HTTPS time out / no no connection, Localhost connects, apache2 listening to 443

ℹ️ Support
1
Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 12.0.2): 15.08
Operating system and version (eg, Ubuntu 17.04): Ubuntu 16.04.4 ( In VirtualBox)
Apache or nginx version (eg, Apache 2.4.25): Apache/2 2.4.18
PHP version (eg, 7.1):PHP 7.0.33

The issue you are facing:
Clients and remote https access can not connect, but https connects on localhost.
I can not locate the cause without help…

Doing,
sudo netstat -tnlp | grep :443 tcp6 0 0 :::443 :::* LISTEN 1938/apache2

Looks like Apache is up…

UFW temporarily disabled as I saw the following in syslog,

May 30 07:41:05 glenn-VirtualBox kernel: [77735.280733] [UFW BLOCK] IN=enp0s3 OUT= MAC=01:00:5e:00:00:01:48:5d:36:4d:62:87:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36

Ouput of iptables to be sure,

`sudo iptables -L
[sudo] password for glenn:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ufw-before-logging-input all – anywhere anywhere
ufw-before-input all – anywhere anywhere
ufw-after-input all – anywhere anywhere
ufw-after-logging-input all – anywhere anywhere
ufw-reject-input all – anywhere anywhere
ufw-track-input all – anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ufw-before-logging-forward all – anywhere anywhere
ufw-before-forward all – anywhere anywhere
ufw-after-forward all – anywhere anywhere
ufw-after-logging-forward all – anywhere anywhere
ufw-reject-forward all – anywhere anywhere
ufw-track-forward all – anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ufw-before-logging-output all – anywhere anywhere
ufw-before-output all – anywhere anywhere
ufw-after-output all – anywhere anywhere
ufw-after-logging-output all – anywhere anywhere
ufw-reject-output all – anywhere anywhere
ufw-track-output all – anywhere anywhere

Chain ufw-after-forward (1 references)
target prot opt source destination

Chain ufw-after-input (1 references)
target prot opt source destination

Chain ufw-after-logging-forward (1 references)
target prot opt source destination

Chain ufw-after-logging-input (1 references)
target prot opt source destination

Chain ufw-after-logging-output (1 references)
target prot opt source destination

Chain ufw-after-output (1 references)
target prot opt source destination

Chain ufw-before-forward (1 references)
target prot opt source destination

Chain ufw-before-input (1 references)
target prot opt source destination

Chain ufw-before-logging-forward (1 references)
target prot opt source destination

Chain ufw-before-logging-input (1 references)
target prot opt source destination

Chain ufw-before-logging-output (1 references)
target prot opt source destination

Chain ufw-before-output (1 references)
target prot opt source destination

Chain ufw-reject-forward (1 references)
target prot opt source destination

Chain ufw-reject-input (1 references)
target prot opt source destination

Chain ufw-reject-output (1 references)
target prot opt source destination

Chain ufw-track-forward (1 references)
target prot opt source destination

Chain ufw-track-input (1 references)
target prot opt source destination

Chain ufw-track-output (1 references)
target prot opt source destination`

output of tcpdump
sudo tcpdump -n icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes 10:49:28.931674 IP 192.168.1.1 > 224.0.0.1: ICMP router advertisement lifetime 30:00 1: {192.168.1.1 0}, length 16 10:58:16.642575 IP 192.168.1.1 > 224.0.0.1: ICMP router advertisement lifetime 30:00 1: {192.168.1.1 0}, length 16 ^C 2 packets captured 2 packets received by filter 0 packets dropped by kernel

The output of your Nextcloud log in Admin > Logging:

