Can't Connect to fresh install on SSH

I have a fresh snap install on Ubuntu Server 21.10. All my settings are as default, except I am using ports 185/186 instead of 80/443, to avoid conflicts, as I will also be installing a web server.

I am trying to access the nextcloud via the “share.” subdomain.

I used certbot to install letsencrypt to my apache proxy, but I can’t get a response when visiting x.x.x.x:186 or :443, even from other computers on or off my network. The server is headless, but I did a wget, and it cant get anything either. Accessing it via :185 works fine from everywhere.

I get a

Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Apache/2.4.48 (Ubuntu) Server a  share.example.info Port 443

message. I have attached my Apache config, if there is anything else I’m leaving out please let me know. I am absolutely at a loss.

<VirtualHost *:443>
        ServerName share.example.info
#       DocumentRoot "/var/www/html/nextcloud/"

        ProxyPreserveHost On
        <Proxy *>
        Order allow,deny
        Allow from all
        </Proxy>
    ProxyPass / https://localhost:186/
    ProxyPassReverse / https://localhost:186/


SSLCertificateFile /etc/letsencrypt/live/share.example.info/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/share.example.info/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>


<VirtualHost *:80>

        ServerName share.example.info
#       DocumentRoot "/var/www/html/nextcloud/"

RewriteEngine on
RewriteCond %{SERVER_NAME} =share.example.info
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Let’s Encrypt requires ports 80 and 443 for certificates.

To learn more about how it works you can search and ask https://community.letsencrypt.org/

I’m using certbot to install the Lets Encrypt, not nextcloud. It installed fine just as it is. I can’t even connect to the SSL post with a certificate warning, there is nothing there.

Did you add your subdomain as a Trusted Domain?

I did, and it doesn’t work from the local machine, but localhost is in trusted hosts by defauld

According to this post you can try

$ sudo snap info nextcloud

to see status of various services

Also see these others posts with your same apache issue

Might be further hints in nextcloud.log and apache.log

So you have the Nextcloud snap sitting behind a reverse proxy that is responsible for terminating SSL? That means the snap doesn’t have SSL enabled, which means it’s only listening on the HTTP port, which it sounds like should be 185. Update your ProxyPass and ProxyPassReverse to use port 185. Encrypted traffic stops at the SSL termination, which means the traffic from the reverse proxy to the snap happens unencrypted. This isn’t an unusual mode of operation, but that is something to be aware of for your threat model.

That actually worked.

Thank you so much. I’ve been elbow deep in config files for 2 days on this issue. There are at least 6 dead forum threads on various sites about this issue. I hope those people find this too.

The only further issue is that :186 shows up in the address bar now. I suspect that may be a different issue though.

2 Likes

fyi, you can easily link forum posts using this button snipp
if you want to quickly link over those “dead” threads to the solution reply above. :+1:

Nextcloud’s detection can fail when behind a reverse proxy. Try

$ sudo nextcloud.occ config:system:set overwritehost --value="yourdomain.com:185"