You are not logged in.

#1 2016-08-19 14:06:29

cristian
Member
From: Timisoara, Romania
Registered: 2016-08-19
Posts: 3

[SOLVED]Owncloud/Nginx - Site can't be reached

Here is my nginx.conf

http{ 

  include /etc/nginx/conf.d/*.conf;
  include       mime.types;
  default_type  application/octet-stream;

  #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  #                  '$status $body_bytes_sent "$http_referer" '
  #                  '"$http_user_agent" "$http_x_forwarded_for"';

  #access_log  logs/access.log  main;

  sendfile        on;
  #tcp_nopush     on;

  #keepalive_timeout  0;
  keepalive_timeout  65;

  #gzip  on;

  server {
     listen       80;
     server_name  localhost;

     #charset koi8-r;

     #access_log  logs/host.access.log  main;

     location / {
         root   /usr/share/nginx/html;
         index  index.html index.htm;
      }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht { 
    #    deny  all;
    #}
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#    listen       8000;
#    listen       somename:8080;
#    server_name  somename  alias  another.alias;

#    location / {
#        root   html;
#        index  index.html index.htm;
#    }
 #}


# HTTPS server
#
#server {
#    listen       443 ssl;
#    server_name  localhost;

#    ssl_certificate      cert.pem;
#    ssl_certificate_key  cert.key;

#    ssl_session_cache    shared:SSL:1m;
#    ssl_session_timeout  5m;

#    ssl_ciphers  HIGH:!aNULL:!MD5;
#    ssl_prefer_server_ciphers  on;

#    location / {
#        root   html;
#        index  index.html index.htm;
#    }
# }
} 

And I have created a directory called conf.d and added this code in /etc/nginx/conf.d/owncloud.conf


 upstream php-handler {
 #server 127.0.0.1:9000;
 server unix:/run/php-fpm/php-fpm.sock;
 }

server {
 listen 80;
 server_name owncloud.your-domain.com;
 # enforce https
 return 301 https://$server_name$request_uri;
 }

server {
 listen 443 ssl;
 server_name owncloud.your-domain.com;

 ssl_certificate ssl/server.crt;
 ssl_certificate_key ssl/server.key;

# Add headers to serve security related headers
 add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
 add_header X-Content-Type-Options nosniff;
 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Robots-Tag none;

 # Path to the root of your installation
 root /usr/share/webapps/owncloud;
 # set max upload size
 client_max_body_size 10G;
 fastcgi_buffers 64 4K;

 # Disable gzip to avoid the removal of the ETag header
 gzip off;

 # Uncomment if your server is build with the ngx_pagespeed module
 # This module is currently not supported.
 #pagespeed off;

 index index.php;
 error_page 403 /core/templates/403.php;
 error_page 404 /core/templates/404.php;

 rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
 rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;

 # The following 2 rules are only needed for the user_webfinger app.
 # Uncomment it if you're planning to use this app.
 #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
 #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

 location = /robots.txt {
 allow all;
 log_not_found off;
 access_log off;
 }

location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
   deny all;
}

location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
  deny all;
}

location / {
  rewrite ^/remote/(.*) /remote.php last;
  rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
  try_files $uri $uri/ =404;
}

 location ~ \.php(?:$|/) {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
 }

 # Adding the cache control header for js and css files
 # Make sure it is BELOW the location ~ \.php(?:$|/) { block
 location ~* \.(?:css|js)$ {
 add_header Cache-Control "public, max-age=7200";
 # Add headers to serve security related headers
 add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
 add_header X-Content-Type-Options nosniff;
 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Robots-Tag none;
 # Optional: Don't log access to assets
    access_log off;
 }

 # Optional: Don't log access to other assets
 location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
   access_log off;
 }
}  

And runing the command : sudo nginx -t it  gives:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

But when i run the command to see the syntax of owncloud.conf it gives me this:

2016/08/19 17:04:01 [emerg] 1776#1776: "upstream" directive is not allowed here in /etc/nginx/conf.d/owncloud.conf:1
nginx: configuration file /etc/nginx/conf.d/owncloud.conf test failed


Also I get a error message when i try to connect from my dns " Site can't be reached "

Any suggestions where should i look ?

Last edited by cristian (2016-09-17 14:50:55)

Offline

#2 2016-08-20 13:43:44

smirky
Member
From: Bulgaria
Registered: 2013-02-23
Posts: 277
Website

Re: [SOLVED]Owncloud/Nginx - Site can't be reached

Try this:

server {
	listen 80;
	server_name cloud.ltd;
	# enforce https
	return 301 https://$server_name$request_uri;
}

server {
	listen 443 ssl http2;
	server_name cloud.ltd;
	server_tokens off;

	ssl_certificate      /etc/letsencrypt/live/cloud.ltd/fullchain.pem;
        ssl_certificate_key  /etc/letsencrypt/live/cloud.ltd/privkey.pem;
        ssl_stapling on;
        ssl_stapling_verify on;
	ssl_dhparam /etc/ssl/private/dhparam.pem;

