Nextcloud few issues

Nefertiti · 16. September 2022

first I am trying to share a big directory with someone thru the share link but after 2 gig the transfer stop and the link become obsolete with:

"File not found

The document could not be found on the server. Maybe the share was deleted or has expired?"

the other issues are Nextcloud- settings overview configuration waning in orange

There are some warnings regarding your setup."

The reverse proxy header configuration is incorrect, or you are accessing Nextcloud from a trusted proxy. If not, this is a security issue and can allow an attacker to spoof their IP address as visible to the Nextcloud. Further information can be found in the documentation ↗.
The "X-Robots-Tag" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.

HannesJo · 16. September 2022

Seems like nginx/Apache is not configured properly. How did you setup Nextcloud? Used any tutorial? Docker? Non-docker?

Nefertiti · 16. September 2022

I am using docker with this guide this [How-To] Nextcloud with swag (Letsencrypt) using OMV and docker-compose

and some posts from @KM0201

<?php

$CONFIG = array (

'memcache.local' => '\\OC\\Memcache\\APCu',

'datadirectory' => '/data',

'instanceid' => 'oc3zs1us6fyj',

'passwordsalt' => 'eKhXXXXXXXXXXXXXXXXXXXXbC',

'secret' => 'jkXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX4caz',

'trusted_domains' =>

array (

0 => '192.168.50.50:444',

),

'dbtype' => 'mysql',

'version' => '24.0.2.1',

'overwrite.cli.url' => 'https://nextcloud.XXXXXXXXXXXXX.duckdns.org',

'dbname' => 'nextcloud',

'dbhost' => 'nextclouddb',

'dbport' => '',

'dbtableprefix' => 'oc_',

'mysql.utf8mb4' => true,

'dbuser' => 'oc_Philip52',

'dbpassword' => 'XXXXXXXXXXXXXXXdof5ZH',

'installed' => true,

'overwritehost' => 'nextcloud.XXXXXXXXXXXXXXXXX.duckdns.org',

'overwriteprotocol' => 'https',

);

HannesJo · 16. September 2022

Can you also post your docker compose code, your swag proxy-confs/*.nextcloud.conf and proxy.conf? Is your swag a fresh setup or an older one? I think the problem is in the swag proxy conf. Maybe some outdated files or so.

Nefertiti · 17. September 2022

Here we go! I think my subdomain might be right.

KM0201 · 17. September 2022

Correction, I read that wrong.

KM0201 · 17. September 2022

Are you using swag to get your cert?

Need to see nextcloud's config.php as well.

I'm not sure on the "X-Robots" tag error, I've never seen that one.

The other two are easily resolved... That's a very detailed walkthrough using swag and nextcloud.

Beitrag

RE: Nextcloud Bad Gateway

[…]

This post has underwent some heavy editing to bring it more in line with macom's tutorial and hopefully make it flow a little easier. It 100% works, so if it does not work for you, then there is something you're doing wrong or a problem unique to your network.

OK, here's how I do it. not saying it's the only way, it's just simple and should have you up and running in about 15min. Everything that starts with a # needs to be adjusted for your system and then the # erased. Nothing other than…

KM0201

29. Januar 2021

Near the bottom I detail how to clear those two errors

Nefertiti · 17. September 2022

According to Swag log nginx: [emerg] unexpected "," in /config/nginx/proxy-confs/nextcloud.subdomain.conf:27

is 27 mean line # ? in this case in notepad++ this is empty

I fixed most of the errors in Nextcloud by following the link to your very detailed instructions

just got this one left

The "X-Robots-Tag" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

but I got

server_name nextcloud.*;

add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; in my subdomain.conf!

KM0201 · 17. September 2022

Why did you edit the default nextcloud.subdomain.conf ? That is clearly a line you added to your subdomain.conf

Nefertiti · 17. September 2022

Well before my posting I was trying to correct it probably made an error so where is the comma ?

Code

## Version 2021/05/18
    # make sure that your dns has a cname set for nextcloud
    # assuming this container is called "swag", edit your nextcloud container's config
    # located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
    #  'trusted_proxies' => ['swag'],
    #  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
    #  'overwritehost' => 'nextcloud.your-domain.com',
    #  'overwriteprotocol' => 'https',
    #
    # Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
    #  array (
    #    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
    #    1 => 'nextcloud.your-domain.com',
    #  ),
    
    server {
        listen 443 ssl;
        listen [::]:443 ssl;
    
        server_name nextcloud.*;
    add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
        include /config/nginx/ssl.conf;
    
        client_max_body_size 0;
    
        location / {
            
            include /config/nginx/proxy.conf;
            include /config/nginx/resolver.conf;
            set $upstream_app 192.168.50.50;
            set $upstream_port 444;
            set $upstream_proto https;
            proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    
            proxy_max_temp_file_size 2048m;
        }
    }

Alles anzeigen

KM0201 · 17. September 2022

Zitat von Nefertiti

Well before my posting I was trying to correct it probably made an error so where is the comma ?

