LAN installation of nextcloud not possible?

Hello:=)

i would like to install nextcloud 18 (LAN) manually. is set up so far and is currently stuck at the input of the database data. As soon as I enter the data, I get the error “Failed to enable app federatedfilesharing”. I do not have this issue when i install nextcloud on my other servers so i have no idea what is going on there.

document root permissions: www-data:www-data and rwxr-x—

The error in Nginx error log:
2020/05/16 21:44:26 [error] 1760#1760: *37 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.178.23, server: cloud.lan, request: “GET /index.php/csrftoken HTTP/1.1”, upstream: “fastcgi://127.0.0.1:9000”, host: “cloud.lan”, referrer: “https://cloud.lan/index.php”

My Nginx config:

upstream php-handler {
    server 127.0.0.1:9000;
    server unix:/var/run/php/php7.3-fpm.sock;
}
server {
   listen 80;
   server_name cloud.lan;
   # enforce https
   return 301 https://$server_name$request_uri;
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name cloud.lan;
    ssl_certificate /home/pi/certs/example.crt;
    ssl_certificate_key /home/pi/certs/example.key;
    # Add headers to serve security related headers Before enabling Strict-Transport-Security headers please 
    #read into this topic first. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; 
    #preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    # FIX for SAMEORIGIN ERROR
    add_header X-Frame-Options “SAMEORIGINâ€;
    # Path to the root of your installation
    root /var/www/nextcloud;
    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload;";
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
    location ^~ /apps/rainloop/app/data {
        deny all;
    }
    # The following 2 rules are only needed for the user_webfinger app. Uncomment it if you're planning to use 
    #this app. rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta last; rewrite 
    #^/.well-known/host-meta.json
    # /nextcloud/public.php?service=host-meta-json last;
    location = /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }
    location /.well-known/acme-challenge { }
    location ^~ / {
        # set max upload size
        client_max_body_size 512M;
        fastcgi_buffers 64 4K;
        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml application/javascript application/json application/ld+json 
application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject 
application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype 
image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard 
text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
        # Uncomment if your server is build with the ngx_pagespeed module This module is currently not 
        #supported. pagespeed off;
        location / {
            rewrite ^ /index.php$request_uri;
        }
        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }
        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
        location ~ 
^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param HTTPS on;
            #Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }
        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri/ =404;
            index index.php;
        }
        # Adding the cache control header for js and css files Make sure it is BELOW the PHP block
        location ~ \.(?:css|js|woff|svg|gif)$ {
            try_files $uri /index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers (It is intended to have those duplicated to the ones 
            # above) Before enabling Strict-Transport-Security headers please read into this topic first. 
            # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            # Optional: Don't log access to assets
            access_log off;
        }
        location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
            try_files $uri /index.php$request_uri;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
}

My understanding of the federation services is that it requires a real domain, unfortunately. You could, if you wanted to, configure the server that responds to requests from multiple domains, using the lan for your daily activities (fast!!) and facilitating federation with the actual internet domain.

Thank you:)
is it also possible to completely disable this service so that the setup completes successfully? i do not need it in the LAN

Yes, just disable it. You can globally disable it in the admin settings. I am not sure if the code is then not loaded at all…

Hello and thank you for your answer.

I hope you have some idea of my next problem. I’m trying to disable the app using the OCC command. The command is:
sudo -u www-data php occ app:disable federatedfilesharing

My nextcloud is downloaded from the website. Not installed via package.

But I get an error message, which I can’t find a solution on the internet:

PHP Warning: PHP Startup: Unable to load dynamic library ‘pam.so’ (tried: /usr/lib/php/20180731/pam.so (/usr/lib/php/20180731/pam.so: cannot open shared object file: No such file or directory), /usr/lib/php/20180731/pam.so.so (/usr/lib/php/20180731/pam.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
Nextcloud is not installed - only a limited number of commands are available

Command “app:disable” is not defined.

Do you want to run “app:check-code” instead? (yes/no) [no]:

no

Kind regards
Knight