I can't start Nextcloud for the first time, possible bug

ATAGA · March 2, 2020, 11:37am

Good Morning,

I have an Asus RT-AX88U router with AsusWRT-Merlin firmware (v384.15) to which I have installed Nginx v1.17.7 + php7-fpm v7.4.1 + MariaDB v10.4.10 + phpMyAdmin v5.0.1 + Redis v5.1.1 through of entware inside a hard disk formatted in Ext4.

I cannot start Nextcloud because of problems that have to do with the privileges assigned to the DATA directory. If I assign all privileges:

chown -R admin:root /opt/share/www/nextcloud
chmod -R 777 /opt/share/www/nextcloud
mkdir -p /opt/share/www/nextcloud/data

chown -R admin:root /opt/share/www/nextcloud/data
chmod -R 777 /opt/share/www/nextcloud/data

It doesn’t let me finish the first time setup and the error comes up: “Your data directory and files are probably accessible from the internet because the .htaccess file does not work”.

If I change the privileges to 770 (I cannot change the user admin and root group since it is unique in this system), Nextcloud cannot manage this directory showing the following error: "Can’t create or write into the data directory”:

chown -R admin:root /opt/share/www/nextcloud/data
chmod -R 770 /opt/share/www/nextcloud/data

I think it’s a repository bug since two months ago it worked, I also have Joomla, Wordpress, KODexplorer and rutorrent installed without problems

-In case it helps, I leave the changes of config on Nginx, MariaDB and php7-fpm:

File “ /opt/etc/nginx/nginx.conf”:

user admin root;
worker_processes 4;
pid /opt/var/run/nginx.pid;
include /opt/etc/nginx/modules-enabled/*.conf;

events {
use epoll;
multi_accept on;
worker_connections 1024;
}

http {
.
.
.

    charset utf-8;
keepalive_timeout 60;

.
.
.
client_max_body_size 2000m;
client_body_temp_path /opt/tmp/;

include /opt/etc/nginx/mime.types;
default_type application/octet-stream;

.
.
.

gzip on;
gzip_vary on;
gzip_proxied any;
    gzip_min_length 1k;
    gzip_buffers 4 8k;
    gzip_comp_level 2;
gzip_disable "msie6";
# gzip_buffers 16 8k;
# gzip_comp_level 6;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xhtml+xml application/xml+rss text/javascript application/javascript image/svg+xml;

##
# Virtual Host Configs
##

# include /opt/etc/nginx/conf.d/*.conf;
# include /opt/etc/nginx/sites-enabled/*;
         include /opt/etc/nginx/vhost/*.conf;

}
.
.
.

File “/opt/etc/nginx/conf/php-fpm.conf”:

location ~ [^/].php(/|$) {
fastcgi_split_path_info ^(.+?.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass unix:/opt/var/run/php7-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTP_PROXY “”;
include fastcgi_params;
}

File “/opt/etc/nginx/conf/nextcloud.conf”:

Add headers to serve security related headers

add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection “1; mode=block”;
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}

location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}

fastcgi_buffers 64 4K;

Enable gzip but do not remove ETag headers

gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

location / {
rewrite ^ /index.php$request_uri;
}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}

location ~ ^/(?:.|autotest|occ|issue|indie|db_|console) {
deny all;
}

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+).php(?:$|/) {
fastcgi_split_path_info ^(.+?.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/opt/var/run/php7-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}

location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}

Adding the cache control header for js and css files

Make sure it is BELOW the PHP block

location ~ .(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control “public, max-age=15778463”;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection “1; mode=block”;
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

# Optional: Don't log access to assets
access_log off;

}

location ~ .(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri;

# Optional: Don't log access to other assets
access_log off;

}

File “/opt/etc/nginx/vhost/nextcloud.conf”:

server {
listen 99;
server_name localhost;
root /opt/share/www/nextcloud/;
index index.html index.htm index.php tz.php;
include /opt/etc/nginx/conf/nextcloud.conf;
}

File “/opt/ect/php.ini”:

[PHP]
zend.ze1_compatibility_mode = Off

; Language Options

.
.
.
output_buffering = 4096
.
.
.

