Error after ncp-update v1.39.19

nachoparker · October 20, 2021, 4:38pm

let’s try something. Can you run letsencrypt from ncp-config and disable it? if that goes well try to ncp-update devel again

hannes · October 20, 2021, 4:40pm

It was apparently already disabled. But I ran it anyway.

Running letsencrypt
disabled letsencrypt
Cannot load Zend OPcache - it was already loaded
INFO: Docker installation detected
Cannot load Zend OPcache - it was already loaded
INFO: Metrics enabled: no
letsencrypt certificates disabled. Using self-signed certificates instead.
Done. Press any key...

root@01bc8618bcad:/# ncp-update devel
INFO: updating to development branch 'devel'
Downloading updates
Performing updates
Cannot load Zend OPcache - it was already loaded
Cannot load Zend OPcache - it was already loaded
Cannot load Zend OPcache - it was already loaded
Cannot load Zend OPcache - it was already loaded
Installing nc-restore
AH00526: Syntax error on line 5 of /etc/apache2/sites-enabled/ncp.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/<private>-0001/fullchain.pem' does not exist or is empty
Action '-k graceful' failed.
The Apache error log may have more information.
Error while applying update 1.40.0. Exiting...
root@01bc8618bcad:/#

I can maybe just comment it out?

hannes · October 20, 2021, 4:42pm

root@01bc8618bcad:/# cat /etc/apache2/sites-enabled/ncp.conf
Listen 4443
<VirtualHost _default_:4443>
  DocumentRoot /var/www/ncp-web
  # SSLEngine on
  # SSLCertificateFile /etc/letsencrypt/live/<private>-0001/fullchain.pem
  # SSLCertificateKeyFile /etc/letsencrypt/live/<private>-0001/privkey.pem
  <IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
  </IfModule>

  # 2 days to avoid very big backups requests to timeout
  TimeOut 172800

  <IfModule mod_authnz_external.c>
    DefineExternalAuth pwauth pipe /usr/sbin/pwauth
  </IfModule>

</VirtualHost>
<Directory /var/www/ncp-web/>

  AuthType Basic
  AuthName "ncp-web login"
  AuthBasicProvider external
  AuthExternal pwauth

  SetEnvIf Request_URI "^" noauth
  SetEnvIf Request_URI "^index\.php$" !noauth
  SetEnvIf Request_URI "^/$" !noauth
  SetEnvIf Request_URI "^/wizard/index.php$" !noauth
  SetEnvIf Request_URI "^/wizard/$" !noauth

  <RequireAll>

   <RequireAny>
      Require host localhost
      Require local
      Require ip 192.168
      Require ip 172
      Require ip 10
      Require ip fe80::/10
      Require ip fd00::/8
   </RequireAny>

   <RequireAny>
      Require env noauth
      Require user ncp
   </RequireAny>

  </RequireAll>

</Directory>

Can’t hurt, right?

nachoparker · October 20, 2021, 4:44pm

I would like to see what is going on, because it will likely fail for other people.

That doesn’t make any sense whatsoever. Let’s see, can you run the following please?

source /usr/local/etc/library.sh
set -x
source /usr/local/etc/ncp-templates/nextcloud.conf.sh
set +x

thanks

nachoparker · October 20, 2021, 4:45pm

please don’t comment it out. If there is a bug I want to fix it, please bear with me, we’ll get it working one way or another

hannes · October 20, 2021, 4:45pm

Done!
Should I run the update?

nachoparker · October 20, 2021, 4:46pm

this doesn’t change anything, I just want to see the output so I can understand what’s going on.

Can you post the output from the above commands please?

