Need help for configuring first Nextcloud appliance for esx

Jean-Francois_Guenet · July 12, 2018, 6:33pm

Hello im new to nextcloud

Ive download the ESX image and installed it

Now ive got some questions that i can’t figured out

1- ive installed the app nextcloud and when i go here

https://nextcloud.domain.com/nextcloud/index.php

i get this error

Please contact your administrator. If you are an administrator, edit the “trusted_domains” setting in config/config.php like the example in config.sample.php.
Depending on your configuration, this button could also work to trust the domain:

So i edited the file /var/lib/univention-appcenter/apps/nextcloud/conf/config/config.php

here is what look the file

<?php
$CONFIG = array (
'passwordsalt' => 'xxx',
'secret' => 'xxx',
'trusted_domains' =>
array (
0 => 'nextCloud.domain.com',
1 => '192.168.xx.xx',
2 => 'cloud.domain.com',
),
'datadirectory' => '/var/lib/univention-appcenter/apps/nextcloud/data/nextcloud-data',
'overwrite.cli.url' => 'https://nextCloud.domain.com/nextcloud',
'dbtype' => 'pgsql',
'version' => '13.0.4.0',
'dbname' => 'nextcloud',
'dbhost' => '172.17.42.1',
'dbport' => '5432',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextcloud',
'dbpassword' => 'xxx',
'installed' => true,
'instanceid' => 'xxx',
'updatechecker' => 'false',
'memcache.local' => '\\OC\\Memcache\\APCu',
'overwriteprotocol' => 'https',
'overwritewbroot' => '/nextcloud',
'htaccess.RewriteBase' => '/nextcloud',
'ldapIgnoreNamingRules' => false,
'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
'trusted_proxies' =>
array (
0 => '172.17.42.1',
),
);

if i go with the ip adress it’s working fine

2- how do i configured this - i can’t find on wich file to make the modification

The “Strict-Transport-Security” HTTP header is not set to at least “15552000” seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips.

3- On the Univention Portal when we click on the apps Nextcloud how can we change the url it will open to
https://cloud.domain.com/nextcloud/index.php

Thanks for your help !

Jean-Francois_Guenet · July 16, 2018, 1:19pm

Anyone can help me please ??

Reiner_Nippes · July 16, 2018, 2:09pm

which url are you using in your browser to connect to your nextcloud?
http(s)://nextCloud.domain.com
of another internal name?

just a guess: did you try nextcloud.doamin.com with a small “c” in nextcloud?

mactrent · July 16, 2018, 2:11pm

Accepted domains:

I’d recommend replacing this with entirely lower-case characters (‘nextcloud.domain.com’) and see if that helps any. If it works when going to the IP, it would seem you have the correct file for this.

Strict-Transport-Security header:

This depends entirely on what web server software you’re running with Univention, which appears to be apache2 by default. You’ll need to edit either the configuration file for apache, wherever that lives, or the .htaccess file for Nextcloud if that’s supported. Univention might have their own way you’re supposed to do this, so take this with a grain of salt.
There’s a tuturial on what STS headers are and how to add them to different webservers here, or a StackOverflow question on adding using the .htaccess file here.

Univention URL:

Unless there’s a way to do that directly from the Univention UI, you may need to further modify the apache config. Probably a redirect will play nice with Univention’s existing config, and still get you the experience you’re after. It’s still probably best to ask them, though, as this is specific to their deployment settings.

Note
You’ll also probably want to redact or change (by removing and reinstalling, if that’s feasible) some of the settings from the config file you’ve posted here - passwordsalt, secret and dbpassword, in particular. They can’t just be changed in the config, as user accounts and such have all been calculated based on them.

Jean-Francois_Guenet · July 16, 2018, 2:22pm

Hi thanks for your answer

So ive tried all these website below and none work except for the ip adress

‘trusted_domains’ =>
array (
0 => ‘nextcloud.domain.com’,
1 => ‘192.168.51.4’,
2 => ‘cloud.domain.com’,
),

Reiner_Nippes · July 16, 2018, 2:53pm

which url do you use in your browser?
that one should be in the trusted domain array.

Jean-Francois_Guenet · July 16, 2018, 2:55pm

im using https://cloud.domain.com/nextcloud/index.php

JasonBayton · July 16, 2018, 9:18pm

Unless you own “cloud.domain.com”, which you do not, you’ll need to update it with your actual domain name, otherwise indeed only the IP will ever work.

Just in case that needs to be said…

Reiner_Nippes · July 16, 2018, 10:10pm

jean francois: i don’t know this univention stuff. can you confirm that in your environment cloud.domain.com is a valid dns a record (or cname)?
i asume it work’s because if not you would get the error message about the trusted domain.

is cloud.domain.com the server ip address?

Jean-Francois_Guenet · July 17, 2018, 12:35pm

Just to be cleared ive wrote cloud.domain.com but it was just to not mention what was my true website

ive create a dns record with my ISP

Jean-Francois_Guenet · July 17, 2018, 1:40pm

WOW ive finally figured this out

i was editing this file

/var/lib/univention-appcenter/apps/nextcloud/conf/config/config.php

and nothing was working so i search for another config.php at the root of the server and find this one

/var/lib/docker/overlay/1010c4732ad7af6d9067d5a41855f1ee1d17da50383a1f75e33aeeb303b02e30/merged/var/www/html/config/config.php

ive edit this one and now everything is working fine

i think that documentation for this should be update so new user like me don’t waste time on this

ill keep continue to work on #2 and #3 question and update you

Jean-Francois_Guenet · July 17, 2018, 6:17pm

For question #2 here is what i did to solve my problem

Edit the file /etc/apache2/sites-enabled/default-ssl.conf and add these lines

    <IfModule mod_headers.c>
            Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
    </IfModule>

Reiner_Nippes · July 17, 2018, 6:31pm

great that you found a solution.
i would strongly advice to ask the univention guys if you did it right. that is to say this config might be lost after reboot or update of the docker container.
and #3 is also related to univention and not nextcloud.

Jean-Francois_Guenet · July 17, 2018, 6:48pm

Forget question #3 it’s not neccesary

I have a 4th question

is this possible to deny access to https://cloud.mydomain/univention/portal/

and just permit access to https://cloud.mydomain/nextcloud/

Reiner_Nippes · July 17, 2018, 8:19pm

you have to find and edit the web server config. and disable the /univention/portal/ part.

what is in /etc/apache2/sites-enabled ?

Jean-Francois_Guenet · July 17, 2018, 8:52pm

root@cloud:/etc/apache2/sites-enabled# ls
000-default.conf default-ssl.conf default-ssl.conf.bakjfg univention.conf univention-portal.conf univention-saml.conf univention-server-overview.conf

Reiner_Nippes · July 17, 2018, 9:10pm

a2ensite, a2dissite - enable or disable an apache2 site / virtual host
https://www.systutorials.com/docs/linux/man/8-a2ensite/

you may try.

Jean-Francois_Guenet · July 18, 2018, 8:23pm

The answer for the 4th question is here

Thanks all for your help