Issue with webdav and data dir in browser with reverse proxy

#1

Installation architecture

System A --> Nginx reverse proxy, with strong TLS_AES_256_GCM_SHA384, TLS 1.3 encryption
System B --> Nextcloudpi reachable through the System A
System C --> Jeedom reachable through the System A

System A configuration

/etc/nginx/conf.d/proxy.conf

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header Strict-Transport-Security;
proxy_hide_header X-Powered-By;
proxy_hide_header *;
proxy_intercept_errors on;
proxy_buffering on;
proxy_cache_key "$scheme://$host$request_uri";
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=cache:10m inactive=7d max_size=700m;

/etc/nginx/sites-enabled/systemB.vhost

server {
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;

location '/.well-known/acme-challenge' {
    root /var/www/example.com/;
    try_files $uri /$1;
    }
}

server {
    listen      443 http2;
    server_name  example.com;
    ssl on;
    ssl_certificate /etc/certbot/live-ecdsa/example.com/chain.pem;
    ssl_certificate_key /etc/certbot/live-ecdsa/example.com/privkey-p384.pem;
    if ($request_method !~ ^(GET|HEAD|POST)$ ) {
    return 444;
    }


location '/.well-known/acme-challenge' {
    root /var/www/example.com/;
    try_files $uri /$1;
    }

location / {
    proxy_pass http://192.168.0.44/;
    proxy_cache cache;
    proxy_cache_valid 12h;
    expires 12h;
    proxy_cache_use_stale error timeout invalid_header updating;
    }
}

System B configuration

/etc/apache2/sites-enabled/nextcloud.conf

<VirtualHost _default_:80>
  DocumentRoot /var/www/nextcloud
ServerName example.com
  CustomLog /var/log/apache2/nc-access.log combined
  ErrorLog  /var/log/apache2/nc-error.log
</VirtualHost>
<Directory /var/www/nextcloud/>
  Options +FollowSymlinks
  AllowOverride All
  <IfModule mod_dav.c>
    Dav off
  </IfModule>
  LimitRequestBody 0
</Directory>

PROBLEMS

I am able to browse correctly my jeedom on system C through the nginx reverse proxy.
I am able to browse nextcloudpi on system B through the nginx reverse proxy, music app is working, parameters and recent files are working correctly.
But Webdav is not working at all and I’m not able to see the main file data dir, agenda is not working also.

all my files are unavailable with this issue.

I am not able to determine where is the problem:

  • TLS 1.3 not supported ?
  • Issue with the header on the reverse proxy (System A) ?
  • apache2 configuration issue (System B) ?
  • PHP issue with rewrite module (System B) ?
  • Bug on nextcloudpi with reverse proxy configured (System B) ?

I am a little bit lost, from my understanding the issue seems not coming from reverse proxy because Nextcloudpi (system B) and Jeedom (system C) are reachable with encryption throught system A.
On the log I see many PHP error concerning News app, while this app is actually working.
On parameters administration panel, I see warning message concerning Webdav telling that it is not properly configured, and that the redirection “/.well-known/caldav” and “/.well-known/carddav” are not working. These warnings could be ignored because redirection are actually working as desired.

DAVdroid on my android device is not able anymore to join nextcloudpi.

What I have already tried

I have tried this configuration for the nginx reverse proxy without success:

         proxy_set_header X-Forwarded-Host $host;
         proxy_set_header X-Forwarded-Server $host;
         proxy_buffering off;

I have updated nextcloudpi to v1.10.4 and nextcloud to 15.0.5.3 without any change.

If you have any idea on what is wrong, you are welcome :slight_smile:

System information
For this example i have replaced my domain by example.com

NextCloudPi diagnostics

NextCloudPi version  v1.10.4
distribution         Raspbian GNU/Linux 9 \n \l
automount            yes
USB devices          sda
datadir              /media/USBdrive/ncdata
data in SD           no
data filesystem      ext2/ext3
data disk usage      68G/1,8T
rootfs usage         2,0G/15G
swapfile             /media/b355efe8-a481-4814-a4ed-e96dbae4aba5/swap
dbdir                /media/USBdrive/ncdatabase
Nextcloud check      ok
Nextcloud version    15.0.5.3
HTTPD service        up
PHP service          up
MariaDB service      up
Redis service        up
Postfix service      up
internet check       ok
port check 80        open
port check 443       open
IP                   ***REMOVED SENSITIVE VALUE***
gateway              ***REMOVED SENSITIVE VALUE***
interface            eth0
certificates         ***REMOVED SENSITIVE VALUE***
NAT loopback         no
uptime               19:57

