I have a strange error using the Nextcloud Apache Docker image with v21.0.3 of Nextcloud and an installation in a subdirectory.
The older version i.e. <v21.0.3 worked, strangely.
The problem
[Sat Jul 03 09:19:39.787244 2021] [core:alert] [pid 98] [client 10.0.2.100:38370] /var/www/html/.htaccess: RewriteBase: argument is not a valid URL
10.0.2.100 - - [03/Jul/2021:09:19:39 +0000] "GET /status.php HTTP/1.1" 500 800 "-" "curl/7.76.1"
The file itself worked in the past/until now:
<IfModule mod_headers.c>
<IfModule mod_setenvif.c>
<IfModule mod_fcgid.c>
SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
</IfModule>
<IfModule mod_proxy_fcgi.c>
SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
</IfModule>
</IfModule>
<IfModule mod_env.c>
# Add security and privacy related headers
# Avoid doubled headers by unsetting headers in "onsuccess" table,
# then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
Header onsuccess unset Referrer-Policy
Header always set Referrer-Policy "no-referrer"
Header onsuccess unset X-Content-Type-Options
Header always set X-Content-Type-Options "nosniff"
Header onsuccess unset X-Download-Options
Header always set X-Download-Options "noopen"
Header onsuccess unset X-Frame-Options
Header always set X-Frame-Options "SAMEORIGIN"
Header onsuccess unset X-Permitted-Cross-Domain-Policies
Header always set X-Permitted-Cross-Domain-Policies "none"
Header onsuccess unset X-Robots-Tag
Header always set X-Robots-Tag "none"
Header onsuccess unset X-XSS-Protection
Header always set X-XSS-Protection "1; mode=block"
SetEnv modHeadersAvailable true
</IfModule>
# Add cache control for static resources
<FilesMatch "\.(css|js|svg|gif)$">
Header set Cache-Control "max-age=15778463"
</FilesMatch>
# Let browsers cache WOFF files for a week
<FilesMatch "\.woff2?$">
Header set Cache-Control "max-age=604800"
</FilesMatch>
</IfModule>
<IfModule mod_php7.c>
php_value mbstring.func_overload 0
php_value default_charset 'UTF-8'
php_value output_buffering 0
<IfModule mod_env.c>
SetEnv htaccessWorking true
</IfModule>
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} DavClnt
RewriteRule ^$ /remote.php/webdav/ [L,R=302]
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
RewriteRule ^remote/(.*) remote.php [QSA,L]
RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>
<IfModule mod_mime.c>
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
</IfModule>
<IfModule mod_dir.c>
DirectoryIndex index.php index.html
</IfModule>
AddDefaultCharset utf-8
Options -Indexes
<IfModule pagespeed_module>
ModPagespeed Off
</IfModule>
#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####
ErrorDocument 403 /nextcloud/
ErrorDocument 404 /nextcloud/
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteRule ^core/js/oc.js$ index.php [PT,E=PATH_INFO:$1]
RewriteRule ^core/preview.png$ index.php [PT,E=PATH_INFO:$1]
RewriteCond %{REQUEST_FILENAME} !\.(css|js|svg|gif|png|html|ttf|woff2?|ico|jpg|jpeg|map|webm|mp4|mp3|ogg|wav)$
RewriteCond %{REQUEST_FILENAME} !core/img/favicon.ico$
RewriteCond %{REQUEST_FILENAME} !core/img/manifest.json$
RewriteCond %{REQUEST_FILENAME} !/remote.php
RewriteCond %{REQUEST_FILENAME} !/public.php
RewriteCond %{REQUEST_FILENAME} !/cron.php
RewriteCond %{REQUEST_FILENAME} !/core/ajax/update.php
RewriteCond %{REQUEST_FILENAME} !/status.php
RewriteCond %{REQUEST_FILENAME} !/ocs/v1.php
RewriteCond %{REQUEST_FILENAME} !/ocs/v2.php
RewriteCond %{REQUEST_FILENAME} !/robots.txt
RewriteCond %{REQUEST_FILENAME} !/updater/
RewriteCond %{REQUEST_FILENAME} !/ocs-provider/
RewriteCond %{REQUEST_FILENAME} !/ocm-provider/
RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
RewriteCond %{REQUEST_FILENAME} !/richdocumentscode(_arm64)?/proxy.php$
RewriteRule . index.php [PT,E=PATH_INFO:$1]
RewriteBase https://***:port/subdir/
<IfModule mod_env.c>
SetEnv front_controller_active true
<IfModule mod_dir.c>
DirectorySlash off
</IfModule>
</IfModule>
</IfModule>
Docker-compose snippet:
nc:
image: nextcloud:21-apache
restart: unless-stopped
ports:
- "***:80"
volumes: &nextcloud_volumes
- nc_data:/var/www/html
- […]
[…]
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost/status.php"]
interval: 1m30s
timeout: 10s
retries: 3
start_period: 40s
From podman inspect
shows the healthckec fails (it requests status.php
) due to an update today:
"StartedAt": "2021-07-03T00:00:51.015095615+02:00",
"FinishedAt": "0001-01-01T00:00:00Z",
"Healthcheck": {
"Status": "unhealthy",
"FailingStreak": 457,
"Log": [
{
"Start": "2021-07-03T11:27:53.85297986+02:00",
"End": "2021-07-03T11:27:54.090700577+02:00",
"ExitCode": 1,
"Output": ""
},
{
"Start": "2021-07-03T11:29:24.851330462+02:00",
"End": "2021-07-03T11:29:25.028279854+02:00",
"ExitCode": 1,
"Output": ""
},
{
"Start": "2021-07-03T11:30:55.861971966+02:00",
"End": "2021-07-03T11:30:56.111280348+02:00",
"ExitCode": 1,
"Output": ""
},
{
"Start": "2021-07-03T11:32:26.853488825+02:00",
"End": "2021-07-03T11:32:27.044844944+02:00",
"ExitCode": 1,
"Output": ""
},
{
"Start": "2021-07-03T11:33:57.856059518+02:00",
"End": "2021-07-03T11:33:58.027539026+02:00",
"ExitCode": 1,
"Output": ""
}
]
}
Images:
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/nextcloud 21-apache 068f511d11c8 16 hours ago 896 MB
docker.io/library/mariadb latest 6d5c5ed114ad 9 days ago 414 MB
docker.io/library/redis alpine 1690b63e207f 4 weeks ago 33.5 MB
k8s.gcr.io/pause 3.5 ed210e3e4a5b 3 months ago 690 kB
$ $ podman image inspect docker.io/library/nextcloud:21-apache
[
{
"Id": "068f511d11c8ee7e327ba469344c27fce2a03879c209bd20b58d78dd29a8742f",
"Digest": "sha256:3de296cb87d5cdf535da02c5755137785037d3e064ec0288ca4920800d5e9e95",
"RepoTags": [
"docker.io/library/nextcloud:21-apache"
],
"RepoDigests": [
"docker.io/library/nextcloud@sha256:3de296cb87d5cdf535da02c5755137785037d3e064ec0288ca4920800d5e9e95",
"docker.io/library/nextcloud@sha256:e12a68ff2c6a61457c0d946bc03694cfc5299678cb9acc0c1d384adbb454b54b"
],
"Parent": "",
"Comment": "",
"Created": "2021-07-02T18:00:52.042011795Z",
"Config": {
"ExposedPorts": {
"80/tcp": {}
},
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"PHPIZE_DEPS=autoconf \t\tdpkg-dev \t\tfile \t\tg++ \t\tgcc \t\tlibc-dev \t\tmake \t\tpkg-config \t\tre2c",
"PHP_INI_DIR=/usr/local/etc/php",