Level	App	Message		Time
Info	core	Trusted domain error. "192.168.1.226" tried to access using "192.168.1.70" as host.	
2019-05-30T01:09:13-0400
Info	core	Bruteforce attempt from "127.0.0.1" detected for action "login".	
2019-05-29T15:54:06-0400
Warning	core	Login failed: 'glenn' (Remote IP: '127.0.0.1')	
2019-05-29T15:54:06-0400
Info	core	Bruteforce attempt from "127.0.0.1" detected for action "login".	
2019-05-29T15:53:47-0400
Warning	core	Login failed: 'glenn' (Remote IP: '127.0.0.1')	
2019-05-29T15:53:47-0400
Info	core	Bruteforce attempt from "127.0.0.1" detected for action "login".	
2019-05-29T15:53:20-0400
Warning	core	Login failed: 'dmadmin' (Remote IP: '127.0.0.1')	
2019-05-29T15:53:19-0400
Info	core	Bruteforce attempt from "127.0.0.1" detected for action "login".	
2019-05-29T15:50:20-0400
Warning	core	Login failed: 'glenn' (Remote IP: '127.0.0.1')	
2019-05-29T15:50:20-0400
Info	no app in context	Cleanup finished	
2019-05-29T15:45:04-0400
Info	no app in context	Removing /var/www/html/nextcloud/data/updater-ocuoe94q340h/backups/nextcloud-13.0.1.1 ...	
2019-05-29T15:45:03-0400
Info	no app in context	List of all directories that will be deleted: ["\/var\/www\/html\/nextcloud\/data\/updater-ocuoe94q340h\/backups\/nextcloud-13.0.1.1"]	
2019-05-29T15:45:03-0400
Info	no app in context	/var/www/html/nextcloud/data/updater-ocuoe94q340h/backups exists - start to clean it up	
2019-05-29T15:45:03-0400
Info	updater	\OC\Updater::resetLogLevel: Reset log level to Info(1)	
2019-05-29T15:37:33-0400
Info	updater	\OC\Updater::maintenanceDisabled: Turned off maintenance mode	
2019-05-29T15:37:33-0400
Info	updater	\OC\Updater::updateEnd: Update successful	
2019-05-29T15:37:33-0400
Info	updater	\OC\Updater::finishedCheckCodeIntegrity: Finished code integrity check	
2019-05-29T15:37:33-0400
Info	updater	\OC\Updater::startCheckCodeIntegrity: Starting code integrity check...	
2019-05-29T15:37:26-0400
Info	updater	\OC\Repair::info: Repair info: Removed potentially over exposing link shares	
2019-05-29T15:37:26-0400
Info	updater	\OC\Repair::info: Repair info: Sending notifications to admins and affected users	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::finishProgress	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::startProgress: Starting ... Remove potentially over exposing share links (0)	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::info: Repair info: Removing potentially over exposing link shares	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::step: Repair step: Remove potentially over exposing share links	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::info: Repair info: Fixed 0 vcards	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::step: Repair step: Extract the vcard uid and store it in the db	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::info: Repair info: No need to repair pending cron jobs.	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::step: Repair step: Repair pending cron jobs	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::step: Repair step: Queue a one-time job to cleanup old backups of the updater	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::step: Repair step: Add preview background cleanup job	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::info: Repair info: Avatar cache cleared	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::step: Repair step: Clear every generated avatar on major updates	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::info: Repair info: JS cache cleared	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::info: Repair info: SCSS cache cleared	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::info: Repair info: Image cache cleared	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::step: Repair step: Clear frontend caches	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::step: Repair step: Add log rotate job	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::step: Repair step: Repair invalid paths in file cache	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::info: Repair info: No mounts updated	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::step: Repair step: Fix potential broken mount points	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::step: Repair step: Move .step file of updater to backup location	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::step: Repair step: Remove shares of a users root folder	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::step: Repair step: Repair invalid shares	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::info: Repair info: 0 tags with no entries have been removed.	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::info: Repair info: 0 tag entries for deleted tags have been removed.	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::info: Repair info: 0 tags for delete files have been removed.	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::info: Repair info: 0 tags of deleted users have been removed.	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::step: Repair step: Clean tags and favorites	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::step: Repair step: Repair mime types	
2019-05-29T15:37:25-0400
Info	updater	\OC\Repair::info: Repair info: All tables already have the correct collation -> nothing to do	
2019-05-29T15:37:25-0400

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'ocuoe94q340h',
  'passwordsalt' => 'notsureifthisissensitive',
  'secret' => 'Not_Sure_if_This_Should_BE_shown_as-well',
  'trusted_domains' => 
  array (
    0 => 'enrgyxprt.ddns.net',
  ),
  'datadirectory' => '/var/www/html/nextcloud/data',
  'overwrite.cli.url' => 'https://enrgyxprt.ddns.net',
  'dbtype' => 'mysql',
  'version' => '15.0.8.1',
  'dbname' => 'nextclouddb',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'ncloudusr',
  'dbpassword' => 'xxxxxxxx',
  'installed' => true,
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 1,
  'mail_from_address' => 'myemail',
  'mail_smtpmode' => 'smtp',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_domain' => 'gmail.com',
  'mail_smtphost' => 'smtp@gmail.com',
  'mail_smtpport' => '465',
  'mail_smtpauth' => 1,
);

The output of your Apache/nginx/system log in /var/log/____:

Not Sure which logs to paste here....
2

Hi enrgyxprt,
It looks like you’re trying to connect with a Dynamic IP address using ddns.net correct?

First I would check that your domain name enrgyxprt.ddns.net actually resolves against your current IP address using https://mxtoolbox.com/DNSLookup.aspx to see what your DNS provider thinks your domain name and public IP should be resolving against and whatismyip.com to check what your current public IP is.

After that I would also check that your port forwarding is set correctly on your router. Have you assigned the Ubuntu server with a static IP?

Thirdly. You say you cannot access the install remotely. I assume this means access when not on your local area network. Have you tried accessing the install with another computer on your LAN?

3

Scott,
DNS is updating and resolving my public ip correctly, (Router set to update dynamic dns service)
Yes, Router is set to give virtual server static IP (from mac address) of 192.168.1.70
and is reported correctly using ip addr show
All 443 traffic set to goto 192.168.1.70

This was a working (for months) instance, which went down for some odd reason.

When I say remotely, I mean on any other machine (other than localhost) inside or outside of the lan.

4

Hi,
Just looking at your config.php file. Have you tried adding in ddns.net, as well as a trusted domain? From “not local host” do you actually get to the login page?

And of course the really obvious thing, have you checked your Virtualbox network connection options to make sure it’s on the right connection type? If memory serves it should be on Bridged Networking.

5

Virtualbox is set up as bridged.

I dont get a login page, only timeouts.

;(

Just tried telnet 192.168.1.70 443 from that machine, and was connected (to itself)
Just tried telnet my wan ip 443 from that machine, and was not able to connect.

Yet, 443 is port fowarding on my router is set to the 192.168.1.70 !
Puling hair out, ready to jump off a bridge lol…

6

Found another 443 port forwarded, to another system in my lan.
Dont know how it was added, or why all of a sudden it became the IP 443 traffic went to…
deleted that, rebooted router and whamo! back on line!!

7

Happy you !

If fixed, need to be closed.