Nextcloud Snap users, please list the issues you're facing

What if we want to use Nextcloud Talk within a Nextcloud snap, complete with a coturn TURN server?

I have questions about using a turnserver (coturn) with the Nextcloud snap, on the same server (this is to try to get Nextcloud Talk working the best). Has anyone done this before? If the Nextcloud snap were to talk to the coturn server, wouldn’t that need some special port “plumbing” added to the snap, to enable the intercommunication between the two?

Furthermore, if one wants to use SSL with the coturn server, then one will want to use the certbot SSL certificate files (cert.pem and privkey.pem) that got generated within the snap, but the pathname leading into the snap is not necessarily a constant thing (or is it?), as it’s got an integer that might change, as the snap periodically upgrades itself. For example, my nextcloud lives within:

/snap/nextcloud/[5_digit_integer_here]

It’s kind of sounding like the coturn server needs to be on a different server than the Nextcloud snap, and have it’s own ssl certificate. Or maybe coturn itself eventually could be bundled into the snap, in case users want to use Nextcloud Talk with their snap.

Snap or not should not make a difference.

Note that Nextcloud Talk and the TURN server do not talk “directly” each other. The users WebRTC clients (e.g. browser, Android app) use the TURN server information from Nextcloud Talk settings to connect remotely to coturn. So as long as both are reachable from the web, it’s fine.

Of course if you have coturn within snap, it needs to be reachable via chosen/configured port. Since I never used snap, you know better than me how to make it listen to/forward a certain port.

A non-snap coturn accessing SSL cert within snap sounds wrong to me. You already mentioned the issue with non-constant path. I suggest you either find a coturn snap then, or create cert files outside of snap.

1 Like

Fairly recently certbot has gained the ability to do wildcard SSL certs (thereby allowing two SSL certs for the same Nextcloud server, the coturn server using a domain name like “turn.yournextcloudserver.com”), however this doesn’t seem to be packaged nicely for Debian 9 yet. A second SSL cert for the coturn server could perhaps be generated using this obscure howto (but I’ve never tried it).

You can as well simply duplicate the certs from certbot. Just needs to be redone, when they are renewed.
AFAIK, self-signed certificates work as well. But not 100% sure if all browsers and such connect well then without complaining about the non-trusted cert.

I’m in Gallery Slideshow/Preview Generator app trouble on my Nextcloud 14/stable server. Please see here for more info.

In summary, I can’t figure out how to properly run the “Preview Generator” app’s “/snap/bin/nextcloud.occ preview:generate-all” on the command line…

Edit: I merely rebooted the server, and it all seems to work OK now.

Request: when Let’s Encrypt generates SSL certificates within the snap, could the actual privkey.pem and cert.pem files be stored outside the snap (say, under /etc/certbot or something like that), in case any other services installed on the same Nextcloud server might also want to use SSL encryption?

Two possible examples of this:

  • Running a TURN server (for use in conjunction with Nextcloud Talk)
  • Running a mail server (where you want SSL on your IMAP, and SMTP submission ports), say from a docker container like this one.

I installed NC via SNAP/Ubuntu 18.04 yesterday and everything was working as expected. Today my site is throwing an HTTP 500 ERROR, and I cannot figure out why. I did not make any changes, but did upload some files via the mobile app this morning (which I see exist in the data directory).

When I look in the logs and elsewhere by running OCC commands (which arnt working) I see messages like the below. My newb brain thinks it looks like a problem with the database. Running php -m I cannot find mysql or other modules I’m would expect were included in the SNAP package. Nor sure how it would have worked before without these. Any advice on this matter would be appreciated.

An unhandled exception has been thrown:
Doctrine\DBAL\DBALException: Failed to connect to the database: An exception occured in driver: SQLSTATE[HY000] [2002] No such file or directory in /snap/nextcloud/10791/htdocs/lib/private/DB/Connection.php:64

Files stopped syncing. When checked the web page, it turns out it is a forced update to version 15.0.2 as seen in the ss.

Screenshot%20from%202019-02-11%2012-02-53

When clicked on to “start update”, it results in error. The last repair step is to “extract the vcard uid and store it in the db”.

Screenshot%20from%202019-02-11%2012-09-42

Then it puts itself into maintenance mode until I restart the snap, in which case it starts over from the “start update” page. How to troubleshoot?

What I could find is that the line in the logs below that repair step is about memory limits.

{“reqId”:“XshGdYhMa5PsodOS2q3p”,“level”:1,“time”:“2019-02-11T08:59:39+00:00”,“remoteAddr”:"",“user”:"–",“app”:“updater”,“method”:"",“url”:"–",“message”:"\OC\Repair::step: Repair step: Extract the vcard uid and store it in the db",“userAgent”:"–",“version”:“14.0.6.0”}
{“reqId”:“XshGdYhMa5PsodOS2q3p”,“level”:3,“time”:“2019-02-11T08:59:41+00:00”,“remoteAddr”:"",“user”:"–",“app”:“PHP”,“method”:"",“url”:"–",“message”:“Allowed memory size of 134217728 bytes exhausted (tried to allocate 217088 bytes) at /snap/nextcloud/11343/htdocs/3rdparty/sabre/vobject/lib/Parser/MimeDir.php#319”,“userAgent”:"–",“version”:“14.0.6.0”}

Also, it says “needsDbUpgrade:true” in the nextcloud status. So maybe it is relevant.

