Nextcloud version : 11.0.0.10
Operating system and version : Raspian Jessie
nginx version : 1.6.2
PHP version: 5.6.29
The issue:
When i want to connect to my nextcloud server over webinterface i have to type the whole URL => "https://mydnsname.ddns.net/nextcloud" but i simply want to type in my dnsname only.
I tried to change serveral options in "/var/www/cloud/config/config.php" for example:
This is my actual problem. I don’t know which file i have to change to have the desired effect.
Actually i can connect to my nextcloud-server, but when i want connect over my caldav-client on my smartphone the error “can’t verify hostname” pops up.
My default config in etc/nginx/sites-available/default looks like:
server {
listen 80;
server_name mydnsname.ddns.net;
return 301 https://$server_name$request_uri; # enforce https
}
server {
listen 443 ssl;
server_name mydnsname.ddns.net;
ssl_certificate /var/www/ssl/cloudssl.crt;
ssl_certificate_key /var/www/ssl/cloudssl.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /var/www/cloud;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
When i tipe https://myhostname.ddns.net/ the error “Access denied” came up.
The nginx error log shows me the following log:
[error] 659#0: *771 FastCGI sent in stderr: "Access to the script '/var/www/cloud/index.php/' has been denied (see security.limit_extensions)" while reading response header from upstream, client: "myipaddress" , server: mydnsname.ddns.net, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "mydnsname.ddns.net"
But when i tipe in https://myhostname.ddns.net/nextcloud everthing is working fine.
Which permissions i have to give to solve this issue?
Make sure you have set this to (in your config/config.php): 'overwritewebroot' => '/',
Also verify in your filesystem, that in /var/www/cloud there is already your nextcloud, not within /var/www/cloud/nextcloud, if not either copy the files or change the root of installation.
And this is a short extract out of /etc/php5/fpm/pool.d/www.conf
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[www]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = www-data
group = www-data
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all IPv4 addresses on a
; specific port;
; '[::]:port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
;listen = /var/run/php5-fpm.sock
listen = 127.0.0.1:9000
; Set listen(2) backlog.
; Default Value: 65535 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 65535
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = www-data
listen.group = www-data
It is that what you are asking for?
Thank you for your effort
I checked the files but in /etc/nginx/conf.d
there is no file and in the directory /etc/nginx/sites/enabled
there is only a link to the file default (default -> /etc/nginx/sites-available/default)
`/etc/nginx/sites-available
But i will try to add the following code in etc/nginx/sites-available
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}
Just commented out the line #fastcgi_request_buffering off;
Now, when i want to connect to my nextcloud server i only have to type in ’ https://mydnsname.ddns.net/’ and will be transfered directly to the login mask.
Just for round this problem down it would be very nice to get the following option working. 'overwriteprotocol' => 'https',
I still get the login mask of my router when i type in http://mydnsname.ddns.net
I forwarded port 443 for the ssl connection only.
But you are maybe right because when you try to connect over HTTP you will be forwarded over port 80 or?