Code

## Version 2021/05/18
    # make sure that your dns has a cname set for nextcloud
    # assuming this container is called "swag", edit your nextcloud container's config
    # located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
    #  'trusted_proxies' => ['swag'],
    #  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
    #  'overwritehost' => 'nextcloud.your-domain.com',
    #  'overwriteprotocol' => 'https',
    #
    # Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
    #  array (
    #    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
    #    1 => 'nextcloud.your-domain.com',
    #  ),
    
    server {
        listen 443 ssl;
        listen [::]:443 ssl;
    
        server_name nextcloud.*;
    add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
        include /config/nginx/ssl.conf;
    
        client_max_body_size 0;
    
        location / {
            
            include /config/nginx/proxy.conf;
            include /config/nginx/resolver.conf;
            set $upstream_app 192.168.50.50;
            set $upstream_port 444;
            set $upstream_proto https;
            proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    
            proxy_max_temp_file_size 2048m;
        }
    }

Alles anzeigen

Well, clearly this line, whatever it does, is wrong. You definitely added it, as it's not in the default.

Code

  add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";  add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";

as that is the specific error NC is complaining about. So why did you add that is my first question.

Assuming your nextcloud container was named nextcloud (which from your stack, it is)... there was no real reason to edit this file at all.

Try this

Delete that nextcloud.subdomain.conf you have now.

Create a new nextcloud.subdomain.conf and copy/paste the below. This is a default nextcloud.subdomain.conf. There should be no reason to edit the IP address, port, etc. Just copy/paste it into the new subdomain.conf file and save. It also appears you're using windows to do this, which generally is not the wisest of ideas. I've heard (but never seen as I've never actually seen anyone do this) of this causing possible permission errors. WHy don't you just edit it with nano? There's no real reason to share this folder over SMB and in fact it might even be a security risk as I'm assuming you have guest shares installed and someone could easily steal your cert

Code

## Version 2021/05/18
# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => ['swag'],
#  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
#  'overwritehost' => 'nextcloud.your-domain.com',
#  'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'nextcloud.your-domain.com',
#  ),

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name nextcloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app nextcloud;
        set $upstream_port 443;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_max_temp_file_size 2048m;
    }
}

Alles anzeigen

Once that's done, restart swag.

Now refresh NC, and that error should be clear.

Nefertiti · 17. September 2022

I just did it cannot access nextcloud if i dont set up set $upstream_appmyIP; with

Code

set $upstream_app nextcloud;

got

502 Bad Gateway

nginx

_______

Anyway, the last warning is now gone

Code

# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => ['swag'],
#  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
#  'overwritehost' => 'nextcloud.your-domain.com',
#  'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'nextcloud.your-domain.com',
#  ),

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name nextcloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app 192.168.50.50;
        set $upstream_port 443;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_max_temp_file_size 2048m;
    }
}

Alles anzeigen

KM0201 · 17. September 2022

weird you have to put your IP there....

Is your swag instance also on 192.168.50.xxx?

Glad it's working anyway, just not sure why you had to do that.

siteswap423 · 27. September 2022

Hi, same error message about :

"

The "X-Robots-Tag" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly."

How did you solve that ??

Br

Daniele.

HannesJo · 27. September 2022

Zitat von siteswap423

Hi, same error message about :
"
The "X-Robots-Tag" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly."

How did you solve that ??
Br
Daniele.

Alles anzeigen

The problem was that he added a custom header for X-Robots-Tag in the file nextcloud.subdomain.conf. This header is already set at another place what caused the error. In general when you really stick to the guide you don’t get the error.

siteswap423 · 28. September 2022

@HannesJo, thank you for the reply, i found the problem .

I have removed the "#" in the swag's ssl.conf , at the "X-Robots-Tag line ( my mistake ).

Now is ok,

Br

Daniele.

HannesJo · 28. September 2022

Zitat von siteswap423

@HannesJo, thank you for the reply, i found the problem .
I have removed the "#" in the swag's ssl.conf , at the "X-Robots-Tag line ( my mistake ).
Now is ok,
Br
Daniele.

Nice 👍 … If swag is the only way your Nextcloud is accessible and you also access other apps via swag, you may re-activate it here and disable at Nextcloud to prevent the error. You should find it at Nextcloud‘s /config/nginx/site-confs/default.

siteswap423 · 28. September 2022

Zitat von HannesJo

Nice 👍 … If swag is the only way your Nextcloud is accessible and you also access other apps via swag, you may re-activate it here and disable at Nextcloud to prevent the error. You should find it at Nextcloud‘s /config/nginx/site-confs/default

Hi , tried It .

Insert the "#" in config/nginx/site-confs/default to the X-Robot-Tag line , and edited the swag's .ssl.conf with none at the X-Robot-Tag line .

Restarted the Nextcloud container but doesnt work .

Come back to the standard setup .

Do you have any suggestion ??

KM0201 · 28. September 2022

https://help.nextcloud.com/t/x…t-more-than-none/90809/11

https://developers.google.com/…-indexing/robots-meta-tag

HannesJo · 28. September 2022

Hmm that is what I did and it worked. In general the error means the header is either missing or present multiple times.

Nextcloud few issues

502 Bad Gateway

Jetzt mitmachen!

Ähnliche Themen

Setting up nextcloud in docker

OMV5 + Nextcloud (pb : Data)

Issues with Nextcloud Remote Access

Need guidance installing Nextcloud (Docker, portainer, SWAG)

Can't deploy Nextcloud-stack, OMV 6, Swag, Rockpi 4b