даже не знаю куда копать.
решил обновить nextcloud и систему
:/var/www/nextcloud/data# sudo -u www-data php /var/www/nextcloud/occ user:add 1234567890 --group admin
Enter password:
Confirm password:
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
The account “1234567890” was created successfully
Account “1234567890” added to group “admin”
/var/www/nextcloud/data# sudo -u www-data php /var/www/nextcloud/occ support:report
Server configuration detail
Operating system: Linux 6.8.12-8-pve #1 SMP PREEMPT_DYNAMIC PMX 6.8.12-8 (2025-01-24T12:32Z) x86_64
Webserver: Unknown (cli)
Database: mysql 10.11.11
PHP version: 8.2.28
Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, json, pcntl, random, Reflection, SPL, session, standard, sodium, mysqlnd, PDO, xml, bcmath, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, igbinary, imagick, intl, exif, mysqli, pdo_mysql, Phar, posix, readline, redis, shmop, SimpleXML, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, xmlreader, xmlwriter, xsl, zip, Zend OPcache
Nextcloud version: 31.0.4 - 31.0.4.1
Updated from an older Nextcloud/ownCloud or fresh install:
Where did you install Nextcloud from: unknown
Signing status
List of activated apps
Enabled:
- activity: 4.0.0
- app_api: 5.0.2
- bruteforcesettings: 4.0.0
- circles: 31.0.0
- comments: 1.21.0
- contactsinteraction: 1.12.0
- dashboard: 7.11.0
- drawio: 3.1.0
- federation: 1.21.0
- files_downloadlimit: 4.0.0
- files_pdfviewer: 4.0.0
- files_reminders: 1.4.0
- files_sharing: 1.23.1
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- firstrunwizard: 4.0.0
- logreader: 4.0.0
- nextcloud_announcements: 3.0.0
- notes: 4.12.0
- notifications: 4.0.0
- password_policy: 3.0.0
- photos: 4.0.0-dev.1
- privacy: 3.0.0
- recommendations: 4.0.0
- related_resources: 2.0.0
- richdocuments: 8.6.4
- richdocumentscode: 24.4.1303
- serverinfo: 3.0.0
- sharebymail: 1.21.0
- spreed: 21.0.3
- support: 3.0.0
- survey_client: 3.0.0
- systemtags: 1.21.1
- text: 5.0.0
- updatenotification: 1.21.0
- user_status: 1.11.0
- weather_status: 1.11.0
- webhook_listeners: 1.2.0
Disabled:
- admin_audit
- encryption
- files_external
- suspicious_login
- twofactor_nextcloud_notification
- twofactor_totp
- user_ldap
Configuration (config/config.php)
{
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"********.***.******.net",
"192.168.52.13"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "31.0.4.1",
"overwrite.cli.url": "https:\/\/********.***.******.net",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"auth.bruteforce.protection.enabled": false,
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "25",
"allowed_admin_ranges": [
"127.0.0.1\/8",
"192.168.52.0\/24"
],
"maintenance": false,
"theme": "",
"loglevel": 1
}
Cron Configuration:
Mode: cron
Last: 2025-04-25T21:10:14+00:00 (7 seconds ago)
External storages: files_external is disabled
Encryption: no
User-backends:
- OC\User\Database
Subscription:
- No valid subscription key set
Browser: unknown
Setup checks
system
- Errors in the log: 1 error in the logs since April 18, 2025, 9:10:21 PM
- Brute-force Throttle: Your remote address could not be determined.
- Transactional File Locking: The database is used for transactional file locking. To enhance performance, please configure memcache, if available.
- Maintenance window start: Server has no maintenance window start time configured. This means resource intensive daily background jobs will also be executed during your main usage time. We recommend to set it to a time of low usage, so users are less impacted by the load caused from these heavy tasks.
- Memcache: No memory cache has been configured. To enhance performance, please configure a memcache, if available.
- Mimetype migrations available: One or more mimetype migrations are available. Occasionally new mimetypes are added to better handle certain file types. Migrating the mimetypes take a long time on larger instances so this is not done automatically during upgrades. Use the command
occ maintenance:repair --include-expensiveto perform the migrations.
security
- Forwarded for headers: Your remote address could not be determined.
- HTTP headers: Some headers are not set correctly on your instance
- The
Strict-Transport-SecurityHTTP header is not set (should be at least15552000seconds). For enhanced security, it is recommended to enable HSTS.
- The
config
- Default phone region: Your installation has no default phone region set. This is required to validate phone numbers in the profile settings without a country code. To allow numbers without a country code, please add “default_phone_region” with the respective ISO 3166-1 code of the region to your config file.
- Email test: You have not set or verified your email server configuration, yet. Please head over to the “Basic settings” in order to set them. Afterwards, use the “Send email” button below the form to verify your settings.
php
- PHP Imagick module: The PHP module “imagick” in this instance has no SVG support. For better compatibility it is recommended to install it.
talk
- High-performance backend: No High-performance backend configured - Running Nextcloud Talk without the High-performance backend only scales for very small calls (max. 2-3 participants). Please set up the High-performance backend to ensure calls with multiple participants work seamlessly.
Talk
Talk configuration:
STUN servers
- no custom server configured
TURN servers
- no custom server configured
Signaling servers (mode: default):
- SIP dialin is disabled
- SIP dialout is disabled
- no custom server configured
Recording servers:
- Recording is enabled
- Recording consent is set to “default”
- no recording server configured
:~# sudo -u www-data php /var/www/nextcloud/occ integrity:check-core
- INVALID_HASH:
- core/js/mimetypelist.js:
- expected: 83befc51175b6888bc37997804057c6c8a42d7f6acab0f698e00d64b2d3b6b71e43ef4c59086b9cdd5154b0ed86aae1153ea68770b34cc78e446cac6af86d0ac
- current: 2882377eb2eb5a5dfb378e705474ef51311bddf2a31eb3f3f8b1e8293bad07b3e512a7ff5f6544980645aa538477b9401fb2d2e296d8882049e0019b0c91476c
- core/js/mimetypelist.js:
- EXTRA_FILE:
- core/img/filetypes/drawio.svg:
- expected:
- current: 92e0974cf869bf8ab969c3442dc2b80d55fde36441d22924db74916a06b407520aa2a9dc39336f9157195ebede697ffac0e639360879255ab91932d406e1897d
- core/img/filetypes/dwb.svg:
- expected:
- current: 43731dd5f17a048112ea5109b40b02ec019b3ee2324385a0f448e3bd2264cb13dc160ab018d893f92f8e2f168fd09009b51578c8c6b97a02a1617c67ac087701
- core/img/filetypes/drawio.svg:
drawio.svg
dwb.svg
sudo -u www-data php /var/www/nextcloud/occ app:remove drawio
drawio - был удалён
dwb - не был установлен
удалил
/var/www/nextcloud/core/img/filetypes/dwb.svg
/var/www/nextcloud/core/img/filetypes/drawio.svg
sudo -u www-data php /var/www/nextcloud/occ integrity:check-core
после проверки возврат до ключа (для новичков: можно вводить новую команду без какого ли бо вывода информации о процессе или результата)
echo $?
вывод
0
тобишь всё хорошо и успешно
INVALID_HASH:
core/js/mimetypelist.js:
expected: 83befc51175b6888bc37997804057c6c8a42d7f6acab0f698e00d64b2d3b6b71e43ef4c59086b9cdd5154b0ed86aae1153ea68770b34cc78e446cac6af86d0ac
current: 2882377eb2eb5a5dfb378e705474ef51311bddf2a31eb3f3f8b1e8293bad07b3e512a7ff5f6544980645aa538477b9401fb2d2e296d8882049e0019b0c91476c
лечится:
sudo rm /var/www/nextcloud/core/js/mimetypelist.js
sudo wget https://raw.githubusercontent.com/nextcloud/server/master/core/js/mimetypelist.js -P /var/www/nextcloud/core/js
(не помогло)
cd /var/www/nextcloud
/var/www/nextcloud# sudo -u www-data php occ app:list
sudo -u www-data php occ app:remove drawio
sudo -u www-data php occ app:install drawio
(не помогло)
Я думаю на это сообщение об ошибке можно забить, и скорее всего не ошибка восве, а фича.
EXTRA_FILE:
core/img/filetypes/drawio.svg:
expected:
current: 92e0974cf869bf8ab969c3442dc2b80d55fde36441d22924db74916a06b407520aa2a9dc39336f9157195ebede697ffac0e639360879255ab91932d406e1897d
core/img/filetypes/dwb.svg:
expected:
current: 43731dd5f17a048112ea5109b40b02ec019b3ee2324385a0f448e3bd2264cb13dc160ab018d893f92f8e2f168fd09009b51578c8c6b97a02a1617c67ac087701
php -m
[PHP Modules]
bcmath
calendar
Core
ctype
curl
date
dom
exif
FFI
fileinfo
filter
ftp
gd
gettext
gmp
hash
iconv
igbinary
imagick
intl
json
libxml
mbstring
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
Phar
posix
random
readline
redis
Reflection
session
shmop
SimpleXML
sockets
sodium
SPL
standard
sysvmsg
sysvsem
sysvshm
tokenizer
xml
xmlreader
xmlwriter
xsl
Zend OPcache
zip
zlib
[Zend Modules]
Zend OPcache
проблема проявила себя:
{"reqId":"********","level":3,"time":"2025-04-25T23:36:06+00:00",
"remoteAddr":"***ip***","user":false,"app":"PHP","method":"PUT",
"url":"/ocs/v2.php/apps/user_status/api/v1/heartbeat?format=jso
n",
"message":"Doctrine\\DBAL\\Exception:
Failed to connect to the database:
An exception occurred in the driver:
SQLSTATE[HY000] [2002] No such file or directory at /var/www/nextcloud/lib/private/DB/Connection.
php#237","userAgent":"******","data":{"app":"PHP"}}
все мои проблемы связанны с криворукой настройкой apacha
например внутренний сервер colobora имеет не тот адрес (имеет адрес внутренней сети “C” класса).
решается просто:
sudo -u www-data php /var/www/nextcloud/occ config:list
видим вывод:
"richdocuments": {
"disable_certificate_verification": "yes",
"enabled": "yes",
"installed_version": "8.6.4",
"types": "prevent_group_restriction",
"wopi_url": "https:\/\/192.168.*.*\/apps\/richdocumentscode\/proxy.php?req="
наверное так быть не должно
прописываю команду:
sudo -u www-data php /var/www/nextcloud/occ config:app:set --value https:\/\/*ДоменноеИмя*.net\/apps\/richdocumentscode\/proxy.php?req= richdocuments wopi_url
видим результат:
(не помогло)
nano /var/log/apache2/error.log
[Sat Apr 26 20:57:34.333398 2025] [core:notice] [pid 8542:tid 8542] AH00094: Command line: '/usr/sbin/apache2'
dlopen(): error loading libfuse.so.2
AppImages require FUSE to run.
You might still be able to extract the contents of this AppImage
if you run it with the --appimage-extract option.
See https://github.com/AppImage/AppImageKit/wiki/FUSE
for more information
Logging at warning level to file: /tmp/coolwsd.FynVIon5Wx/coolwsd.log
sh: 1: /tmp/appimage_extracted_cc6b126696cc600dd9ea41312c28a10b/usr/bin/coolmount: not found
[Sat Apr 26 21:20:19.905411 2025] [php:notice] [pid 8543:tid 8543] [client 127.0.0.1:53168] richdocumentscode (proxy.php) error exit, PID: 8543, Message: Timed out opening local socket: 99 - Cannot assign requ>
Security: coolforkit incorrect user-name, other than 'cool'
Init vcl
preload: xsec_xmlsec xmlsecurity merged ucpchelp1 wpftwriter wpftcalc wpftimpress wpftdraw msforms cached1 vbaswobj swd sw ucppkg1 sm msword slideshow pdfimport sdui sd scriptframe protocolhandler dlgprov solv>
Disabled: cmdmail rptxml rptui rpt dbp dbu abp odbc sdbc2
Preload textencodings
Allowlisted languages: de_DE el en_GB en_US es_ES fr_FR hu it nl pt_BR pt_PT ru
Preloading local dictionaries: de-DE en-US fr-FR it-IT nl-NL pt-BR ru-RU en-GB nl-BE pt-PT es-ES
Preloading local thesauri: de-DE en-US fr-FR it-IT pt-BR ru-RU en-GB pt-PT es-ES
Preloading local hyphenators: de-DE en-US fr-FR it-IT nl-NL pt-BR ru-RU en-GB nl-BE pt-PT es-ES
Preloading breakiterator
Preload icons
Preload short cut accelerators
Preload languages
Preload fonts
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Preload config
Ready to accept connections on port 9983.
