a) Iâm not sure overwrite.cli.url is what you think it is.
b) Why are you try to access the root domain in the above screenshot? Youâre serving nextcloud from subdomain.domain.net/nextcloud.
c) Iâm assuming you forgot to remove your domain from the above config - needless to say I have tried accessing that address and I can access it.
If your dns entry also resolves an ipv6 address, you should tell your server to answer ipv6 requests as well. On your home network, you have dual stack meaning that ipv6 is preferred. On the mobile network you only have ipv4. 2 possible solutions:
- tell your server to handle ipv6: check with
netstat -tlpuen
if apache already listens to ipv6 (https://httpd.apache.org/docs/2.4/en/bind.html) and the address from the ssllabs-test really is the ipv6-address of your server (seeifconfig
). - only use a dns name that resolves ipv4 only (you need to use a dynamic dns provider, such as no-ip.com (there are others as well)).
here is the result from
xxx@xxxxx:~$ sudo netstat -tlpuen
[sudo] Passwort fĂŒr xxx:
Aktive Internetverbindungen (Nur Server)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 122 20596 2558/mysqld
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 25270 3545/smbd
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 0 25523 3559/x11vnc
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 0 20787 2872/dnsmasq
tcp 0 0 0.0.0.0:22012 0.0.0.0:* LISTEN 0 21747 2550/sshd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 25269 3545/smbd
tcp6 0 0 :::139 :::* LISTEN 0 25268 3545/smbd
tcp6 0 0 :::5900 :::* LISTEN 0 25524 3559/x11vnc
tcp6 0 0 :::80 :::* LISTEN 0 59232 5061/apache2
tcp6 0 0 :::443 :::* LISTEN 0 59236 5061/apache2
tcp6 0 0 :::22012 :::* LISTEN 0 21749 2550/sshd
tcp6 0 0 :::445 :::* LISTEN 0 25267 3545/smbd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 111 18463 2099/avahi-daemon:
udp 0 0 0.0.0.0:56819 0.0.0.0:* 111 18465 2099/avahi-daemon:
udp 0 0 127.0.1.1:53 0.0.0.0:* 0 20786 2872/dnsmasq
udp 0 0 0.0.0.0:68 0.0.0.0:* 0 20290 2863/dhclient
udp 0 0 192.168.178.255:137 0.0.0.0:* 0 25228 3527/nmbd
udp 0 0 192.168.178.25:137 0.0.0.0:* 0 25227 3527/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 0 25224 3527/nmbd
udp 0 0 192.168.178.255:138 0.0.0.0:* 0 25230 3527/nmbd
udp 0 0 192.168.178.25:138 0.0.0.0:* 0 25229 3527/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 0 25225 3527/nmbd
udp 0 0 0.0.0.0:631 0.0.0.0:* 0 18118 2411/cups-browsed
udp6 0 0 :::5353 :::* 111 18464 2099/avahi-daemon:
udp6 0 0 :::46724 :::* 111 18466 2099/avahi-daemon:
no ipv6.
ifconfig
enp1s0 Link encap:Ethernet Hardware Adresse 32:89:0e:92:r5:0e
inet Adresse:192.168.178.25 Bcast:192.168.178.255 Maske:255.255.255.0
inet6-Adresse: fe80::db8f:567:60af:e999/64 GĂŒltigkeitsbereich:Verbindung
inet6-Adresse: 2a02:810d:567:a24:91a5:8c3b:485d:0ecb/64 GĂŒltigkeitsbereich:Global
inet6-Adresse: 2a02:5678:340:a24:acf5:7r45:4d84:7edd/64 GĂŒltigkeitsbereich:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX-Pakete:282960 Fehler:0 Verloren:0 ĂberlĂ€ufe:0 Fenster:0
TX-Pakete:257717 Fehler:0 Verloren:0 ĂberlĂ€ufe:0 TrĂ€ger:0
Kollisionen:0 SendewarteschlangenlÀnge:1000
RX-Bytes:111350813 (111.3 MB) TX-Bytes:205139464 (205.1 MB)
lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6-Adresse: ::1/128 GĂŒltigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:65536 Metrik:1
RX-Pakete:240150 Fehler:0 Verloren:0 ĂberlĂ€ufe:0 Fenster:0
TX-Pakete:240150 Fehler:0 Verloren:0 ĂberlĂ€ufe:0 TrĂ€ger:0
Kollisionen:0 SendewarteschlangenlÀnge:1
RX-Bytes:141568783 (141.5 MB) TX-Bytes:141568783 (141.5 MB)
In which file must i handle the listen-entries?
/etc/apache2/ports.conf?
Can you give me an example. conf please fur listen entries. Thanks
https://httpd.apache.org/docs/2.4/en/bind.html
In which file must i do the entry
"Listen [2001:db8::a00:20ff:fea7:ccea]:80" an in my case âListen [2001:db8::a00:20ff:fea7:ccea]:443â . In ports.conf or in my host or in apache.conf or in all?
Is this entry in port.conf ok?
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
Listen [::]:80
<IfModule ssl_module>
Listen [::]:443
</IfModule>
<IfModule mod_gnutls.c>
Listen [::]:443
</IfModule>
And is this in the sites-available host ok?
<VirtualHost *:443, [::]:443>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/xxxxxx.dynv6.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xxxxxx.dynv6.net/privkey.pem
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCompression off
Header always set Strict-Transport-Security "max-age=15768000"
SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'
ServerName https://xxxxxx.dynv6.net/
DocumentRoot "/var/www/nextcloud"
Alias /nextcloud "/var/www/nextcloud/"
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
</VirtualHost>
Your server already listens to ipv6. Now the question, does the ipv6 address, which is resolved by your hostname *.dynv6.net (Android app can not connect with the nextcloud server in the wlan - #16 by rabadumpf), correspond to one of the addresses in the output of ifconfig
?
No it does not correspondent.
The ipv6 address, which is resolved by your hostname *.dynv6.net, is ipv6 from the router (fritzbox).
The addresses in the output of ifconfig ist the ipv6 from the server.
And the server is behind the router.
That is your problem, you need to set the serverâs ipv6-address to the hostname *.dynv6.net since Nextcloud is not running on your router.
Ok, i make an dynv6.net an A and AAAA entry with my ipv6 adress from nextcloud server
these are the entries, the other two are the entries from dyn-dynamic service.
And the result on ssl lab
no ip v6 connection, i dont know what ist the ip 5405:âŠ
what is wrong?
Not sure what you are doing. 5405:: is no valid ip address, no idea where it is coming from. You should add the ip address you can see via ifconfig. You can try from an external host, if you can ping this ipv6.
Itâs also a bit strange that you have two different ipv6 addresses (of two different networks). Does your ISP provide ipv6 and you set up a tunnel on top?
I had the same problem. Everything working fine using 3G but not over wifi. Not a specific one, just using wifi in general made the client impossible to communicate. Didnât find any hint to the problem. No matter whether Iâm accessing via IPv6 or not. In fact the webservers log do not even show any attempt to access the site at all after connection has been tested. The phone does not try to connect and then states it took too long. I donât remember it happening before I changed my password but could be the case that the app did not work for a while using wifi.
However, I can use the Android-cilent over Wifi again after I activated 2-factor-authentification and generated an app-passwort for the Android-client. I think this is even better than storing the same password everywhere.
Thanks for the solution with the App-Pin
It also works with normal user authentication, I just created the App-Pin under the user settings.
I had the issues on iPhone and Android Apps and just changing from the normal user password to the App-Pin madi it working on WiFi. Still very strange that it works fine with the user password via mobile network
After a few days it now stopped working even with the App-Key
No idea whatâs wrong hereâŠ
The connection test in the app always works fine, but as soon as I try to connect I get an error that the server took too long to respond.
I have the same issues. Nextcloud is on home web server ubuntu 18.04. I can access my nextcloud from lan on any computer. Andriod app canât access over wlan but can access over mobile network.
I think this issue has nothing to do with Nextcloud app as I also canât access my web site using wlan from Android.
Note: My Android device has an ipv4 address on lan.
Possible that apache seeâs mobile devices as insecure?
Hi @Kenneth_Sartre
I had the exact same problems as you and solved it in this topic (linked at bottom)
I will just blindly assume that you use Cloudflare as well - try to disable the cloudflare Proxy and set the domain to DNS only. This way you can check if cloudlfare is causing the issue.
If this is not the case, are you using any other form for reverse proxy?
Please continue the thread here (as this is an old topic):
I do not use cloudflare. I have found that my issue has nothing to do with Nextcloud as my domain is not accessible from lan or wlan. Solely DNS issue.
Thank you
Iâve got the same issue and i think i have the explanation but not the solution.
First, i will explain my case witch is, i think, the same as you.
My server is in my local network and is in demilitarized zone. So, for IPv4 connections, it is acceded by my public IPv4 address for outside the LAN and by itâs local IPv4 address from LAN.
Bur for IPv6 connections, itâs public address works no matter where you connect from.
Iâve got two DNS entry for it:
- an AAAA record with the public IPv6 address of the server a
- an A record for the public IPv4 address.
So my server can be acceded both by IPv4 and IPv6 from inside and from outside the LAN.
Now, let see what happens in the two cases you mentioned:
- When my phone uses 4G for internet connection (IPv4 only due to my provider):
- Both the android apps and Firefox uses IPv4 and the DNS gives the external address ; Every thing is working well in this scenarii ;
- When my phone is connected by wifi on my LAN (IPv4 and IPv6 connections):
- The android apps still use IPv4 and the DNS gives the external address witch is not reachable from the LAN ;
- Firefox also use IPv4 and get stuck (shame on them to prefer A records on AAA ones) ;
- Edge chromium uses IPv6 and work well.
My trick for PCâs is to use an hosts file under windows and linux to resolve local names and my server global name with IPv6 global address only.
For Android, there is no solution until the Nextcloud app will prefer use IPv6âŠ
Thank you this worked both for chromebook and my phone.
just needed to download via git and make install and make sure the etc/hosts files was up to date
Maybe this might help in some cases: