I have a fresh snap install on Ubuntu Server 21.10. All my settings are as default, except I am using ports 185/186 instead of 80/443, to avoid conflicts, as I will also be installing a web server.
I am trying to access the nextcloud via the “share.” subdomain.
I used certbot to install letsencrypt to my apache proxy, but I can’t get a response when visiting x.x.x.x:186 or :443, even from other computers on or off my network. The server is headless, but I did a wget, and it cant get anything either. Accessing it via :185 works fine from everywhere.
I get a
Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Apache/2.4.48 (Ubuntu) Server a share.example.info Port 443
message. I have attached my Apache config, if there is anything else I’m leaving out please let me know. I am absolutely at a loss.
<VirtualHost *:443>
ServerName share.example.info
# DocumentRoot "/var/www/html/nextcloud/"
ProxyPreserveHost On
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / https://localhost:186/
ProxyPassReverse / https://localhost:186/
SSLCertificateFile /etc/letsencrypt/live/share.example.info/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/share.example.info/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost *:80>
ServerName share.example.info
# DocumentRoot "/var/www/html/nextcloud/"
RewriteEngine on
RewriteCond %{SERVER_NAME} =share.example.info
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
I’m using certbot to install the Lets Encrypt, not nextcloud. It installed fine just as it is. I can’t even connect to the SSL post with a certificate warning, there is nothing there.
So you have the Nextcloud snap sitting behind a reverse proxy that is responsible for terminating SSL? That means the snap doesn’t have SSL enabled, which means it’s only listening on the HTTP port, which it sounds like should be 185. Update your ProxyPass and ProxyPassReverse to use port 185. Encrypted traffic stops at the SSL termination, which means the traffic from the reverse proxy to the snap happens unencrypted. This isn’t an unusual mode of operation, but that is something to be aware of for your threat model.
Thank you so much. I’ve been elbow deep in config files for 2 days on this issue. There are at least 6 dead forum threads on various sites about this issue. I hope those people find this too.
The only further issue is that :186 shows up in the address bar now. I suspect that may be a different issue though.