Error 403 after installing Nextcloud - ISPConfig NGINX

Iasi · May 1, 2023, 12:03am

Error 403 after installing Nextcloud
[IMG]
I use ISPConfig+NGINX on Debian 10 and after finishing Nexcloud web installation, I get error 403.

I’ve looked for information to try to fix this error, but it didn’t work.

I think the problem is related to NGINX directives. I added the directives from the official NexCloud documentation, but it didn’t work for me.

I think for ISPConfig, there must be some other configuration missing, which is not yet documented.

Help me decipher what’s missing, please.

NGINX Directives

server {
        listen *:80;

        listen *:443 ssl;
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_certificate /var/www/clients/client1/web77/ssl/docs.cases.org-le.crt;
        ssl_certificate_key /var/www/clients/client1/web77/ssl/docs.cases.org-le.key;

        server_name docs.cases.org;

        root   /var/www/clients/client1/web77/web/;

        index index.html index.htm index.php index.cgi index.pl index.xhtml;

        error_page 400 /error/400.html;
        error_page 401 /error/401.html;
        error_page 403 /error/403.html;
        error_page 404 /error/404.html;
        error_page 405 /error/405.html;
        error_page 500 /error/500.html;
        error_page 502 /error/502.html;
        error_page 503 /error/503.html;
        recursive_error_pages on;
        location = /error/400.html {

            internal;
        }
        location = /error/401.html {

            internal;
        }
        location = /error/403.html {

            internal;
        }
        location = /error/404.html {

            internal;
        }
        location = /error/405.html {

            internal;
        }
        location = /error/500.html {

            internal;
        }
        location = /error/502.html {

            internal;
        }
        location = /error/503.html {

            internal;
        }

        error_log /var/log/ispconfig/httpd/cases.org/error.log;
        access_log /var/log/ispconfig/httpd/cases.org/access.log combined;

        location ~ /\.(?!well-known/acme-challenge/) {
            deny all;
            access_log off;
            log_not_found off;
        }

        location = /favicon.ico {
            log_not_found off;
            access_log off;
        }

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        location /stats/ {

            index index.html index.php;
            auth_basic "Members Only";
            auth_basic_user_file /var/www/clients/client1/web77 .htpasswd_stats;
        }

        location ^~ /awstats-icon {
            alias /usr/share/awstats/icon;
        }

        location ~ \.php$ {
            try_files /501b25223cf3e3d42ee5f15f6115426f.htm @php;
        }

        location @php {
            try_files $uri =404;
            include /etc/nginx/fastcgi_params;
            fastcgi_pass unix:/var/lib/php8.0-fpm/web1.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_intercept_errors on;
        }

        location ~ /\.well-known/acme-challenge/ {
           root /usr/local/ispconfig/interface/acme/;
           index index.html index.htm;
           try_files $uri =404;
        }
}

PHP.ini

upload_max_filesize=6g
post_max_size=6g
always_populate_raw_post_data=-1
max_execution_time = 3600
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.revalidate_freq=1
opcache.save_comments=1
memory_limit = 512M

jtr · May 3, 2023, 1:37am

A 403 means forbidden.

What details for the error are in your Nginx error logs?

In theory, that’d be in /var/log/ispconfig/httpd/cases.org/error.log based on a cursory review your provided config snippet.

To make sure I’m understanding your current state correctly, you uploaded the setup-nextcloud.php to /var/www/clients/client1/web77/web and accessed it from your browser then it installed without any errors?

Where did the Nginx config come from that you’re using? Even if we address the 403 I suspect you’re going to encounter other issues with it. (I’m trying to get a sense of why you’re using a nonstandard setup, particularly since it appears to be creating extra challenges for you).

Disclaimer: I have not heavily reviewed your nginx config since I’d rather not if it turns out to be unnecessary.