Hello, I installed Nextcloud 11 a little while ago, everything worked correctly.
I recently discovered that I can no longer connect to the web interface (the client works well), it just looped on the login page.
I have a Centos 7.3 machine, php7.1-Remi, Nginx, MariaDB.
I tried with a previous php version (5.6) -> Same
You will find below my logs and my config
Log Nexcloud :
- - [13/May/2017:19:35:49 +0200] "GET /login?redirect_url=/apps/files/ HTTP/1.1" 200 3394 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0"
Conf : Nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
#Optimisation
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
keepalive_requests 100000;
# Connexions maximum par ip
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
limit_conn limit_per_ip 20;
# Nombre de requêtes/s maximum par ip
limit_req_zone $binary_remote_addr zone=allips:10m rate=200r/s;
limit_req zone=allips burst=200 nodelay;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
# taille des buffers et taille max des requêtes normales
client_body_buffer_size 1K;
client_max_body_size 8m;
large_client_header_buffers 4 16K;
ignore_invalid_headers on;
# définition des différents timeout
client_body_timeout 5;
client_header_timeout 5;
keepalive_timeout 5 5;
send_timeout 5;
server_name_in_redirect off;
#active GZIP
gzip on;
#gzip_static on;
gzip_comp_level 6;
gzip_proxied any;
gzip_vary on;
gzip_types text/plain text/css text/javascript
application/json application/javascript application/x-javascript
application/xhtml+xml text/xml application/xml application/xml+rss;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
# gzip off;
}
Conf : Nexcloud Nginx
upstream php-handler {
server 127.0.0.1:9000;
# server unix:/run/php-fpm/php-fpm.pid;
}
server {
listen 80;
server_name XXX;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name XXX;
access_log /var/log/nginx/nextcloud.log;
ssl_certificate /etc/nginx/cert/nextcloud.crt;
ssl_certificate_key /etc/nginx/cert/nextcloud.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EECDH+AES;
ssl_session_timeout 5m;
# ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
#resolver 8.8.8.8 8.8.4.4 valid=300s;
#resolver_timeout 15s;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header X-Powered-By "TeammediaCenter";
# Eviter de se faire piller son site (merci dsfc.net)
add_header X-Robots-Tag none;
# HSTS permet de déclarer au client directement dans la réponse HTTP qu'il faut communiquer en HTTPS
# Cette en-tête permet d'éviter le vol de cookies et le downgrade SSL
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; ";
# Evite que le contenu soit interprété différemment que définit dans le mime Type
add_header X-Content-Type-Options nosniff;
# Protection contre le clickjacking
add_header X-Frame-Options "SAMEORIGIN";
# Protection contre les failles X-XSS
add_header X-XSS-Protection "1; mode=block";
# Faille spécifique à IE8
add_header X-Download-Options noopen;
# Interdire l'embarquement de tout ou partie de votre site dans un site ou logiciel tiers
add_header X-Permitted-Cross-Domain-Policies none;
# Enfin, les CSP permettent de vérifier l'origine des éléments du site
# Plutôt complexes à mettre en place, voir
# add_header Content-Security-Policy "default-src 'self';" always;
add_header Content-Security-Policy "default-src 'self' https://*.gstatic.com https://*.googleapis.com data: 'unsafe-inline' 'unsafe-eval'; report-uri https://report-uri.io/report/monurl";
add_header Content-Security-Policy-Report-Only "default-src 'self' https://*.gravatar.com https://*.gstatic.com https://*.googleapis.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://www.google-analytics.com data: 'unsafe-inline' 'unsafe-eval'; report-uri https://report-uri.io/report/monur/reportOnly";
# Path to the root of your installation
root /usr/share/nginx/html/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 256 16k;
fastcgi_buffer_size 128k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_cache_key $http_cookie$request_method$host$request_uri;
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
# Disable gzip to avoid the removal of the ETag header
#gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
# limit_req zone=noflood burst=15;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
fastcgi_connect_timeout 600;
# fastcgi_cache_bypass $skip_cache;
# fastcgi_no_cache $skip_cache;
# fastcgi_cache NEXTCLOUD;
fastcgi_cache_valid 60m;
fastcgi_cache_methods GET HEAD;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
# Spreed WebRTC
location ^~ /webrtc {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering on;
proxy_ignore_client_abort off;
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
}
# static files
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# websockets, download, presentation and image upload
location ^~ /lool {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
}
Conf : config.php
<?php
$CONFIG = array (
'instanceid' => 'oc1111zzl3jb',
'passwordsalt' => 'XXXX',
'secret' => 'XXXX',
'trusted_domains' =>
array (
0 => 'XXX',
),
'datadirectory' => '/usr/share/nginx/html/nextcloud/data',
'overwrite.cli.url' => 'https://XXX.XXX.net',
'dbtype' => 'mysql',
'version' => '11.0.3.2',
'dbname' => 'XXX',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'XXX',
'dbpassword' => 'XXX',
'logtimezone' => 'UTC',
'enable_avatars' => true,
'installed' => true,
'log_type' => 'file',
'loglevel' => 3,
'logfile' => '/var/log/nextcloud.log',
'logdateformat' => 'F d, Y H:i:s',
'cron_log' => true,
'trashbin_retention_obligation' => 'auto',
'versions_retention_obligation' => 'auto',
'default_language' => 'fr',
'auth.bruteforce.protection.enabled' => true,
'updatechecker' => true,
'updater.server.url' => 'https://updates.nextcloud.com/updater_server/',
'updater.release.channel' => 'stable',
);