Dear everyone!
I am a newbie for both nginx and nextcloud. After several days reading; installation and wakeup the block server with the following basic specs as:
- Linux server - Ubuntu 18.04LTS
- Odoo12 server on Ubuntu
- Nextcloud server on Ubuntu - the same as Odoo
- Database - Both use PostgreSQL
- PHP7.2 with it’s extension
- domain: 1. mydomain1.com for ODoo12 ; 2. mydomain2.com for Nextcloud both is root seperately root domain using one public IP
- Webserver: Nginx
- SSL certificate: Certbot with snippets for renew
the Odoo server is running well. But the Nextcloud server with the bad gateway shown after I configured admin account, stored directory and Database via secure web (successfully with ssl).
NC has installed under root www directory - /var/www/nextcloud
No more I can do, because the Broswer show 502 Bad Gateway when Nextcloud (NC) try to open the apps page.
Here is my nginx conf file (/etc/nginx/sites-available/mydomain2.com (my 2nd domain name):
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php/php7.0-fpm.sock;
}
server {
listen 80;
server_name www.golive.vn golive.vn;
include snippets/letsencrypt.conf;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name www.golive.vn;
ssl_certificate /etc/letsencrypt/live/golive.vn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/golive.vn/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/golive.vn/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
return 301 https://golive.vn$request_uri;
}
server {
listen 443 ssl http2;
server_name golive.vn;
ssl_certificate /etc/letsencrypt/live/golive.vn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/golive.vn/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/golive.vn/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag
auth;
gzip_types application/atom+xml application/javascript application/json
application/l$
# . . . other code
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass php-handler;
#unix:/run/php/php7.2-fpm.sock;
}
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php$request_uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~
^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+$
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; prel$
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
Here is the nextcloud config file (/var/www/nextcloud/config/config.php):
<?php
$CONFIG = array (
'instanceid' => 'MYENCRYPTACCOUTNAME',
'passwordsalt' => 'ENCRYPT MY PASSWD',
'secret' => 'SECRET STRING',
'trusted_domains' =>
array (
0 => 'mydomain2.com',
),
'datadirectory' => '/var/www/nextcloud/TTXData',
'dbtype' => 'pgsql',
'version' => '14.0.3.0',
'overwrite.cli.url' => 'https://mydomain2.com',
'dbname' => 'MYDATABASE NAME',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'MYDATABASE USERNAME',
'dbpassword' => 'MyPASSWDDatabase',
'installed' => true,
);
Can anyone tell me where I got the wrong?
BMH