"APACHE_CONFDIR=/etc/apache2",
"APACHE_ENVVARS=/etc/apache2/envvars",
"PHP_EXTRA_BUILD_DEPS=apache2-dev",
"PHP_EXTRA_CONFIGURE_ARGS=--with-apxs2 --disable-cgi",
"PHP_CFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64",
"PHP_CPPFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64",
"PHP_LDFLAGS=-Wl,-O1 -pie",
"GPG_KEYS=42670A7FE4D0441C8E4632349E4FDC074A4EF02D 5A52880781F755608BF815FC910DEB46F53EA312",
"PHP_VERSION=7.4.21",
"PHP_URL=https://www.php.net/distributions/php-7.4.21.tar.xz",
"PHP_ASC_URL=https://www.php.net/distributions/php-7.4.21.tar.xz.asc",
"PHP_SHA256=cf43384a7806241bc2ff22022619baa4abb9710f12ec1656d0173de992e32a90",
"PHP_MEMORY_LIMIT=512M",
"PHP_UPLOAD_LIMIT=512M",
"NEXTCLOUD_VERSION=21.0.3"
],
"Entrypoint": [
"/entrypoint.sh"
],
"Cmd": [
"apache2-foreground"
],
"Volumes": {
"/var/www/html": {}
},
"WorkingDir": "/var/www/html",
"StopSignal": "SIGWINCH"
},
"Version": "20.10.7",
"Author": "",
"Architecture": "amd64",
"Os": "linux",
"Size": 895974042,
"VirtualSize": 895974042,
[…]
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:764055ebc9a7a290b64d17cf9ea550f1099c202d83795aa967428ebdf335c9f7",
"sha256:e02cc87a00633762be56e632e802faa7de99b617e909facbec18a51983e80956",
"sha256:6e4ff68f07bd0cc75430eee06b5dbfa505df7a75e47bae716fd7cb9cd36c9a1e",
"sha256:87eeceedc1f78823b623ee93ff03aa4a8322cd5839b709b92228c43acd697c69",
"sha256:dc312d3ad2e139ec915c2b4843492258311fb2b0a063182325dbde00a2e3bffb",
"sha256:984e1a0eb8451f68576fd3ec9d6b9d2fd398908081cd7a2be0f018ed401dd995",
"sha256:e95af925b6b09cb2edaa32f0b30b698dbc4707fe275d7557c8a1857fe0f52964",
"sha256:c5bb0d416b0a5378ab40505e87218c7de1d6062dfbb385948d04e68c14d6891c",
"sha256:c51941fd72e0b62e6b86aba1efc2973e34d65038ec66e28b48a1e145716f5046",
"sha256:d3c6dfa4c7d22add9d8f0a90813f1f055292fbf8bf2d754cd955041dad1060b8",
"sha256:93c4c602aa40f4254c856da50f48e8ceb952b5088d1c15597fe9e54a99901f5b",
"sha256:efb318104fd65c85b06d8c2b873c71c674795b669e594b25d344f172a41759a8",
"sha256:60c1f5684371760ebd2598a5fa06398641fe1cde30d988789a02558c406c17b9",
"sha256:2f095f048016ebefa5e3c07bf7f4c4cc5bc87ef5effff1a224199bccda816b23",
"sha256:26f0090b7eef64be983b283b56d5c8c8edd912bd7bed1ae1074cc2c75df15630",
"sha256:a54a01dc87bdfbaa4ce36af16f802b67dd3e06a473bad103e0da85f68efe1947",
"sha256:cbbdb9d3666586ba3af852a349f3abbbf90c0579e1b731a6f0e8e968833da94b",
"sha256:cdb9591a64f7e3b0aa4901ff6dbf07009570ea83bada898ad9b3d665f65f9e3a",
"sha256:56d34a61620a337b782fbda62fc552b7ce7dcc378b862f58e7614531d64f5e8f",
"sha256:5d3405bae2c91711f130f4989a8b8d5f7e71cf5cd64c3b26c5c5f6fd1e3edb8f"
]
},
"Labels": null,
"Annotations": {},
"ManifestType": "application/vnd.docker.distribution.manifest.v2+json",
"User": "",
"History": [
{
"created": "2021-06-23T00:20:40.386610922Z",
"created_by": "/bin/sh -c #(nop) ADD file:4903a19c327468b0e08e4f463cfc162c66b85b4618b5803d71365862f6302e0b in / "
},
[…]
Based on that I see it is this build:
https://hub.docker.com/layers/nextcloud/library/nextcloud/21-apache/images/sha256-e12a68ff2c6a61457c0d946bc03694cfc5299678cb9acc0c1d384adbb454b54b?context=explore
Every other build before worked fine.
