Forwarding issue to nextcloud server

Nextcloud version : 11.0.0.10
Operating system and version : Raspian Jessie
nginx version : 1.6.2
PHP version: 5.6.29

The issue:
When i want to connect to my nextcloud server over webinterface i have to type the whole URL => "https://mydnsname.ddns.net/nextcloud" but i simply want to type in my dnsname only.

I tried to change serveral options in "/var/www/cloud/config/config.php" for example:

  'overwriteprotocol' => 'https',
  'overwrite.cli.url' => 'https://mydnsname.ddns.net:443'
  'overwritecondaddr' => 'https://mydnsname.ddns.net',
  'overwritehost' => 'mydnsname.ddns.net',
  'overwritewebroot' => '/cloud',

but no option take any effect.

Is there any other file which i forgot to change to have the desired effect?

you want to be redirected to https://mydnsname.ddns.net/cloud or you want to use your cloud without a sub folder?

I would like to be redirected to the Login Interface of nextcloud. That means redirected to https://mydnsname.ddns.net/nextcloud.

My Directory is /var/www/cloud

In apache you normally put this into your port 80 virtual Host (https://httpd.apache.org/docs/current/mod/mod_alias.html#redirect)

<VirtualHost :80>
Redirect "/" "https://mydnsname.ddns.net/cloud"
</VirtualHost>

In nginx it would be something like this:

server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name mydnsname.ddns.net;
	return 301 https://$host/cloud/$request_uri;
}

This is my actual problem. I don’t know which file i have to change to have the desired effect.
Actually i can connect to my nextcloud-server, but when i want connect over my caldav-client on my smartphone the error “can’t verify hostname” pops up.

My default config in etc/nginx/sites-available/default looks like:

server {
        listen 80;
        server_name mydnsname.ddns.net;
        return 301 https://$server_name$request_uri;  # enforce https
}

server {
    listen              443 ssl;
    server_name         mydnsname.ddns.net;

    ssl_certificate     /var/www/ssl/cloudssl.crt;
    ssl_certificate_key /var/www/ssl/cloudssl.key;
    ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    # add_header Strict-Transport-Security "max-age=15768000;
    # includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

        # Path to the root of your installation
    root /var/www/cloud;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

When i tipe https://myhostname.ddns.net/ the error “Access denied” came up.
The nginx error log shows me the following log:

[error] 659#0: *771 FastCGI sent in stderr: "Access to the script '/var/www/cloud/index.php/' has been denied (see security.limit_extensions)" while reading response header from upstream, client: "myipaddress" , server: mydnsname.ddns.net, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "mydnsname.ddns.net"

But when i tipe in https://myhostname.ddns.net/nextcloud everthing is working fine.

Which permissions i have to give to solve this issue?

Make sure you have set this to (in your config/config.php):
'overwritewebroot' => '/',

Also verify in your filesystem, that in /var/www/cloud there is already your nextcloud, not within /var/www/cloud/nextcloud, if not either copy the files or change the root of installation.

And your configuration is only an extract of the config, a complete sample config can be found here:
https://docs.nextcloud.com/server/11/admin_manual/installation/nginx_nextcloud_9x.html?highlight=nginx

All files are stores under /var/www/cloud.
This is my current config file in /var/www/cloud/config/config.php.

<?php
$CONFIG = array (
  'instanceid' => 'ocnngwzr4avw',
  'passwordsalt' => 'oldpassword',
  'secret' => 'secretpassword',
  'trusted_domains' =>
  array (
    0 => 'mydnsname.ddns.net',
  ),
  'datadirectory' => '/home/pi/usb/nextcloud',
  'overwriteprotocol' => 'https',
  'overwrite.cli.url' => 'https://mydnsname.ddns.net/',
  'overwritewebroot' => '/',
  'dbtype' => 'mysql',
  'version' => '11.0.0.10',
  'dbname' => 'mycloudDB',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'mydbuser',
  'dbpassword' => 'mydbpassword',
  'logtimezone' => 'UTC',
  'installed' => true,
);

But still the error message “Access Denied” trying to connect to https://mydnsname.ddns.net.

Can you show us, where and how you configured PHP in your nginx-conf (via fastcgi?)?

Hi,

i’m not quit sure what you mean.
I followed a simple discription and this is a short extract out of my nginx.conf

user www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml applicatio$

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

And this is a short extract out of /etc/php5/fpm/pool.d/www.conf

; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[www]

; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
user = www-data
group = www-data

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
;                            a specific port;
;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all IPv4 addresses on a
;                            specific port;
;   '[::]:port'            - to listen on a TCP socket to all addresses
;                            (IPv6 and IPv4-mapped) on a specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
;listen = /var/run/php5-fpm.sock
listen = 127.0.0.1:9000

; Set listen(2) backlog.
; Default Value: 65535 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 65535

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
listen.owner = www-data
listen.group = www-data

It is that what you are asking for?
Thank you for your effort

Check the files in these locations as well:

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

Like in the docs (https://docs.nextcloud.com/server/11/admin_manual/installation/nginx_nextcloud_9x.html?highlight=nginx), you should find a part with:

upstream php-handler {
    server 127.0.0.1:9000;
    #server unix:/var/run/php5-fpm.sock;
}

I checked the files but in
/etc/nginx/conf.d
there is no file and in the directory
/etc/nginx/sites/enabled
there is only a link to the file default (default -> /etc/nginx/sites-available/default)
`/etc/nginx/sites-available

But i will try to add the following code in etc/nginx/sites-available

upstream php-handler {
    server 127.0.0.1:9000;
    #server unix:/var/run/php5-fpm.sock;
}

Now i’m a step further.

I just copied the whole config file from (https://docs.nextcloud.com/server/11/admin_manual/installation/nginx_nextcloud_9x.html?highlight=nginx) and adjust some parameters.

Just commented out the line
#fastcgi_request_buffering off;

Now, when i want to connect to my nextcloud server i only have to type in ’ https://mydnsname.ddns.net/’ and will be transfered directly to the login mask.

Just for round this problem down it would be very nice to get the following option working.
'overwriteprotocol' => 'https',

I still get the login mask of my router when i type in http://mydnsname.ddns.net

Have you opened port 80 in your router? Needed for redirect to https. I had that problem myself.

I forwarded port 443 for the ssl connection only.
But you are maybe right because when you try to connect over HTTP you will be forwarded over port 80 or?