My ip address navigates to apache2 ubuntu default page after enabling SSL


before this I’m using the nextcloud without any error when running my ip address to the browser. Today, I saw there’s a part in nextcloud 13 administration manual that enable the SSL for the nextcloud. After adding the SSL commands and add Satisfy Any at directory section at vim /etc/apache2/sites-available/nextcloud.conf , I cannot open my nextcloud instead navigate the browser page to apache2 ubuntu default page. I’m also put the https:// before the ip address and also try to put https://myipaddress/nextcloud but got a message unable to connect/URL not found. Is anyone know what’s the problem?

before this,I followed the tutorial on how to install nextcloud from this website:

Did you redirect 80 to 443 in your apache conf, this is the most common error:

( wiki copy )When using SSL, you will frequently have at least two virtual hosts: one on port 80 to serve ordinary requests, and one on port 443 to serve SSL. If you wish to redirect users from the non-secure site to the SSL site, you can use an ordinary Redirect directive inside the non-secure VirtualHost:

So, I need to change my apache configuration below:

root@linuxhelp:/var/www/html# vim /etc/apache2/sites-available/nextcloud.conf
Alias /nextcloud "/var/www/html/nextcloud/"
Options +FollowSymlinks
AllowOverride All

Dav off

SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud

to new apache configuration that specify virtualhost 80 and 443 like the redirectSSL link you share with me?

Best thing to do is using apache2 module rewrite

To check your modules installed liste, check /etc/apache2/mods-available/
( or do apt-cache search libapache2 )

access_compat.load  authn_core.load       authz_host.load   cache_socache.load  dbd.load         fcgid.conf         info.conf                 macro.load        negotiation.conf     proxy_fcgi.load    proxy_wstunnel.load  session_dbd.load       ssl.load
actions.conf        authn_dbd.load        authz_owner.load  cern_meta.load      deflate.conf     fcgid.load         info.load                 mime.conf         negotiation.load     proxy_fdpass.load  ratelimit.load       session.load           status.conf
actions.load        authn_dbm.load        authz_user.load   cgid.conf           deflate.load     file_cache.load    lbmethod_bybusyness.load  mime.load         perl.load            proxy_ftp.conf     reflector.load       setenvif.conf          status.load
alias.conf          authn_file.load       autoindex.conf    cgid.load           dialup.load      filter.load        lbmethod_byrequests.load  mime_magic.conf   php7.0.conf          proxy_ftp.load     remoteip.load        setenvif.load          substitute.load
alias.load          authn_socache.load    autoindex.load    cgi.load            dir.conf         headers.load       lbmethod_bytraffic.load   mime_magic.load   php7.0.load          proxy_hcheck.load  reqtimeout.conf      slotmem_plain.load     suexec.load
allowmethods.load   authnz_fcgi.load      brotli.conf       charset_lite.load   dir.load         heartbeat.load     lbmethod_heartbeat.load   mpm_event.conf    proxy_ajp.load       proxy_html.conf    reqtimeout.load      slotmem_shm.load       unique_id.load
asis.load           authnz_ldap.load      brotli.load       data.load           dump_io.load     heartmonitor.load  ldap.conf                 mpm_event.load    proxy_balancer.conf  proxy_html.load    request.load         socache_dbm.load       userdir.conf
auth_basic.load     authz_core.load       buffer.load       dav_fs.conf         echo.load        http2.load         ldap.load                 mpm_prefork.conf  proxy_balancer.load  proxy_http2.load   rewrite.load         socache_memcache.load  userdir.load
auth_digest.load    authz_dbd.load        cache_disk.conf   dav_fs.load         env.load         ident.load         log_debug.load            mpm_prefork.load  proxy.conf           proxy_http.load    sed.load             socache_shmcb.load     usertrack.load
auth_form.load      authz_dbm.load        cache_disk.load   dav.load            expires.load     imagemap.load      log_forensic.load         mpm_worker.conf   proxy_connect.load   proxy.load         session_cookie.load  speling.load           vhost_alias.load
authn_anon.load     authz_groupfile.load  cache.load        dav_lock.load       ext_filter.load  include.load       lua.load                  mpm_worker.load   proxy_express.load   proxy_scgi.load    session_crypto.load  ssl.conf               xml2enc.load

to check the active modules /etc/apache2/mods-enabled the ls -la
rewrite.load -> ../mods-available/rewrite.load

IF rewrite_load is present in /etc/apache2/mods-available/ but not present in /etc/apache2/mods-enabled then do
a2enmod rewrite
systemctl restart apache2

IF rewrite.load is present then you need to modify your /etc/apache2/sites-enabled/000-default.conf
to match something like:

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html  <--- your doc root location
        Protocols h2 http/1.1   <--- this is http2 protocol enable if apache >= 2.4
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        RewriteEngine on  <-- start of permanent redirection using the --apache-rewrite mod
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]  <-- end of rewrite rules_

thats it, ALL your http access will be rewrite as https

after that, you need to have a ssl conf like this one:


<IfModule mod_ssl.c>

    <VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        Protocols h2 http/1.1
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLCertificateFile /etc/letsencrypt/live/REDACTED/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/REDACTED/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        ServerName YOURSERVERNAME
        Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"

SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder     on
SSLCompression          on
SSLSessionTickets       off

SSLOptions +StrictRequire

SSLUseStapling          on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache        shmcb:/var/run/ocsp(128000)


This configuration files is made for an debian/ubuntu server with APACHE2 >= 2.4

  • SSL certs by letsencrypt
  • more secure SSL setting
  • HTTP2 enable
  • HSTS enable
  • Strong modern CipherSuite

and of course a good /etc/apache2/apache2.conf

# Global configuration
# server wide global conf for HTTP2 over http/https could be set also in vhost
Protocols h2c http/1.1  
Protocols h2 http/1.1
ServerTokens Prod
ServerSignature Off 
DefaultRuntimeDir ${APACHE_RUN_DIR}
Timeout 800
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 20
# logging ip needed for fail2ban parsing
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf

# better security enable in vhost files
<Directory />
	Options FollowSymLinks
	AllowOverride None
	Require all denied

<Directory /usr/share>
	AllowOverride None
	Require all granted

<Directory /var/www/>
	Options Indexes FollowSymLinks
#        Options FollowSymLinks
	AllowOverride None
	Require all granted

AccessFileName .htaccess

<FilesMatch "^\.ht">
	Require all denied

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf