Javascript, heartbeat and font URLs malformed (double nextcloud)

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 29.0.5): 29.0.7.1
Operating system and version (eg, Ubuntu 24.04): Ubuntu 24.04.1 LTS
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.58-1ubuntu8.4
PHP version (eg, 8.3): 8.3.7-2+ubuntu22.04.1+deb.sury.org+1

The issue you are facing:

Overall nextcloud seems to be working fine.

Nextcloud is installed under /var/www/nextcloud
Data is installed under /srv/data/nextcloud
Apps are installed under /srv/data/nextcloud_apps

After upgrade to 29, the admin overview page complains it can’t find js and heartbeat files. When checking the apache log it shows it is trying to find those files at:

127.0.0.1 - - [20/Sep/2024:10:23:34 +0800] "HEAD /nextcloud/nextcloud/apps/settings/js/map-test.js.map HTTP/1.1" 404 5329 "-" "Nextcloud Server Crawler"

However, I am able to access the file through a webbrowser or wget when using https://127.0.0.1/nextcloud/apps/settings/js/map-test.js.map or https://mydomain.org/nextcloud/apps/settings/js/map-test.js.map.

The same is true for the heartbeat file and a font file it is checking. I don’t understand why it is doubling the nextcloud/ in the URL when looking for those files.

Is this the first time you’ve seen this error? (Y/N): Y, but the upgrade might have just made it visible, it might have been an issue all along.

Steps to replicate it:

  1. Login as admin
  2. Navigate to the admin overview page
  3. Check the warnings and the apache log

The output of your Nextcloud log in Admin > Logging:

NO REVEVANT ENTRIES

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "mydomain.org"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "29.0.7.1",
        "overwrite.cli.url": "https:\/\/mydomain.org\/nextcloud",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "app_install_overwrite": [
            "grauphel",
            "mail",
            "orcid",
            "spreed",
            "cms_pico",
            "sip_trip_phone",
            "documentserver_community",
            "mail_roundcube",
            "social",
            "socialsharing_facebook"
        ],
        "updater.release.channel": "stable",
        "maintenance": false,
        "theme": "",
        "loglevel": 0,
        "has_rebuilt_cache": true,
        "filelocking.enabled": true,
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "timeout": 0
        },
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtpauth": 1,
        "mail_smtpauthtype": "PLAIN",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "ssl",
        "default_phone_region": "SG",
        "maintenance_window_start": 1,
        "memories.exiftool": "\/srv\/data\/nextcloud_apps\/memories\/bin-ext\/exiftool-amd64-glibc",
        "memories.vod.path": "\/srv\/data\/nextcloud_apps\/memories\/bin-ext\/go-vod-amd64",
        "memories.vod.ffmpeg": "\/usr\/bin\/ffmpeg",
        "memories.vod.ffprobe": "\/usr\/bin\/ffprobe"
    }
}

The output of your Apache/nginx/system log in /var/log/____:

