Nextcloud version: 23.0.3 (Installed through manual archive)
Operating system and version: Rocky Linux 8.5 x86_64 (CentOS/RHEL based distro)
Apache version: 2.4.37
PHP version: 7.4.28
The issue you are facing
My manual installation of Nextcloud assigned to a custom domain is not accessible through HTTPS.
The output of curl -I http://cloud.mydomain.com/
:
HTTP/1.1 302 Found
Date: Sat, 02 Apr 2022 06:44:27 GMT
Server: Apache/2.4.37 (rocky) OpenSSL/1.1.1k
X-Powered-By: PHP/7.4.28
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-XXXX='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Set-Cookie: oc_sessionPassphrase=XXXX; path=/; HttpOnly; SameSite=Lax
Set-Cookie: XXXX; path=/; HttpOnly; SameSite=Lax
Set-Cookie: nc_sameSiteCookielax=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: nc_sameSiteCookiestrict=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block
Location: http://cloud.mydomain.com/login
Content-Type: text/html; charset=UTF-8
Output of curl -I https://cloud.mydomain.com/
:
curl: (7) Failed to connect to cloud.mydomain.com port 443 after 11 ms: No route to host
Is this the first time you’ve seen this error?: Y
Steps to replicate it
- Archive install of 23.0.3 following the CentOS Example Installation verbatim, using
redis
,apache
andSELinux
. - Following the hardening and security guide to enable HTTPS on apache and nextcloud.
- Setup DDNS from Namecheap using
ddclient
. - Attempt to access Nextcloud over
https://cloud.mydomain.com
.
Config and log outputs
The output of config.php
:
<?php
$CONFIG = array (
'instanceid' => 'ocgud5r92gf2',
'passwordsalt' => 'XXXX',
'secret' => 'XXXX',
'trusted_domains' =>
array (
0 => 'localhost',
1 => '192.168.0.208',
2 => 'cloud.mydomain.com',
),
'datadirectory' => '/mnt/nextcloud/data',
'dbtype' => 'mysql',
'version' => '23.0.3.2',
'overwrite.cli.url' => 'https://cloud.mydomain.com',
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'XXXX',
'dbpassword' => 'XXXX',
'installed' => true,
'htaccess.RewriteBase' => '/',
'music.lastfm_api_key' => 'XXXX',
'memcache.local' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'localhost',
'port' => 6379,
),
'maintenance' => false,
);
The output of Apache log in /var/log/httpd/
(upon fresh restart of httpd.service):
[Sat Apr 02 08:16:18.046242 2022] [mpm_event:notice] [pid 12219:tid 140105173596480] AH00492: caught SIGWINCH, shutting down gracefully
[Sat Apr 02 08:16:28.113673 2022] [core:notice] [pid 12548:tid 139743056038208] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Sat Apr 02 08:16:28.114422 2022] [suexec:notice] [pid 12548:tid 139743056038208] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat Apr 02 08:16:28.124279 2022] [so:warn] [pid 12548:tid 139743056038208] AH01574: module ssl_module is already loaded, skipping
[Sat Apr 02 08:16:28.127059 2022] [lbmethod_heartbeat:notice] [pid 12548:tid 139743056038208] AH02282: No slotmem from mod_heartmonitor
[Sat Apr 02 08:16:28.129395 2022] [mpm_event:notice] [pid 12548:tid 139743056038208] AH00489: Apache/2.4.37 (rocky) OpenSSL/1.1.1k configured -- resuming normal operations
[Sat Apr 02 08:16:28.129417 2022] [core:notice] [pid 12548:tid 139743056038208] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
Apache configuration in nextcloud.conf
:
<VirtualHost *:80>
DocumentRoot /var/www/html/nextcloud/
ServerName cloud.mydomain.com
# Redirect permanent / https://cloud.mydomain.com/
<Directory /var/www/html/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName cloud.mydomain.com
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
</VirtualHost>
Additional troubleshooting information
- The Nextcloud instance is fully accessible and functional over LAN.
- By disabling the HTTPS redirect, I’ve been able to confirm that my Nextcloud instance is reachable from my domain over unecrypted HTTP. Therefore, the DDNS service seems to be set up properly. I presume neither http nor https would work for
cloud.mydomain.com
if it were setup incorrectly. - For testing purposes I enabled a universal SELinux httpd rule for the entire
/var/www/html/nextcloud/
folder to no avail. - I’ve refreshed the Let’s Encrypt certificate and even had an entirely new one created for
cloud.mydomain.com
, but it did not fix the issue.