Forbidden | You don't have permission to access

I need some assitance with my Ubuntu Server 16.04 install of NextCloud. This is for personal use for a small group of about 10 people, but also for the experience. I run FreeNAS 11 and had been using the Nextcloud Jail plugin, but that proved to be very fragile and many of the tools and commands just don’t work in the FreeBSD plugin so I created an Ubuntu Server 16.04 VM for a fully functional Nextcloud install with Apache and mySQL.

I followed the install guide in the admin docs for the Debian Linux install, but since I don’t have much experience with Apache2 or mySQL the configuration may not be optimal.

Some of the steps after the basic install are relative to the environment and some steps where not a perfect fit for Ubuntu. What I do understand is that apache is the web engine for Nextcloud and mySQL integration is still a bit of a mystery, but one thing at a time. I do know Linux pretty well so I’ve restarted services and done most of the easy stuff, but the devils always in the details.

After the install and successfully launching the Nextcloud web interface, I was able to login locally on my privete subnet. I noticed two things that needed to be changed. First, the site was not secure (no certs), and second, the storage location for the cloud was not where I need it to be. With the FreeNAS plugin, it asked me for the root folder location after the first login, but with the Ubuntu install, it did not. The default storage location chosen by the Nextcloud install is a local direcory path in the VM but needs to be changed to a mount point located at /var/www/nextcloud where a large storage area is attached using an NFS share.

I have a FQDN with secure certificates so there is no need for anything self-signed. With some research I learned how to build the site.conf file and add my cert files there to lock down the website. In my basic testing using the default Apache website template using my FQDN, I get an A+ score from I copied this template to the nextcloud.conf file to secure the website for external access. I’ve included my site config file below.

The other change was to modify the storage location to /var/www/nextcloud where my storage mount point is. Testing the mount point, I can read and write files to the raw mount location in Linux. I set permissions/owenership of this folder to the user www-data as recommended by Apache2. I edited the nextcloud.conf with the new storage location.

Now when I test my updated Nextcloud site using my FQDN, I get "Forbidden | You don't have permission to access / on this server. | Apache/2.4.18 (Ubuntu) Server at Port 443". I’m not sure why it’s trying to access “/”. Clearly I missed a step somewhere or need an extra parameter in my config file or maybe move some files to the new storage location. I’ve searched through the admin doc’s but cannot find a related topic.

Here are a few other relevant points:

  • Nextcloud 12 was installed using the snap tool.
  • This snap install did not install Apache or mySQL so this was installed using apt-get.
  • I modified the nextcloud.conf file in /etc/apache2/sites-available
  • I also modified the config.php file with a few trusted site names.
  • I enabled the nextcloud site and disabled all the other apache2 sites.
  • When I run the occ list command, it doesn’t seem to be working because PHP FPM is not running. I know PHP is installed but not sure what I need to do here.
  • The config.php file is also listed out below.


admin@cloud:/snap/nextcloud/3680/bin$ sudo -u www-data php occ list
sudo -u www-data php occ list

. $SNAP/utilities/mysql-utilities
. $SNAP/utilities/php-utilities
. $SNAP/utilities/redis-utilities
. $SNAP/utilities/nextcloud-utilities

if [ $(id -u) -ne 0 ]; then
        echo "This utility needs to run as root"
        exit 1

# occ can't do much before PHP FPM is up and running

php -c $SNAP/config/php $SNAP/htdocs/occ $*


admin@cloud:/etc/apache2/sites-available$ sudo cat nextcloud.conf
<IfModule mod_ssl.c>
        <VirtualHost *:443>

                AddType application/x-httpd-php .php

                Alias /nextcloud "/var/www/nextcloud/"

                DocumentRoot /var/www/nextcloud

                ErrorLog ${APACHE_LOG_DIR}/nc_error.log
                CustomLog ${APACHE_LOG_DIR}/nc_access.log combined

                #SSL Engine Switch:
                SSLEngine on
                SSLCertificateFile /etc/ssl/certs/servercrt.pem
                SSLCertificateKeyFile /etc/ssl/private/server.key
                SSLCertificateChainFile /etc/ssl/certs/server_chain.pem

                #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
                <FilesMatch "\.(php|cgi|shtml|phtml)$">
                        SSLOptions +StdEnvVars

                <Directory /var/www/nextcloud>
                        SSLOptions +StdEnvVars
                        Options +FollowSymlinks
                        AllowOverride All

                        <IfModule mod_dav.c>
                                Dav off

                        SetEnv HOME /var/www/nextcloud
                        SetEnv HTTP_HOME /var/www/nextcloud

                <IfModule mod_headers.c>
                        Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
        #intermediate configuration, tweak to your needs
        SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
        SSLCipherSuite                 EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
        SSLHonorCipherOrder     on

I noticed there are a bunch of “config.php” file installed by default.

admin@cloud:~$ sudo find / -name "config.php"

The /var/snap/nextcloud/3680/nextcloud/config/config.php file seems to be the right one to edit as the others look like more involved scripting. Here is the content of the file:

admin@cloud:~$ sudo cat /var/snap/nextcloud/3680/nextcloud/config/config.php
$CONFIG = array (
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/snap/nextcloud/current/htdocs/apps',
      'url' => '/apps',
      'writable' => false,
    1 =>
    array (
      'path' => '/var/snap/nextcloud/current/nextcloud/extra-apps',
      'url' => '/extra-apps',
      'writable' => true,
  'supportedDatabases' =>
  array (
    0 => 'mysql',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => '/tmp/sockets/redis.sock',
    'port' => 0,
  'instanceid' => 'ocewdg5f0yt5',
  'trusted_domains' =>
  array (
    0 => '',
    1 => '',
  'datadirectory' => '/var/www/nextcloud',
  'overwrite.cli.url' => '',
  'dbtype' => 'mysql',
  'version' => '',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost:/tmp/sockets/mysql.sock',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'nextcloud',
  'logtimezone' => 'UTC',
  'installed' => true,

Any assistance is greatly appreciated.