Apache2/SSL --> down after a few hours

Dear all,

I’m new in setting up nextcloud on a Linux machine as I previously used my Synology NAS.
Now I’m trying to configure a dedicated PC with Ubuntu Server 22.04 LTS
I followed several guides and was able to :

  • install ubuntu, configure apache2, configure php8.1
  • successfully install Nextcloud 27 & nextoffice running collabora on the same PC.
  • Create a wildcard Let’s encrypt certificate common to all my ovh subdomains.

As recommended I only use https.
Everything works when I start apache2, there’s no syntax error using apache2ctl -t
BUT
after a few hours (usually during the night) my nextcloud subdomain becomes unavailable.
Firefox tells me it could not negotiate a secure connexion. Nextcloud android app or windows desktop tells me host is unreachable.
Curl gives 000 (whereas it’s 302 when it works)

I activated default apache2 webserver on SSL 443 with another ServerName (which is a subdomain of the same domain, using the same let’s encrypt key) : It Works when nextcloud doesn’t.

I haven’t been able to figure out whether It comes from my nextcloud’s or apache’s configuration.

For the moment the only way to handle this issue is a cron job calling a script to check for CURL value and restart apache when it’s down…

Please help !

Nextcloud version (eg, 20.0.5): 27.0.1
Operating system and version (eg, Ubuntu 20.04): Ubuntu server 22.04 LTS
Apache or nginx version (eg, Apache 2.4.25): 2.4.52
PHP version (eg, 7.4): 8.1

The issue you are facing: SSL error only for my nextcloud subdomain

Is this the first time you’ve seen this error? (Y/N): Y

The output of your Nextcloud log in Admin > Logging:
Nothing appears when my server is down… I cannot login at that moment.

Apache2 virtualhost (I rewrote it frome the let’s encrypt certbot generated file)

<VirtualHost *:443 *:8443>
DocumentRoot /var/www/nextcloud/
ServerName ****

ErrorLog ${APACHE_LOG_DIR}/nextcloud__error.log
CustomLog ${APACHE_LOG_DIR}/nextcloud__access.log combined

generated 2023-08-08, Mozilla Guideline v5.7, Apache 2.4.52, OpenSSL 3.0.2, intermediate configuration

Mozilla SSL Configuration Generator

this configuration requires mod_ssl, mod_socache_shmcb, mod_rewrite, and mod_headers

SSLEngine on

curl https://ssl-config.mozilla.org/ffdhe2048.txt >> /path/to signed_cert_and_intermediate_certs_and_dhparams

SSLCertificateFile /etc/letsencrypt/live//fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/
/privkey.pem

enable HTTP/2, if available

Protocols h2 http/1.1

HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)

Header always set Strict-Transport-Security “max-age=63072000; includeSubDomains”

<Directory /var/www/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews

<IfModule mod_dav.c>
  Dav off
</IfModule>

SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud

intermediate configuration

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder off
SSLSessionTickets off

SSLUseStapling On
SSLStaplingCache “shmcb:logs/ssl_stapling(32768)”

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php $CONFIG = array ( 'instanceid' => '****', 'passwordsalt' => '****', 'secret' => '****', 'trusted_domains' => array ( 0 => '**my local server ipv4**', 1 => '**my nc subdomain**', 2 => '**ipv4 localhost***, 3 => '**ipv6 localhost***', 4 => '**my local server ipv6**', ), 'datadirectory' => '**out of www**', 'dbtype' => 'mysql', 'version' => '27.0.1.2', 'overwrite.cli.url' => 'https://MYSUBDOMAIN', 'overwriteprotocol' => 'https', 'htaccess.RewriteBase' => '/', 'dbname' => 'ncdb', 'dbhost' => 'localhost', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => '**', 'dbpassword' => '***', 'installed' => true, 'default_language' => 'fr', 'default_locale' => 'fr', 'default_phone_region' => 'FR', 'mail_from_address' => '***', 'mail_smtpmode' => 'smtp', 'mail_sendmailmode' => 'smtp', 'mail_domain' => '***', 'mail_smtphost' => '***', 'mail_smtpport' => '465', 'mail_smtpauth' => 1, 'mail_smtpname' => '***', 'mail_smtppassword' => '***', 'memcache.local' => '\\OC\\Memcache\\APCu', 'maintenance' => false, ); The output of your Apache/nginx/system log in `/var/log/____`: apache2 error.log : [Wed Aug 09 00:00:01.726033 2023] [mpm_prefork:notice] [pid 23520] AH00163: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 configured -- resuming normal operations [Wed Aug 09 00:00:01.726049 2023] [core:notice] [pid 23520] AH00094: Command line: '/usr/sbin/apache2' [Wed Aug 09 00:00:21.754337 2023] [core:notice] [pid 23520] AH00051: child pid 28244 exit signal Segmentation fault (11), possible coredump in /etc/apache2 [Wed Aug 09 00:00:21.754472 2023] [core:notice] [pid 23520] AH00051: child pid 28245 exit signal Segmentation fault (11), possible coredump in /etc/apache2 .....child PID --> 28851 Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. None

No real idea.

But maybe you can delete :8443 or separate it in two virtual domains and test again.

When I started I only used 8443 port as 443 was mandatory on another device and Synology reverse proxy didn’t allow me to set them up.
When I began the dedicated pc there was only a 8443 virtual host.

Any Idea what these apache segmentation fault Can be or how I Can investigate it? In the error log they appear a few minutes before it gets down and i have several dozend if these in a few minutes.

I also already tried the fresh install…

Unfortunately if you followed several guides, your Apache config probably deviates a fair bit from the defaults so it’s hard to say what’s causing these segmentation faults. And they’re often a pain to track down the source of.

Also, it’s nearly impossible to read your posted configurations and logs. Please wrap them with the preformatted text option in the message editor.

To track down the cause, I would look first at:

  • unnecessary PHP extensions (disable them in php.ini/etc)
  • unnecessary Apache modules

During the night things that often run:

  • backup jobs
  • log rotation jobs

You can also do some searching (here on the forum, but also on the Internet in general since this isn’t a NC specific problem). There are a lot of resources covering this topic. Unfortunately, like I said, they can be challenging to track down. Sometimes it is easier to go back to basics if a lot of changes have been made to the system that haven’t been incrementally tested.

As an aside, you may want to use AIO (GitHub - nextcloud/all-in-one: The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance.) or, at the very least, the community official Docker (GitHub - nextcloud/docker: ⛴ Docker image of Nextcloud) to avoid doing so much setup manually. If you get completely stuck on these segmentation faults, that might be a path to explore.

Thanks for your help
I tried here as Nextcloud is the only service that gets unreachable.
This AIO seems very helpful but I’m gonna need time to start from scratch.
For the moment I keep the reboot solution at 3 o’clock which suspends the issue…

Is there a dedicated log i could submit to understand which module can be involved ? error.log isn’t helpful as it does not give any detail for the segmentation fault error.

One possible cause of issue is that you have added your IPV6 under trusted domain, but your vhost file is not listening to IPv6. If you are actually using IPV6 adresses and is allowing IPV6 trafic towards your host, it will reach your apache webserver with IPV6, and apache will answer with…nothing.

Thanks, I tried to remove it, unsuccessfully…

I migrated to AIO through docker.
Apache service is the system’s one and handles the proxy thing

everything works now.

Thanks