apt install libfuse2
(не помогло)
echo "fuse" > /etc/modules-load.d/fuse.conf
reboot
после этого началось совсем что то страшное в контейнере.
удалил заглушку и включил в контейнере.
(успех)
появилась в логах апача ( /var/log/apache2/error.log ) такая ошибка:
[Sat Apr 26 23:28:12.686776 2025] [php:notice] [pid 638:tid 638] [client 127.0.0.1:49398] richdocumentscode (proxy.php) error exit, PID: 638, Message: The param should be 'status' or 'req=...', but is: 'filter=
contentcontrol'
[Sat Apr 26 23:28:16.908311 2025] [php:notice] [pid 191:tid 191] [client *ip_client*:7296] richdocumentscode (proxy.php) error exit, PID: 191, Message: The param should be 'status' or 'req=...', but is: 'ui_
theme=light'
*@*:/var/www/nextcloud/data# sudo -u www-data php /var/www/nextcloud/occ user:enable 1234567890
The specified user is enabled
root@nextcloud:/var/www/nextcloud/data# sudo -u www-data php /var/www/nextcloud/occ integrity:check-core
- EXTRA_FILE:
- core/img/filetypes/drawio.svg:
- expected:
- current: 92e0974cf869bf8ab969c3442dc2b80d55fde36441d22924db74916a06b407520aa2a9dc39336f9157195ebede697ffac0e639360879255ab91932d406e1897d
- core/img/filetypes/dwb.svg:
- expected:
- current: 43731dd5f17a048112ea5109b40b02ec019b3ee2324385a0f448e3bd2264cb13dc160ab018d893f92f8e2f168fd09009b51578c8c6b97a02a1617c67ac087701
*@*:/var/www/nextcloud/data# echo $?
1
*@*:/var/www/nextcloud/data#
Так ладно работа сервера восстановлена, и он с стороны пользователя выгладит довольно стабильно.
Есть у кого мысли куда копать что бы вернуть панель администрирования сервера в веб-морде (кокпите) администратору системы
пока что на любую ссылку с администрирование которую я вспомнил например:
https://*.*.*.net/index.php/settings/users
https://*.*.*.net/index.php/settings/admin
построчный вывод лога в живую в CLI и браузером стучимся в любую админскую часть сайта.
tail -f /var/log/apache2/error.log
IP*.*.*.* - - [27/Apr/2025:20:17:18 +0400] "GET /index.php/settings/users HTTP/1.1" 403 40973 "-" "Mozilla/*.* (Windows NT *.*; Win*; x*; rv:*.*) Gecko/* Firefox/*.*"
Другими словами основная ошибка соответствует картинке.
HTTP код 403 - (Доступ запрещён)
но какие операции нужно сделать с пользователем чтобы выдать ему права и самое главное где?
напомню:
sudo -u www-data php /var/www/nextcloud/occ user:add 1234567890 --group admin
даёт следующий вывод:
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
The account “1234567890” was created successfully
Account “1234567890” added to group “admin”
Ларчик открывался просто:
Панель администрирования по каким то причинам не может открываться из глобальной сети.
если я открою nextcloud не по доменному имяни, а по ip адресу самого nextcloud то панель администрирования появится.
другими словами удалённое администратрирование nextcloud должно осуществляться через тоннель с маршрутом в локальную сеть.
nano /var/www/nextcloud/config/config.php
вносим список IP адресов с маской сети
'allowed_admin_ranges' => ['127.0.0.1/8','192.168.0.0/24','95.*.*.0/22'],