Nextcloud services no longer accessible

kcclemo · November 20, 2024, 5:19am

Out of nowhere I have started encountering a 403-forbidden error in my JavaScript console, and my client apps are not longer able to access the CalDav services.

My setup:

An Ubuntu server running CyberPanel. All traffic to my home router is forwarded to this server.
This server then uses a VirtualHost to forward requests based on domain name to the appropriate server on my network. In this case to my NextCloud instance running on a separate Ubuntu server using docker-compose.
My NextCloud server running on its own hardware. I am unable to view my files on the web interface either via my server’s internal IP or my domain name.

I’m not sure what changed. I made no changes to either server and this error started happening out of nowhere. The only thing that may have possibly changed, is that Let’s Encrypt issued a new TLS certificate to one of the servers.

I’ve tried deleting NextCloud from the server and rebuilding it using the docker-compose file after backing up my data, but no dice.

Here is the VirtualHost configuration from CyberPanel in case that helps:

docRoot                   /home/<domain>.com/cloud.<domain>.com
vhDomain                  $VH_NAME
vhAliases                 www.$VH_NAME
adminEmails               admin@example.com
enableGzip                1
enableIpGeo               1

index  {
  useServer               0
  indexFiles              index.php, index.html
}

errorlog $VH_ROOT/logs/<domain>.com.error_log {
  useServer               0
  logLevel                WARN
  rollingSize             10M
}

accesslog $VH_ROOT/logs/<domain>.com.access_log {
  useServer               0
  logFormat               "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i""
  logHeaders              5
  rollingSize             10M
  keepDays                10  
  compressArchive         1
}

phpIniOverride  {
php_admin_value open_basedir "/tmp:$VH_ROOT"
}

module cache {
 storagePath /usr/local/lsws/cachedata/$VH_NAME
}

scripthandler  {
  add                     proxy:domain1234567 php
}

extprocessor domain1234567 {
  type                             proxy
  address                       http://10.50.1.60:11000
  maxConns                  100
  pcKeepAliveTimeout 60
  initTimeout                 60
  retryTimeout              0
  respBuffer                  0
}

rewrite  {
  enable                  1
  autoLoadHtaccess        1
  RewriteCond %{HTTPS} !=on
  RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  RewriteRule /(.*) http://domain1234567/$1 [P]
}

context /.well-known/acme-challenge {
  location                /usr/local/lsws/Example/html/.well-known/acme-challenge
  allowBrowse             1

  rewrite  {
    enable                  0
  }
  addDefaultCharset       off

  phpIniOverride  {

  }
}


vhssl  {
  keyFile                 /etc/letsencrypt/live/cloud.<domain>.com/privkey.pem
  certFile                /etc/letsencrypt/live/cloud.<domain>.com/fullchain.pem
  certChain               1
  sslProtocol             24
  enableECDHE             1
  renegProtection         1
  sslSessionCache         1
  enableSpdy              15
  enableStapling           1
  ocspRespMaxAge           86400
}

context / {
  type proxy
  handler domain1234567
  addDefaultCharset off
}

jtr · November 20, 2024, 3:52pm

You seem to have overlooked the forum’s support template.

Suggestions:

Check your Nextcloud container log (are the HTTP transactions making it there? etc)
Check your Nextcloud log (nextcloud.log) (what appears in the log when attempting a connection? etc)

If nothing is visible in either of the above, check:

Check your reverse proxy server’s access log and error logs (are transactions showing up here? etc)

If still nothing:

Post your Docker Compose file
Post your Nextcloud config (occ config:list system).

kcclemo · November 20, 2024, 5:46pm

Thank you! Nothing in the container or nextcloud logs. I get to the dashboard, but nothing is usable. I can’t browse files, dismiss notifications, etc.

My proxy’s access logs are registering all the transactions. However, my proxy’s error logs are repeating this warning for every transaction:

2024-11-18 21:41:39.334005 [WARN] [166872] [12.456.45.456:55176-Q:46C08EBA3D88994D-0#cloud.domain.com] Invalid Http response header, retry!

I’m not sure where these header responses may be coming from though.

system · February 18, 2025, 5:47pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.