Hallo sebix,
sebix schrieb:
Kann es sein, dass es wegen des "@localhost" nicht klappt, da ich es versuche aus der Ferne zu installieren?
Ich komme darauf, da in der Anleitung hinter dem Link https://decatec.de/home-server/nextcloud-auf-ubuntu-server-20-04-lts-mit-nginx-mariadb-php-lets-encrypt-redis-und-fail2ban/ lese...
localhost ist immer relativ, also "lokal" aus Sicht der Komponente, die sich zu localhost verbindet. Wenn sich der Server zu localhost verbindet, verbindet er sich mit sich selbst. Das passt schon.
Was ich auch komisch finde, dass die Installation von Wordpress hingegen geklappt hat, Zugriff auf phpmyadmin funktioniert auch einwandfrei.
Steht was brauchbares in den Webserverlogs? Wie sieht aktuell die Konfiguration aus?
Ok, ich vermute nun tatsächlich fehlerhafte Konfigurationsdateien, weil ich die Nextcloud Installation nicht direkt ins root Verzeichnis haben möchte und die Anleitungen im Netz sich fast alle darauf beziehen. Im Grunde wäre es nicht das größte Drama, wenn Nextcloud direkt im root Verzeichnis wäre, da ich aber noch Unterverzeichnisse habe, mag ich immer etwas Ordnung/Übersicht im Verzeichnis, um bei einem Update nicht versehentlich die Unterverzeichnisse mit zu löschen. Es werden aber regelmäßig Backups erstellt, daher wäre es verkraftbar.
Bisher vorhandenes und offenbar funktionierendes Setup:
NGiNX, MariaDB, Letsencrypt (certbot), PHP 7.4.3
Ich habe bereits eingerichtet und würde gern weiterhin beibehalten:
webserver root: /var/www/html/
Passwd geschützer Bereich: /var/www/html/user/ (da steckt auch Wordpress & phpmyadmin drin, beides und funktioniert)
die Installationsdateien von Nextcloud sollen in: /var/www/html/nextcloud/
Ich möchte gerne meine Nextcloud mit der Adresse $HOSTNAME.spdns.de/nextcloud/ erreichen.
Ich habe es auch schon probiert die Nextcloud Dateien in /usr/share/nginx/nextcloud zu packen, dort könnten sie meinetwegen auch gern hin, klappte allerdings auch nicht.
Jetzt kommt der Teil, wo die Kenner sicher sagen werden "das kann nicht klappen, weil...". So hoffe ich es zumindest. ☺
/etc/nginx/sites-available/default
server {
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.php index.nginx-debian.html;
server_name $HOSTNAME.spdns.de;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
## With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
## With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_read_timeout 300;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
location /user {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /phpmyadmin {
index index.php index.html index.htm;
root /usr/share;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/$HOSTNAME.spdns.de/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/$HOSTNAME.spdns.de/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#listen 80;
#listen [::]:80;
#
#server_name example.com;
#
#root /var/www/example.com;
#index index.html;
#
#location / {
#try_files $uri $uri/ =404;
#}
#}
server {
if ($host = $HOSTNAME.spdns.de) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name $HOSTNAME.spdns.de;
return 404; # managed by Certbot
}
Dann habe ich noch eine /etc/nginx/conf.d/nextcloud.conf und darin vermute ich den Fehler:
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/var/run/php/php7.4-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name $HOSTNAME.spdns.de;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name $HOSTNAME.spdns.de;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
ssl_certificate /etc/letsencrypt/live/$HOSTNAME.spdns.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$HOSTNAME.spdns.de/privkey.pem;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
# rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta
# last;
#rewrite ^/.well-known/host-meta.json
# /nextcloud/public.php?service=host-meta-json last;
location = /.well-known/carddav {
return 301 $scheme://$host/nextcloud/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/nextcloud/remote.php/dav;
}
location /.well-known/acme-challenge { }
location ^~ /nextcloud {
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject applicatio
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location /nextcloud {
rewrite ^ /nextcloud/index.php$request_uri;
}
location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /nextcloud/index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended
# to have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read
# into this topic first.
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /nextcloud/index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
}
Außerdem noch eine /etc/nginx/snippets/headers.conf
# Add headers to serve security related headers
#..
# HSTS (ngx_http_headers_module is required)
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload;" always;.
