Thanks for that. Have gone thru all the steps and it seems ok but I still get the varning so just to let it be
The warning is thrown by this script:
/var/www/nextcloud/apps/settings/lib/SetupChecks/JavaScriptModules.php
:
in the run
Method:
- This method performs the actual setup check.
- It creates a URL for a test JavaScript file (
esm-test.mjs
), and this URL, along with the URLs of all trusted_domains of the Nextcloud server, is stored in an array ($testURLs
). - Then, a loop is executed for each test URL.
- For each test URL, it attempts to send a HEAD request to the server and checks the MIME type of the response.
- If the MIME type matches either ‘text/javascript’ or ‘application/javascript’, it returns a success result (
SetupResult::success()
). - If a connection to the server cannot be established or the MIME type is incorrect, it generates corresponding warning or error messages.
In summary, this script attempts to reach the server (itself) using URLs constructed from trusted_domains array and checks whether the server correctly serves .mjs
files with the appropriate JavaScript MIME type. The results are then returned as success, warning, or error messages based on the outcome of the check.
This means that the ‘trusted_domains’ in your config/config.php
do not contain an entry that the server can use to reach itself. This can have many causes. Incorrectly set hostname, incorrect or insufficient DNS resolution, etc.
My suspicion[1] is that you have only entered hostname(s) in trusted_domains array that cannot be resolved by the server itself. So he can’t address himself.
Try adding “127.0.0.1” or “localhost” to the trusted_domains array and if that does not solve it, add the IP from the machine itself:
This is how you find the IP of the machine:
ip a|awk '/global/{if(found!=1){sub(/\/.*/,"",$2);print$2};found=1}'
[1] I had to base my assumptions on suspicion, because the support-template was (once again) barely filled out.
Much and good luck,
ernolf
Don’t want to start new topic as same problem.
Also have apache2, php8.2. all modules loaded. added all Ip’s to trusted domains.
Probably only difference that nextcloud works in http mode. https is handled by opnsense nginx reverse proxy.
Everything seems working fine, just that error NC 28
Thanks.
What happens when you run the following from the command-line of your Nextcloud Server?
curl -I https://cloud.mydomain.com/apps/settings/js/esm-test.mjs
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
but if running http://cloud instead of https://
HTTP/1.1 200 OK
Date: Sat, 02 Mar 2024 16:27:06 GMT
Server: This Is ***** (server name)
Strict-Transport-Security: max-age=15552000; includeSubDomains
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 29 Feb 2024 07:46:24 GMT
ETag: “6d-6128074be3400”
Accept-Ranges: bytes
Content-Length: 109
Vary: Accept-Encoding
Cache-Control: max-age=15778463
Content-Type: text/javascript
I found that it’s maybe bug or it’s not?
In many posts found that asked to run this:
curl -I https://cloud.mydomain.com/apps/settings/js/esm-test.mjs
but no future comments follow. Why need to run it?
Yeah I just tested this from my host machine (the host machine running the LXC service) and here that command returned success. If I do this from inside my container, I recieves a SSL error. I considers this then to be a false positive. I would wish though that they found another way to test it (maybe for this excact verification, AJAX based test should be perfect, regardless of your choice of CRON config).
Does the DNS for cloud
, when on your Nextcloud Server, resolve to your HTTPS (reverse proxy) server IP address?
Sort of sounds like there’s an /etc/hosts
entry or something for cloud
on your Nextcloud Server that resolves it to 127.0.0.1
or something like that rather than what it really is in your DNS.
Thank You!!!
yes, turns out, had to edit /etc/hosts file by removing
127.0.0.1 cloud.domain.com
… and adding nginx reverse proxy IP with cloud.domain.com
Now that error is gone.
Hey Cloud workers
This error has, contrary to the announcements, not been fixed in v 28.0.3, since 28.0.2 the error is still the same.
This Security & setup warnings look exactly the same in 28.0.3 again.
Please have a look at RC5 of Nextcloud 28.0.2.
