NextcloudPI after Update 1.25 and NC 18.0.4.2 Ports (80,443) closed

Hello everyone,
after the NextcloudPi update to v1.25.0 and NC 18.0.4.2 the two ports 80, 443 are closed.
Does anyone have an idea what this could be?
Regards


NextCloudPi diagnostics

NextCloudPi version  v1.25.0
NextCloudPi image    NextCloudPi_01-09-20
distribution         Armbian 19.11.7 Buster \l
automount            yes
USB devices          sda
datadir              /media/myCloudDrive/ncdata
data in SD           no
data filesystem      btrfs
data disk usage      533G/3.7T
rootfs usage         4.2G/15G
swapfile             /var/swap
dbdir                /media/USBdrive/ncdatabase
Nextcloud check      ok
Nextcloud version    18.0.4.2
HTTPD service        up
PHP service          up
MariaDB service      up
Redis service        up
Postfix service      up
internet check       ok
port check 80        closed
port check 443       closed
IP                   ***REMOVED SENSITIVE VALUE***
gateway              ***REMOVED SENSITIVE VALUE***
interface            enx001e06367666
certificates         ***REMOVED SENSITIVE VALUE***
NAT loopback         no
uptime               48min

Nextcloud configuration

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": {
            "0": "localhost",
            "5": "nextcloudpi.local",
            "7": "nextcloudpi",
            "8": "nextcloudpi.lan",
            "11": "***REMOVED SENSITIVE VALUE***",
            "1": "***REMOVED SENSITIVE VALUE***",
            "12": "***REMOVED SENSITIVE VALUE***",
            "2": "https:\/\/***REMOVED SENSITIVE VALUE***"
        },
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "18.0.4.2",
        "overwrite.cli.url": "https:\/\/https:\/\/***REMOVED SENSITIVE VALUE***\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "timeout": 0,
            "password": "***REMOVED SENSITIVE VALUE***"
        },
        "tempdirectory": "\/media\/myCloudDrive\/ncdata\/tmp",
        "mail_smtpmode": "sendmail",
        "mail_smtpauthtype": "LOGIN",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "preview_max_x": "2048",
        "preview_max_y": "2048",
        "jpeg_quality": "60",
        "overwriteprotocol": "https",
        "maintenance": false,
        "logfile": "\/media\/myCloudDrive\/ncdata\/nextcloud.log",
        "loglevel": "2",
        "log_type": "file",
        "app_install_overwrite": [
            "radio"
        ]
    }
}

HTTPd logs

[Sun May 10 04:04:42.276147 2020] [authz_core:error] [pid 6916:tid 2621428768] [                                          client 45.143.220.94:35150] AH01630: client denied by server configuration: /var                                          /www/ncp-web/
[Sun May 10 18:55:44.306730 2020] [authz_core:error] [pid 6916:tid 2539619360] [                                          client 83.97.20.35:52562] AH01630: client denied by server configuration: /var/w                                          ww/ncp-web/
[Wed May 13 09:52:56.335679 2020] [authz_core:error] [pid 1900:tid 2709517344] [                                          client 92.118.160.53:54537] AH01630: client denied by server configuration: /var                                          /www/ncp-web/
[Thu May 14 17:33:32.363752 2020] [authz_host:error] [pid 9143:tid 2581582880] [                                          client 162.243.144.186:50392] AH01753: access check of 'localhost' to / failed,                                           reason: unable to get the remote host name
[Thu May 14 17:33:32.363934 2020] [authz_core:error] [pid 9143:tid 2581582880] [                                          client 162.243.144.186:50392] AH01630: client denied by server configuration: /v                                          ar/www/ncp-web/
[Fri May 15 22:10:25.333438 2020] [authz_core:error] [pid 16681:tid 2738877472]                                           [client 83.97.20.35:50695] AH01630: client denied by server configuration: /var/                                          www/ncp-web/
[Fri May 15 22:22:29.258094 2020] [authz_core:error] [pid 16681:tid 2730484768]                                           [client 92.118.160.13:50153] AH01630: client denied by server configuration: /va                                          r/www/ncp-web/
[Sat May 16 00:55:11.452227 2020] [authz_core:error] [pid 24117:tid 2566890528]                                           [client 93.174.95.106:35888] AH01630: client denied by server configuration: /va                                          r/www/ncp-web/
[Sat May 16 00:55:20.594589 2020] [authz_core:error] [pid 24116:tid 2707420192]                                           [client 93.174.95.106:44476] AH01630: client denied by server configuration: /va                                          r/www/ncp-web/favicon.ico
[Sat May 16 00:55:24.856834 2020] [authz_core:error] [pid 24117:tid 2690638880]                                           [client 35.205.219.55:21896] AH01630: client denied by server configuration: /va                                          r/www/ncp-web/
[Sat May 16 15:11:08.114061 2020] [authz_host:error] [pid 24117:tid 2533319712]                                           [client 45.148.10.72:57912] AH01753: access check of 'localhost' to / failed, re                                          ason: unable to get the remote host name
[Sat May 16 15:11:08.114228 2020] [authz_core:error] [pid 24117:tid 2533319712]                                           [client 45.148.10.72:57912] AH01630: client denied by server configuration: /var                                          /www/ncp-web/
[Sat May 16 22:56:04.408199 2020] [authz_core:error] [pid 24117:tid 2524927008]                                           [client 52.53.165.249:56378] AH01630: client denied by server configuration: /va                                          r/www/ncp-web/
[Sun May 17 17:50:51.710989 2020] [proxy_fcgi:error] [pid 32546:tid 2757194784]                                           [client 192.168.176.100:65371] AH01067: Failed to read FastCGI header
[Sun May 17 17:50:51.711143 2020] [proxy_fcgi:error] [pid 32546:tid 2757194784]                                           (104)Connection reset by peer: [client 192.168.176.100:65371] AH01075: Error dis                                          patching request to :4443:
[Sun May 17 17:50:51.872909 2020] [mpm_event:notice] [pid 1429:tid 3069750704] A                                          H00491: caught SIGTERM, shutting down
[Sun May 17 17:51:30.225838 2020] [ssl:warn] [pid 1224:tid 3070041520] AH01909:                                           localhost:4443:0 server certificate does NOT include an ID which matches the ser                                          ver name
[Sun May 17 17:51:30.260568 2020] [ssl:warn] [pid 1329:tid 3070041520] AH01909:                                           localhost:4443:0 server certificate does NOT include an ID which matches the ser                                          ver name
[Sun May 17 17:51:30.267173 2020] [mpm_event:notice] [pid 1329:tid 3070041520] A                                          H00489: Apache/2.4.38 (Debian) OpenSSL/1.1.1d configured -- resuming normal oper                                          ations
[Sun May 17 17:51:30.267300 2020] [core:notice] [pid 1329:tid 3070041520] AH0009                                          4: Command line: '/usr/sbin/apache2'

Database logs

2020-05-17 17:51:48 0 [Note] InnoDB: Uses event mutexes
2020-05-17 17:51:48 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2020-05-17 17:51:48 0 [Note] InnoDB: Number of pools: 1
2020-05-17 17:51:48 0 [Note] InnoDB: Using generic crc32 instructions
2020-05-17 17:51:48 0 [Note] InnoDB: Initializing buffer pool, total size = 896M                                          , instances = 1, chunk size = 128M
2020-05-17 17:51:49 0 [Note] InnoDB: Completed initialization of buffer pool
2020-05-17 17:51:49 0 [Note] InnoDB: If the mysqld execution user is authorized,                                           page cleaner thread priority can be changed. See the man page of setpriority().
2020-05-17 17:51:50 0 [Note] InnoDB: 128 out of 128 rollback segments are active                                          .
2020-05-17 17:51:50 0 [Note] InnoDB: Creating shared tablespace for temporary ta                                          bles
2020-05-17 17:51:50 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Phys                                          ically writing the file full; Please wait ...
2020-05-17 17:51:53 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2020-05-17 17:51:53 0 [Note] InnoDB: 10.3.22 started; log sequence number 207429                                          0790; transaction id 3944257
2020-05-17 17:51:53 0 [Note] InnoDB: Loading buffer pool(s) from /media/myCloudD                                          rive/ncdatabase/ib_buffer_pool
2020-05-17 17:51:53 0 [Note] Plugin 'FEEDBACK' is disabled.
2020-05-17 17:51:54 0 [Note] Server socket created on IP: '127.0.0.1'.
2020-05-17 17:51:54 0 [Note] Reading of all Master_info entries succeeded
2020-05-17 17:51:54 0 [Note] Added new Master_info '' to hash table
2020-05-17 17:51:54 0 [Note] /usr/sbin/mysqld: ready for connections.
Version: '10.3.22-MariaDB-0+deb10u1'  socket: '/run/mysqld/mysqld.sock'  port: 3                                          306  Debian 10
2020-05-17 17:52:34 0 [Note] InnoDB: Buffer pool(s) load completed at 200517 17:                                          52:34

Nextcloud logs

{"reqId":"Oi2QG3v8rMYthTdPng1n","level":0,"time":"2020-05-04T14:43:07+00:00","re                                          moteAddr":"","user":"--","app":"no app in context","method":"","url":"--","messa                                          ge":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDisp                                          atcher\\GenericEvent","userAgent":"--","version":"18.0.3.0"}
{"reqId":"Oi2QG3v8rMYthTdPng1n","level":1,"time":"2020-05-04T14:43:07+00:00","re                                          moteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\                                          \Repair::step: Repair step: Clear access cache of projects","userAgent":"--","ve                                          rsion":"18.0.3.0"}
{"reqId":"Oi2QG3v8rMYthTdPng1n","level":0,"time":"2020-05-04T14:43:07+00:00","re                                          moteAddr":"","user":"--","app":"no app in context","method":"","url":"--","messa                                          ge":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDisp                                          atcher\\GenericEvent","userAgent":"--","version":"18.0.3.0"}
{"reqId":"Oi2QG3v8rMYthTdPng1n","level":1,"time":"2020-05-04T14:43:07+00:00","re                                          moteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\                                          \Repair::step: Repair step: Switches from deprecated \"production\" to \"stable\                                          " update channel","userAgent":"--","version":"18.0.3.0"}
{"reqId":"Oi2QG3v8rMYthTdPng1n","level":0,"time":"2020-05-04T14:43:07+00:00","re                                          moteAddr":"","user":"--","app":"no app in context","method":"","url":"--","messa                                          ge":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDisp                                          atcher\\GenericEvent","userAgent":"--","version":"18.0.3.0"}
{"reqId":"Oi2QG3v8rMYthTdPng1n","level":1,"time":"2020-05-04T14:43:07+00:00","re                                          moteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\                                          \Repair::step: Repair step: Sets the enterprise logo","userAgent":"--","version"                                          :"18.0.3.0"}
{"reqId":"Oi2QG3v8rMYthTdPng1n","level":0,"time":"2020-05-04T14:43:07+00:00","re                                          moteAddr":"","user":"--","app":"no app in context","method":"","url":"--","messa                                          ge":"Deprecated event type for \\OC\\Repair::info: Symfony\\Component\\EventDisp                                          atcher\\GenericEvent","userAgent":"--","version":"18.0.3.0"}
{"reqId":"Oi2QG3v8rMYthTdPng1n","level":1,"time":"2020-05-04T14:43:07+00:00","re                                          moteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\                                          \Repair::info: Repair info: Repair step already executed","userAgent":"--","vers                                          ion":"18.0.3.0"}
{"reqId":"Oi2QG3v8rMYthTdPng1n","level":0,"time":"2020-05-04T14:43:07+00:00","re                                          moteAddr":"","user":"--","app":"no app in context","method":"","url":"--","messa                                          ge":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDisp                                          atcher\\GenericEvent","userAgent":"--","version":"18.0.3.0"}
{"reqId":"Oi2QG3v8rMYthTdPng1n","level":1,"time":"2020-05-04T14:43:07+00:00","re                                          moteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\                                          \Repair::step: Repair step: Reset generated avatar flag","userAgent":"--","versi                                          on":"18.0.3.0"}
{"reqId":"Oi2QG3v8rMYthTdPng1n","level":1,"time":"2020-05-04T14:43:07+00:00","re                                          moteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\                                          \Updater::startCheckCodeIntegrity: Starting code integrity check...","userAgent"                                          :"--","version":"18.0.3.0"}
{"reqId":"Oi2QG3v8rMYthTdPng1n","level":1,"time":"2020-05-04T14:43:28+00:00","re                                          moteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\                                          \Updater::finishedCheckCodeIntegrity: Finished code integrity check","userAgent"                                          :"--","version":"18.0.3.0"}
{"reqId":"Oi2QG3v8rMYthTdPng1n","level":1,"time":"2020-05-04T14:43:28+00:00","re                                          moteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\                                          \Updater::updateEnd: Update successful","userAgent":"--","version":"18.0.4.2"}
{"reqId":"Oi2QG3v8rMYthTdPng1n","level":1,"time":"2020-05-04T14:43:28+00:00","re                                          moteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\                                          \Updater::maintenanceDisabled: Turned off maintenance mode","userAgent":"--","ve                                          rsion":"18.0.4.2"}
{"reqId":"Oi2QG3v8rMYthTdPng1n","level":1,"time":"2020-05-04T14:43:28+00:00","re                                          moteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\                                          \Updater::resetLogLevel: Reset log level to Warning(2)","userAgent":"--","versio                                          n":"18.0.4.2"}
{"reqId":"tT0ewoc5UsJMQZTehf2N","level":2,"time":"2020-05-07T11:30:21+00:00","re                                          moteAddr":"","user":"--","app":"appstoreFetcher","method":"","url":"--","message                                          ":"Could not connect to appstore: cURL error 28: Operation timed out after 10000                                           milliseconds with 4153344 out of 4833357 bytes received (see http://curl.haxx.s                                          e/libcurl/c/libcurl-errors.html)","userAgent":"--","version":"18.0.4.2"}
{"reqId":"vJyl8Zo9i5huIZRfOfRj","level":2,"time":"2020-05-11T12:30:21+00:00","re                                          moteAddr":"","user":"--","app":"appstoreFetcher","method":"","url":"--","message                                          ":"Could not connect to appstore: cURL error 28: Operation timed out after 10000                                           milliseconds with 2990080 out of 4844395 bytes received (see http://curl.haxx.s                                          e/libcurl/c/libcurl-errors.html)","userAgent":"--","version":"18.0.4.2"}
{"reqId":"PrnkxpBbAQZuDFWekViG","level":2,"time":"2020-05-12T12:45:15+00:00","re                                          moteAddr":"","user":"--","app":"appstoreFetcher","method":"","url":"--","message                                          ":"Could not connect to appstore: cURL error 28: Operation timed out after 10000                                           milliseconds with 1556480 out of 4854578 bytes received (see http://curl.haxx.s                                          e/libcurl/c/libcurl-errors.html)","userAgent":"--","version":"18.0.4.2"}
{"reqId":"quycZmjKbY2OsOYXM3ki","level":2,"time":"2020-05-13T13:00:22+00:00","re                                          moteAddr":"","user":"--","app":"appstoreFetcher","method":"","url":"--","message                                          ":"Could not connect to appstore: cURL error 28: Operation timed out after 10001                                           milliseconds with 0 out of 0 bytes received (see http://curl.haxx.se/libcurl/c/                                          libcurl-errors.html)","userAgent":"--","version":"18.0.4.2"}
{"reqId":"T5lM4JbzaxavRGBsAgY1","level":2,"time":"2020-05-17T14:00:25+00:00","re                                          moteAddr":"","user":"--","app":"appstoreFetcher","method":"","url":"--","message                                          ":"Could not connect to appstore: cURL error 28: Operation timed out after 10001                                           milliseconds with 0 out of 0 bytes received (see http://curl.haxx.se/libcurl/c/                                          libcurl-errors.html)","userAgent":"--","version":"18.0.4.2"}

Hi
have/had the same issue - but no solution.

