How to solve the _host-prefix issue

Nextcloud version: 21.0.1.1
Operating system and version: Ubuntu 20.04.2
Apache: 2.4.41
PHP version: 7.4.3

Many hits on the _host-prefix issue but no definite hint on the matter. The documentation does not help enough, the messages on the forum also do not give a solution. Maybe many things have to be right to remove it from the result of scan.nextcloud.com.

My configuration:

Nextcloud runs from /var/www/nextcloud

Strato hosts my domain for now I will call it mydomain.com. I have configured the “A-record” to relay traffic to my IP address for this message I say it is 123.123.123. In my router I have forwarded ports 80 and 443 to my NextCloud Server.

Initially I setup a Apache2 config file /etc/apache2/sites-enabled/nextcloud.conf with now has the following content:
---------------------------------------------Start File-----------------------------------------------
Alias /nextcloud “/var/www/nextcloud/”

<VirtualHost *:80>
DocumentRoot “/var/www/nextcloud”
ServerName nextcloud

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All

Dav off

SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
Satisfy Any

ServerAlias www. mydomain.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =www. mydomain.com [OR]
RewriteCond %{SERVER_NAME} =nextcloud
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

---------------------------------------------End file----------------------------------------------

After installing Letsencript I found /etc/apache2/sites-enabled/nextcloud-le-ssl.conf with the following content:

--------------------------------------------Start File-----------------------------------------------

<VirtualHost *:443>
DocumentRoot “/var/www/nextcloud”
ServerName nextcloud

Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" Header always set Referrer-Policy "no-referrer"

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All

Dav off

SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
Satisfy Any

ServerAlias www.inrijen.nl
RewriteEngine on

Some rewrite rules in this file were disabled on your HTTPS site,

because they have the potential to create redirection loops.

RewriteCond %{SERVER_NAME} =www. mydomain.com [OR]

RewriteCond %{SERVER_NAME} =nextcloud

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

SSLCertificateFile /etc/letsencrypt/live/www.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.mydomain.com /privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf


-------------------------------------End file--------------------------------------------

The file /etc/letsencrypt/options-ssl-apache.conf contains the following:

-----------------------------------Start File----------------------------------------------------------

This file contains important security parameters. If you modify this file

manually, Certbot will be unable to automatically provide future security

updates. Instead, Certbot will print and log an error message with a path to

the up-to-date file that you will need to refer to when manually updating

this file.

SSLEngine on

Intermediate configuration, tweak to your needs

SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite Text Deleted bij NextCees
SSLHonorCipherOrder on
SSLCompression off

SSLOptions +StrictRequire

Add vhost name to log entries:

LogFormat “%h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-agent}i”” vhost_combined
LogFormat “%v %h %l %u %t “%r” %>s %b” vhost_common

#CustomLog /var/log/apache2/access.log vhost_combined
#LogLevel warn
#ErrorLog /var/log/apache2/error.log

Always ensure Cookies have “Secure” set (JAH 2012/1)

#Header edit Set-Cookie (?i)^(.)(;\ssecure)??((\s*;)?(.*)) “$1; Secure$3$4”
-------------------------------------End File--------------------------------------------------------------

I am very happy with NextCloud and it runs like a champ. How to get rid of the _host-prefix issue? Does anybody have any ideas?

Hi

the redirect rules created by certbot are pointing to your ServerName wich is not a publicly availiable FQDN. Somehow it gets confused with ServerNames and ServerAlias.

I would deactivate the nextcloud-le-ssl vhost and delete the the nextcloud-le-ssl.conf file.

a2dissite nextcloud-le-ssl.conf
rm /etc/apache2/sites-available/nextcloud-le-ssl.conf
systemctl restart apache2

After that change the nextcloud.conf to the following and run certbot again:

<VirtualHost *:80>
DocumentRoot /var/www/nextcloud
ServerName www.yourdomain.com

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

<Directory /var/www/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews

<IfModule mod_dav.c>
Dav off
</IfModule>

SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
Satisfy Any
</Directory>

</VirtualHost>

EDIT:
Also I would recommend using something like cloud.yourdomain.com instead of www. That way you could use the www subdomain for something else down the road. But that’s of course up to you. :slight_smile:

Fantastic help! I have got A+ rating now!!
Your instructions are perfect! There is a small adjustment to the file you propose:

<VirtualHost *:80>
DocumentRoot /var/www/nextcloud
ServerName www.yourdomain.com

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

<Directory /var/www/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews

<IfModule mod_dav.c>
Dav off
</IfModule>

SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
Satisfy Any
</Directory>
</VirtualHost>

The line with </Directory> must be after “Satisfy Any” according to Certbot instructions.

Thank you very much! Your suggestions I keep in mind!

2 Likes

You’re welcome. Glad to help.

And yes you’re right, the SetEnv and Satisfy directives must be placed within the
<Directory /var/www/nextcloud/> group. I corrected the error in my post, just in case anyone else reading here doesn’t see to the end of the thread.