I’m trying to enable https in nextcoud, but I only manage to make it work with http. My hardware is a raspberry pi with OSMC (basically debian). To install it and set it up the I’ve followed a tutorial (I could post the link if you think it’s useful for understanding my problem), and I’ve generated a customized conf file with the following configuration:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/nextcloud
Alias /nextcloud "/var/www/nextcloud/"
<Directory "/var/www/nextcloud/">
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
Require all granted
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
ErrorLog ${APACHE_LOG_DIR}/nextcloud_error_log
CustomLog ${APACHE_LOG_DIR}/nextcloud_access_log common
</VirtualHost>
I've enable this .conf file with sudo a2ensite nextcloud.conf, and disabled the default one with sudo a2dissite 000-default.conf.
Nextcloud is installed in /var/www, and working properly for http. To try to enable HTTPS I´ve done the following:
1. modify in sudo nano /etc/apache2/apache2.conf the entry:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
In order to Allowing the .htaccess.
Create a certificate and enable ssl. I enable it by modifying the default conf file in sudo nano /etc/apache2/sites-available/default-ssl.conf to point to my certificate and also by using the comand sudo a2ensite default-ssl.conf
I’m able to load the certificate, but I get 404 error. My question is should I modify my custom .conf file to use ssl? how should I modify it?
Your Nextcloud directory should be a subdirectory of /var/www/, like /var/www/nextcloud. You may later want to add other services.
Your custom apache conf file should be in /etc/apache2/sites-available/
Don’t modify the /etc/apache2/apache2.conf
You need to enable the custom file by
sudo a2ensite <your site conf>
and reload apache.
Change the existing VirtualHost to
<VirtualHost *:443>
And insert the statements to refer to your SSL keys. At this step you already should be able to call your site via https.
Next you insert a second VirtualHost like this: <VirtualHost *:80> ServerName <your server name> # is that missing above??? Redirect permanent / https://<your server name> </VirtualHost>
Now you can call your site via http, and it will be redirected to https.
It worked perfectly, thanks! Now I can connect through https. But if I include the second step to redirect the http conection through https the server stops runing. It gives me an error in the first line of the new virtualhost (the serverName line). I’m using a duckdns domain. should I write in there xxx.duckdn.org, and the same in the next line?
It’s always nice to report the actual error, instead to say “It gives me an error”. Yes, if xxx.duckdn.org is your domain, this is the ServerName for both virtual hosts.
Sorry, I didn’t specify the error. If I use systemctl “status apache2.service” I get:
oct 08 19:13:31 osmc systemd[1]: Starting The Apache HTTP Server...
oct 08 19:13:32 osmc apachectl[12634]: AH00526: Syntax error on line 29 of /etc/apache2/sites-enabled/nextcloud.conf:
oct 08 19:13:32 osmc apachectl[12634]: ServerName takes one argument, The hostname and port of the server
oct 08 19:13:32 osmc apachectl[12634]: Action 'start' failed.
oct 08 19:13:32 osmc apachectl[12634]: The Apache error log may have more information.
oct 08 19:13:32 osmc systemd[1]: apache2.service: Control process exited, code=exited status=1
oct 08 19:13:32 osmc systemd[1]: Failed to start The Apache HTTP Server.
oct 08 19:13:32 osmc systemd[1]: apache2.service: Unit entered failed state.
oct 08 19:13:32 osmc systemd[1]: apache2.service: Failed with result 'exit-code'.
My conf file now looks like:
<VirtualHost *:443>
ServerName domain.duckdns.org
ServerAdmin webmaster@localhost
DocumentRoot /var/www/nextcloud
Alias /nextcloud "/var/www/nextcloud/"
<Directory "/var/www/nextcloud/">
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
Require all granted
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
ErrorLog ${APACHE_LOG_DIR}/nextcloud_error_log
CustomLog ${APACHE_LOG_DIR}/nextcloud_access_log common
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
</VirtualHost>
<VirtualHost *:80>
ServerName domain.duckdns.org # is that missing above???
Redirect permanent / https://domain.duckdns.org
</VirtualHost>
Wait, now I don’t understand this. I never appended :443 to my ServerName lines, and my portals all work perfect.
What may be different, as I have virtual hosts attached to different IP adresses, my VirtualHost lines are like this:
<VirtualHost $ip:443>
where $ip is declared in a macro call.
@eehmke I don’t know exactly why this is necessary in this case, but the error message is exactly saying what is missing.
On my own server the wildcard virtual host definition never worked as described in the examples, because I run several different domains, all secured by its own certificate, on the same server. The only way I got hold of it was, to use the FQDN and port in the VirtualHost definition and also for the ServerName parameter.
@j-ed This is really strange. I would like to find out the reason for this differences. You have the FQDM also also in the VirtualHost definition? There I only have the IP number and the port. I also have several different domains, even with different IP numbers, on the same server.
@eehmke I’m not using ip addresses but FQDN, mainly because I made the experience that SNI only works reliable if the server name is given in the VirtualHost definition.
