Notify push help with test

smorkgl · December 7, 2023, 8:33am

Support intro

Sorry to hear you’re facing problems

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can

Nextcloud version (eg, 20.0.5): 27.1.4
Operating system and version (eg, Ubuntu 20.04): Ubuntu 22.04
Apache or nginx version (eg, Apache 2.4.25): 2.4.52
PHP version (eg, 7.4): 8.1.2

The issue you are facing:

PI have a problem with Notify_push, I can’t install it and link it to Nextcloud in any way. I connected everything according to the instructions, installed Redis, connected everything together. I decided to do a test, found on github how to do it, but during the test ./test_client http://192.168.1.123 test test1, when performing the test, it writes to me what is in the screenshot. The certificate is self-signed and trusted, there is no red error when going to the site. But still no notifications are coming. Maybe you’ve solved it and you know what you can do, if so, please help

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

./test_client http://192.168.1.123 test test1,

The output of your Nextcloud log in Admin > Logging:

[internet_connection_check] Ошибка: GuzzleHttp\Exception\ConnectException: cURL error 28: Operation timed out after 30001 milliseconds with 0 bytes received (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://nextcloud.com at <<closure>>

 0. /var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php line 158
    GuzzleHttp\Handler\CurlFactory::createRejection("*** sensitive parameters replaced ***")
 1. /var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php line 110
    GuzzleHttp\Handler\CurlFactory::finishError()
 2. /var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlHandler.php line 47
    GuzzleHttp\Handler\CurlFactory::finish()
 3. /var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php line 137
    GuzzleHttp\Handler\CurlHandler->__invoke()
 4. /var/www/nextcloud/lib/private/Http/Client/DnsPinMiddleware.php line 154
    GuzzleHttp\Middleware::GuzzleHttp\{closure}("*** sensitive parameters replaced ***")
 5. /var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php line 35
    OC\Http\Client\DnsPinMiddleware->OC\Http\Client\{closure}("*** sensitive parameters replaced ***")
 6. /var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php line 31
    GuzzleHttp\PrepareBodyMiddleware->__invoke()
 7. /var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php line 71
    GuzzleHttp\Middleware::GuzzleHttp\{closure}("*** sensitive parameters replaced ***")
 8. /var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php line 107
    GuzzleHttp\RedirectMiddleware->__invoke()
 9. /var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php line 73
    GuzzleHttp\RedirectMiddleware->checkRedirect()
10. /var/www/nextcloud/3rdparty/guzzlehttp/promises/src/FulfilledPromise.php line 41
    GuzzleHttp\RedirectMiddleware->GuzzleHttp\{closure}("*** sensitive parameters replaced ***")
11. /var/www/nextcloud/3rdparty/guzzlehttp/promises/src/TaskQueue.php line 48
    GuzzleHttp\Promise\FulfilledPromise::GuzzleHttp\Promise\{closure}("*** sensitive parameters replaced ***")
12. /var/www/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 248
    GuzzleHttp\Promise\TaskQueue->run()
13. /var/www/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 224
    GuzzleHttp\Promise\Promise->invokeWaitFn()
14. /var/www/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 269
    GuzzleHttp\Promise\Promise->waitIfPending()
15. /var/www/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 226
    GuzzleHttp\Promise\Promise->invokeWaitList()
16. /var/www/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 62
    GuzzleHttp\Promise\Promise->waitIfPending()
17. /var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php line 187
    GuzzleHttp\Promise\Promise->wait()
18. /var/www/nextcloud/lib/private/Http/Client/Client.php line 230
    GuzzleHttp\Client->request()
19. /var/www/nextcloud/apps/settings/lib/Controller/CheckSetupController.php line 224
    OC\Http\Client\Client->get()
20. /var/www/nextcloud/apps/settings/lib/Controller/CheckSetupController.php line 206
    OCA\Settings\Controller\CheckSetupController->isSiteReachable()
21. /var/www/nextcloud/apps/settings/lib/Controller/CheckSetupController.php line 921
    OCA\Settings\Controller\CheckSetupController->hasInternetConnectivityProblems()
22. /var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 230
    OCA\Settings\Controller\CheckSetupController->check()
23. /var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 137
    OC\AppFramework\Http\Dispatcher->executeController()
24. /var/www/nextcloud/lib/private/AppFramework/App.php line 183
    OC\AppFramework\Http\Dispatcher->dispatch()
25. /var/www/nextcloud/lib/private/Route/Router.php line 315
    OC\AppFramework\App::main()
26. /var/www/nextcloud/lib/base.php line 1068
    OC\Route\Router->match()
27. /var/www/nextcloud/index.php line 36
    OC::handleRequest()