Nextcloud configuration

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": {
            "0": "localhost",
            "1": "192.168.0.44",
            "5": "nextcloudpi.local",
            "7": "nextcloudpi",
            "8": "nextcloudpi.lan",
            "4": "example.com",
            "11": "82.64.45.131",
            "12": "192.168.0.8"
        },
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "15.0.5.3",
        "overwrite.cli.url": "https:\/\/example.com\/",
        "overwritehost": "example.com",
        "overwritewebroot": "\/",
        "trusted_proxies": "192.168.0.8",
        "htaccess.RewriteBase": "\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "timeout": 0,
            "password": "***REMOVED SENSITIVE VALUE***"
        },
        "mysql.utf8mb4": true,
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "overwriteprotocol": "https",
        "maintenance": false,
        "logfile": "\/media\/USBdrive\/ncdata\/nextcloud.log",
        "loglevel": "2",
        "log_type": "file",
        "mail_smtpsecure": "tls",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "theme": "",
        "data-fingerprint": "3811d7aa79e84500b9ec04f94ad5d6c9",
        "updater.secret": "***REMOVED SENSITIVE VALUE***"
    }
}

HTTPd logs

[Wed Mar 20 06:25:03.000780 2019] [mpm_event:notice] [pid 936:tid 1995805120] AH00489: Apache/2.4.25 (Raspbian) OpenSSL/1.0.2r configured -- resuming normal operations
[Wed Mar 20 06:25:03.000828 2019] [core:notice] [pid 936:tid 1995805120] AH00094: Command line: '/usr/sbin/apache2'
[Wed Mar 20 19:47:22.108710 2019] [mpm_event:notice] [pid 936:tid 1995805120] AH00491: caught SIGTERM, shutting down
[Wed Mar 20 19:47:24.005606 2019] [mpm_event:notice] [pid 9074:tid 1995678144] AH00489: Apache/2.4.25 (Raspbian) OpenSSL/1.0.2r configured -- resuming normal operations
[Wed Mar 20 19:47:24.006068 2019] [core:notice] [pid 9074:tid 1995678144] AH00094: Command line: '/usr/sbin/apache2'
[Wed Mar 20 19:51:09.607408 2019] [mpm_event:notice] [pid 9074:tid 1995678144] AH00491: caught SIGTERM, shutting down
[Wed Mar 20 19:51:11.005559 2019] [mpm_event:notice] [pid 9268:tid 1995932096] AH00489: Apache/2.4.25 (Raspbian) OpenSSL/1.0.2r configured -- resuming normal operations
[Wed Mar 20 19:51:11.006020 2019] [core:notice] [pid 9268:tid 1995932096] AH00094: Command line: '/usr/sbin/apache2'

Database logs


Nextcloud logs

{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string(): 0px) 100vw, 300px\" \/><p>Seulement 8&euro;&nbsp;pour cette micro SD de 32Go&nbsp; at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string():                                                                                ^ at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string(): Entity: line 1: parser error : Entity 'euro' not defined at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string(): \/><p>Seulement 8&euro;&nbsp;pour cette micro SD de 32Go&nbsp;au lieu de 12&euro; at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string():                                                                                ^ at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string(): Entity: line 1: parser error : Entity 'agrave' not defined at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string(): ur cette micro SD de 32Go&nbsp;au lieu de 12&euro; habituellement ! Voil&agrave; at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string():                                                                                ^ at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string(): Entity: line 1: parser error : Entity 'eacute' not defined at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string(): 32Go&nbsp;au lieu de 12&euro; habituellement ! Voil&agrave; une bonne id&eacute; at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string():                                                                                ^ at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string(): Entity: line 1: parser error : Entity 'nbsp' not defined at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string(): gmenter le stockage de votre raspberry pi &#128293;&#128293; voir la promo&nbsp; at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string():                                                                                ^ at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string(): Entity: line 2: parser error : Entity 'euro' not defined at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string(): -sandisk-32-domotique-deal-promo\/\">La carte micro SD 32Go pour seulement 8&euro; at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string():                                                                                ^ at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string(): Entity: line 2: parser error : Entity 'eacute' not defined at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string():  SD 32Go pour seulement 8&euro;<\/a> sur le magazine de la maison connect&eacute; at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}
{"reqId":"APFekbrxZlDetyzhEZpy","level":3,"time":"2019-03-20T22:45:16+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"\/cron.php","message":"simplexml_load_string():                                                                                ^ at \/var\/www\/nextcloud\/apps\/news\/lib\/Fetcher\/FeedFetcher.php#213","userAgent":"--","version":"15.0.5.3"}

0 Likes

#2

Hello,

The issue was located in my vhost file in reverse proxy side:

/etc/nginx/sites-enabled/systemB.vhost

    if ($request_method !~ ^(GET|HEAD|POST)$ ) {
    return 444;
    }

By remove/comment this block, I am able to access to my files :slight_smile:

1 Like