HTTPS redirect not working

ℹ️ Support
1

Hi guys, i’ve installed nextcloud on a CentOS machine. It works fine but i cannot configure the https redirect, i’ve tried a lot of configuration but when i try to open the https url it was unaccessible. Here the config.php file and the nextcloud.conf file (in sites-available)
What’s wrong?
$CONFIG = array (
‘instanceid’ => ‘xxxxxxxx’,
‘passwordsalt’ => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,
‘secret’ => ‘xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx’,
‘trusted_domains’ =>
array (
0 => ‘test-nextcloud’,
1 => ‘xx.xx.xxx.xxx’,
2 => ‘localhost’,
),
‘datadirectory’ => ‘/var/www/html/nextcloud/data’,
‘dbtype’ => ‘mysql’,
‘version’ => ‘17.0.2.1’,
‘overwrite.cli.url’ => ‘http://xx.xx.xxx.xxx/nextcloud’,
‘dbname’ => ‘nextcloud’,
‘dbhost’ => ‘localhost’,
‘dbport’ => ‘’,
‘dbtableprefix’ => ‘oc_’,
‘dbuser’ => ‘xxxxxxxx’,
‘dbpassword’ => ‘xxxxxxxxx’,
‘installed’ => true,
‘logtimezone’ => ‘Europe/Rome’,
‘logfile’ => ‘/var/www/html/data/nextcloud.log’,
‘twofactor_enforced’ => ‘true’,
‘twofactor_enforced_groups’ =>
array (
0 => ‘User 2FA’,
),
‘twofactor_enforced_excluded_groups’ =>
array (
0 => ‘admin’,
1 => ‘test’,
),
‘mail_from_address’ => ‘Nextcloud’,
‘mail_smtpmode’ => ‘smtp’,
‘mail_sendmailmode’ => ‘smtp’,
‘mail_domain’ => ‘test.it’,
‘maintenance’ => false,
‘mail_smtphost’ => ‘xx.xx.xxx.xx’,
);

nextlcoud.conf :

<VirtuallHost *:80>
ServerAdmin test-admin
Redirect permanent / https://xx.xx.xxx.xxx/
DocumentRoot “/var/www/html/nextcloud”
ServerName test-nextcloud
<Directory “/var/www/html/nextcloud/”>
Options MultiViews FollowSymlinks
AllowOverride All
Order allow,deny
Allow from all

TransferLog /var/log/httpd/nextcloud_access.log
ErrorLog /var/log/httpd/nextcloud_error.log

ServerName test-nextcloud Redirect permanent / https://xx.xx.xxx.xxx/

<VirtualHost *:443>

#SSL
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
SSLProtocol -All +TLSv1.2
#SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLCipherSuite HIGH:!MEDIUM:!aNULL:!MD5:!RC4
SSLUseStapling on
SSLHonorCipherOrder off

#HTTP/2 if available
<IfModule mod_http2.so>
        Protocols h2 http/1.1
</IfModule>

DocumentRoot "/var/www/html/nextcloud"
ServerName test-nextcloud 
ErrorLog /var/www/html/nextcloud/error.log

<Directory /var/www/html/nextcloud/>
DirectoryIndex index.html index.php
“/etc/httpd/sites-available/owncloud.conf” 48L, 1481C

 Options +FollowSymlinks
 AllowOverride All

 SetEnv HOME /var/www/html/nextcloud
 SetEnv HTTP_HOME /var/www/html/nextcloud
 Satisfy Any
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

HELP ME!! :slight_smile:

2

Have you tried to find an answer using the search function of this forum, which you find in the upper right corner of the screen? These kind of questions are asked on a regular base so that the chance is high that you will find a solution for your problem.

3

sorry no solutions found

4

selfsigned?

try without this.

5

yes self signed. I’ve tried without that line but it doesn’t reach the site. Maybe iy’s sometings in httpd.conf?

6

i’ve done… the port 443 need to be opened on firewall

7

now the server respond on HTTP and HTTPS… how can i disable the HTTP?

8

best is to redirect port 80 to 443.
there are a lot of conf examples for this.

9

yes i know…i’ve tried but it doesn’t work, can you help me?

10

we would need the <VirtualHost *:80> section of your conf file.

please quote in three ``` (one line above and below)

11

nextlcoud.conf :

<VirtuallHost *:80>
ServerAdmin test-admin
Redirect permanent / https://xx.xx.xxx.xxx/
DocumentRoot “/var/www/html/nextcloud”
ServerName test-nextcloud
<Directory “/var/www/html/nextcloud/”>
Options MultiViews FollowSymlinks
AllowOverride All
Order allow,deny
Allow from all

TransferLog /var/log/httpd/nextcloud_access.log
ErrorLog /var/log/httpd/nextcloud_error.log

ServerName test-nextcloud Redirect permanent / https://xx.xx.xxx.xxx/

12

any ideas?