Did you also update&upgrade your underlying raspbian? I suspect this being related…

update: I just come over my configuration and saw, that my ports are also noted to be closed - but it works from inside and outside!:

NextCloudPi diagnostics

NextCloudPi version  v1.24.0
NextCloudPi image    NextCloudPi_03-28-20
distribution         Raspbian GNU/Linux 10 \n \l
automount            yes
USB devices          sda 
datadir              /media/myCloudDrive/ncdata
data in SD           no
data filesystem      btrfs
data disk usage      265M/115G
rootfs usage         2.0G/15G
swapfile             /var/swap
dbdir                /media/USBdrive/ncdatabase
Nextcloud check      ok
Nextcloud version    18.0.3.0
HTTPD service        up
PHP service          up
MariaDB service      up
Redis service        up
Postfix service      up
internet check       ok
port check 80        closed
port check 443       closed
IP                   ***REMOVED SENSITIVE VALUE***
gateway              ***REMOVED SENSITIVE VALUE***
interface            wlan0
certificates         ***REMOVED SENSITIVE VALUE***
NAT loopback         no
uptime               1:19

I set up a fresh NCPi and intentionally did not update.

*maybe you want to remove some data from your posted configuration

Yes, I update again and again.
I set up with the latest image in January.

After the update, this message also appears on the web interface:
‣ You should open your ports for Lets Encrypt and external access
‣ You should enable dnsmasq to use your domain inside home

…but your system is runing properly?
Are you on a RaspberryPi?

NCP users are advised in docs to enable unattended-upgrades.
Also to avoid breaking the setup, do not manually run apt, unless your system is broken, needs fixing or you know what you are doing or dont mind breaking the setup and have everything backed up securely in case you do break something.
My NCP instances run for months, even a whole year without needing intervention. I have all auto update functions enabled, for OS, NC and NCP.

My system runs except for the problems mentioned.
I use an Odroid HC2.

Yes, I know - and, I guess, everyone is happy with an all-auto solution. New to me is, to NOT touch apt anymore, will keep this in mind.
Do you have any idea why ports were listed as closed? Did not observe any harm (till letsencrypt show up again?) .

I’d check if your server is listing to the ports by running:

sudo netstat -aW | grep LIST | grep tcp

If it is, I’d look at the setting of your router interface, to see if ports are still forwarded as they should. Sometimes routers can be reset by ISP’s.

Looks a little different than above. But I have basically no clue about this.
Just to mention: NCPi is working properly from inside and reachable from outside.

Can it be related to the “Force https” setting?

My NextcloudPI runs with all auto updates. I have a second one on an Odroid HC2 with the same settings. After the updates, the ports in the NCP Config are closed too. But can access both NextcloudPI’s from the outside.

Enclosed my config:

root@nextcloudpi:~# sudo netstat -aW | grep LIST | grep tcp
tcp 0 0 localhost:mysql 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:smtp 0.0.0.0:* LISTEN
tcp6 0 0 [::]:sunrpc [::]:* LISTEN
tcp6 0 0 [::]:domain [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 [::]:smtp [::]:* LISTEN

has no idea what that can be?
the HTTPD service is now down and my cloud no longer works.

Did you do something with your system between you last posts? Are your both systems now down?
Asking just to learn something. I am afraid of my next reboot… sad.

I only executed the netstat command on the systems. In between we had a power cut and the Odroid was booted. Since then, the HTTPD has been down.

My other system is still working perfectly.

Can someone help me how to get the HTTPD up again?

Can you start apache2 manually? Post errors:

Start:
sudo systemctl start apache2.service
(or direct as root)

Status:
sudo systemctl status apache2.service

Stop:
sudo systemctl stop apache2.service

Please logs also in the logs /var/log/apache2

Read also


(perhaps you find a hint)

Thank you devnull,
HTTPD is running again. How / where can I see if it starts automatically on reboot?

Now I only have the problem that the port check 80/443 is closed.

Does anyone have an idea here?

Regarding the closed ports message I see the same behaviour on my ODroid HC2. But port forwarding from the router is ok as is the access from WAN.
I also checked the ports with https://portchecker.co/ which is used by ncp. Results are: ports for http and https are open.

The netstat command shows the following results:
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 0 localhost:mysql 0.0.0.0:* LISTEN
tcp6 0 0 [::]:http [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
tcp6 0 0 [::]:4443 [::]:* LISTEN
tcp6 0 0 [::]:https [::]:* LISTEN

Looks like the system is only listening on IPV6 ports. May this be the reason?