111.223.106.19 - - [20/Sep/2024:10:23:31 +0800] "GET /nextcloud/index.php/settings/admin/overview HTTP/1.1" 200 18618 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
111.223.106.19 - - [20/Sep/2024:10:23:31 +0800] "GET /nextcloud/ocs/v2.php/search/providers?from=%2Fnextcloud%2Fsettings%2Fadmin%2Foverview HTTP/1.1" 200 1650 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
111.223.106.19 - - [20/Sep/2024:10:23:31 +0800] "POST /nextcloud/index.php/contactsmenu/contacts HTTP/1.1" 200 1683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
111.223.106.19 - - [20/Sep/2024:10:23:31 +0800] "GET /nextcloud/ocs/v2.php/apps/user_status/api/v1/user_status HTTP/1.1" 200 980 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
111.223.106.19 - - [20/Sep/2024:10:23:31 +0800] "PUT /nextcloud/ocs/v2.php/apps/user_status/api/v1/heartbeat?format=json HTTP/1.1" 200 980 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
127.0.0.1 - - [20/Sep/2024:10:23:32 +0800] "PROPFIND /nextcloud/remote.php/webdav HTTP/1.1" 401 5210 "-" "Nextcloud Server Crawler"
111.223.106.19 - - [20/Sep/2024:10:23:32 +0800] "GET /nextcloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2746 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
127.0.0.1 - - [20/Sep/2024:10:23:32 +0800] "HEAD /nextcloud/nextcloud//srv/data/nextcloud/.ocdata HTTP/1.1" 404 5331 "-" "Nextcloud Server Crawler"
111.223.106.19 - - [20/Sep/2024:10:23:32 +0800] "GET /nextcloud/ocs/v2.php/cloud/groups/details HTTP/1.1" 200 997 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
111.223.106.19 - - [20/Sep/2024:10:23:33 +0800] "GET /nextcloud/index.php/apps/files/preview-service-worker.js HTTP/1.1" 200 1484 "https://club77.org/nextcloud/index.php/apps/files/preview-service-worker.js" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
127.0.0.1 - - [20/Sep/2024:10:23:34 +0800] "HEAD /nextcloud/nextcloud/apps/settings/js/map-test.js.map HTTP/1.1" 404 5329 "-" "Nextcloud Server Crawler"
127.0.0.1 - - [20/Sep/2024:10:23:34 +0800] "HEAD /nextcloud/nextcloud/apps/settings/js/esm-test.mjs HTTP/1.1" 404 5327 "-" "Nextcloud Server Crawler"
127.0.0.1 - - [20/Sep/2024:10:23:34 +0800] "HEAD /nextcloud/ocm-provider/ HTTP/1.1" 200 4687 "-" "Nextcloud Server Crawler"
127.0.0.1 - - [20/Sep/2024:10:23:34 +0800] "HEAD /nextcloud/ocs-provider/ HTTP/1.1" 200 4656 "-" "Nextcloud Server Crawler"
127.0.0.1 - - [20/Sep/2024:10:23:34 +0800] "GET /nextcloud/nextcloud/index.php/heartbeat HTTP/1.1" 404 10405 "-" "Nextcloud Server Crawler"
127.0.0.1 - - [20/Sep/2024:10:23:34 +0800] "HEAD /nextcloud/nextcloud/core/fonts/NotoSans-Regular-latin.woff2 HTTP/1.1" 404 5333 "-" "Nextcloud Server Crawler"
111.223.106.19 - - [20/Sep/2024:10:23:32 +0800] "GET /nextcloud/index.php/settings/ajax/checksetup HTTP/1.1" 200 3344 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

NO RELEVANT INFO

.htaccess file in /var/www/nextcloud

<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_fcgid.c>
       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
    <IfModule mod_proxy_fcgi.c>
       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>
    <IfModule mod_lsapi.c>
      SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
      RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
  </IfModule>

  <IfModule mod_env.c>
    # Add security and privacy related headers

    # Avoid doubled headers by unsetting headers in "onsuccess" table,
    # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
    Header onsuccess unset Referrer-Policy
    Header always set Referrer-Policy "no-referrer"

    Header onsuccess unset X-Content-Type-Options
    Header always set X-Content-Type-Options "nosniff"

    Header onsuccess unset X-Frame-Options
    Header always set X-Frame-Options "SAMEORIGIN"

    Header onsuccess unset X-Permitted-Cross-Domain-Policies
    Header always set X-Permitted-Cross-Domain-Policies "none"

    Header onsuccess unset X-Robots-Tag
    Header always set X-Robots-Tag "noindex, nofollow"

    Header onsuccess unset X-XSS-Protection
    Header always set X-XSS-Protection "1; mode=block"

    SetEnv modHeadersAvailable true
  </IfModule>

  # Add cache control for static resources
  <FilesMatch "\.(css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite)$">
    <If "%{QUERY_STRING} =~ /(^|&)v=/">
      Header set Cache-Control "max-age=15778463, immutable"
    </If>
    <Else>
      Header set Cache-Control "max-age=15778463"
    </Else>
  </FilesMatch>

  # Let browsers cache WOFF files for a week
  <FilesMatch "\.woff2?$">
    Header set Cache-Control "max-age=604800"
  </FilesMatch>
</IfModule>

<IfModule mod_php.c>
  php_value mbstring.func_overload 0
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>

<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddType application/wasm wasm
  AddEncoding gzip svgz
  # Serve ESM javascript files (.mjs) with correct mime type
  AddType text/javascript js mjs
</IfModule>

<IfModule mod_dir.c>
  DirectoryIndex index.php index.html
</IfModule>

<IfModule pagespeed_module>
  ModPagespeed Off
</IfModule>

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
  RewriteRule ^ocm-provider/?$ index.php [QSA,L]
  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>