A little bit of a ‘noob’ here. Have installed nextcloud snap (15 edge currently but have been working on stable version as well) on an old macbook air (1,1) with Ubuntu server (18.04) with an external disk which I have working (although it’s a little moody) and I have figured out how to add files and folders directly (ie. an hour or two) rather than uploading them (days) via the nextcloud client (which anyway seems to have its own issues) but I am having problems working out how to get nextcloud to acknowledge that they’re there and make them available for clients. I have tried various incarnations of;
sudo -u www-data nextcloud.occ files:scan --all

but it seems to run into folder permission issues - “cannot create user data directory … permission denied”.

Reading up a little on this page it would seem that this might be an issue with the snap and to get this working I’d have to reinstall without using the snap. Is that correct or is there a way around this?

And I did try changing the folder permissions temporarily (to 777) but that didn’t work either and changing them (/var/snap/nextcloud/12142) back to 755 seems to have stopped uploads completely.

For now I’ve only added two files both set to 640 (apparently folders should be 750 and files 640). Both of these are not showing up on the client side (but are definitely in the right folder alongside two other files uploaded via the client which are showing up).

For me, it installs fine and I can reach the http site. But when I “snap Nextcloud.enable-https custom -s cert.crt key.csr chain.ca-bundle”. it successfully installs the ssl cert files but there is an error when restarting apache. Apache shows as inactive. I have then disabled https but apache remains inactive. I also tried enable https with each ssl file renamed to .pem

A message I get is that the is a syntax error at line 69 of ssl.conf. cert.pem is either missing or empty.

I entered /var/snap/nextcloud/11891/certs/live. The cert file is present. I then open it and it has the same key as our custom .crt file. So it is neither missing nor empty. And the path on line 69 of ssl.conf points to the location where cert.pem is located.

You’re more likely to get help logging issues on the project itself.

I am facing a SSL handshake issue from an android 4.4.2 device.

i have a setup where I sync my contancts on Nextcloud with multiple Android devices using Davx5 (davdroid). It used to work fine but now one of my devices stopped syncing. Don’t know for sure but I have a sense that this could be related to the snap update specific to the Android version because my other android device (and thunderbird as well) is continuing to sync properly.

The error I am getting from Davx5 says:

2019-04-16 10:35:50 2 [HttpClient] <-- HTTP FAILED: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x5e210c78: Failure in SSL library, usually a protocol error

error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x5e2b2830:0x00000000)

Full Error Log: https://pastebin.com/8N4sm0d9

From what I read on Davx5 forums, this could be about incompatible ciphers (https://forums.bitfire.at/topic/1091/handshake-error-sl23_get_server_hello/15). But I am not sure what they are, how to test or change them in a nextcloud snap installation setting.

Any idea how to proceed with troubleshooting?

@qweqweqwe please start a new thread or log an issue.

I have external storage mounted to /media/nextcloud. By default apparmor denies access to this folder. Logs looks like this:

May 23 11:06:58 cloud kernel: [255431.083533] audit: type=1400 audit(1558598818.295:5976): apparmor=“DENIED” operation=“open” profile=“snap.nextcloud.php-fpm” name="/media/nextcloud/data/nextcloud.log" pid=26872 comm=“php-fpm” requested_mask=“ac” denied_mask=“ac” fsuid=0 ouid=0

I can change profile /var/lib/snapd/apparmor/profiles/snap.nextcloud.php-fpm
and nextcloud works fine.
But after each update apparmor replaces this profile and my changes are lost.
How to save my fixes in apparmor profiles and prevent them from changes on update?

today I noticed that my nextcloud box i still on version 13 (13.0.12 to be exact) and wondered, since version 16 seems to be out, shouldn’t the snap version in nextcloud box auto update at some point?

Danger alert: if you are running Nextcloud from a ver. 15 snap, don’t upgrade your “Bookmarks” app to 2.1.1! It needs the php-gmp package/library, which is not in the ver. 15 snap! Stay on “Bookmarks” version 1.1.1.

Note: Cross-posted from here.

Also note: a ver. 16 snap seems to work, for the bookmarks app! Problem only exists with ver. 15 snap.

Hello,
I installed Nextcloud snap in an Ubuntu 18.04.3 LTS VPS about a month ago, been using it with no issues accesing through the VPS IP with a self-signed certificate for HTTPS.
Today I pointed a test.domain.com to the VPS IP, redirection was successful.
Then I tried to create new certificates for the domain.com and everything blew up.

Right now I get the default Apache webpage with no access to nextcloud.

Any ideas how to troubleshoot?

Where to begin?

with HTTPS I get

This site can’t be reached

94.158.245.230 unexpectedly closed the connection.

Try:

ERR_CONNECTION_CLOSED

with HTTP
Default Apache welcome page.

Thanks in advance

HI there,
I’ve just posted an issue as a separate topic:


Not sure whether it’s a snap issue or whether providing a check for the coturn server is all you can do here.
Best regards
Martin

Help! for some Reason nextcloud does not show “DESK” and some users can’t login! What I’ve been doing a day before was “nextcloud.export” and it did not gave me any error. What I think is somebody hit update. Is there some clue how can I fix this?