Migrating a virtual machine with nextcloud


A long time ago (about 1.5 years ago), a genius person installed and configured a cloud service for employees based on nextcloud. All this was done on a cluster machine with Windows Server 2016 in a hyper-v virtual machine running CentOS 8 (more details below). The genius person quit his job six months ago and doesn’t remember what and how he configured it, but everything worked, everyone was fine with it and this service would have been left alone if the organization hadn’t decided to upgrade the forest and domain to Windows Server 2019. And then I come into the game and… break everything :laughing:

How it all started and symptoms:

The server decided to install on a clean machine, but first it was necessary to move all the virtual machines by exporting-import. And so, turned off the VM, exported it, transferred it, then import with registration on another machine, also under the control of the Windows Server 2016. As a result after start - instead of the site “share.OUR_SITE.ru” (xxx.xxx.xxx.xx7) opens just “OUR_SITE.ru”, which has indirect relation to nexcloud and is on another server xxx.xxx.xxx.xx8, and the site is not accessible from external network. When opening from local IP address of virtual machine with nextcloud the same story.

I deleted the imported machine in Hyper-V of the second server, started it again on the original - the problem remained. I check it at night after a lot of tinkering at work - it already gives the following error :sweat:

Internal Server Error

The server encountered an internal error and was unable to complete your request.
Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.
More details can be found in the server log.

When trying to access the site by url via CURL from the virtual machine itself, it refers to the correct IP xxx.xxx.xxx.xx7 (“share.OUR_SITE.ru”)


curl share

If the same operation is performed for the local IP of the virtual machine, then the reference is to the wrong IP xxx.xxx.xxx.xx8 (other machine with “OUR_SITE.ru”)



OS: CentOS 8
Web-server: Nginx 1.14.1
DB: PostgreSQL 10.14 (without postgre-server for some reason :thinking:)
PHP: php-fpm 7.3.24 (php php-fpm php-cli php-pgsql php-process php-imagick php-zip php-bcmath php-apcu php-igbinary php-xml php-mbstring php-gd php-ldap php-imap php-smbclient php-gmp php-intl php-crypto)
Nextcloud: 20.0.0
Caching is not enabled as far as I understand, since only php-pecl-acpu is installed

Configuration files:



user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
worker_connections 1024;

http {
log_format main '$remote_addr - $remote_user [$time_local] “$request” ’
'$status $body_bytes_sent “$http_referer” ’
‘"$http_user_agent" “$http_x_forwarded_for”’;

access_log  /var/log/nginx/access.log  main;

client_max_body_size 4096M;
server_tokens       off;
sendfile            on;
tcp_nopush          on;
tcp_nodelay         on;
keepalive_timeout   65;
types_hash_max_size 2048;

include             /etc/nginx/mime.types;
default_type        application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;

server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  _;
    root         /usr/share/nginx/html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {

    error_page 404 /404.html;
        location = /40x.html {

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {



server {
listen 80;
listen [::]:80;
server_name share.OUR_SITE.ru;

root /var/www/nextcloud;

add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options "SAMEORIGIN";

# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;

# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

location / {
    rewrite ^ /index.php$uri;

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;

location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    #fastcgi_param HTTPS on;
    #Avoid sending the security headers twice
    fastcgi_param modHeadersAvailable true;
    fastcgi_param front_controller_active true;
    fastcgi_pass unix:/run/php-fpm/www.sock;
    fastcgi_intercept_errors on;
    fastcgi_request_buffering off;

location ~ ^/(?:updater|ocs-provider)(?:$|/) {
    try_files $uri/ =404;
    index index.php;

location ~ \.(?:css|js|woff|svg|gif)$ {
    try_files $uri /index.php$uri$is_args$args;
    add_header Cache-Control "public, max-age=15778463";
    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
    try_files $uri /index.php$uri$is_args$args;
    access_log off;



