You are not logged in.
Pages: 1
Hi Everybody.
I'm really new in Arch. I'm trying to install Nextcloud with Nginx for the last 3 days but it doesn't work. I read the whole wiki from Arch and I set up the nginx.conf and the server block according to the guide.
These are the files
user http;
# May be equal to grep processor /proc/cpuinfo | wc -l
worker_processes auto;
worker_cpu_affinity auto;
# PCRE JIT can speed up processing of regular expressions significantly.
pcre_jit on;
events {
# Should be equal to ulimit -n
worker_connections 1024;
# Let each process accept multiple connections.
multi_accept on;
# Preferred connection method for newer linux versions.
use epoll;
}
http {
server_tokens off; # Disables the Server response header
charset utf-8;
# Sendfile copies data between one FD and other from within the kernel.
# More efficient than read() + write(), since the requires transferring
# data to and from the user space.
sendfile on;
# Tcp_nopush causes nginx to attempt to send its HTTP response head in one
# packet, instead of using partial frames. This is useful for prepending
# headers before calling sendfile, or for throughput optimization.
tcp_nopush on;
# Don't buffer data-sends (disable Nagle algorithm). Good for sending
# frequent small bursts of data in real time.
#
tcp_nodelay on;
# On Linux, AIO can be used starting from kernel version 2.6.22.
# It is necessary to enable directio, or otherwise reading will be blocking.
# aio threads;
# aio_write on;
# directio 8m;
# Caches information about open FDs, freqently accessed files.
# open_file_cache max=200000 inactive=20s;
# open_file_cache_valid 60s;
# open_file_cache_min_uses 2;
# open_file_cache_errors on;
# http://nginx.org/en/docs/hash.html
types_hash_max_size 4096; include mime.types;
default_type application/octet-stream;
# Logging Settings access_log off;
# Gzip Settings
gzip on;
gzip_comp_level 6;
gzip_min_length 500;
gzip_proxied expired no-cache no-store private auth;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
# index index.php index.html index.htm;
include sites-enabled/*; # See Server blocks
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Redirect to HTTPS
server {
listen 80;
server_name 10.0.0.18;
return 301 https://$host$request_uri;
}
server {
listen 80; # Uncomment to also listen for HTTP requests
listen 443 ssl http2; # HTTP/2 is only possible when using SSL
server_name 10.0.0.18;
ssl_certificate ssl/server.crt;
ssl_certificate_key ssl/server.key;
root /usr/share/nginx/html;
location / {
index index.html index.htm;
}
}
}
and /etc/nginx/sites-available/nextcloud.conf:
upstream php-handler {
server unix:/run/php-fpm/php-fpm.sock;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name 10.0.0.18/nextcloud;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /usr/share/webapps/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /data/htaccesstest.txt {
allow all;
log_not_found off;
access_log off;
}
location = /favicon.ico {
return 204;
access_log off;
log_not_found off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
# The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-we>
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php$request_uri;
}
location ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
location \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
location ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location [^/]\.php(/|$) {
# Correctly handle request like /test.php/foo/blah.php or /test.php/
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
try_files $uri $document_root$fastcgi_script_name =404;
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
if I type the server ip in the browser I get the "welcome to nginx" but if I type ip/nextcloud I get "404 not found". I configured also PHP-FPM and I set up nextcloud's folder permission (user: http) according to the guide
Can anyone please help me?
Question No 2: I would like to use a ddns address. Is it enough to write it instead of my server ip in the server_name?
PS: this is the first post of my life and I hope I wrote it in the right way
Thanks in advance
Last edited by carletto86 (2019-08-22 20:10:40)
Offline
https://wiki.archlinux.org/index.php/Ng … er_entries
DDNS depends on whether you've configured such service, but you should not open your server to the internet before you've ensured *locally* that all restrictions are in place and everything works fine.
Offline
I already did everything from this link and it still doesn't work
Offline
You didn't mention that you symlink'd /etc/nginx/sites-available/nextcloud.conf to /etc/nginx/sites-enabled/nextcloud.conf - did you?
Offline
Yes I also created the symlink. Which permission should have the file nextcloud.conf in sites-available? At the moment is root:root
Offline
nginx is configured to run as user "http", that user must (exist and) be able to read the file.
