No https redirect and wrong url

phost · December 31, 2016, 8:45am

Hi there,
I am just trying to get into nextcloud, which so far is working quite well.
Although there are some (so far only “cosmetic”) things I can’t fix on my own. During installation and setup I followed the official documentation. My machine is running Ubuntu 16.04. LTS with nginx as webserver. I am running some other websites on my server, which are for internal network (LAN) use only. Each of them are in seperate subdirectories, whereas nextcloud too is sitting under /nextcloud/ on my nginx root. All my other websites use the default configuration from nginx, so for nextcloud I just created a new config under sites-available and then linked it to sites-enabled.
So what I would now expect is that when I try to go to nextcloud I just type [server-ip]/nextcloud/ (with normal http) and then being redirected to https://[server-ip]/nextcloud/. But this doesn’t work, I’m just getting a 404 error. Although when I manually enter https://[server-ip]/nextcloud/ I can enter nextcloud, although the URL is being rewritten to https://[server-ip]/apps/files, without the expected /nextcloud/ ??
Is there a way to tell nginx (or nextcloud) to really use the correct subdirectory? As far as I know these informations should be stored in a .htacces file, which I can’t find though.
Further I already opened the 443 port on my router and from outside (tested it with my mobile) I can connect to nextcloud. I guess a redirect won’t work here unless I would open port 80 too?
My configurations of nginx/php still fit the ones from the official documentation, with the only difference being the separate file for the nginx-config in /sites-enabled/.

Hopefully you guys understand my problem and maybe even can help me.

tflidd · December 31, 2016, 10:37am

How does your redirect look like in your config?

.htaccess only works in apache, not in nginx.

Exactly.

phost · December 31, 2016, 11:27am

That would be:

server {
listen 80;
server_name [server-ip] [public domain];
root /var/www/html/nextcloud/;
return 301 https://$server_name$request_uri;
}

/edit: I just edited my first post so all hyperlinks are shown completely

serenity-networks · January 1, 2017, 5:44am

Well, for starters, the reason it’s not https://yourdomain.com/nextcloud is because you have the root of your webserver in the root of the nextcloud folder. If you wanted it to be yourdomain.com/nextcloud you would need to change root /var/www/html/nextcloud; to root /var/www/html Then there would be a nextcloud folder in the root (/var/www/html) folder on your webserver.

Also, you posted your http config, what about your https config? there should be a server { } directive for each, each with their own root folder.

Thanks,
Mike

serenity-networks · January 1, 2017, 5:46am

And you are correct, a redirect from http to https will require both 80 (http) and 443 (https) to be open. The browser has to be able to request the http page in order for nginx to redirect it to https.

phost · January 1, 2017, 9:35am

my current nginx config is the following:

server {
    listen 80;
    server_name [public domain];
    root /var/www/html/nextcloud/;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name [public domain];
    root /var/www/html/nextcloud/;

    ssl on;
    ssl_certificate     /etc/nginx/ssl/nextcloud.crt;
    ssl_certificate_key /etc/nginx/ssl/nextcloud.key;
    ssl_session_timeout 5m;
    ssl_ciphers               'AES128+EECDH:AES128+EDH:!aNULL';
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    add_header Strict-Transport-Security "max-age=15768000";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    access_log  /var/log/nginx/nextcloud.access.log;
    error_log   /var/log/nginx/nextcloud.error.log;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav { 
        return 301 $scheme://$host/remote.php/dav; 
    }
    location = /.well-known/caldav { 
        return 301 $scheme://$host/remote.php/dav; 
    }

    client_max_body_size 512M;
    fastcgi_buffers 64 4K;
    gzip off;

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location / {
        rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }

    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
    }

    location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        access_log off;
    }

    location ~ /\.ht {
        deny all;
    }

}

I also gave it some additional thought: in my opinion I would need two configurations, one for “external” and for “internal” use? Because for external access it is actually quite nice that you only have to know the domain and not the exact path on the server. Only for access from within the local network I’d like to access nextcloud with /nextcloud/. And the redirect therefore too is only needed for the internal access.

Thanks for the quick responses by the way!