–
My Nextcloud installation runs in Docker and has a nginx reverse proxy in front of it:
docker-compose:
version: '3'
volumes:
nextcloud:
db:
networks:
nextcloud_network:
external: false
services:
app:
image: nextcloud:28.0.3
container_name: nextcloud28-app
restart: unless-stopped
hostname: cloud.sieh.org
ports:
- 127.0.0.1:8080:80
healthcheck:
test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:80"]
interval: 60s
timeout: 5s
retries: 3
links:
- db
volumes:
- /root/nextcloud28/html:/var/www/html
- /root/nextcloud28/data:/var/www/html/data
environment:
- MYSQL_PASSWORD=***
- MYSQL_DATABASE=nextcloud28
- MYSQL_USER=nextcloud
- MYSQL_HOST=db
- REDIS_HOST=redis
networks:
- nextcloud_network
db:
image: mariadb:latest
container_name: nextcloud28-mariadb
restart: unless-stopped
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
volumes:
- /root/nextcloud28/mysql:/var/lib/mysql
environment:
- MARIADB_AUTO_UPGRADE=1
- MARIADB_DISABLE_UPGRADE_BACKUP=1
- MYSQL_ROOT_PASSWORD=***
- MYSQL_PASSWORD=***
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
networks:
- nextcloud_network
healthcheck:
test: "/usr/bin/mariadb --user=root --password=*** --version"
interval: 60s
timeout: 5s
retries: 3
redis:
image: redis:alpine
container_name: nextcloud28-redis
volumes:
- /root/nextcloud28/redisdata:/data
networks:
- nextcloud_network
restart: unless-stopped
nginx domain conf:
server {
server_name cloud.sieh.org;
listen [::]:443 ssl;
listen 443 ssl;
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cloud.sieh.org-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cloud.sieh.org-0001/privkey.pem; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
client_max_body_size 512M;
location / {
include mime.types;
types {
text/javascript js mjs;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffers 16 4k;
proxy_buffer_size 2k;
proxy_pass http://127.0.0.1:8080/;
}
location /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; }
location /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; }
}
As you see, I have also included the mime.types, as I got this advice from @koelle25:
… but the error still persists, I have no Idea anymore.
The *curl esm-test.mjs* thing looks like this:
root@vmd104158:~# curl -I https://cloud.sieh.org/apps/settings/js/esm-test.mjs
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 07 Mar 2024 02:20:09 GMT
Content-Type: text/javascript
Content-Length: 109
Connection: keep-alive
Vary: Accept-Encoding
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 07 Mar 2024 01:58:40 GMT
ETag: "6d-613086a1609f2"
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: max-age=15778463
Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;
root@vmd104158:~#
I have often read something about “selfsigned certs” in this context, but it’s unpossible, that this problem has anything to do with “selfsigned certs”, because I do not have any “selfsigned certs”.
I only have a letsencrypt cert, which is used by the outer nginx reverse proxy.
The nextcloud DOES NOT KNOW ANYTHING about this SSL.
I still think, js/mjs HAS NOTHING TO DO with ssl encryption, because NO OTHER FILE TYPE has this or even a similar problem.
And…
… I do not understand this solution. What do I have to change in my nginx conf? (see above!)
Please help me to get rid of this anyoing warning!?
Try taking out the hostname: cloud.sieh.org
line. Due to it the check runs internally in the docker container against the included apache webserver instead of against your external nginx proxy where you added the mjs mimetype.
Also not that this is merely a WARNING, not an error and as such should only be of a bigger concern if something with the Nextcloud is actually not working.
root@vmd104158:~# curl -I https://cloud.sieh.org/apps/settings/js/esm-test.mjs
What happens when you run this from inside your Nextcloud app container?
The warning you’re seeing isn’t that that mjs files aren’t being handled… It’s that the check can’t run.
I suspect @koelle25 has the right idea here: your app container’s DNS is overriding the real DNS entry.