GET /index.php/settings/ajax/checksetup
from 192.168.1.123 by cloud at 2023-12-07T08:21:29+00:00

[PHP] Ошибка: RedisException: No such file or directory at /var/www/nextcloud/lib/private/RedisFactory.php#137

GET /ocs/v2.php/apps/dashboard/api/v2/widget-items?widgets%5B%5D=activity
from 192.168.1.33 at 2023-12-07T08:15:09+00:00

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

  GNU nano 6.2                                                                                         config.php                                                                                                  
<?php
$CONFIG = array (
  'instanceid' => '',
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' => 
  array (
    0 => '192.168.1.123',
    1 => 'cloud',
  ),
  'datadirectory' => '/media/cloud/Nextcloud/data/',
  'dbtype' => 'mysql',
  'version' => '27.1.4.1',
  'overwrite.cli.url' => 'http://192.168.1.123',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'cloud',
  'dbpassword' => '2Re5W34',
  'installed' => true,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'maintenance' => false,
  'trashbin_retention_obligation' => 'auto, 7',
  'updater.secret' => '$2y$10$7ljEGfe/hKum0xww1qih0.xoxpyK814tSkljit9o8Mrwly5ok.oge',
  'theme' => '',
  'loglevel' => 2,
  'trusted_proxies' => 
  array (
    0 => '192.168.1.123',
    1 => 'cloud',
    2 => '127.0.0.1',
    3 => '::1',
  ),
'memcache.local' => '\OC\Memcache\Redis',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'filelocking.enabled' => 'true',
'redis' =>
array (
'host' => '/var/run/redis/redis.sock',
'port' => 0,
'timeout' => 0.0,
),  

);

The output of your Apache/nginx/system log in /var/log/____:

access.log       error.log.2.gz                 other_vhosts_access.log.12.gz
access.log.1     error.log.3.gz                 other_vhosts_access.log.13.gz
access.log.2.gz  error.log.4.gz                 other_vhosts_access.log.14.gz
access.log.3.gz  error.log.5.gz                 other_vhosts_access.log.2.gz
access.log.4.gz  error.log.6.gz                 other_vhosts_access.log.3.gz
error.log        error.log.7.gz                 other_vhosts_access.log.4.gz
error.log.1      error.log.8.gz                 other_vhosts_access.log.5.gz
error.log.10.gz  error.log.9.gz                 other_vhosts_access.log.6.gz
error.log.11.gz  other_vhosts_access.log        other_vhosts_access.log.7.gz
error.log.12.gz  other_vhosts_access.log.1      other_vhosts_access.log.8.gz
error.log.13.gz  other_vhosts_access.log.10.gz  other_vhosts_access.log.9.gz
error.log.14.gz  other_vhosts_access.log.11.gz

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

PASTE HERE

Kerasit · December 7, 2023, 8:37am

The TLS certificate you have setup is not trusted. Proably because you are trying to hit a host by IP instead of the domain anme set as CN on the certificate. This is very common and very much security by design and how you would expect TLS to behave.

smorkgl · December 7, 2023, 9:03am

I replaced the IP with localhost, but the error is the same, what i can try to do?

bb77 · December 7, 2023, 9:06am

Maybe this is of any help:

https://github.com/nextcloud/notify_push#self-signed-certificates

Kerasit · December 7, 2023, 9:07am

The certificate you have configured in the webserver for your nextcloud. Is that self signed?

CN on a certificate has to match the url you are typing in your browser. 99% of all certificates are issued to something that can be reached publicly, so the CN of the certificate would something like:

cloud.example.com
or
www.example.com

Nearly no publicly trusted certificates has localhost as either cn or alias, hence you will need to use your “pretty” domain url to in order to get that to work.

