This is the result
Well I imagine the reason it’s not working via the app and connecting to the ip address is that the certificate is not issued to your ip, but your domain instead.
It’s good that you can reach your server via the ip though, it suggests the issue with the domain is dns related. It’s very difficult to say what the problem is without seeing your web server configuration, ssl configuration and how you’ve got dns set up.
Here is my config.php
<?php $CONFIG = array ( 'instanceid' => 'och4tc5gma78', 'passwordsalt' => 'XXXXXXXXwcccccccccccccXXXXXXXXX', 'secret' => 'xxxxx+8hX0GRLSHGrl34/xxxxxxxxxm9t7R6/xxxxxx', 'trusted_domains' => array ( 0 => '192.168.178.25', 1 => 'xxxxxxxxxx.dynv6.net', ), 'datadirectory' => '/srv/nextcloud', 'overwrite.cli.url' => 'https://192.168.178.25/nextcloud', 'dbtype' => 'mysql', 'version' => '220.127.116.11', 'dbname' => 'nextcloud', 'dbhost' => 'localhost', 'dbtableprefix' => 'oc_', 'dbuser' => 'nextcloud', 'dbpassword' => '9OsH.4nP-.,', 'logtimezone' => 'UTC', 'installed' => true, 'maintenance' => false, 'theme' => '', 'loglevel' => 0, 'memcache.local' => '\\OC\\Memcache\\APCu', );
And error is the while saerch server
a) I’m not sure overwrite.cli.url is what you think it is.
b) Why are you try to access the root domain in the above screenshot? You’re serving nextcloud from subdomain.domain.net/nextcloud.
c) I’m assuming you forgot to remove your domain from the above config - needless to say I have tried accessing that address and I can access it.
If your dns entry also resolves an ipv6 address, you should tell your server to answer ipv6 requests as well. On your home network, you have dual stack meaning that ipv6 is preferred. On the mobile network you only have ipv4. 2 possible solutions:
- tell your server to handle ipv6: check with
netstat -tlpuenif apache already listens to ipv6 (https://httpd.apache.org/docs/2.4/en/bind.html) and the address from the ssllabs-test really is the ipv6-address of your server (see
- only use a dns name that resolves ipv4 only (you need to use a dynamic dns provider, such as no-ip.com (there are others as well)).
here is the result from
xxx@xxxxx:~$ sudo netstat -tlpuen [sudo] Passwort für xxx: Aktive Internetverbindungen (Nur Server) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 122 20596 2558/mysqld tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 25270 3545/smbd tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 0 25523 3559/x11vnc tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 0 20787 2872/dnsmasq tcp 0 0 0.0.0.0:22012 0.0.0.0:* LISTEN 0 21747 2550/sshd tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 25269 3545/smbd tcp6 0 0 :::139 :::* LISTEN 0 25268 3545/smbd tcp6 0 0 :::5900 :::* LISTEN 0 25524 3559/x11vnc tcp6 0 0 :::80 :::* LISTEN 0 59232 5061/apache2 tcp6 0 0 :::443 :::* LISTEN 0 59236 5061/apache2 tcp6 0 0 :::22012 :::* LISTEN 0 21749 2550/sshd tcp6 0 0 :::445 :::* LISTEN 0 25267 3545/smbd udp 0 0 0.0.0.0:5353 0.0.0.0:* 111 18463 2099/avahi-daemon: udp 0 0 0.0.0.0:56819 0.0.0.0:* 111 18465 2099/avahi-daemon: udp 0 0 127.0.1.1:53 0.0.0.0:* 0 20786 2872/dnsmasq udp 0 0 0.0.0.0:68 0.0.0.0:* 0 20290 2863/dhclient udp 0 0 192.168.178.255:137 0.0.0.0:* 0 25228 3527/nmbd udp 0 0 192.168.178.25:137 0.0.0.0:* 0 25227 3527/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 0 25224 3527/nmbd udp 0 0 192.168.178.255:138 0.0.0.0:* 0 25230 3527/nmbd udp 0 0 192.168.178.25:138 0.0.0.0:* 0 25229 3527/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 0 25225 3527/nmbd udp 0 0 0.0.0.0:631 0.0.0.0:* 0 18118 2411/cups-browsed udp6 0 0 :::5353 :::* 111 18464 2099/avahi-daemon: udp6 0 0 :::46724 :::* 111 18466 2099/avahi-daemon:
ifconfig enp1s0 Link encap:Ethernet Hardware Adresse 32:89:0e:92:r5:0e inet Adresse:192.168.178.25 Bcast:192.168.178.255 Maske:255.255.255.0 inet6-Adresse: fe80::db8f:567:60af:e999/64 Gültigkeitsbereich:Verbindung inet6-Adresse: 2a02:810d:567:a24:91a5:8c3b:485d:0ecb/64 Gültigkeitsbereich:Global inet6-Adresse: 2a02:5678:340:a24:acf5:7r45:4d84:7edd/64 Gültigkeitsbereich:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1 RX-Pakete:282960 Fehler:0 Verloren:0 Überläufe:0 Fenster:0 TX-Pakete:257717 Fehler:0 Verloren:0 Überläufe:0 Träger:0 Kollisionen:0 Sendewarteschlangenlänge:1000 RX-Bytes:111350813 (111.3 MB) TX-Bytes:205139464 (205.1 MB) lo Link encap:Lokale Schleife inet Adresse:127.0.0.1 Maske:255.0.0.0 inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine UP LOOPBACK RUNNING MTU:65536 Metrik:1 RX-Pakete:240150 Fehler:0 Verloren:0 Überläufe:0 Fenster:0 TX-Pakete:240150 Fehler:0 Verloren:0 Überläufe:0 Träger:0 Kollisionen:0 Sendewarteschlangenlänge:1 RX-Bytes:141568783 (141.5 MB) TX-Bytes:141568783 (141.5 MB)
In which file must i handle the listen-entries?
