У меня уже глаз начинает дёргаться, я новичок и у меня проблема с каким-то конфигурациями, неделю не могу разобраться, копировал разные от разных примеров и ничего толком не работает, сама проблема - по 80 порту все хорошо страница загружается полноценная с картинками и стилями и js, по 443 загружается только текст (во вложении).
config.php:
'upgrade.disable-web' => true,
'instanceid' => 'ocmqtk5rjgns',
'trusted_proxies' =>
array (
0 => 'nextcloud',
1 => '192.168.1.250',
2 => 'nginx',
3 => 'https://192.168.1.250',
4 => '127.0.0.1',
5 => '*.*.*.*',
6 => '172.19.0.4'
),
nginx config:
upstream php-handler {
server 127.0.0.1:9000;
}
server {
listen 443 ssl;
server_name 192.168.1.250;
# root /var/www/html;
index index.php;
ssl_certificate /etc/ssl/certs/self.crt;
ssl_certificate_key /etc/ssl/certs/self.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling off;
ssl_stapling_verify off;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
location /nextcloud/ {
index index.php index.html;
proxy_pass http://nextcloud:80/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
}
location ~ \.php$ {
fastcgi_pass php_4:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
}
}
docker yml
version: "2"
services:
php_4:
image: php:8.2-fpm
container_name: php_4_nginx
volumes:
- ./data/nginx/www:/var/www
restart: unless-stopped
nginx:
build:
context: .
dockerfile: Dockerfile_NGINX
container_name: nginx_serv
restart: unless-stopped
volumes:
- ./conf/nginx:/etc/nginx/conf.d
- ./data/nginx/www:/var/www/html
ports:
- 192.168.1.250:80:80
- 192.168.1.250:443:443
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
nextcloud:
image: nextcloud
container_name: nextcloud
environment:
- PUID=998
- PGID=100
- TZ=Europe/Moscow
volumes:
- ./conf/nextcloud:/var/www/html
ports:
- 8080:80
restart: unless-stopped
При этом css js по прямой ссылке доступны (видно из вложения)
wwe
January 18, 2025, 8:28pm
2
please look at good examples
at the first glance I see you are trying to access https://{ip address} which can never ever have valid public TLS certificate - likely your are using self-signed-certificate
user_user:
‘trusted_proxies’ =>https://192.168.1.250 ’,. .. ’,
your trusted proxies loos really weird - this should only have ip addresses/ranges without https:… *.*.*.* is completely invalid AFAIK - valid alternative would be 0.0.0.0.0/0 - if you want to completely ignore security measures applied to reverse rpoxy.
I would recommend you familiarize yourself with technologies you are using e.g. check the 101 101: reverse proxy and trusted_proxies
Спасибо за ответ. Я поменялconfig.php как вы и сказали:
'upgrade.disable-web' => true,
'instanceid' => 'ocmqtk5rjgns',
'trusted_proxies' =>
array (
0 => '192.168.1.250',
1 => '192.168.1.31',
2 => '0.0.0.0/0'
),
добавил в конфигурацию nginx новые блоки
upstream php-handler {
server 127.0.0.1:9000;
}
map $arg_v $asset_immutable {
"" "";
default ", immutable";
}
server {
listen 443 ssl;
server_name 192.168.1.250;
index index.php;
ssl_certificate /etc/ssl/certs/self.crt;
ssl_certificate_key /etc/ssl/certs/self.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling off;
ssl_stapling_verify off;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
location /nextcloud/ {
index index.php index.html;
proxy_pass http://nextcloud:80/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
}
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
# Serve static files
location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463$asset_immutable";
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
}
}
Проблема не ушла, страница по прежнему загружает только текст, но в логах nginx появилась интересная строка 404, которой раньше не было, данный файл есть в nextcloud я проверял:
nginx_serv | 192.168.1.250 - - [18/Jan/2025:23:25:34 +0000] "GET /nextcloud/ HTTP/1.1" 200 2673 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0" "-"
nginx_serv | 192.168.1.250 - - [18/Jan/2025:23:25:35 +0000] "GET /apps/theming/css/default.css?v=ba222ded25d957b900c03bef914333cd HTTP/1.1" 404 153 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0"
Помогите, пожалуйста, почему nginx не может получить доступ к css?
wwe
January 20, 2025, 8:31pm
5
I’m not an expert with Nginx but the official config looks other than yours. I would start there and continue searching through nginx
reading further maybe describes your issue: JavaScript (.js) or CSS (.css) files not served properly
