yes (I got the german ui).
Dont use that since if you do its located befor the "location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {" and overwrites it (i guess? I actualy dont know much about nginx...)
I found that out using nano in /etc/nginx/sites-enabled/zzz-omv-nginx (dont know if its a random name)
Owncloud 8 and MySQL: alternative approach
-
- OMV 2.x
- Enra
-
-
According to the settings, if we're using the $socket variable in the extra options, then that 'default config' should be enable to connect to the phpm-pool.
By the way, you need to add these at the beginning of the vhost too:
Code
Alles anzeigenadd_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; location = /robots.txt { allow all; log_not_found off; access_log off; }
Have you try these?Code
Alles anzeigenlocation ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS off; #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_pass $socket; fastcgi_intercept_errors on; } -
According to the settings, if we're using the $socket variable in the extra options, then that 'default config' should be enable to connect to the phpm-pool.
we only need to enable php to use $socket not the default config:
No I removed the security headers since I thought if I dont use ssl I dont need them
Edit: At line 48 in my original config we connect to the pool manualy.
Edit2: I added the headers to my original post
-
I just tested, it's working great.
I just notice that the performance is faster with these NC Nginx codes compare to the old OwnCloud Nginx codes
But you need to un-comment the security header at the beginning, and near the end like this:
Codeadd_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; -
Thanks a lot tinh_x7 and Zocker1996 I got it working with you advices.
-
hello.
can someone explain how to proxy_pass to https://mydomain/nextcloud instead of the nextcloud-port?
I use nginx and letsencrypt -
-
NC on Centos 7 installation: https://dokuwiki.nausch.org/doku.php/centos:web_c7:nextcloud
-
I have an issue since i Updated to owncloud 10.0.2. When I try to write to a shared calendar on the shared account, i get an 404 error with davdroid and based on my google search:
https://github.com/nextcloud/server/issues/2649
https://github.com/nextcloud/server/issues/2747
https://forums.bitfire.at/topi…wncloud-9-upgrade-issue/4I think the well-known addresses are now incorrect with nextcloud 11 and nextcloud 10.0.2 (should redirect to dav instead of carddav/ or caldav/ right?)
Code
Alles anzeigen(...) rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; index index.php; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; (...) location / { # The following 2 rules are only needed with webfinger rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; (...)Can anyone tell me how to fix this? Shall i just replace line 13 and 14 with:
Code#rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; #rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; rewrite ^/.well-known/carddav /remote.php/dav/ redirect; rewrite ^/.well-known/caldav /remote.php/dav/ redirect;or do i need to change something else? I am afraid i might break something else!
When i verified the fix, i think the first post should be updated!
-
I tried it and verified the bugfix! with dav instead of carddav and calddav it works perfectly! To fix it, just edit your nginx config and comment old lines (or delete) and include new lines:
Code#rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; #rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; rewrite ^/.well-known/carddav /remote.php/dav/ redirect; rewrite ^/.well-known/caldav /remote.php/dav/ redirect;
Enra: --> can you please edit it in the first post to help others?
edit: thank you enra for the update! -
According to Nextcloud doc, it's supposed to be like this:
Codelocation = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } -
Hello,
i have a problem with the mysql database. Netxcloud could not create a new database. I can connect with the root password to the webgui form the mysql server. Any idea- Thanks a loot
-
on first, create a database and a datauser with rights for the database in mysql. Then make your nextcloud instalation with the database databaseuser and his password.
-
thank you for your answer, I did so. Now I get new message in the nginx log file:
Page
of 1
1 - 1 von 1 angezeigt
2017/01/25 15:59:09 [error] 30547#0: *870 access forbidden by rule, client: 192.168.3.2, server: , request: "GET /data/htaccesstest.txt HTTP/1.1", host: "192.168.3.2:90"In the nextcloud documentation they write about these configuration section :
location = /data/htaccesstest.txt { allow all; log_not_found off; access_log off;}i will see...
-
everything is fine
thanks for the help an the installation guide
-
Hello all!
Giving up for tonight...
Followed the guide from post #1 + the config from @Zocker1996 on #499 (ssl: on). I can only reach the setup.php if I enable php default config in nginx.
I can start the setup, dependencies met, then I get a 502 gateway timeout, then I refresh the browser and get this:If click "Next" I get a 404... end of story. If I go to nextcloud dir via ftp it is empty???
Any help welcome
Greets
ra -
I got the same error I first tried it. I'm not sure if I remember right but I thought I fixed this by not using the web installer script but the archive file from the nextcloud page. I then simpley extracted the zip where I otherwise would have placed the installer script.
-
Hi,
I've made a new installation with OMV3 and installed Nextcloud11 via Nginx-Plugin (installed via OMV3-Extras) and NC's setup-script, following the instructions in Post#1 with the "additional settings" mentioned in Post#499 by Zocker1996...
All worked fine, BUT:
After the activation of Calendar, Notes, Contact and "Order" (the one to order the App-icons myself) Apps, I always get this error:
400 Bad Request
The plain HTTP request was sent to HTTPS port...I'm using a selfsigned SSL-Certificate (created by OMV3) and installed via accessing the php-setupfile via https-connection, and a "custom-port" for SSL: 44390...
I can reproduce this behaviour (I deleted the nc-installation (incl. mysql-db) and started all over again); everytime I do some "App-Action", I get above error and cannot login via https again... Strangely enough, when practicing in a VM-OMV-Installation, this error never occured...
...where do I start the troubleshooting?
(maybe - has anyone encountered the same issue?)Edit:
tryed playing with the "trusted domains" (by adding "ok URL") and overwrite-URL-Settings (to https://IP:44390) - but no effect...everytime I try to accesss nextcloud, the https: gets deleted from the URL; trying to connect to the OMV-Frontend, everything works...?
Edit 2:
After changing the trusted domain-entrys from IP:port to IP-only, I can access nextcloud via HTTP... But still having the Error 400 when trying with SSL...
The nginx-config for nextcloud:
Code
Alles anzeigenserver { listen 90; listen [::]:90; listen 44390 ssl; listen [::]:44390 ssl; ssl_certificate /etc/ssl/certs/openmediavault-0180d7bc-c20f-48d9-a43a-b599600946c4.crt; ssl_certificate_key /etc/ssl/private/openmediavault-0180d7bc-c20f-48d9-a43a-b599600946c4.key; set $root_path "/media/THE-uuid/www/nextcloud"; root $root_path; index index.html index.php; set $socket "unix:/var/run/fpm-d272bf4e-c0c0-4558-a84c-733a0fc58fc0.sock"; location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass $socket; } access_log /var/log/nginx/c135a3b3-9bee-4238-b9cc-d795423537cd-access.log; error_log /var/log/nginx/c135a3b3-9bee-4238-b9cc-d795423537cd-error.log; large_client_header_buffers 4 8k; # Add headers to serve security related headers # Before enabling Strict-Transport-Security headers please read into this # topic first. # add_header Strict-Transport-Security "max-age=15768000; # includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; location = /robots.txt { log_not_found off; allow all; access_log off; } # The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json # last; location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; location / { rewrite ^ /index.php$uri; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS off; #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass $socket; fastcgi_intercept_errors on; } location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; } # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block location ~* \.(?:css|js|woff|svg|gif)$ { try_files $uri /index.php$uri$is_args$args; add_header Cache-Control "public, max-age=7200"; # Add headers to serve security related headers (It is intended to # have those duplicated to the ones above) # Before enabling Strict-Transport-Security headers please read into # this topic first. # add_header Strict-Transport-Security "max-age=15768000; # includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args; # Optional: Don't log access to other assets access_log off; } }
...? -
If you're using HTTPS, then change fastcgi_param HTTPS off; this to fastcgi_param HTTPS on;
Another thing, since you installed NC on a /media/...., you don't need to add set $root_path "/media/THE-uuid/www/nextcloud"; in the vhost. -
Thanks, the "HTTPS on"-part did the trick...
But I need to set the root-path, as otherwhise I get an 404...?
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!