Please post the nginx log(s)
Offline
I found the error_log and I think the error
2019/08/19 09:17:19 [error] 7699#7699: *2 open() "/usr/share/nginx/html/nextcloud" failed (2: No such file or directory),
But I can't find how I can correct it
Offline
Means that "root /usr/share/webapps/nextcloud/;" isn't accepted or shadowed by your nginx config…
Offline
Now I get this new error
/08/19 12:27:12 [error] 2041#2041: *1 rewrite or internal redirection cycle while processing "/index.php/nextcloud", request: "GET /nextcloud HTTP/2.0",
Offline
We're not gonna play this.
Post the log.
Offline
This is the log
2019/08/19 12:27:12 [error] 2041#2041: *1 rewrite or internal redirection
cycle while processing "/index.php/nextcloud", client: 89.144.209.41, serv
er: carletto86.ddns.net/nextcloud, request: "GET /nextcloud HTTP/2.0", hos
t: "carletto86.ddns.net"
2019/08/19 12:32:31 [error] 2041#2041: *2 rewrite or internal redirection
cycle while processing "/index.php/", client: 89.144.209.41, server: carle
tto86.ddns.net/nextcloud, request: "GET / HTTP/2.0", host: "carletto86.ddn
s.net"
2019/08/19 13:04:44 [notice] 2793#2793: using the "epoll" event method
2019/08/19 13:04:44 [notice] 2793#2793: nginx/1.17.3
2019/08/19 13:04:44 [notice] 2793#2793: OS: Linux 5.2.9-arch1-1-ARCH
2019/08/19 13:04:44 [notice] 2793#2793: getrlimit(RLIMIT_NOFILE): 1024:524
288
2019/08/19 13:04:44 [notice] 2794#2794: start worker processes
2019/08/19 13:04:44 [notice] 2794#2794: start worker process 2795
2019/08/19 13:04:44 [notice] 2794#2794: start worker process 2796
2019/08/19 13:04:44 [notice] 2795#2795: sched_setaffinity(): using cpu #0
2019/08/19 13:04:44 [notice] 2796#2796: sched_setaffinity(): using cpu #1
2019/08/19 13:04:53 [error] 2795#2795: *1 rewrite or internal redirection
cycle while processing "/index.php/", client: 89.144.209.41, server: carle
tto86.ddns.net/nextcloud, request: "GET / HTTP/2.0", host: "carletto86.ddn
s.net"
2019/08/19 13:05:03 [error] 2795#2795: *1 rewrite or internal redirection
cycle while processing "/index.php/nextcloud", client: 89.144.209.41, serv
er: carletto86.ddns.net/nextcloud, request: "GET /nextcloud HTTP/2.0", hos
t: "carletto86.ddns.net"
2019/08/19 13:05:06 [error] 2795#2795: *1 rewrite or internal redirection
cycle while processing "/index.php/nextxloud", client: 89.144.209.41, serv
er: carletto86.ddns.net/nextcloud, request: "GET /nextxloud HTTP/2.0", hos
t: "carletto86.ddns.net"
~
~
"/var/log/nginx/nginx_error.log" 14 lines, 1813 characters
Ps:i changed today the server.name in the nginx.conf and nextcloud.conf with ddns because I'm not at home
Offline
a) Please use code tags, not quote tags
b) nginx should be built debug enabled and we want to see *why* this happens:
(for log in /var/log/nginx/*; do print "\n=====\n$log\n--------\n"; cat "$log"; done) | curl -F 'f:1=<-' ix.io
Offline
a) thank you, didn't know
b) I wrote the string in this way (I'm not that sure that's right) :
(for log in /var/log/nginx/nginx_error.log; do printf "\n=====\n$log\n--------\n"; cat "$log"; done) | curl -F 'f:1=<-' https://carletto86.ddns.net/nextcloud
and this is the output:
<html>
<head><title>500 Internal Server Error</title></head>
<body>
<center><h1>500 Internal Server Error</h1></center>
<hr><center>nginx</center>
</body>
</html>
Offline
ix.io is a pastebin service…
Offline
I solved. I removed the server block from the /etc/nginx/nginx.conf. After that there were a problem in the /etc/nginx/sites-available/nextcloud.conf: he was always searching the index.php in the folder /usr/share/webapps/nextcloud/nextcloud instead of /usr/share/webapps/nextcloud. I downloaded a new conf file and now is working.
The .log file helped me a lot.
Should i write [SOLVED] on the topic?
Thank you very much for your help!
Offline
Yes, please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.
Offline
Pages: 1