; Resource Limits

max_execution_time = 2000 ; Maximum execution time of each script, in seconds.
.
.
.
memory_limit = 128M ; Maximum amount of memory a script may consume.
.
.
.

; Data Handling

.
.
.
post_max_size = 8000M
.
.
.
doc_root = “/opt/share/www”

; File Uploads

.
.
.
upload_max_filesize = 8000M
.
.
.
session.save_path = “/opt/usr/php/tmp/”
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=60
opcache.fast_shutdown=1

mysqli.default_socket=/opt/var/run/mysqld.sock
pdo_mysql.default_socket=/opt/var/run/mysqld.sock

File “opt/etc/php7-fpm.d/www.conf”:

; Start a new pool named ‘www’.
.
.
.
listen.mode = 0666
.
.
.
env[HOSTNAME] = $HOSTNAME
env[PATH] = /opt/bin:/usr/local/bin:/usr/bin:/bin
env[TMP] = /opt/tmp
env[TMPDIR] = /opt/tmp
env[TEMP] = /opt/tmp
.
.

File “/opt/etc/mysql/my.cnf":

[client-server]
port = 3306
socket = /opt/var/run/mysqld.sock

[mysqld]

#*MySQL Options

user = admin
socket = /opt/var/run/mysqld.sock
pid-file = /opt/var/run/mysqld.pid
basedir = /opt
lc_messages_dir = /opt/share/mariadb
lc_messages = en_US
datadir = /opt/var/mysql/
tmpdir = /opt/tmp/
skip-external-locking
bind-address = 127.0.0.1
key_buffer_size = 24M
max_allowed_packet = 24M
thread_stack = 192K
thread_cache_size = 8

#*InnoDB Options

innodb-use-native-aio = 0

[mysqldump]
quick
quote-names
max_allowed_packet = 24M

[mysql]
#no-auto-rehash

[isamchk]
key_buffer_size = 24M

[mysqlhotcopy]
interactive-timeout

Import all .cnf files from configuration directory

!includedir /opt/etc/mysql/conf.d/

File “/opt/etc/redis.conf”:

listen on localhost only

bind 127.0.0.1

create a unix domain socket to listen on

unixsocket /data/redis.sock

set permissions for the socket

unixsocketperm 777

eehmke · March 2, 2020, 12:56pm

I think setting the user/group for the nextcloud and data directory to admin/root is wrong. They should be owned by the user/group of the web server, in case of nginx www/www.

ATAGA · March 4, 2020, 1:46pm

I cannot change to www / www nor create it since I am on a router and I cannot use the sudo command

eehmke · March 4, 2020, 2:58pm

Is this your own router? You should have some kind of root access. But it seems this setup is very unusual. Perhaps you should run nextcloud on a separate server, a raspberry pi can do it.

ATAGA · March 4, 2020, 5:10pm

Yes, the router is mine and is an Asus RT-AX88U. For the configuration I have followed the same steps that the ONMP script created by the author xzhih performs and that is published at https://github.com/xzhih/ONMP

In December of last year it worked perfectly, but from January it stopped working.

Is there any way for Nextcloud to ignore the .htaccess file or stop trying to read it? I think the problem is that Nextcloud thinks it is installed on an Apache server instead of an Nginx server

ATAGA · March 15, 2020, 6:11pm

I have changed the settings of Nginx (nginx.conf) and php7-fpm (www.conf) to nobody / nobody. Also I have assigned the value of nobody / nobody and set the privileges to 770 in the nextcloud and data root directories. NOTHING CHANGES even rewriting the configuration in various ways.

I have installed phpMyAdmin, Joomla, Wordpress, Kodexplorer and rutorrent. None give problems except nextcloud

I keep insisting that there is a problem in nextcloud under Nginx. If possible, could you tell me how to skip or jump the notice “Your data directory and files are probably accessible from the internet because the .htaccess file does not work.”?