hannes · October 20, 2021, 4:49pm

root@01bc8618bcad:/# source /usr/local/etc/library.sh
ce /usr/local/etc/ncp-templates/nextcloud.conf.sh
set +xCannot load Zend OPcache - it was already loaded
root@01bc8618bcad:/# set -x
root@01bc8618bcad:/# source /usr/local/etc/ncp-templates/nextcloud.conf.sh
+ source /usr/local/etc/ncp-templates/nextcloud.conf.sh
++ set -e
++ source /usr/local/etc/library.sh
+++ export NCPCFG=/usr/local/etc/ncp.cfg
+++ NCPCFG=/usr/local/etc/ncp.cfg
+++ export CFGDIR=/usr/local/etc/ncp-config.d
+++ CFGDIR=/usr/local/etc/ncp-config.d
+++ export BINDIR=/usr/local/bin/ncp
+++ BINDIR=/usr/local/bin/ncp
+++ export NCDIR=/var/www/nextcloud
+++ NCDIR=/var/www/nextcloud
+++ TRUSTED_DOMAINS=([ip]=1 [dnsmasq]=2 [nc_domain]=3 [nextcloudpi-local]=5 [docker_overwrite]=6 [nextcloudpi]=7 [nextcloudpi-lan]=8 [public_ip]=11 [letsencrypt_1]=12 [letsencrypt_2]=13 [hostname]=14 [trusted_domain_1]=20 [trusted_domain_2]=21 [trusted_domain_3]=22)
+++ export TRUSTED_DOMAINS
+++ command -v jq
+++ [[ -f /usr/local/etc/ncp.cfg ]]
++++ jq -r .nextcloud_version
+++ NCLATESTVER=21.0.4
++++ jq -r .php_version
+++ PHPVER=7.3
++++ jq -r .release
+++ RELEASE=buster
+++ command -v ncc
++++ ncc status
++++ grep version:
++++ awk '{ print $3 }'
Cannot load Zend OPcache - it was already loaded
+++ NCVER=
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
++ [[ ! -f /.docker-image ]]
++ echo 'INFO: Docker installation detected'
INFO: Docker installation detected
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
+++ [[ -f /.ncp-image ]]
+++ source /usr/local/bin/ncp/NETWORKING/letsencrypt.sh
++++ ncdir=/var/www/nextcloud
++++ nc_vhostcfg=/etc/apache2/sites-available/nextcloud.conf
++++ vhostcfg2=/etc/apache2/sites-available/ncp.conf
++++ letsencrypt=/usr/bin/letsencrypt
+++ tmpl_letsencrypt_domain
+++ . /usr/local/etc/library.sh
++++ export NCPCFG=/usr/local/etc/ncp.cfg
++++ NCPCFG=/usr/local/etc/ncp.cfg
++++ export CFGDIR=/usr/local/etc/ncp-config.d
++++ CFGDIR=/usr/local/etc/ncp-config.d
++++ export BINDIR=/usr/local/bin/ncp
++++ BINDIR=/usr/local/bin/ncp
++++ export NCDIR=/var/www/nextcloud
++++ NCDIR=/var/www/nextcloud
++++ TRUSTED_DOMAINS=([ip]=1 [dnsmasq]=2 [nc_domain]=3 [nextcloudpi-local]=5 [docker_overwrite]=6 [nextcloudpi]=7 [nextcloudpi-lan]=8 [public_ip]=11 [letsencrypt_1]=12 [letsencrypt_2]=13 [hostname]=14 [trusted_domain_1]=20 [trusted_domain_2]=21 [trusted_domain_3]=22)
++++ export TRUSTED_DOMAINS
++++ command -v jq
++++ [[ -f /usr/local/etc/ncp.cfg ]]
+++++ jq -r .nextcloud_version
++++ NCLATESTVER=21.0.4
+++++ jq -r .php_version
++++ PHPVER=7.3
+++++ jq -r .release
++++ RELEASE=buster
++++ command -v ncc
+++++ ncc status
+++++ grep version:
+++++ awk '{ print $3 }'
Cannot load Zend OPcache - it was already loaded
++++ NCVER=
+++ is_active_app letsencrypt
+++ local ncp_app=letsencrypt
+++ local bin_dir=.
+++ local script=./letsencrypt.sh