	# Add headers to serve security related headers
	add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
	add_header X-Content-Type-Options nosniff;
	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Robots-Tag none;
	add_header X-Download-Options noopen;
	add_header X-Permitted-Cross-Domain-Policies none;
	
	# Path to the root of your installation
	root /usr/share/webapps/nextcloud;
	# set max upload size
	client_max_body_size 10G;
	fastcgi_buffers 64 4K;
	# Disable gzip to avoid the removal of the ETag header
	gzip off;

	# Uncomment if your server is build with the ngx_pagespeed module
	# This module is currently not supported.
	#pagespeed off;

	rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
	rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
	rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

	index index.php;
	error_page 403 /core/templates/403.php;
	error_page 404 /core/templates/404.php;
	access_log /var/log/nginx/cloud-access.log;
	error_log /var/log/nginx/cloud-error.log;

	location = /robots.txt {
		allow all;
		log_not_found off;
		access_log off;
	}

	location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
		deny all;
	}

	location / {
		# The following 2 rules are only needed with webfinger
		rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
		rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
		rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
		rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
		rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
		try_files $uri $uri/ /index.php;
	}

	location ~ \.php(?:$|/) {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		fastcgi_param PATH_INFO $fastcgi_path_info;
		fastcgi_param HTTPS on;
		fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
		fastcgi_param PHP_VALUE open_basedir="/tmp:/usr/share/webapps/nextcloud:/<cloud_storage>:/dev/urandom:/var/log/nginx";
		# Unix domain sockets are faster than TCP sockets
		fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
	}

	# Optional: set long EXPIRES header on static assets
	location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
		expires 30d;
		# Optional: Don't log access to assets
		access_log off;
	}
}

Personal spot  ::  https://www.smirky.net/  ::  Try not to get lost!

Offline

#3 2016-08-21 03:49:44

cristian
Member
From: Timisoara, Romania
Registered: 2016-08-19
Posts: 3

Re: [SOLVED]Owncloud/Nginx - Site can't be reached

The same result - Site can't be reached . I have checked again the nginx.conf and it gives me that the test is successful. I start to think that maybe is something about the ownership files of the owncloud. In my /etc/php/php-fpm.d/www.conf , the socket path is listen =/var/run/php-fpm/php-fpm.sock,  so i modifyed the fastcgi_pass.

Offline

#4 2016-09-17 14:40:45

cristian
Member
From: Timisoara, Romania
Registered: 2016-08-19
Posts: 3

Re: [SOLVED]Owncloud/Nginx - Site can't be reached

I have found what the problem was. I was setting the wrong port in my router. I was setting the 80 external port and it needed to be 443. Also here is my owncloud.conf which is working

server {
     
       listen             80;
       server_name        localhost;
       return             301 https://$server_name$request_uri;
}



server  {
        
        listen       443;
        ssl on;

        server_name  localhost;

    
     
  

 
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';



	# Add headers to serve security related headers
 	add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
 	add_header X-Content-Type-Options nosniff;
 	add_header X-Frame-Options "SAMEORIGIN";
 	add_header X-XSS-Protection "1; mode=block";
 	add_header X-Robots-Tag none;


 
	 # Path to the root of your installation
 	 root /usr/share/webapps/owncloud;
	 # set max upload size
 	 client_max_body_size 10G;
 	 fastcgi_buffers 64 4K;

         # Disable gzip to avoid the removal of the ETag header
 	 gzip off;
	
	 # Uncomment if your server is build with the ngx_pagespeed module
 	 # This module is currently not supported.
 	 #pagespeed off;        

	 index index.php;
 	 error_page 403 /core/templates/403.php;
 	 error_page 404 /core/templates/404.php;


         rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
	 rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;

	 location ~ /.well-known {
                allow all;
        }

         location = /robots.txt {
		 allow all;
 		 log_not_found off;
 		 access_log off;
 	}

	location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
 		  deny all;
	}
	
	location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
  		deny all;
	}





        location / {
 	    rewrite ^/remote/(.*) /remote.php last;
  	    rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
  	    try_files $uri $uri/ =404;
	}

        location ~ \.php(?:$|/)  {
	    fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass   unix:/run/php-fpm/php-fpm.sock;
            fastcgi_index  index.php;
	    fastcgi_param PATH_INFO $fastcgi_path_info;
  	    fastcgi_param HTTPS on;	    
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
	    fastcgi_param modHeadersAvailable true;
	    fastcgi_intercept_errors on;
            include        fastcgi_params;
        }

      
 	 # Adding the cache control header for js and css files
 	 # Make sure it is BELOW the location ~ \.php(?:$|/) { block
 	 location ~* \.(?:css|js)$ {
	 add_header Cache-Control "public, max-age=7200";
	 # Add headers to serve security related headers
	 add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
 	 add_header X-Content-Type-Options nosniff;
       	 add_header X-Frame-Options "SAMEORIGIN";
	 add_header X-XSS-Protection "1; mode=block";
 	 add_header X-Robots-Tag none;
 	 # Optional: Don't log access to assets
   	 access_log off;
 	}

 	# Optional: Don't log access to other assets
 	location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
   	access_log off;
 	}
   }

Offline

Board footer

Powered by FluxBB