eine Idee woran es liegen kann das ich keinen Zugang mehr bekomme?
Vielen Dank schon einmal für eure Hilfe.
How did you update? Web based or terminal?
Try deactivating server in ngnix tab and reactivating it.
ich habe auf der web based versucht das update zu machen.
Doch das Ergebniss ist diese Fehlermeldung.
ngnix habe ich schon neu aufgesetzt und neugestartet.
Das Problem tritt ja auch erst auf wenn man sich anmelden möchte.
do you use http or https ?
do you use http or https ?
ich habe das update nocheinmal manuell gemacht und nun geht es wieder. leider bin ich nicht schlau geworden. woher der fehler kam.
I upgraded to nextcloud 14 and added
to my nginx-config
my config is:
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
# add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer always;
location = /robots.txt {
log_not_found off;
allow all;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
#letsencrypt
location ^~ /.well-known/acme-challenge/ { }
# set max upload size
client_max_body_size 50G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
# fastcgi_pass $socket;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_intercept_errors on;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer always;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
Alles anzeigen
I get no errors within Nextcloud -> Settings ->Overview
but checking Nextcloud Security Scan throws me:
Changing my config to
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
# add_header X-Content-Type-Options nosniff;
# add_header X-Frame-Options "SAMEORIGIN";
# add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# add_header X-Download-Options noopen;
# add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer always;
location = /robots.txt {
log_not_found off;
allow all;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
#letsencrypt
location ^~ /.well-known/acme-challenge/ { }
# set max upload size
client_max_body_size 50G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
# fastcgi_pass $socket;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_intercept_errors on;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer always;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
Alles anzeigen
Gives me a positive check on Nextcloud Security Scan
but within Nextcloud -> Settings -> Overview
This is paradox! Whats wrong with my config? I am a little concerned about security of my cloud.
Edit (2018-10-03):
I figured out, that nextcloud security-scan is crap, I used securityheaders.com instead, which stated me an "A".
I lack
Has someone experience setting up these headers and can give me a little hint? I tried some recommendations I found on the internet, but it seems there is a synthax error in it.
Example:
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";
add_header Feature-Policy geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
It seems there is an problem with " " and ' ' signs.
I haven't been able to see any problems in your config... if you want to, I can upload mine. It's working despite of having the Feature-Policy.
How to modify the CSP is described in the manual
https://docs.nextcloud.com/ser…e-content-security-policy
I upgraded to v14, and it's working fiine.
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!