Or as bb77 links to: Allow self signed. But even with selfsigned, the CN and/or any added alias values on the certificate, still has to contain localhost or the IP adress.

smorkgl · December 7, 2023, 9:54am

so will it be possible to install it on a local network without Internet access? to go to the nextcloud web interface, I enter https://cloud or https://192.168.1.123 or https://localhost so what name do I need to enter in the certificate?

bb77 · December 7, 2023, 10:38am

I tried it on a test instance with self signed cerificates and it worked:

SystemD service:

[Unit]
Description = Push daemon for Nextcloud clients
After=postgresql.service

[Service]
Environment=ALLOW_SELF_SIGNED=true
Environment=PORT=7867
Environment=NEXTCLOUD_URL=https://192.168.1.123 
ExecStart=/var/www/html/nextcloud/apps/notify_push/bin/x86_64/notify_push /var/www/html/nextcloud/config/config.php
User=www-data

[Install]
WantedBy = multi-user.target

Apache Config:

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName bookworm-test.local.mydomain.tld
ServerAlias 192.168.1.123
DocumentRoot /var/www/html/nextcloud

<Directory /var/www/html/nextcloud/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Satisfy Any
</Directory>

<IfModule mod_dav.c>
Dav off
</IfModule>

<Directory /var/nextcloud-data/>
Require all denied
</Directory>

<Files ".ht*">
Require all denied
</Files>

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACK
RewriteRule .* - [R=405,L]

SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud

<IfModule mod_reqtimeout.c>
RequestReadTimeout body=0
</IfModule>

<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
</IfModule>

ProxyPass /push/ws ws://127.0.0.1:7867/ws
ProxyPass /push/ http://127.0.0.1:7867/
ProxyPassReverse /push/ http://127.0.0.1:7867/

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

SSLEngine on
SSLProtocol -all +TLSv1.3 +TLSv1.2
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-EC>
SSLHonorCipherOrder off
SSLSessionTickets off
</VirtualHost>
</IfModule>

Relevant config.php parameters:

'trusted_domains' => 
  array (
    0 => 'bookworm-test.local.mydomain.tld',
    1 => '192.168.1.123',
  ),

'overwrite.cli.url' => 'https://192.168.1.123',
'overwriteprotocol' => 'https',

  'trusted_proxies' => 
  array (
    0 => '127.0.0.1',
    1 => '::1',
    2 => '192.168.1.123',
  ),

Apache Modules and setup:

Make sure the following Apache modules are enabled:

a2enmod proxy proxy_http proxy_wstunnel

…and then set it up with the following command:

sudo -u www-data php /var/www/html/nextcloud/occ notify_push:setup https://192.168.1.123/push

✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app
  configuration saved

bb77 · December 7, 2023, 10:51am

Additional notes

As you can see in my Apache Config, I use the Debian Default Snakeoil Certs, which I generated with the following command:

make-ssl-cert generate-default-snakeoil --force-overwrite

These certificates only contain the FQDN of my server, but I can still use the IP address for the connection via the browser (generates a warning of course) and for Notify_Push: I don’t know what the crucial point is that makes it work, so I posted my configuration for comparison.

smorkgl · December 7, 2023, 11:27am

Sorry, nothing has worked out for me yet, but I’m wondering if connecting Notify_push will fix the delay in notifications on users’ Desktops?

smorkgl · December 7, 2023, 11:30am

gtht
I did everything according to the instructions, but still when testing the client./test 192.168.1.123 test test1 he swears at certificates

smorkgl · December 7, 2023, 11:42am

this i have after these commands
sudo -u www-data php /var/www/nextcloud/occ notify_push:log debug
sudo journalctl -eu notify_push

bb77 · December 7, 2023, 1:59pm

As far as I can tell, it’s mainly used to notify clients when files have changed, so they don’t have to keep checking themselves, which increases the load on the server. Overall, it should improve file sync performance and generally make the server more responsive, especially if there are a lot of clients connected. But I guess it will help reducing the delay of notifications as well.

This could simply be the test client not being able to handle self-signed certificates.

Sorry not sure why you are still getting these errors. Maybe you can post your exact config here.