Sorry, I should have said, Snap (as that comes pre-installed on Ubuntu server).
Just to make it clear, Iâm not asking how to install nextcloud: Iâve already done that using snap and got it working just fine. I need to know how to configure Apache to sent subdomain traffic to nextcloud and domain traffic to webroot. Preferably in words of one syllable!
Sorry. Search in the internet " snap set nextcloud ports.http=
Ok, if Iâm understanding your situation, you have a non-snap Apache server already installed and serving some other web root, and what you need is a named virtual host added to your Apache server that will reverse proxy traffic to Nextcloud.
A named vhost allows Apache to deliver a different site based on the URL that was used, even though itâs ultimately coming to the same IP and server.
I have such a setup in my guide for installing Nextcloud with Docker. The Apache virtual host configuration to reverse proxy for snap should be pretty similar.
Yes, I have understand it similar. Because he uses Snap for Nextcloud (including apache2) and another apache2/webserver, he can not use the same sockets (IP:80) and (IP:443) because it is usede for apache2/webserver. But the different port is nothis problem. It is only setting the port.
Also, the Apache reverse proxy can serve the site on ports 80 and 443, even if itâs sending the connection to a backend server running on different ports.
No. The only Apache server is that installed by snap. Ubuntu server even has two boxes to tick on installation: install openssl and a menu of goodies to be installed by snap: I ticked nextcloud. It really is that simple, nothing else is installed. I just want to point the cloud subdomain to nextcloud and the ordinary traffic to webroot ON THE SAME Apache web server. Why is that so complicated?
Maybe because the nextcloud snap has itâs own apache server built-inâŚ
And since the snap is not writeable, I donât think that it is possible to use the apache server (that is provided by the nextcloud snap) for another web applicationâŚ
1 Like
Because this is not the intended use case for snap. Snap is intended to compartmentalize the software and make it as simple for you as possible. A natural consequence of that is inflexibility.
Bottom line is to do what youâre asking, you would be best served by either
- Installing a normal Apache instance via apt, having it reverse proxy the Nextcloud instance and serve your other site, or
- Ditching snap altogether and using a normal Apache installation for both.
I would say neither option is particularly difficult, and #1 would probably suit you just fine. You wouldnât have to start over or anything. Hereâs how that would go if you want to try it.
First youâll need to change the port numbers for the snap Apache. I would change 80 and 443 to 8080 and 8443 respectively.
Then you will need to install Apache via apt and enable some mods.
sudo apt install apache2
sudo a2enmod ssl proxy proxy_http proxy_wstunnel rewrite headers
sudo systemctl restart apache2
You can use the default site if you like for your web root. Then youâll add a vhost config under /etc/apache2/sites-available with something like this:
Adjust as needed to fit your setup. At a minimum youâll need to change your ServerName to the subdomain you want it to use.
Enable the site:
sudo a2ensite nextcloud.conf
sudo systemctl reload apache2
Install and enable certbot:
Somewhere during this process youâll probably have to change some of the proxy related settings in Nextcloud. Details here:
3 Likes
@KarlF12. I really canât thank you enough for this clear and lucid explanation. I did find your excellent post that you referred me to concerning Docker and Debian but had not realised how much of it would also work for Snap and Ubuntu so I had disregarded it. Apologies. Itâs going to take me a little while to work my way through all of this and I may come back with further queries but thank you for giving me a good place to start.
1 Like
OK, Iâve followed the instructions and now have a (different) Apache server set up with my website holding page working fine on http(s);//badbury.org.uk. All good.
However, cloud.badbury.org.uk (the nextcloud server) returns a 503 error (service not available).
Here is the approriate virtual host configuration file. What have I missed?
derek@badbury-server:/etc/apache2/sites-enabled$ cat 010-nextcloud.conf
<VirtualHost *:80>
ServerName cloud.badbury.org.uk
ErrorLog ${APACHE_LOG_DIR}/nextcloud-error.log
CustomLog ${APACHE_LOG_DIR}/nextcloud-access.log combined
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
RewriteEngine On
RewriteRule ^/.well-known/carddav http://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteRule ^/.well-known/caldav http://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteCond %{SERVER_NAME} =cloud.badbury.org.uk
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
<VirtualHost *:443>
ServerName cloud.badbury.org.uk
ErrorLog ${APACHE_LOG_DIR}/nextcloud-error.log
CustomLog ${APACHE_LOG_DIR}/nextcloud-access.log combined
SSLEngine On
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
Header always set Strict-Transport-Security âmax-age=15552000; includeSubDomainsâ
RewriteEngine On
RewriteRule ^/.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteRule ^/.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/cloud.badbury.org.uk/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.badbury.org.uk/privkey.pem
Herewith the error log:
derek@badbury-server:~$ cat /var/log/apache2/nextcloud-error.log
[Thu Sep 03 09:09:15.506004 2020] [proxy:error] [pid 1125:tid 140300894803712] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 09:09:15.506065 2020] [proxy_http:error] [pid 1125:tid 140300894803712] [client 62.4.14.206:34103] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 09:35:11.532938 2020] [proxy:error] [pid 1126:tid 140301138126592] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 09:35:11.532994 2020] [proxy_http:error] [pid 1126:tid 140301138126592] [client 62.210.10.77:55307] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 13:05:11.025387 2020] [proxy:error] [pid 1496051:tid 140300408321792] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 13:05:11.025456 2020] [proxy_http:error] [pid 1496051:tid 140300408321792] [client 35.195.243.150:2067] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 13:05:11.517936 2020] [proxy:error] [pid 1496051:tid 140299938559744] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 13:05:11.517966 2020] [proxy_http:error] [pid 1496051:tid 140299938559744] [client 194.149.246.126:20912] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 13:05:11.705701 2020] [proxy:error] [pid 1496052:tid 140300232140544] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 13:05:11.705750 2020] [proxy_http:error] [pid 1496052:tid 140300232140544] [client 194.149.246.126:20931] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 13:05:21.256860 2020] [proxy:error] [pid 1496052:tid 140299804342016] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 13:05:21.256907 2020] [proxy_http:error] [pid 1496052:tid 140299804342016] [client 194.149.246.126:22652] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 13:07:11.031788 2020] [proxy:error] [pid 1496051:tid 140300391536384] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 13:07:11.031827 2020] [proxy_http:error] [pid 1496051:tid 140300391536384] [client 194.149.246.126:38256] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 13:07:21.920924 2020] [proxy:error] [pid 1496052:tid 140301129733888] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 13:07:21.920959 2020] [proxy_http:error] [pid 1496052:tid 140301129733888] [client 194.149.246.126:39970] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 13:07:22.218637 2020] [proxy:error] [pid 1496052:tid 140301104555776] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 13:07:22.218673 2020] [proxy_http:error] [pid 1496052:tid 140301104555776] [client 194.149.246.126:40018] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 17:53:35.559120 2020] [proxy:error] [pid 1496052:tid 140300265711360] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 17:53:35.559160 2020] [proxy_http:error] [pid 1496052:tid 140300265711360] [client 192.168.1.1:39472] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 17:53:35.657431 2020] [proxy:error] [pid 1496052:tid 140300869691136] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 17:53:35.657463 2020] [proxy_http:error] [pid 1496052:tid 140300869691136] [client 192.168.1.1:39474] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
derek@badbury-server:~$Hey,
Make it easy on yourself, run the VM instead.
Plain Ubuntu, apt packages, and lots of extra nifty stuff. The TLs setup is automated.
Now, youâve downloaded the Nextcloud VM and youâve installed VMware Player. The VM comes as a â.OVA fileâ. To mount it, simply right click on the file and select âopen with VMware Playerâ.
What is this âright clickâ of which you speak? On a headless server? I think not.
On a headless server you can run the scripts: https://docs.hanssonit.se/s/bj0vl1ihv0jgrmfm08j0/build-your-own/d/bj0vl4ahv0jgrmfm0950/nextcloud-vm
One should not run a server in VMware Player or similar.
This error is saying it canât connect to port 8080 on your system. Have you changed the port number? Can you access port 8080 directly?
Would be interesting why?
1 Like
UPDATE. With huge thanks to @KarlF12.
Well, It would appear that I have got Apache2 and its virtual hosts all sorted. My domain now points successfully to my webroot and is redirected to the https version automatically. On the snap/nextcloud side, that also has https installed and according to snap is listening on ports 8080 and 8443. The following âcurl trailâ shows that cloud.domain.tld is definitely being properly forwarded to :8443 as it should be:
derek@derek-desktop ~ $ curl cloud.badbury.org.uk
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://cloud.badbury.org.uk/">here</a>.</p>
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at cloud.badbury.org.uk Port 80</address>
</body></html>
derek@derek-desktop ~ $ curl https://cloud.badbury.org.uk
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://cloud.badbury.org.uk:8443/">here</a>.</p>
</body></html>
derek@derek-desktop ~ $ curl https://cloud.badbury.org.uk:8443
curl: (7) Failed to connect to cloud.badbury.org.uk port 8443: Connection refused
derek@derek-desktop ~ $
So, it would appear that the request is being forwarded to the right port but that port is refusing the connection. The same message is delivered when using a browser to try to connect:
Unable to connect
Firefox canât establish a connection to the server at cloud.badbury.org.uk:8443.
Is there any way of finding out ON WHAT GROUNDS the connection is being refused by snap/nextcloud?
Iâm suspecting that it is seen as coming from an untrusted domain? Am I missing something obvious here? Below is a copy of nextcloudâs config.php (sensitive info munged):
<?php
$CONFIG = array (
'apps_paths' =>
array (
0 =>
array (
'path' => '/snap/nextcloud/current/htdocs/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/snap/nextcloud/current/nextcloud/extra-apps',
'url' => '/extra-apps',
'writable' => true,
),
),
'supportedDatabases' =>
array (
0 => 'mysql',
),
'memcache.locking' => '\\OC\\Memcache\\Redis',
'memcache.local' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/tmp/sockets/redis.sock',
'port' => 0,
),
'passwordsalt' => 'munged',
'secret' => 'munged',
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'cloud.badbury.org.uk',
),
'datadirectory' => '/var/snap/nextcloud/common/nextcloud/data',
'dbtype' => 'mysql',
'version' => '19.0.1.1',
'overwrite.cli.url' => 'http://localhost',
'dbname' => 'nextcloud',
'dbhost' => 'localhost:/tmp/sockets/mysql.sock',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => 'munged',
'installed' => true,
'instanceid' => 'munged',
'maintenance' => false,
);Connection refused is a TCP error. Most often this means you connected to a port that isnât in the listening state (wrong address, service not running, etc.).
Confirm that the snap is running and that the port is indeed open (netstat -lntp).
The idea with the reverse proxy is that the client accesses Apache on port 443, and Apache proxies the connection to the snap on port 8080 or 8443. The client should not be redirected to 8443 directly. Can you show your current Apache sure config?