+++ local cfg_file=/usr/local/etc/ncp-config.d/letsencrypt.cfg
+++ [[ -f ./letsencrypt.sh ]]
++++ find /usr/local/bin/ncp -name letsencrypt.sh
++++ head -1
+++ local script=/usr/local/bin/ncp/NETWORKING/letsencrypt.sh
+++ [[ -f /usr/local/bin/ncp/NETWORKING/letsencrypt.sh ]]
+++ unset is_active
+++ source /usr/local/bin/ncp/NETWORKING/letsencrypt.sh
++++ ncdir=/var/www/nextcloud
++++ nc_vhostcfg=/etc/apache2/sites-available/nextcloud.conf
++++ vhostcfg2=/etc/apache2/sites-available/ncp.conf
++++ letsencrypt=/usr/bin/letsencrypt
++++ type -t is_active
+++ [[ function == function ]]
+++ [[ -f /usr/local/etc/ncp-config.d/letsencrypt.cfg ]]
++++ cat /usr/local/etc/ncp-config.d/letsencrypt.cfg
+++ local 'cfg={
  "id": "letsencrypt",
  "name": "Let'\''s Encrypt, Automatic signed SSL certificates",
  "title": "letsencrypt",
  "description": "Automatic signed SSL certificates. Let’s Encrypt is a free, automated, and open Certificate Authority.",
  "info": "Internet access is required for this configuration to complete\nBoth ports 80 and 443 need to be accessible from the internet\n\nYour certificate will be automatically renewed every month",
  "infotitle": "Warning",
  "params": [
    {
      "id": "ACTIVE",
      "name": "Active",
      "value": "no",
      "type": "bool"
    },
    {
      "id": "DOMAIN",
      "name": "Domain",
      "value": "<private>",
      "suggest": "mycloud.ownyourbits.com"
    },
    {
      "id": "OTHER_DOMAIN",
      "name": "Additional domain",
      "value": "",
      "suggest": "optional.cloud.ownyourbits.com"
    },
    {
      "id": "EMAIL",
      "name": "Email",
      "value": "<private>",
      "suggest": "mycloud@ownyourbits.com"
    }
  ]
}'
++++ jq '.params | length'
+++ local len=4
+++ (( i = 0  ))
+++ (( i < len  ))
++++ jq -r '.params[0].id'
+++ local var=ACTIVE
++++ jq -r '.params[0].value'
+++ local val=no
+++ eval ACTIVE=no
++++ ACTIVE=no
+++ (( i++  ))
+++ (( i < len  ))
++++ jq -r '.params[1].id'
+++ local var=DOMAIN
++++ jq -r '.params[1].value'
+++ local val=<private>
+++ eval DOMAIN=<private>
++++ DOMAIN=<private>
+++ (( i++  ))
+++ (( i < len  ))
++++ jq -r '.params[2].id'
+++ local var=OTHER_DOMAIN
++++ jq -r '.params[2].value'
+++ local val=
+++ eval OTHER_DOMAIN=
++++ OTHER_DOMAIN=
+++ (( i++  ))
+++ (( i < len  ))
++++ jq -r '.params[3].id'
+++ local var=EMAIL
++++ jq -r '.params[3].value'
+++ local val=<private>
+++ eval EMAIL=<private>
++++ EMAIL=<private>
+++ (( i++  ))
+++ (( i < len  ))
+++ is_active
+++ [[ no == \y\e\s ]]
+++ return 1
++ LETSENCRYPT_DOMAIN=
++ [[ -z '' ]]
++ [[ -f /.ncp-image ]]
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
++ [[ -f /usr/local/bin/ncp/SYSTEM/metrics.sh ]]
++ METRICS_IS_ENABLED=no
++ echo 'INFO: Metrics enabled: no'
INFO: Metrics enabled: no
++ echo '### DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVERWRITTEN ###'
### DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVERWRITTEN ###
++ echo ''