# Clients like xDavv5 on Android, or Cyberduck, use chunked requests.
# When FastCGI or FPM is used with apache, requests arrive to Nextcloud without any content.
# This leads to the creation of empty files.
# The following directive will force the problematic requests to be buffered before being forwarded to Nextcloud.
# This way, the "Transfer-Encoding" header is removed, the "Content-Length" header is set, and the request content is proxied to Nextcloud.
# Here are more information about the issue:
#  - https://docs.cyberduck.io/mountainduck/issues/fastcgi/
#  - https://docs.nextcloud.com/server/latest/admin_manual/issues/general_troubleshooting.html#troubleshooting-webdav
<IfModule mod_setenvif.c>
  SetEnvIf Transfer-Encoding "chunked" proxy-sendcl=1
</IfModule>

# Apache disabled the sending of the server-side content-length header
# in their 2.4.59 patch updated which breaks some use-cases in Nextcloud.
# Setting ap_trust_cgilike_cl allows to bring back the usual behaviour.
# See https://bz.apache.org/bugzilla/show_bug.cgi?id=68973
<IfModule mod_env.c>
  SetEnv ap_trust_cgilike_cl
</IfModule>

AddDefaultCharset utf-8
Options -Indexes
#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####

ErrorDocument 403 /nextcloud/index.php/error/403
ErrorDocument 404 /nextcloud/index.php/error/404

nextcloud.conf in /etc/apache2/sites-enabled

Alias /nextcloud "/var/www/nextcloud/"
<Directory /var/www/nextcloud/>
  Options +FollowSymlinks
  AllowOverride All
 <IfModule mod_dav.c>
  Dav off
 </IfModule>
 SetEnv HOME /var/www/nextcloud
 SetEnv HTTP_HOME /var/www/nextcloud
</Directory>

000-default-le-ssl.conf in /etc/apache2/sites-enabled

<IfModule mod_ssl.c>

        <VirtualHost *:443>
                # The ServerName directive sets the request scheme, hostname and port that
                # the server uses to identify itself. This is used when creating
                # redirection URLs. In the context of virtual hosts, the ServerName
                # specifies what hostname must appear in the request's Host: header to
                # match this virtual host. For the default virtual host (this file) this
                # value is not decisive as it is used as a last resort host regardless.
                # However, you must set it for any further virtual host explicitly.
                ServerName mydomain.org
                ServerAlias www.mydomain.org

                ServerAdmin myadmin@mydomain.org
                DocumentRoot /var/www

                # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
                # error, crit, alert, emerg.
                # It is also possible to configure the loglevel for particular
                # modules, e.g.
                #LogLevel info ssl:warn

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                # For most configuration files from conf-available/, which are
                # enabled or disabled at a global level, it is possible to
                # include a line for only one particular virtual host. For example the
                # following line enables the CGI configuration for this host only
                # after it has been globally disabled with "a2disconf".
                #Include conf-available/serve-cgi-bin.conf

                Include /etc/letsencrypt/options-ssl-apache.conf
                SSLCertificateFile /etc/letsencrypt/live/mydomain.org/fullchain.pem
                SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.org/privkey.pem

                <IfModule mod_headers.c>
                        Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
                </IfModule>

        </VirtualHost>

        #Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav
        #Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav
        #Redirect 301 /.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo
        #Redirect 301 /.well-known/webfinger /nextcloud/index.php/.well-known/webfinger

        <IfModule mod_rewrite.c>
                RewriteEngine on
                #RewriteRule ^/\.well-known/carddav /nextcloud/remote.php/dav [R=301,L]
                #RewriteRule ^/\.well-known/caldav /nextcloud/remote.php/dav [R=301,L]
                #RewriteRule ^/\.well-known/webfinger /nextcloud/index.php/.well-known/webfinger [R=301,L]
                #RewriteRule ^/\.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo [R=301,L]
                RewriteRule ^.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
        </IfModule>

</IfModule>

There is another malformed URL in the apache log: ```/nextcloud/nextcloud//srv/data/nextcloud/.ocdata``` But that one does not show up in the admin/overview page. It also has the double nextcloud/, and it tries to access a local folder through a web request. The .ocdata file exists in /srv/data/nextcloud and has a zero size.

Have I configured my server wrongly or is there some kind of bug in the admin overview page? Any advice is highly appreciated!

Hello @pimmesselink , welcome to the community of Nextcloud.

it sounds same/similar to Many `could not check` on Security and setup warnings - #12 by Baggypants please check the referenced Github issue