Forwarding issue to nextcloud server

Nextcloud version :
Operating system and version : Raspian Jessie
nginx version : 1.6.2
PHP version: 5.6.29

The issue:
When i want to connect to my nextcloud server over webinterface i have to type the whole URL => "" but i simply want to type in my dnsname only.

I tried to change serveral options in "/var/www/cloud/config/config.php" for example:

  'overwriteprotocol' => 'https',
  'overwrite.cli.url' => ''
  'overwritecondaddr' => '',
  'overwritehost' => '',
  'overwritewebroot' => '/cloud',

but no option take any effect.

Is there any other file which i forgot to change to have the desired effect?

you want to be redirected to or you want to use your cloud without a sub folder?

I would like to be redirected to the Login Interface of nextcloud. That means redirected to

My Directory is /var/www/cloud

In apache you normally put this into your port 80 virtual Host (

<VirtualHost :80>
Redirect "/" ""

In nginx it would be something like this:

server {
	listen 80 default_server;
	listen [::]:80 default_server;
	return 301 https://$host/cloud/$request_uri;

This is my actual problem. I don’t know which file i have to change to have the desired effect.
Actually i can connect to my nextcloud-server, but when i want connect over my caldav-client on my smartphone the error “can’t verify hostname” pops up.

My default config in etc/nginx/sites-available/default looks like:

server {
        listen 80;
        return 301 https://$server_name$request_uri;  # enforce https

server {
    listen              443 ssl;

    ssl_certificate     /var/www/ssl/cloudssl.crt;
    ssl_certificate_key /var/www/ssl/cloudssl.key;
    ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    # add_header Strict-Transport-Security "max-age=15768000;
    # includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

        # Path to the root of your installation
    root /var/www/cloud;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;

When i tipe the error “Access denied” came up.
The nginx error log shows me the following log:

[error] 659#0: *771 FastCGI sent in stderr: "Access to the script '/var/www/cloud/index.php/' has been denied (see security.limit_extensions)" while reading response header from upstream, client: "myipaddress" , server:, request: "GET / HTTP/1.1", upstream: "fastcgi://", host: ""

But when i tipe in everthing is working fine.

Which permissions i have to give to solve this issue?

Make sure you have set this to (in your config/config.php):
'overwritewebroot' => '/',

Also verify in your filesystem, that in /var/www/cloud there is already your nextcloud, not within /var/www/cloud/nextcloud, if not either copy the files or change the root of installation.

And your configuration is only an extract of the config, a complete sample config can be found here:

All files are stores under /var/www/cloud.
This is my current config file in /var/www/cloud/config/config.php.

$CONFIG = array (
  'instanceid' => 'ocnngwzr4avw',
  'passwordsalt' => 'oldpassword',
  'secret' => 'secretpassword',
  'trusted_domains' =>
  array (
    0 => '',
  'datadirectory' => '/home/pi/usb/nextcloud',
  'overwriteprotocol' => 'https',
  'overwrite.cli.url' => '',
  'overwritewebroot' => '/',
  'dbtype' => 'mysql',
  'version' => '',
  'dbname' => 'mycloudDB',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'mydbuser',
  'dbpassword' => 'mydbpassword',
  'logtimezone' => 'UTC',
  'installed' => true,

But still the error message “Access Denied” trying to connect to

Can you show us, where and how you configured PHP in your nginx-conf (via fastcgi?)?


i’m not quit sure what you mean.
I followed a simple discription and this is a short extract out of my nginx.conf

user www-data;
worker_processes 4;
pid /run/;

events {
        worker_connections 768;
        # multi_accept on;

http {

        # Basic Settings

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        # SSL Settings
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        # Logging Settings

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        # Gzip Settings

        gzip on;
        gzip_disable "msie6";

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml applicatio$

        # Virtual Host Configs

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;

And this is a short extract out of /etc/php5/fpm/pool.d/www.conf

; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)

; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
user = www-data
group = www-data

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   ''    - to listen on a TCP socket to a specific IPv4 address on
;                            a specific port;
;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all IPv4 addresses on a
;                            specific port;
;   '[::]:port'            - to listen on a TCP socket to all addresses
;                            (IPv6 and IPv4-mapped) on a specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
;listen = /var/run/php5-fpm.sock
listen =

; Set listen(2) backlog.
; Default Value: 65535 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 65535

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
listen.owner = www-data = www-data

It is that what you are asking for?
Thank you for your effort

Check the files in these locations as well:

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

Like in the docs (, you should find a part with:

upstream php-handler {
    #server unix:/var/run/php5-fpm.sock;

I checked the files but in
there is no file and in the directory
there is only a link to the file default (default -> /etc/nginx/sites-available/default)

But i will try to add the following code in etc/nginx/sites-available

upstream php-handler {
    #server unix:/var/run/php5-fpm.sock;

Now i’m a step further.

I just copied the whole config file from ( and adjust some parameters.

Just commented out the line
#fastcgi_request_buffering off;

Now, when i want to connect to my nextcloud server i only have to type in ’’ and will be transfered directly to the login mask.

Just for round this problem down it would be very nice to get the following option working.
'overwriteprotocol' => 'https',

I still get the login mask of my router when i type in

Have you opened port 80 in your router? Needed for redirect to https. I had that problem myself.

I forwarded port 443 for the ssl connection only.
But you are maybe right because when you try to connect over HTTP you will be forwarded over port 80 or?