As an aside, you don’t need the mjs stuff in your Nginx reverse proxy config. It’s only needed in Nginx if Nginx is serving as your web server (it’s not in your topology - you’re using the nextcloud
Docker image which includes Apache and is already configured appropriately for handling these files types).
The result
To get straight to the point… @koelle25 @jtr you both nailed it
The solution
To be honest, I do not understand, why this did solve the problem…
services:
app:
image: nextcloud:28.0.3
container_name: nextcloud28-app
restart: unless-stopped
# hostname: cloud.sieh.org
ports:
- 127.0.0.1:8080:80
… but it does!
Before applying your fix in docker-compose
:
root@vmd104158:~# docker exec -it nextcloud28-app bash
root@cloud:/var/www/html# curl -I https://cloud.sieh.org/apps/settings/js/esm-test.mjs
curl: (7) Failed to connect to cloud.sieh.org port 443 after 1 ms: Couldn't connect to server
After applying your fix in docker-compose
:
root@6b116f8350dc:/var/www/html# curl -I https://cloud.sieh.org/apps/settings/js/esm-test.mjs
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 08 Mar 2024 03:42:05 GMT
Content-Type: text/javascript
Content-Length: 109
Connection: keep-alive
Vary: Accept-Encoding
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 07 Mar 2024 01:58:40 GMT
ETag: "6d-613086a1609f2"
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: max-age=15778463
Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;
What I’ve learned
So far, I suspect that I have misinterpreted this hostname
-parameter at that position in docker-compose.yaml
file, so that this parameter does not affect the Nextcloud hostname
-configuration, but does affect the network and DNS settings of the docker container.
I think what I was trying to accomplish with this hostname
was actually setting the NEXTCLOUD_TRUSTED_DOMAINS
parameter. So I need to check the Auto configuration via environment variables
part of this documentation better, I just saw.
–
Many many thanks, I’m a verry happy user again!
Henning
As the compose file with the domain name in it, will add 127.0.0.1 to your hosts file, it will result in your Nextxloud docker container will try and Connect to port 443 on localhost for that curl command, as the hostname is resolves to localhost.
Is the Nextxloud app configured to listen on port 443 localhost interface at all?
By removing it, the container itself will ask its DNS what address to Connect to, hence hits the IP that listens on port 443 and proxies the trafic (even if you do not have a reverse proxy, then the usual - but you can enirely bypass it if you actively configured it to - docker container host creates also a network bridge and ships with a leightweight reverse proxy).
Hello,
I’ve tried quite a few modifications that I could find on the internet and none of them work : I still get the message.
NextCloud: 28.0.2
TrueNAS-13.0-U6.1
In /etc/hosts of TrueNas, I have:
::1 localhost localhost.my.domain
127.0.0.1 localhost localhost.my.domain
Same in the NextCloud hosts file.
Thank you for your help and feedback.
Please specify details about your setup. Is your Nextcloud running in a VM? Or in a Docker Container? Which method did you use for setting it up?
Without information about your environment we can not give any advice.
Sorry for my lack of information, but here’s what I can say: NextCloud works in “Jail” via TrueNas.
Hi guys, im having the same problem. nextcloud on a Ubuntu 22.04 VM no docker. Behind reverse proxy with nginx proxy manager. It is configured, I checked with
sudo apachectl -M 2>/dev/null|grep mime_module
Could not check for JavaScript support. Please check manually if your webserver serves `.mjs` files using the JavaScript MIME type.
My /etc/hosts
127.0.0.1 localhost
127.0.1.1 nextcloud.mydomain.nl nextcloud
My `/etc/hostname’
nextcloud.mydomain.nl
My `/config/config.php’
'trusted_domains' =>
array (
0 => 'nextcloud.mydomain.nl',
1 => 'localhost',
),
Please let me know if I have it configured correct?
EDIT: changing the 127.0.1.1 entry in my /etc/hosts tot the IP of my reverse proxy fixed the issue!
For me, turning off CloudFlare DNS Proxy fixed this issue.
This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.