More information
occ status
works fine:
- installed: true
- version: 21.0.3.1
- versionstring: 21.0.3
- edition:
Nextcloud release v21.0.3 was just a maintainance release, so I doubt it is the cause: Nextcloud server changelog
$ podman --version
podman version 3.2.0
x86_64
I found Error 500 - "RewriteBase: argument is not a valid URL" · Issue #1576 · nextcloud/server · GitHub but that pointed to 404 links and did not help.
Also AFAIK I did not manually configure that file. I have no idea why RewriteBase
is set incorrectly there…
Solving the first error
The error lies within this .htaccess
part:
RewriteBase https://***:port/subdir/
It should be this instead:
RewriteBase /subdir
When changed manually, it works.
Something in the container/startup scripts or whatever, seems to have improperly written this…
Still redirect errors…
But even if that is fixed, I get some strange internal redirect errors when accessing /login/v2/flow/
stuff:
[Sat Jul 03 09:54:04.002837 2021] [core:error] [pid 2059] [client 10.0.2.100:39262] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
Part of config.php
:
$CONFIG = array (
'htaccess.RewriteBase' => 'https://****:port/subdir/',
[…]
'overwritehost' => '****:port',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/subdir',
This looks all unchanged and not as if it was a problem…
Also getting errors from the encryption module, though I’m not sure whether that is related:
Error no app in context OC\ForbiddenException: This request is not allowed to access the filesystem at lib/private/Lockdown/Filesystem/NullStorage.php line 2021-07-03T12:01:48+02:00
42
0. lib/private/Files/View.php line 1172
OC\Lockdown\Filesystem\NullStorage->mkdir("files_encryption")
1. lib/private/Files/View.php line 272
OC\Files\View->basicOperation("mkdir", "\/**username**\/files_encryption", ["create","write"])
2. lib/private/Encryption/Keys/Storage.php line 485
OC\Files\View->mkdir("\/**username**\/files_encryption")
3. lib/private/Encryption/Keys/Storage.php line 338
OC\Encryption\Keys\Storage->keySetPreparation("\/**username**\/files_encryption\/OC_DEFAULT_MODULE")
4. lib/private/Encryption/Keys/Storage.php line 132
OC\Encryption\Keys\Storage->setKey(
"\/**username**\/files_encryption\/OC_DEFAULT_MODULE\/**username**.publicKey",
{key:"LS0tLS1C************************************ ... "}
)
5. apps/encryption/lib/KeyManager.php line 334
OC\Encryption\Keys\Storage->setUserKey(
"*** sensitive parameter replaced ***",
"publicKey",
"-----BEGIN PUBLIC KEY-----\**************8AMIICCgKCAgEA0gQWij ... n",
"OC_DEFAULT_MODULE"
)
6. apps/encryption/lib/KeyManager.php line 293
OCA\Encryption\KeyManager->setPublicKey(
"*** sensitive parameter replaced ***",
"-----BEGIN PUBLIC KEY-----\**************8AMIICCgKCAgEA0gQWi ... n"
)
7. apps/encryption/lib/Users/Setup.php line 54
OCA\Encryption\KeyManager->storeKeyPair("*** sensitive parameters replaced ***")
8. apps/encryption/lib/Hooks/UserHooks.php line 180
OCA\Encryption\Users\Setup->setupUser("*** sensitive parameters replaced ***")
9. lib/private/legacy/OC_Hook.php line 110
OCA\Encryption\Hooks\UserHooks->login("*** sensitive parameters replaced ***")
