Nextcloud (Mint/Apache) SSL on port 8888/443 not working

gas85 · March 20, 2019, 8:29am

For Apache Virtual Hosts it does not matter which port or host name being used. Check this out for examples: https://httpd.apache.org/docs/2.4/vhosts/examples.html

Basically you can work with Port 443 only, Configure it as a HTTPS, restrict to TLS 1.2 and 1.3 and enjoy. My config how-to is here:

gist.github.com

https://gist.github.com/GAS85/42a5469b32659a0aecc60fa2d4990308

apache_ssl.md


### Prerequisites

* Ubuntu 18.04 (16.04 works the same)
* Apache 2.4.18 or higher
* OpenSSL 1.0.2g-1ubuntu4.10 or higher
* e.g. LetsEncrypt certificate

```
OS: Ubuntu 18.04 Apache/2.4.18 1.0.2g-1ubuntu4.10

This file has been truncated. show original

I do not know why you would like to have also 8888 port open. Is your ISP blocks 443 also? Otherwise it does not make sense, because you have already 443 config.

This is my LIVE config for NC (100-nextcloud.conf). Contains 2 Virtual hosts (IP 192.168.0.100 is internal local IP of the server), on port 80 I will do only redirect to the HTTPS and that’s all (updated on 20.12.2019):

<VirtualHost 192.168.0.100:80>

ServerName HOST
ServerAdmin webmaster@HOST

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

Redirect permanent / https://HOST/

</VirtualHost>

<VirtualHost 192.168.0.100:443>

ServerName HOST
ServerAdmin webmaster@HOST

DocumentRoot /var/www/nextcloud
#Alias /javascript /usr/share/javascript/
#Alias /nextcloud /var/www/nextcloud/	#See https://help.nextcloud.com/t/nextcloud-16-security-scan-host-prefix/55430/4

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/HOST/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/HOST/privkey.pem
	
<FilesMatch "\.(cgi|shtml|phtml|php)$">
	SSLOptions +StdEnvVars
</FilesMatch>

<Directory /usr/lib/cgi-bin>
	SSLOptions +StdEnvVars
</Directory>
    
<Directory /var/www/nextcloud/>
#	Options +FollowSymlinks
	AllowOverride All

	<IfModule mod_dav.c>
		Dav off
	</IfModule>

	SetEnv HOME /var/www/nextcloud
	SetEnv HTTP_HOME /var/www/nextcloud
</Directory>

## If you want enable http2.0 --> https://gist.github.com/GAS85/990b46a3a9c2a16c0ece4e48ebce7300
#Protocols h2 h2c http/1.1
#H2Push on
#H2PushPriority * after
#H2PushPriority text/css before
#H2PushPriority image/jpg after 32
#H2PushPriority image/jpeg after 32
#H2PushPriority image/png after 32
#H2PushPriority application/javascript interleaved

#SSLUseStapling on
#SSLStaplingResponderTimeout 5
#SSLStaplingReturnResponderErrors off

Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
Header always set Referrer-Policy no-referrer
ErrorDocument 403 "Hmmmm... Looks it is not here:)"

</VirtualHost>