13

Hi Emiliano,

  1. Please make sure that you have the mod_rewrite module installed/enabled in your Apache.

Check in your 00-base.conf under /etc/httpd/conf.modules.d if the following line is available

LoadModule rewrite_module modules/mod_rewrite.so

  1. Exchange your <VirtualHost *:80> with the following:
<VirtualHost *:80>

        ServerAdmin  test-admin
        DocumentRoot /var/www/html/nextcloud

        <Directory /var/www/html/nextcloud>

                Options +FollowSymLinks
                AllowOverride All
		Require all granted

        </Directory>

        TransferLog /var/log/httpd/nextcloud_access.log
        ErrorLog /var/log/httpd/nextcloud_error.log

	Redirect / https://xx.xx.xxx.xxx/

</VirtualHost>
  1. Change the parameter overwrite.cli.url in your nextcloud config.php under /var/www/html/nextcloud/config

The parameter should look like this ‘overwrite.cli.url’ => ‘https://xx.xx.xxx.xxx/’,

You could however also try ‘overwrite.cli.url’ => ‘https://xx.xx.xxx.xxx/nextcloud/’, but I’m not sure why the actual folder is referenced again, since this is the root judging by your httpd.conf

14

hello this LoadModule rewrite_module modules/mod_rewrite.so it’s present…but when i change the <VirtualHost *:80> the httpd service doesn’t start

15

Where did you copy the <VirtualHost> to? When you setup your server, did you create a new config or did you just overwrite the original httpd.conf of your Apache?

If the httpd service doesn’t start with the new <VirtualHost>, you could check the services status with the following command:

systemctl status httpd

If that doesn’t give much information about the error, you can also run the following command, to see whether this gives you more information on why it doesn’t start:

journalctl -xe

16

i copy the virtual host on nextcloud.conf file in sites-available

17

now the httpd service starts normaly but the redirect to https doesn’t wotk. Only if i type the https url in the browser it works

18

You could work with the RewriteEngine as follows:

<VirtualHost *:80>

        ServerAdmin  test-admin
        DocumentRoot /var/www/html/nextcloud

        <Directory /var/www/html/nextcloud>

                Options +FollowSymLinks
                AllowOverride All
		Require all granted

        </Directory>

        TransferLog /var/log/httpd/nextcloud_access.log
        ErrorLog /var/log/httpd/nextcloud_error.log

	RewriteEngine On
        RewriteCond %{HTTPS} !=on
        RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

</VirtualHost>

Just copy and paste the above into your nextcloud.conf without changing anything on it.

19

ok i’ve copied the conf on nextcloud.conf but it doesn’t work. When i try to open http url
the system does not redirect in https.maybe i need to modify <VirtualHost *:443> in nextcloud.conf?

here the conf:

<VirtualHost *:443>

#SSL
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
SSLProtocol -All +TLSv1.2
#SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLCipherSuite HIGH:!MEDIUM:!aNULL:!MD5:!RC4
SSLUseStapling on
SSLHonorCipherOrder off

#HTTP/2 if available
<IfModule mod_http2.so>
        Protocols h2 http/1.1
</IfModule>

DocumentRoot "/var/www/html/nextcloud"
ServerName test-nextcloud
ErrorLog /var/www/html/nextcloud/error.log

<Directory /var/www/html/nextcloud/>
DirectoryIndex index.html index.php
“/etc/httpd/sites-available/nextcloud.conf” 48L, 1481C

 Options +FollowSymlinks
 AllowOverride All

 SetEnv HOME /var/www/html/nextcloud
 SetEnv HTTP_HOME /var/www/html/nextcloud
 Satisfy Any
20

Alright, now I kind of understand why your httpd.service didn’t want to start earlier…

Let’s start from scratch…

You should have a nextcloud.conf (which you probably created yourself) and a ssl.conf (standard) file under /etc/httpd/conf.d/.

Let’s try the following setup:

/etc/httpd/conf.d/nextcloud.conf

<VirtualHost *:80>

        ServerName test-nextcloud
        Redirect / https://xx.xx.xxx.xxx/

</VirtualHost>

/etc/httpd/conf.d/ssl.conf

<VirtualHost *:443>

        ServerAdmin  test-admin
        ServerName test-nextcloud
        DocumentRoot /var/www/html/nextcloud

        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key

        SSLProtocol -All +TLSv1.2
        SSLCipherSuite HIGH:!MEDIUM:!aNULL:!MD5:!RC4
        SSLUseStapling on
        SSLHonorCipherOrder off

        <Directory /var/www/html/nextcloud>

                Options +FollowSymLinks
                AllowOverride All
                Require all granted

        </Directory>

        SetEnv HOME /var/www/html/nextcloud
        SetEnv HTTP_HOME /var/www/html/nextcloud

        TransferLog /var/log/httpd/nextcloud_access.log
        ErrorLog /var/log/httpd/nextcloud_error.log

</VirtualHost>

I left the SSLCipherSuite out, since this is not active in your config anyway. Each config should also only have one <VirtualHost> as this reduces the possibility for errors.