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Robots-Tag none always;
add_header X-Download-Options noopen always;
add_header X-Permitted-Cross-Domain-Policies none always;
add_header Referrer-Policy no-referrer always;
add_header X-Frame-Options "SAMEORIGIN" always;
.
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
chown -R www-data:www-data /var/www/html/nextcloud/ ist gesetzt.
Die üblichen PHP Zusatzpakete, die auf den div. Anleitungsseiten empfohlen werden, sind installiert.
Neustart des Server mit der Konfiguration:
~$ systemctl status nginx.service
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-06-11 13:44:16 CEST; 3s ago
Docs: man:nginx(8)
Process: 57332 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 57333 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 57350 (nginx)
Tasks: 5 (limit: 9333)
Memory: 5.4M
CGroup: /system.slice/nginx.service
├─57350 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
├─57351 nginx: worker process
├─57352 nginx: worker process
├─57353 nginx: worker process
└─57354 nginx: worker process
Jun 11 13:44:16 server systemd[1]: Starting A high performance web server and a reverse proxy server...
Jun 11 13:44:16 server nginx[57332]: nginx: [warn] conflicting server name "$HOSTNAME.spdns.de" on 0.0.0.0:80, ignored
Jun 11 13:44:16 server nginx[57332]: nginx: [warn] conflicting server name "$HOSTNAME.spdns.de" on [::]:80, ignored
Jun 11 13:44:16 server nginx[57332]: nginx: [warn] conflicting server name "$HOSTNAME.spdns.de" on 0.0.0.0:443, ignored
Jun 11 13:44:16 server nginx[57332]: nginx: [warn] conflicting server name "$HOSTNAME.spdns.de" on [::]:443, ignored
Jun 11 13:44:16 server nginx[57333]: nginx: [warn] conflicting server name "$HOSTNAME.spdns.de" on 0.0.0.0:80, ignored
Jun 11 13:44:16 server nginx[57333]: nginx: [warn] conflicting server name "$HOSTNAME.spdns.de" on [::]:80, ignored
Jun 11 13:44:16 server nginx[57333]: nginx: [warn] conflicting server name "$HOSTNAME.spdns.de" on 0.0.0.0:443, ignored
Jun 11 13:44:16 server nginx[57333]: nginx: [warn] conflicting server name "$HOSTNAME.spdns.de" on [::]:443, ignored
Jun 11 13:44:16 server systemd[1]: Started A high performance web server and a reverse proxy server.
andreas@server:~$ sudo chown -R www-data:www-data /var/www/html/nextcloud/
Weil doppelt gemoppelt (in der /etc/ngnix/sites-available/default und der .../conf.d/nextcloud.conf) schein er den Servernamen zu ignorieren? Vermute ich...
Wenn ich die Installation von Nextcloud so unter $HOSTNAME.spdns.de/nextcloud starte kommt nach dem timeout eine "502 Bad Gateway" Meldung, als URL steht in der Adresszeile https://$HOSTNAME.spdns.de/nextcloud/index.php
/var/log/nginx/error.log
"nimsiki.spdns.de" on [::]:443, ignored
err: "PHP message: PHP Warning: fileperms(): stat failed for /var/www/html/nextcloud/data/nextcloud.log in /var/www/html/nextcloud/lib/private/Log/File.php on line 85PHP message: {"reqId":"QXc5DcXzYB3dGy7JCf0I"
Connection reset by peer) while reading response header from upstream, client: 84.119.177.29, server: nimsiki.spdns.de, request: "POST /nextcloud/index.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php7
ml/owa/auth/logon.aspx" failed (2: No such file or directory), client: 162.243.139.233, server: nimsiki.spdns.de, request: "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1", host: "92.116.47.231"
/var/log/nginx/nextcloud.error → nichts
/var/log/php7.4-fpm.log
[11-Jun-2020 13:46:30] WARNING: [pool www] child 57143, script '/var/www/html/nextcloud/index.php' (request: "POST ") execution timed out (32.221532 sec), terminating
[11-Jun-2020 13:46:30] WARNING: [pool www] child 57143 exited on signal 15 (SIGTERM) after 490.073236 seconds from start
[11-Jun-2020 13:46:30] NOTICE: [pool www] child 57362 started
Vielen herzlichen Dank für die Unterstützung, evtl. wird es jetzt was, wenn sich ein Kenner das anschaut.
Viele Grüße
Andreas