Nextcloud version (15):
Operating system and version (Mint 19.1):
Apache version (Apache 2.4.25):
PHP version (7.2):
MariaDB:
OpenSSL:
Please forgive me as I know from searching that this question has a bountiful number of hits. I have read a lot of ‘solutions’ but none seem to be exactly what I am searching for or they haven’t worked. I am hoping that someone will easily see the err of my way!
After installation, I am able to successfully access NC both internally and externally using my DN though I need to add ‘:8888’ behind it. I am only able to get a secure connection on my host machine with the desktop NC app installed. All others show unsecured. Was not able to use Let’sEncrypt as I am not able to use port 80 and it erred out.
I have completed/tried the following steps.
Opened ports 8888 and 443 on my router (8888 used in place as my ISP blocks 80).
Configured the hosts and ports accordingly
Created an Self-Signed Certificate with OpenSSL with the following code;
And what this means? What you want to achieve?
443 Should woks with https fine.
8888 seems to be http-only port. If you want to use it as https too you need to enable SSLEngine: http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#SSLEngine and setup Certificate etc. as you done in Default-SSL.conf.
Or added the same config in Default-SSL.conf as for 443 to VirtualHost 8888 too.
Also if you connect with self-signed Cert - it will be shown as un-trusted and you need to added exception for it.
What I meant is where ever I visit from (browser or app) I am not achieving ‘secured’ connection through ‘https’. Assuming that it was because I didn’t have the next part (below) done or was missing an essential part?
Does this mean that I should add the following lines to my ‘default.conf’ file?
Basically you can work with Port 443 only, Configure it as a HTTPS, restrict to TLS 1.2 and 1.3 and enjoy. My config how-to is here:
I do not know why you would like to have also 8888 port open. Is your ISP blocks 443 also? Otherwise it does not make sense, because you have already 443 config.
This is my LIVE config for NC (100-nextcloud.conf). Contains 2 Virtual hosts (IP 192.168.0.100 is internal local IP of the server), on port 80 I will do only redirect to the HTTPS and that’s all (updated on 20.12.2019):
<VirtualHost 192.168.0.100:80>
ServerName HOST
ServerAdmin webmaster@HOST
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://HOST/
</VirtualHost>
<VirtualHost 192.168.0.100:443>
ServerName HOST
ServerAdmin webmaster@HOST
DocumentRoot /var/www/nextcloud
#Alias /javascript /usr/share/javascript/
#Alias /nextcloud /var/www/nextcloud/ #See https://help.nextcloud.com/t/nextcloud-16-security-scan-host-prefix/55430/4
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/HOST/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/HOST/privkey.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
<Directory /var/www/nextcloud/>
# Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
## If you want enable http2.0 --> https://gist.github.com/GAS85/990b46a3a9c2a16c0ece4e48ebce7300
#Protocols h2 h2c http/1.1
#H2Push on
#H2PushPriority * after
#H2PushPriority text/css before
#H2PushPriority image/jpg after 32
#H2PushPriority image/jpeg after 32
#H2PushPriority image/png after 32
#H2PushPriority application/javascript interleaved
#SSLUseStapling on
#SSLStaplingResponderTimeout 5
#SSLStaplingReturnResponderErrors off
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
Header always set Referrer-Policy no-referrer
ErrorDocument 403 "Hmmmm... Looks it is not here:)"
</VirtualHost>