AH01797: client denied by server configuration: /var/www/nextcloud/remote.php

tomstephens89 · October 18, 2022, 7:57am

Just updated to v24 and my Apache2 error.log is filling with:

AH01797: client denied by server configuration: /var/www/nextcloud/remote.php

AH01797: client denied by server configuration: /var/www/nextcloud/dav

I have checked the apache2 conf and made sure the Require all granted and Satisfy Any exists under the nextcloud web root and it is.

www-data owns the whole folder as well, permissions on remote.php are:

-rw-rw-r-- 1 www-data www-data 5340 Oct 17 22:06 remote.php

Help please? I don’t really know whats going on here or what effect its having.

However, everything appears to be working, but syncing new clients is EXTREMELY slow.

Nextcloud version (eg, 20.0.5): 24.0.6
Operating system and version (eg, Ubuntu 20.04): Ubuntu Server 20.04.5 LTS
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.41
PHP version (eg, 7.4): PHP 7.4 FPM

The issue you are facing:

Clients are extremely slow to sync, especially the initial sync and actual proper sync )not virtual files) doesn’t seem to complete. I noticed the apache2 error.log is full of the below messages:

AH01797: client denied by server configuration: /var/www/nextcloud/remote.php
AH01797: client denied by server configuration: /var/www/nextcloud/dav

If a client is busy doing its initial sync of many many files, the log is streaming several of these messages per second.

Is this the first time you’ve seen this error? (Y/N): Yes and no, I thought it was only happening since the update to v24, however looking in the /var/log/apache2/error.log of pre upgrade backups I can see this happening.

Steps to replicate it:

Not sure, this is happening constantly whenever the client is trying to sync. I have 40 users and this is not limited to just one client. Majority of clients are Windows 3.6.0.

The output of your Nextcloud log in Admin > Logging:

https://pastebin.com/raw/3nJrdAka

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

https://pastebin.com/raw/KJDkRnj8

The output of your Apache/nginx/system log in /var/log/____:

/var/log/apache2/error.log LOG LEVEL IS SET TO DEBUG:

https://pastebin.com/raw/3MVrVTnJ

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

https://pastebin.com/raw/bWzTdufv

Here is my apache conf for the nextcloud vhost.

https://pastebin.com/raw/G6yt0EWV

Here is my .hataccess within the nextcloud folder:

tomstephens89 · October 19, 2022, 6:46am

I checked the logs from a pre v24 backup last night and saw that this has been happening for a long time as well.

Perhaps its the cause of the terrible sync performance I have pretty much always experienced with nextcloud?

tomstephens89 · October 20, 2022, 7:06am

Nextcloud version (eg, 20.0.5): 24.0.6
Operating system and version (eg, Ubuntu 20.04): Ubuntu Server 20.04.5 LTS
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.41
PHP version (eg, 7.4): PHP 7.4 FPM

The issue you are facing:

Clients are extremely slow to sync, especially the initial sync and actual proper sync )not virtual files) doesn’t seem to complete. I noticed the apache2 error.log is full of the below messages:

AH01797: client denied by server configuration: /var/www/nextcloud/remote.php
AH01797: client denied by server configuration: /var/www/nextcloud/dav

If a client is busy doing its initial sync of many many files, the log is streaming several of these messages per second.

Is this the first time you’ve seen this error? (Y/N): Yes and no, I thought it was only happening since the update to v24, however looking in the /var/log/apache2/error.log of pre upgrade backups I can see this happening.

Steps to replicate it:

Not sure, this is happening constantly whenever the client is trying to sync. I have 40 users and this is not limited to just one client. Majority of clients are Windows 3.6.0.

The output of your Nextcloud log in Admin > Logging:

https://pastebin.com/raw/3nJrdAka

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

https://pastebin.com/raw/KJDkRnj8

The output of your Apache/nginx/system log in /var/log/____:

/var/log/apache2/error.log LOG LEVEL IS SET TO DEBUG:

https://pastebin.com/raw/3MVrVTnJ

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

https://pastebin.com/raw/bWzTdufv

Here is my apache conf for the nextcloud vhost.

https://pastebin.com/raw/G6yt0EWV

Here is my .hataccess within the nextcloud folder:

tomstephens89 · October 25, 2022, 1:32pm

A little dissapointed with the support from Nextcloud, even if it is 'community support. Posted a week ago on here and havn’t even got an acknowledgement…

Posted over on Reddit as well and one user tried to assist kindly but admitted this was beyond him.

Have been using numerous open source infrastructure solutions for many years and im sorry to say Nextcloud has presented the most impacting bugs, along with the worst community support

devnull · October 25, 2022, 1:44pm

I can understand your frustration. Unfortunately, I can’t really help you either. But I’m afraid that your Apache2 configuration is somehow different from the default. Maybe you can create the Apache2 configuration from scratch.

I have never set it on my installations. I did not know “Satisfy Any”.

Maybe read this and yes there is also “Satisfy Any” in the documentation.

tomstephens89 · October 25, 2022, 1:59pm

I used the script installer so whatever configuration I have is via the nextcloud install script.

Satisfy Any is indeed in the docs as you say, apparently due to NC needing no server side auth for internal dav requests. If I remove it, NC stops working.

devnull · October 25, 2022, 2:03pm

Can you post the link to the script installer? Is it the web installer? The software Nextcloud is a lot of e.g. php files and with executing a lot of data is written in the MariaDB. But the webserver apache2 is more a separate software. So you can use e.g. virtual webservers in apache2 to access Nextcloud and other webservices. Maybe there is a problem in the apache2 setting. Errors in the apache2 configuration may have been present before Nextcloud or may have been added with the adaptation to Nextcloud.

In this link you find some apache2 configurations for Nextcloud for Ubuntu 22.04 LTS. I think it is similar to Ubuntu 20.04 LTS.

tomstephens89 · October 25, 2022, 2:12pm

The script in the documentation that does everything, apache as well. This was a fresh new VM, no existing apache/php/mysql or anything.

https://github.com/nextcloud/vm/blob/master/nextcloud_install_production.sh/

https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#installation-via-install-script

devnull · October 25, 2022, 2:15pm

Yes. But then maybe you can write an issue.

bb77 · October 25, 2022, 2:45pm

Not sure if this has anything to do with the performance issues you’re experiencing, but I would try to comment out the following lines and see if the error messages go away…

Include $NCPATH/.htaccess
Include $NCPATH/config/.htaccess
Include $NCDATA/.htaccess

I’m not sure what these lines are supposed to achieve anyways. I don’t see any reason why you would include the directives from .htaccess files in sub directories to the directory block of the parent directoy…

If you want to be extra sure that no one can access the files in the data and config directories, just add two additional Directory blocks to your virtual host, like this…

<Directory /var/www/nextcloud/data/>
Require all denied
</Directory>

<Directory /var/www/nextcloud/config/>
Require all denied
</Directory>

I also found this: AH01797: client denied by server configuration · Issue #2249 · nextcloud/vm · GitHub

But I would not recommend changing the .htaccess files as suggested in this comment.

tomstephens89 · October 25, 2022, 2:55pm

I’ll see if your changes make a difference later tonight. Should I keep the Satisfy Any in there?

bb77 · October 25, 2022, 3:52pm

According to the Nextcloud documentation it makes sure that any server-configured authentication mechanisms are disabled for the Nextcloud folder. So it I guess whether it is needed or not depends on how your Apache instance is configured. On a default Apache installation it’s usually not needed, but it doesn’t hurt to leave it in there either.

enoch85 · May 1, 2023, 12:17am

Just saw this, will have a closer look at it when times allows.

enoch85 · May 2, 2023, 4:14pm

OK, this should be fixed (or at least improved) in: