Apache rewrite to remove index.php

JasonBayton · June 15, 2016, 8:09pm

Hi folks,

In some prior owncloud documentation (or maybe a github issue, I forget) I read enabling mod_rewrite and mod_env will trigger OC to magically eradicate index.php from URLS.

Is this the case with NC? Because I’ve confirmed both are enabled and it’s done a whole lot of nothing.

LukasReschke · June 15, 2016, 8:55pm

Is this the case with NC? Because I’ve confirmed both are enabled and it’s done a whole lot of nothing.

This is outdated documentation in Nextcloud and ownCloud, to enable index.php URLs the following condition needs to be met:

htaccess.RewriteBase in your config.php is linking to the web root folder (e.g. /nextcloud if you acesss foo.com/nextcloud, or / if it lives on the web root)
mod_env and mod_rewrite need to be enabled

Afterwards you should run occ maintenance:update:htaccess on your console

JasonBayton · June 15, 2016, 8:59pm

Thanks @LukasReschke.

There’s no htaccess.RewriteBase in the config:

So I’m going to add ‘htaccess.RewriteBase’ => ‘/’,

Would that syntax be correct? It matches the rest of it.

LukasReschke · June 15, 2016, 9:00pm

That seems correct!

JasonBayton · June 15, 2016, 9:04pm

That worked!

Any drawbacks to this method? I recall the original implementations were a little unpolished and resulted in problems.

LukasReschke · June 15, 2016, 9:59pm

None. It’s pretty similar to the original approach but there were some rare server configurations that made this incompatible. So we dropped the autoconfiguration and went with this small manual interaction.

dude · June 22, 2016, 1:53am

this solution doesn’t seem to work for me, I added the line

 'htaccess.RewriteBase' => '/',

to my config.php, and made sure the two mods are enabled, also ran the

occ maintenance:update:htaccess

on my setup, and I’m getting a whole lot of nothing, am I missing something?

LukasReschke · June 22, 2016, 7:33am

mod_env and mod_rewrite need to be enabled as well, I guess that’s the problem.

koehn · July 12, 2016, 11:52pm

I’m also having issues. It seems that my server is unable to serve even static content like oc.js (https://cloud.koehn.com/index.php/core/js/oc.js?v=e3dfe14d771910e17007220657dff1a1 returns the index.html page instead of JavaScript; try it and see.

My whole site is down until I get this resolved. I added the 'htaccess.RewriteBase' => '/', to my conifg.php file, and ran occ maintenance:update:htaccess but I’m still stuck. I’d debug the issue but I’m not sure how to debug it.

Apache 2.4.23 (mod_rewrite and mod_env are enabled)
PHP 7.0.8-4+deb.sury.org~trusty+1
php7.0-fpm
nextcloud 9.0.52, upgraded from owncloud 9 (the upgrade worked without a hitch)

There’s nothing interesting in the owncloud.log, the access.log or the error.log from Apache, and the fpm.log is empty.

koehn · July 13, 2016, 12:58am

I’m beginning to suspect the issue is my .htaccess file. It isn’t being regenerated when I run occ maintenance:update:htaccess, even though that command responds with .htaccess has been updated.

FredFS456 · July 13, 2016, 1:01am

There’s an issue with occ - it states that ‘it has been updated’ even when it hasn’t. What are your permissions for the .htaccess? Be sure it’s group writable (for the moment) if it’s owned by root:www-data like the guide tells you to make it. However, making it 644 root:www-data is best for security.

koehn · July 13, 2016, 1:13am

I verified the mode was OK

-rw-rw-r-- 1 root www-data 2628 Jul 13 01:07 .htaccess

But still no joy. Also made sure the /var/www/nextcloud is owned by www-data.

drwxr-xr-x 15 www-data www-data 4096 Jul 13 01:09 /var/www/nextcloud

Still, running su www-data -c "./occ maintenance:update:htaccess" doesn’t generate/modify anything, despite the message.

Any chance you can post a working .htaccess?

FredFS456 · July 13, 2016, 1:17am

This is my current .htaccess. Everything above the “DO NOT CHANGE ABOVE THIS LINE” was stock, everything below that was generated when I ran occ.

<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_fcgid.c>
       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
    <IfModule mod_proxy_fcgi.c>
       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>
  </IfModule>

  <IfModule mod_env.c>
    # Add security and privacy related headers
    Header set X-Content-Type-Options "nosniff"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Robots-Tag "none"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-Download-Options "noopen"
    Header set X-Permitted-Cross-Domain-Policies "none"
    SetEnv modHeadersAvailable true
  </IfModule>

  # Add cache control for CSS and JS files
  <FilesMatch "\.(css|js)$">
    Header set Cache-Control "max-age=7200, public"
  </FilesMatch>
</IfModule>
<IfModule mod_php5.c>
  php_value upload_max_filesize 513M
  php_value post_max_size 513M
  php_value memory_limit 512M
  php_value mbstring.func_overload 0
  php_value always_populate_raw_post_data -1
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>
<IfModule mod_php7.c>
  php_value upload_max_filesize 513M
  php_value post_max_size 513M
  php_value memory_limit 512M
  php_value mbstring.func_overload 0
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [                                                                                                                                                             QSA,L]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
  RewriteRule ^(\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>
<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddEncoding gzip svgz
</IfModule>
<IfModule mod_dir.c>
  DirectoryIndex index.php index.html
</IfModule>
AddDefaultCharset utf-8
Options -Indexes
<IfModule pagespeed_module>
  ModPagespeed Off
</IfModule>
#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####

ErrorDocument 403 /core/templates/403.php
ErrorDocument 404 /core/templates/404.php
<IfModule mod_rewrite.c>
  Options -MultiViews
  RewriteRule ^core/js/oc.js$ index.php [PT,E=PATH_INFO:$1]
  RewriteRule ^core/preview.png$ index.php [PT,E=PATH_INFO:$1]
  RewriteCond %{REQUEST_FILENAME} !\.(css|js|svg|gif|png|html|ttf|woff|ico|jpg|j                                                                                                                                                             peg)$
  RewriteCond %{REQUEST_FILENAME} !core/img/favicon.ico$
  RewriteCond %{REQUEST_FILENAME} !/remote.php
  RewriteCond %{REQUEST_FILENAME} !/public.php
  RewriteCond %{REQUEST_FILENAME} !/cron.php
  RewriteCond %{REQUEST_FILENAME} !/core/ajax/update.php
  RewriteCond %{REQUEST_FILENAME} !/status.php
  RewriteCond %{REQUEST_FILENAME} !/ocs/v1.php
  RewriteCond %{REQUEST_FILENAME} !/ocs/v2.php
  RewriteCond %{REQUEST_FILENAME} !/updater/
  RewriteCond %{REQUEST_FILENAME} !/ocs-provider/
  RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
  RewriteRule . index.php [PT,E=PATH_INFO:$1]
  RewriteBase /
  <IfModule mod_env.c>
    SetEnv front_controller_active true
    <IfModule mod_dir.c>
      DirectorySlash off
    </IfModule>
  </IfModule>
</IfModule>

koehn · July 13, 2016, 1:25am

Thanks!

That got /core/js/oc.js to return an empty response instead of a 404. /index.php/core/js/oc.js still returns the index page.

WTF.

FredFS456 · July 13, 2016, 1:39am

No idea. Mine returns javascript properly.

koehn · July 13, 2016, 1:40am

Yeah. Now I’m down to wondering about the php upgrade that recently happened.

FredFS456 · July 13, 2016, 1:43am

… yeah. I’m still on PHP 5.6.22, since I’m using Debian 8.5 Jessie. You know what, I’m just going to post my entire stack to see if it helps.
Debian 8.5 Jessie
Apache 2.4.10 (Debian)
MariaDB 10.0.25
PHP 5.6.22

koehn · July 13, 2016, 2:59am

I just switched to 5.6.23-2+deb.sury.org~trusty+1 and it makes no difference at all. You can hit my server at https://cloud.koehn.com/ and see what’s happening. Right now if I request /core/js/oc.js it doesn’t even log anywhere in /var/log/apache2/owncloud*.log. It’s like the request never happened.

FredFS456 · July 13, 2016, 3:54am

Did you fix it recently? I just hit https://cloud.koehn.com/core/js/oc.js and it returns javascript just fine for me. Maybe try a different browser/turn off NoScript/what have you?

koehn · July 13, 2016, 3:59am

I have no idea how, but somehow (in the past few minutes) that URI works for me too (whether with a browser or curl). Now I can log in!

I turned on debug and forensic logging in Apache, which might have some insights. Still can’t get php7.0-fpm to log anything, which I suspect is where things are going wrong.

But, as soon as I do and I request anything (e.g., https://cloud.koehn.com/index.php/apps/files/), I get back a 302 (redirect) to https://cloud.koehn.com/index.php/apps/files/), no matter what URI was requested in the first place.

And a request for https://cloud.koehn.com/index.php/core/js/oc.js still results in the index page being returned.