Спойлер <?php $CONFIG = array ( 'instanceid' => 'АйДи', 'passwordsalt' => 'ПАРОЛЬ', 'secret' => 'СЕКРЕТ', 'trusted_domains' => array ( 0 => '', ), 'trusted_proxies' => array ( 0 => '', ), 'enable_previews' => true, 'enabledPreviewProviders' => array ( 0 => 'OC\\Preview\\TXT', 1 => 'OC\\Preview\\MarkDown', 2 => 'OC\\Preview\\OpenDocument', 3 => 'OC\\Preview\\PDF', 4 => 'OC\\Preview\\MSOffice2003', 5 => 'OC\\Preview\\MSOfficeDoc', 6 => 'OC\\Preview\\PDF', 7 => 'OC\\Preview\\Image', 8 => 'OC\\Preview\\Photoshop', 9 => 'OC\\Preview\\TIFF', 10 => 'OC\\Preview\\SVG', 11 => 'OC\\Preview\\Font', 12 => 'OC\\Preview\\MP3', 13 => 'OC\\Preview\\Movie', 14 => 'OC\\Preview\\MKV', 15 => 'OC\\Preview\\MP4', 16 => 'OC\\Preview\\AVI', ), 'overwritehost' => 'share.OUR_SITE.ru', 'overwriteprotocol' => 'https', 'overwritewebroot' => '', 'overwritecondaddr' => '^10\\.0\\.1\\.1$', 'datadirectory' => '/var/www/nextcloud/data', 'dbtype' => 'pgsql', 'version' => '', 'overwrite.cli.url' => '', 'dbname' => 'nextcloud', 'dbhost' => '', 'dbport' => '', 'dbtableprefix' => 'oc_', 'dbuser' => 'nextcloud', 'dbpassword' => 'ПАРОЛЬ', 'installed' => true, 'maintenance' => false, 'mail_from_address' => 'share', 'mail_smtpmode' => 'smtp', 'mail_sendmailmode' => 'smtp', 'mail_domain' => 'OUR_SITE.ru', 'mail_smtpauthtype' => 'LOGIN', 'mail_smtphost' => '', 'mail_smtpport' => '25', 'memcache.local' => '\\OC\\Memcache\\APCu', 'ldapIgnoreNamingRules' => false, 'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory', 'mail_smtpauth' => 1, 'mail_smtpname' => 'СМТРИМЯ', 'mail_smtppassword' => 'СМТРПАРОЛЬ', );

/etc/php.ini /etc/php-fpm.conf (These two have slight changes )
/etc/php-fpm.d/www.conf (here only the user has been changed from the default “apache” to “nginx”)











Tested “sudo -u nginx php /var/www/nextcloud/index.php”. It gave next result:



Error logs


Temporarily disabled SELinux and “Hurray!” it worked!)

Based on this, I had to tweak SELinux and now everything works even with it enabled (after restarting the VM, I also checked :wink:).

Below is a mini-instruction, maybe it will help for someone.

SELinux mini-instruction

SELINUX CONFIGURATION on CentOS 8 FOR Nextcloud + nginx

Settings for /home/nextcloud.
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/data(/.*)?'

Settings for config.
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/config(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/etc/nginx/conf.d(/.*)?'

Settings for apps.
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/apps(/.*)?'

Settings for .htaccess.
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/.htaccess'

Settings for .user.ini.
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/.user.ini'

Settings for logs.
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'

Apply changes.
sudo restorecon -Rv '/etc/nginx/conf.d/'
sudo restorecon -Rv '/var/www/nextcloud/'

An additional setting is needed if your installation is connecting to a remote database:
setsebool -P httpd_can_network_connect_db on

** Allow access to LDAP server**
setsebool -P httpd_can_connect_ldap on

Nextcloud requires access to remote networks for functions such as Server-to-Server sharing, external storages or the app store. To allow this access use the following setting:
setsebool -P httpd_can_network_connect on

Allow access to network memcache
This setting is not required if httpd_can_network_connect is already on.
setsebool -P httpd_can_network_memcache on

** Allow access to SMTP/sendmail**
setsebool -P httpd_can_sendmail on

** Allow access to CIFS/SMB**
Если вы разместили свой каталог данных на общем ресурсе CIFS / SMB
setsebool -P httpd_use_cifs on

Links for understanding:
Nextcloud installation and settings

SELinux configuration tips

Установка Nextcloud на CentOS 8 (раздел про настройку SELinux )

Шпаргалка по SELinux )