++ cat
<IfModule mod_ssl.c>
  <VirtualHost _default_:443>
    DocumentRoot /var/www/nextcloud
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
++ [[ -n '' ]]
++ '[' -f /etc/ssl/certs/ssl-cert-snakeoil.pem ']'
++ unset LETSENCRYPT_DOMAIN
++ [[ -d '' ]]
++ cat
    CustomLog /var/log/apache2/nc-access.log combined
    ErrorLog  /var/log/apache2/nc-error.log
    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

    # For notify_push app in NC21
    ProxyPass /push/ws ws://127.0.0.1:7867/ws
    ProxyPass /push/ http://127.0.0.1:7867/
    ProxyPassReverse /push/ http://127.0.0.1:7867/
++ [[ '' != \-\-\d\e\f\a\u\l\t\s ]]
++ [[ no == yes ]]
++ cat
  </VirtualHost>

  <Directory /var/www/nextcloud/>
    Options +FollowSymlinks
    AllowOverride All
    <IfModule mod_dav.c>
      Dav off
    </IfModule>
    LimitRequestBody 0
    SSLRenegBufferSize 10486000
  </Directory>
  <IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
  </IfModule>
</IfModule>
++ [[ -f /.ncp-image ]]
++ echo 'Apache self check:'
++ apache2ctl -t

hannes · October 20, 2021, 4:52pm

It might help to solve something: I (obviously) used NC without Caddy before I started using Caddy (a long time ago though).

nachoparker · October 20, 2021, 4:53pm

ok, that’s exactly what I would expect, so not sure what has been going on, can you run

bash /usr/local/etc/ncp-templates/nextcloud.conf.sh > /etc/apache2/sites-available/nextcloud.conf

, and then restart? apache should be up now, and then try to update again

hannes · October 20, 2021, 4:55pm

Enough with restarting the container, I guess?

nachoparker · October 20, 2021, 4:55pm

actually no need, please just run ncp-update devel again

hannes · October 20, 2021, 4:56pm

I still have that letsencrypt-thing

root@01bc8618bcad:/# ncp-update devel
INFO: updating to development branch 'devel'
Downloading updates
Performing updates
Cannot load Zend OPcache - it was already loaded
Cannot load Zend OPcache - it was already loaded
Cannot load Zend OPcache - it was already loaded
Cannot load Zend OPcache - it was already loaded
Installing nc-restore
Cannot load Zend OPcache - it was already loaded
INFO: Docker installation detected
Cannot load Zend OPcache - it was already loaded
INFO: Metrics enabled: no
AH00526: Syntax error on line 5 of /etc/apache2/sites-enabled/ncp.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/<private>-0001/fullchain.pem' does not exist or is empty
Action '-k graceful' failed.
The Apache error log may have more information.
Error while applying update 1.40.0. Exiting...

nachoparker · October 20, 2021, 4:58pm

lol what the heck, let’s do

source /usr/local/etc/library.sh
install_template nextcloud.conf.sh /etc/apache2/sites-available/nextcloud.conf
apachectl -k graceful

hannes · October 20, 2021, 4:59pm

root@01bc8618bcad:/# source /usr/local/etc/library.sh
tall_template nextcloud.conf.sh /etc/apache2/sites-available/nextcloud.conf
apachectl -k gracefulCannot load Zend OPcache - it was already loaded
root@01bc8618bcad:/# install_template nextcloud.conf.sh /etc/apache2/sites-available/nextcloud.conf
Cannot load Zend OPcache - it was already loaded
INFO: Docker installation detected
Cannot load Zend OPcache - it was already loaded
INFO: Metrics enabled: no
root@01bc8618bcad:/# apachectl -k graceful
AH00526: Syntax error on line 5 of /etc/apache2/sites-enabled/ncp.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/<private>-0001/fullchain.pem' does not exist or is empty
Action '-k graceful' failed.
The Apache error log may have more information.

nachoparker · October 20, 2021, 5:00pm

OH! I am looking at the wrong file /etc/apache2/sites-enabled/ncp.conf (not /etc/apache2/sites-available/nextcloud.conf)

I found the bug, now I understand. Let me put something together

hannes · October 20, 2021, 5:00pm

Could be a very specific problem in my case as I run with Caddy and had letsencrypt active at some point when I was not using Caddy?

nachoparker · October 20, 2021, 5:05pm

ok, please try disabling letsencrypt again in ncp-config

hannes · October 20, 2021, 5:06pm

Same as before:

Running letsencrypt
disabled letsencrypt
Cannot load Zend OPcache - it was already loaded
INFO: Docker installation detected
Cannot load Zend OPcache - it was already loaded
INFO: Metrics enabled: no
letsencrypt certificates disabled. Using self-signed certificates instead.
Done. Press any key...

nachoparker · October 20, 2021, 5:08pm

Sorry I should have been more detailed

run ncp-update devel (it might fail, it’s ok)
run ncp-config and re-run letsencrypt (disabled)
run ncp-update devel again, it should go through this time around