Always 403 Forbidden - Help after flashing NextCloudPi_RPi_03-28-20.img to Raspberry Pi 4 B with 4 GB RAM

Hi at all,
I am having problems flashing or installing NextCloudPi in general to a 32 GB micro sd card.
After flashing the NextCloudPi_RPi_03-28-20.img file with balena Etcher from here I try to access the NCP-webinterface over the assigned IP or dns-name, but I am getting the

"403 Forbidden - You don't have permission to access this resource." error and I can’t reach the activation page.

What I did so far without success:

  • Searching in the Nextcloud community and in Google, but couldn’t find a solution
  • Add an exception in Mozilla Firefox for the non valid certificate
  • Try other browser like Edge or Internet Explorer --> same error…
  • Flashing a clean Raspbian Buster image and install NextCloudPi with
    wget https://raw.githubusercontent.com/nextcloud/nextcloudpi/master/install.sh
    sudo bash install.sh --> same error…
  • Activate nc-webui by ncp-config --> same error…

My environment:

  • I access the Raspberry Pi via Wifi
  • SSH access is possible

My nextcloud.conf:
/etc/apache2/sites-available $ cat nextcloud.conf


DocumentRoot /var/www/nextcloud
CustomLog /var/log/apache2/nc-access.log combined
ErrorLog /var/log/apache2/nc-error.log
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All

Dav off

LimitRequestBody 0
SSLRenegBufferSize 10486000

NextCloudPi diagnostics:

------

NextCloudPi diagnostics

NextCloudPi version  v1.24.0
NextCloudPi image    NextCloudPi_03-28-20
distribution         Raspbian GNU/Linux 10 \n \l
automount            no
USB devices          none
datadir              /var/www/nextcloud/data
data in SD           yes
data filesystem      ext2/ext3
data disk usage      2.1G/29G
rootfs usage         2.1G/29G
swapfile             /var/swap
dbdir                /var/lib/mysql
Nextcloud check      ok
Nextcloud version    18.0.3.0
HTTPD service        up
PHP service          up
MariaDB service      up
Redis service        up
Postfix service      up
internet check       ok
port check 80        closed
port check 443       closed
IP                   ***REMOVED SENSITIVE VALUE***
gateway              ***REMOVED SENSITIVE VALUE***
interface            wlan0
certificates         ***REMOVED SENSITIVE VALUE***
NAT loopback         no
uptime               9min

Nextcloud configuration

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": {
            "0": "localhost",
            "5": "nextcloudpi.local",
            "7": "nextcloudpi",
            "8": "nextcloudpi.lan",
            "11": "2003:f4:ef36:f400:a2ef:51c:***REMOVED***",
            "1": "11.***REMOVED***"
        },
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "18.0.3.0",
        "overwrite.cli.url": "http:\/\/localhost",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "timeout": 0,
            "password": "***REMOVED SENSITIVE VALUE***"
        },
        "tempdirectory": "\/var\/www\/nextcloud\/data\/tmp",
        "mail_smtpmode": "sendmail",
        "mail_smtpauthtype": "LOGIN",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "preview_max_x": "2048",
        "preview_max_y": "2048",
        "jpeg_quality": "60",
        "overwriteprotocol": "https"
    }
}

HTTPd logs

[Thu Feb 13 16:10:23.283988 2020] [ssl:warn] [pid 736:tid 3069231632] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Thu Feb 13 16:10:23.284769 2020] [ssl:error] [pid 736:tid 3069231632] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=archlinux / issuer: CN=archlinux / serial: 2A964521A5A0AD28440B39B1D781ABFDD1281F7C / notbefore: Mar 28 20:04:49 2020 GMT / notafter: Mar 26 20:04:49 2030 GMT]
[Thu Feb 13 16:10:23.284810 2020] [ssl:error] [pid 736:tid 3069231632] AH02604: Unable to configure certificate localhost:443:0 for stapling
[Thu Feb 13 16:10:23.406798 2020] [ssl:warn] [pid 1063:tid 3069231632] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Thu Feb 13 16:10:24.329770 2020] [ssl:error] [pid 1063:tid 3069231632] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=archlinux / issuer: CN=archlinux / serial: 2A964521A5A0AD28440B39B1D781ABFDD1281F7C / notbefore: Mar 28 20:04:49 2020 GMT / notafter: Mar 26 20:04:49 2030 GMT]
[Thu Feb 13 16:10:24.329848 2020] [ssl:error] [pid 1063:tid 3069231632] AH02604: Unable to configure certificate localhost:443:0 for stapling
[Thu Feb 13 16:10:24.340397 2020] [mpm_event:notice] [pid 1063:tid 3069231632] AH00489: Apache/2.4.38 (Raspbian) OpenSSL/1.1.1d configured -- resuming normal operations
[Thu Feb 13 16:10:24.340519 2020] [core:notice] [pid 1063:tid 3069231632] AH00094: Command line: '/usr/sbin/apache2'
[Tue Mar 31 14:31:44.599190 2020] [authz_host:error] [pid 1065:tid 2755138592] [client 11.***:60086] AH01753: access check of 'localhost' to / failed, reason: unable to get the remote host name
[Tue Mar 31 14:31:44.599353 2020] [authz_core:error] [pid 1065:tid 2755138592] [client 11.***:60086] AH01630: client denied by server configuration: /var/www/ncp-web/
[Tue Mar 31 14:31:44.628684 2020] [authz_host:error] [pid 1065:tid 2755138592] [client 11.***:60086] AH01753: access check of 'localhost' to /favicon.ico failed, reason: unable to get the remote host name
[Tue Mar 31 14:31:44.628753 2020] [authz_core:error] [pid 1065:tid 2755138592] [client 11.***:60086] AH01630: client denied by server configuration: /var/www/ncp-web/favicon.ico

Database logs

2020-02-13 16:10:31 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2020-02-13 16:10:31 0 [Note] InnoDB: Number of pools: 1
2020-02-13 16:10:31 0 [Note] InnoDB: Using generic crc32 instructions
2020-02-13 16:10:31 0 [Note] InnoDB: Initializing buffer pool, total size = 1.625G, instances = 1, chunk size = 128M
2020-02-13 16:10:31 0 [Note] InnoDB: Completed initialization of buffer pool
2020-02-13 16:10:31 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2020-02-13 16:10:31 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
2020-02-13 16:10:31 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2020-02-13 16:10:31 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2020-02-13 16:10:31 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2020-02-13 16:10:31 0 [Note] InnoDB: Waiting for purge to start
2020-02-13 16:10:31 0 [Note] InnoDB: 10.3.22 started; log sequence number 4286416; transaction id 2809
2020-02-13 16:10:31 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
2020-02-13 16:10:31 0 [Note] Plugin 'FEEDBACK' is disabled.
2020-02-13 16:10:31 0 [Note] Server socket created on IP: '127.0.0.1'.
2020-02-13 16:10:31 0 [Note] Reading of all Master_info entries succeeded
2020-02-13 16:10:31 0 [Note] Added new Master_info '' to hash table
2020-02-13 16:10:31 0 [Note] /usr/sbin/mysqld: ready for connections.
Version: '10.3.22-MariaDB-0+deb10u1'  socket: '/run/mysqld/mysqld.sock'  port: 3306  Raspbian 10
2020-02-13 16:10:31 0 [Note] InnoDB: Buffer pool(s) load completed at 200213 16:10:31

Nextcloud logs

{"reqId":"rxe9xZTDtfX0z0JGTRF6","level":2,"time":"2020-03-31T13:30:20+00:00","remoteAddr":"","user":"--","app":"appstoreFetcher","method":"","url":"--","message":"Could not connect to appstore: cURL error 28: Operation timed out after 10000 milliseconds with 4154304 out of 4591347 bytes received (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)","userAgent":"--","version":"18.0.3.0"}

------

Any help is much appreciated. This is my first time setting up Nextcloud on the Raspberry Pi. I am relatively new to using linux commands like sudo and all that as well, so please explain steps thoroughly.
Many thanks in advance!

Best regards
SBC

Have none of you any ideas? :pleading_face:

Could someone give me some advice/solution please???
Any help is much appreciated! :+1: :+1: :+1:

Thanks!

Please post the URL you put into your browser:

https://a.b.c.d:4443

Please post all answers of the browser. problems with certificate, …

Do you use the version from this directory?
https://ownyourbits.com/downloads/NextCloudPi_RPi_03-28-20/

Hi devnull,
thanks for the reply!

The URL I put in my Mozilla Firefox (MF) browser is:
https://11.***.***.***:4443/
If you really need the entire URL, I can send you via PM.

All the answers of the MF browser are:
Warnung: Mögliches Sicherheitsrisiko erkannt
Firefox hat ein mögliches Sicherheitsrisiko erkannt und 11.***.***.*** nicht geladen. Falls Sie die Website besuchen, könnten Angreifer versuchen, Passwörter, E-Mails oder Kreditkartendaten zu stehlen.

English translation:
Warning: Potential safety risk detected
Firefox has detected a possible security risk and 11.***.***.*** has not loaded. If you visit the website, attackers may try to steal passwords, e-mail, or credit card information.

I confirm the warning with “Advanced…” button, then I press “Accept risk and continue” and the error
403 Forbidden - You don't have permission to access this resource. appears and I can’t reach the activation page.

“Do you use the version from this directory?
https://ownyourbits.com/downloads/NextCloudPi_RPi_03-28-20/
Yes I do.

Best regards!
SBC

No. But there is a certificate error. But perhaps it is ok for the website …:4443
Can you access to nextcloud with …:443 `?

When I type https://11...***:443 I got the same error (I think, it’s the same like just https://… without the 443 port?!)

403 Forbidden...


the apache2 conf is the conf for your nextcloud https://11. . .*** (443) and not the admin-tool https://11. . .***:4443

Read the link and show in your config.

https://ownyourbits.com/2017/07/24/nextcloupi-gets-a-web-interface/

THANK YOU VERY MUCH FOR THE LINK, IT NOW FINALLY WORKS!!! :slightly_smiling_face:
What I did, I played around with the ncp.conf and changed it to:
Listen 4443
<VirtualHost _default_:4443>
DocumentRoot /var/www/ncp-web
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
<Directory /var/www/ncp-web/>
AllowOverride None
Require all granted
</Directory>

My last question:
From what I understand from the link, the “new UI is included by default in the new image, and will be installed through remote updates.” So in my new image from March, 28 2020 the web ui should work by default, right? So why I have to add/change something inside the ncp.conf manually? :thinking:

Best regards!
SBC