Can you give me an example. conf please fur listen entries. Thanks
In which file must i do the entry
"Listen [2001:db8::a00:20ff:fea7:ccea]:80" an in my case “Listen [2001:db8::a00:20ff:fea7:ccea]:443” . In ports.conf or in my host or in apache.conf or in all?
Is this entry in port.conf ok?
<IfModule ssl_module> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule> Listen [::]:80 <IfModule ssl_module> Listen [::]:443 </IfModule> <IfModule mod_gnutls.c> Listen [::]:443 </IfModule>
And is this in the sites-available host ok?
<VirtualHost *:443, [::]:443> SSLEngine on SSLCertificateFile /etc/letsencrypt/live/xxxxxx.dynv6.net/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/xxxxxx.dynv6.net/privkey.pem SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCompression off Header always set Strict-Transport-Security "max-age=15768000" SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA' ServerName https://xxxxxx.dynv6.net/ DocumentRoot "/var/www/nextcloud" Alias /nextcloud "/var/www/nextcloud/" <Directory /var/www/nextcloud/> Options +FollowSymlinks AllowOverride All <IfModule mod_dav.c> Dav off </IfModule> SetEnv HOME /var/www/nextcloud SetEnv HTTP_HOME /var/www/nextcloud </Directory> </VirtualHost>
Your server already listens to ipv6. Now the question, does the ipv6 address, which is resolved by your hostname *.dynv6.net (Android app can not connect with the nextcloud server in the wlan), correspond to one of the addresses in the output of
No it does not correspondent.
The ipv6 address, which is resolved by your hostname *.dynv6.net, is ipv6 from the router (fritzbox).
The addresses in the output of ifconfig ist the ipv6 from the server.
And the server is behind the router.
That is your problem, you need to set the server’s ipv6-address to the hostname *.dynv6.net since Nextcloud is not running on your router.
Ok, i make an dynv6.net an A and AAAA entry with my ipv6 adress from nextcloud server
these are the entries, the other two are the entries from dyn-dynamic service.
And the result on ssl lab
no ip v6 connection, i dont know what ist the ip 5405:…
what is wrong?
Not sure what you are doing. 5405:: is no valid ip address, no idea where it is coming from. You should add the ip address you can see via ifconfig. You can try from an external host, if you can ping this ipv6.
It’s also a bit strange that you have two different ipv6 addresses (of two different networks). Does your ISP provide ipv6 and you set up a tunnel on top?
I had the same problem. Everything working fine using 3G but not over wifi. Not a specific one, just using wifi in general made the client impossible to communicate. Didn’t find any hint to the problem. No matter whether I’m accessing via IPv6 or not. In fact the webservers log do not even show any attempt to access the site at all after connection has been tested. The phone does not try to connect and then states it took too long. I don’t remember it happening before I changed my password but could be the case that the app did not work for a while using wifi.
However, I can use the Android-cilent over Wifi again after I activated 2-factor-authentification and generated an app-passwort for the Android-client. I think this is even better than storing the same password everywhere.
Thanks for the solution with the App-Pin
It also works with normal user authentication, I just created the App-Pin under the user settings.
I had the issues on iPhone and Android Apps and just changing from the normal user password to the App-Pin madi it working on WiFi. Still very strange that it works fine with the user password via mobile network
After a few days it now stopped working even with the App-Key
No idea what’s wrong here…
The connection test in the app always works fine, but as soon as I try to connect I get an error that the server took too long to respond.
I have the same issues. Nextcloud is on home web server ubuntu 18.04. I can access my nextcloud from lan on any computer. Andriod app can’t access over wlan but can access over mobile network.
I think this issue has nothing to do with Nextcloud app as I also can’t access my web site using wlan from Android.
Note: My Android device has an ipv4 address on lan.
Possible that apache see’s mobile devices as insecure?
I had the exact same problems as you and solved it in this topic (linked at bottom)
I will just blindly assume that you use Cloudflare as well - try to disable the cloudflare Proxy and set the domain to DNS only. This way you can check if cloudlfare is causing the issue.
If this is not the case, are you using any other form for reverse proxy?
Please continue the thread here (as this is an old topic):