403 On Fresh Install With Podman (Docker Alternative) and Apache

Saroufim · November 8, 2020, 10:33pm

Problem descrition:

At first I was getting “Internal Server Error” with the following error:

"--","app":"PHP","method":"GET","url":"/","message":"fopen(/home/User/.config/nextcloud/data/nextcloud.log): failed to open stream: Permission denied at /home/User/.c$

Now I’m getting

 [access_compat:error] : client denied by server configuration: /home/User/.config/nextcloud/

Creation command:

podman run --pod nc -d --name nextcloud -e NEXTCLOUD_ADMIN_USER=User -e NEXTCLOUD_ADMIN_PASSWORD=Password -e NEXTCLOUD_TRUSTED_DOMAINS=IPADDRESS -v /home/User/Nextcloud:/var/www/html/data -e POSTGRES_HOST=127.0.0.1 -e POSTGRES_DB=Something -e POSTGRES_USER=Something -e POSTGRES_PASSWORD=Something -e REDIS_HOST=127.0.0.1 -e REDIS_HOST_PASSWORD=Something -v /home/User/.config/nextcloud:/var/www/html nextcloud:fpm-alpine

Apache site config:

>                                                                                                                                                            <VirtualHost *:80>
> ServerName website.com
> #ServerAdmin webmaster@your-domain.tld
> DocumentRoot /home/User/.config/nextcloud
> 
> <IfModule mod_rewrite.c>
> RewriteEngine On
> RewriteCond %{HTTPS} !=on
> RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
> LimitRequestBody 0
> RewriteCond %{SERVER_NAME} =website.com
> RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
> </IfModule>
> </VirtualHost>
> 
> ErrorLog ${APACHE_LOG_DIR}/nc1-error.log
> CustomLog ${APACHE_LOG_DIR}/nc1-access.log combined
> 
> <IfModule mod_ssl.c>
>   <VirtualHost _default_:443>
> DocumentRoot /home/User/.config/nextcloud
> ServerName website.com
> SSLEngine on
> SSLCertificateFile /etc/letsencrypt/live/website.com/fullchain.pem
> SSLCertificateKeyFile /etc/letsencrypt/live/website.com/privkey.pem
> Include /etc/letsencrypt/options-ssl-apache.conf
> </VirtualHost>
> #  <FilesMatch "\.(cgi|shtml|phtml|php)$">
> #    SSLOptions +StdEnvVars
> #  </FilesMatch>
>   <Directory /usr/lib/cgi-bin>
> SSLOptions +StdEnvVars
>   </Directory>
>   <Directory /home/User/.config/nextcloud/>
> Options Indexes FollowSymLinks
> AllowOverride None
> Require all granted
>   <IfModule mod_dav.c>
> Dav off
>   </IfModule>
> LimitRequestBody 0
> SSLRenegBufferSize 10486000
>   <IfModule mod_headers.c>
> Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
>   </IfModule>
> SetEnv HOME /home/User/.config/nextcloud
> SetEnv HTTP_HOME /home/User/.config/nextcloud
>  </Directory>

I tried chowing the directory with www-data:www-data from inside the container as well as root:www-data but neither one of those solutions helped. Chmod 755 wasn’t of help either.

I also tried other images such as the debian apache image which yielded in endless login loops over https but was working swimmingly from the IP address and Linuxserver’s Nextcloud image that had the same exact issues even when setting the uid and gid to 1000 (the same as the default user).

I ran out of ideas on how to fix this. Any help would be appreciated.

System: RPI3B+ with Raspberry Pi OS Lite and Apache 2.4