10. lib/private/Server.php line 581
OC_Hook::emit("OC_User", "post_login", "*** sensitive parameter replaced ***")
11. <<closure>>
OC\Server->OC\{closure}("*** sensitive parameters replaced ***")
12. lib/private/Hooks/EmitterTrait.php line 107
call_user_func_array(
Closure {},
["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive par ... "]
)
13. lib/private/Hooks/PublicEmitter.php line 41
OC\Hooks\BasicEmitter->emit(
"\\OC\\User",
"postLogin",
["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensit ... "]
)
14. lib/private/User/Session.php line 412
OC\Hooks\PublicEmitter->emit(
"\\OC\\User",
"postLogin",
["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensi ... "]
)
15. lib/private/User/Session.php line 665
OC\User\Session->completeLogin("*** sensitive parameters replaced ***")
16. lib/private/User/Session.php line 365
OC\User\Session->loginWithToken("*** sensitive parameters replaced ***")
17. lib/private/User/Session.php line 462
OC\User\Session->login("*** sensitive parameters replaced ***")
18. apps/dav/lib/Connector/Sabre/Auth.php line 131
OC\User\Session->logClientIn("*** sensitive parameters replaced ***")
19. 3rdparty/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php line 103
OCA\DAV\Connector\Sabre\Auth->validateUserPass("*** sensitive parameters replaced ***")
20. apps/dav/lib/Connector/Sabre/Auth.php line 254
Sabre\DAV\Auth\Backend\AbstractBasic->check(Sabre\HTTP\Request {}, Sabre\HTTP\Response {})
21. apps/dav/lib/Connector/Sabre/Auth.php line 156
OCA\DAV\Connector\Sabre\Auth->auth(Sabre\HTTP\Request {}, Sabre\HTTP\Response {})
22. 3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php line 182
OCA\DAV\Connector\Sabre\Auth->check(Sabre\HTTP\Request {}, Sabre\HTTP\Response {})
23. 3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php line 137
Sabre\DAV\Auth\Plugin->check(Sabre\HTTP\Request {}, Sabre\HTTP\Response {})
24. 3rdparty/sabre/event/lib/WildcardEmitterTrait.php line 89
Sabre\DAV\Auth\Plugin->beforeMethod(Sabre\HTTP\Request {}, Sabre\HTTP\Response {})
25. 3rdparty/sabre/dav/lib/DAV/Server.php line 456
Sabre\DAV\Server->emit("beforeMethod:PROPFIND", [Sabre\HTTP\Request {},Sabre\HTTP\Response {}])
26. 3rdparty/sabre/dav/lib/DAV/Server.php line 253
Sabre\DAV\Server->invokeMethod(Sabre\HTTP\Request {}, Sabre\HTTP\Response {})
27. 3rdparty/sabre/dav/lib/DAV/Server.php line 321
Sabre\DAV\Server->start(
)
28. apps/dav/appinfo/v1/carddav.php line 103
Sabre\DAV\Server->exec(
)
29. remote.php line 167
require_once("\/var\/www\/html\/apps\/dav\/appinfo\/v1\/carddav.php")
I checked that the data directory is accessible from inside the container:
podman exec --user www-data -it nextcloud_nc_1 /bin/sh
$ cd /var/[…] # (the dir set in the config.php as datadirectory)
$ ls -la
total 14760
drwxr-x---. 1 www-data www-data 522 Jul 2 21:55 .
drwxr-xr-t. 3 root root 56 Jul 2 22:00 ..
-rw-r--r--. 1 www-data www-data 542 Jul 2 22:00 .htaccess
[…]
Cross-posted from the Nextcloud Docker issue I’ve opened.
If anyone has any tips that would be greatly appreciated. I do have a reverse proxy in front of my Nextcloud installation.