Overwrite.cli.url warning given even though "overwrite.cli.url" is correctly set

`"Security and Setup warnings is giving the following message: Please make sure to set the “overwrite.cli.url” option in your config.php file to the URL that your users mainly use to access this Nextcloud. Suggestion: “https://public.url.net”. Otherwise there might be problems with the URL generation via cron. (It is possible though that the suggested URL is not the URL that your users mainly use to access this Nextcloud. Best is to double check this in any case.)

However, ‘overwrite.cli.url’ is set accurately. The whole setup is behind an Apache reverse proxy."`

Nextcloud version (eg, 20.0.5): 25.0.3
Operating system and version (eg, Ubuntu 20.04): TOS 5.1.24
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4
PHP version (eg, 7.4): 8.1

The issue you are facing:

Security and Setup warnings is giving the following message: Please make sure to set the “overwrite.cli.url” option in your config.php file to the URL that your users mainly use to access this Nextcloud. Suggestion: “https://public.url.net”. Otherwise there might be problems with the URL generation via cron. (It is possible though that the suggested URL is not the URL that your users mainly use to access this Nextcloud. Best is to double check this in any case.)

However, ‘overwrite.cli.url’ is set accurately. The whole setup is behind an Apache reverse proxy.

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

1. Upgrade to Nextcloud 25
2. Log on with Administrator
3. Access Administration settings

The output of your Nextcloud log in Admin > Logging:

Contains data too complex to anonymise before posting.

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => '***',
  'passwordsalt' => '***',
  'datadirectory' => '/***/nextcloud/data',
  'version' => '25.0.3.2',
  'dbtype' => 'mysql',
  'dbhost' => 'localhost:/tmp/mysql.sock',
  'dbport' => '',
  'dbname' => '***',
  'dbuser' => '***',
  'dbpassword' => '***',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'filelocking.enabled' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => '127.0.0.1',
    'port' => 6379,
  ),
  'installed' => true,
  'default_language' => 'en',
  'default_locale' => 'en_GB',
  'defaultapp' => 'dashboard,files',
  'knowledgebaseenabled' => true,
  'allow_user_to_change_display_name' => true,
  'remember_login_cookie_lifetime' => 1296000,
  'auth.bruteforce.protection.enabled' => true,
  'mail_domain' => '***',
  'mail_smtpmode' => 'smtp',
  'mail_smtphost' => '***',
  'mail_smtpport' => '465',
  'mail_smtpauth' => 1,
  'mail_smtpauthtype' => 'PLAIN',
  'mail_smtpname' => '***',
  'mail_smtppassword' => '***',
  'theme' => '',
  'default_phone_region' => 'GB',
  'loglevel' => 2,
  'maintenance' => false,
  'trusted_domains' =>
  array (
    0 => 'local.network.url:httpsport',
    1 => 'local.network.url:httpport',
    2 => 'public.url',
  ),
  0 =>
  array (
    'trusted_proxies' => 'reverse.proxy.local.ip',
    'overwritehost' => 'public.url.net:443',
    'overwriteprotocol' => 'https',
    'overwritewebroot' => '/',
    'overwrite.cli.url' => 'https://public.url.net/',
   #'overwrite.cli.url' => 'https://localhost:31443',
    'htaccess.RewriteBase' => '/',
    'ProxyPreserveHost' => 'On',
  ),
  'forwarded_for_headers' =>
  array (
    0 => 'HTTP_X_FORWARDED_FOR',
    1 => 'HTTP_X_FORWARDED',
  ),
  'secret' => '***',
  'mail_from_address' => 'admin',
  'mail_sendmailmode' => 'smtp',
  'mail_smtpsecure' => 'ssl',
);

The output of your Apache/nginx/system log in /var/log/____:

[Sun Mar 26 03:06:23.706368 2023] [ssl:warn] [pid 27847] AH01909: local.ip:port:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 26 03:06:24.003893 2023] [ssl:warn] [pid 27849] AH01909: local.ip:port:0 server certificate does NOT include an ID which matches the server name
[Sun Mar 26 03:06:24.250316 2023] [mpm_prefork:notice] [pid 27849] AH00163: Apache/2.4.53 (Unix) OpenSSL/1.1.1i PHP/8.1.13 configured -- resuming normal operations
[Sun Mar 26 03:06:24.250454 2023] [core:notice] [pid 27849] AH00094: Command line: '/usr/local/apache24/sys/bin/httpd -f /home/sanctimon/MOD_CONFIG/Nextcloud_okm/httpd.conf'
[Sun Mar 26 03:06:56.811370 2023] [php:warn] [pid 27905] [client 192.168.7.98:40308] PHP Warning:  Unknown: POST Content-Length of 40806180 bytes exceeds the limit of 33554432 bytes in Unknown on line 0
[Sun Mar 26 03:06:56.944788 2023] [php:warn] [pid 27914] [client 192.168.7.98:40312] PHP Warning:  Unknown: POST Content-Length of 52154076 bytes exceeds the limit of 33554432 bytes in Unknown on line 0
[Sun Mar 26 15:35:32.096494 2023] [php:warn] [pid 15039] [client 192.168.7.98:34500] PHP Warning:  Unknown: POST Content-Length of 40806180 bytes exceeds the limit of 33554432 bytes in Unknown on line 0
[Sun Mar 26 18:41:04.494815 2023] [php:warn] [pid 28254] [client 192.168.7.98:40010] PHP Warning:  Unknown: POST Content-Length of 40806180 bytes exceeds the limit of 33554432 bytes in Unknown on line 0

Got the same issue on a similar setup, another side effect of this is being unable to enable pretty URLs as:
sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccess
throws the error:
Error updating .htaccess file, not enough permissions, not enough free space or "overwrite.cli.url" set to an invalid URL?
despite all permissions being set correctly. Any help would be appreciated.

This is bogus syntax. Please review the docs and clean-up your configuration. All of these parameters are being ignored as a result. That’s the cause of your problem.

You can also do some sanity checking by running occ config:list system to see how things are parsed for real. However, none of these should be in an array. See https://docs.nextcloud.com

@MatsCraft1 Without your config we can only guess. Please post the output of occ config:list system (or equivalent).

Sorry, funnily enough the occ command doesn’t work when trying to run it via “occ”:

root@sharepoint:~# occ config:list system
Command 'occ' not found, but there are 21 similar ones.

When trying to run it via the full path “/var/www/nextcloud/occ”:
-bash: /var/www/nextcloud/occ: Permission denied

When trying to run it via the full path & sudo:

root@sharepoint:/var/www/nextcloud# sudo /var/www/nextcloud/occ
sudo: /var/www/nextcloud/occ: command not found

Trying to run it as www-data user doesn’t work either. //

This whole “incorrect overwrite.cli.url” threw up when messing with an occ command, might this be the cause of it?

When trying to enable pretty URLs as per this documentation I end up having errors thrown by this command:

sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccess

outputs:

root@sharepoint:/var/www/nextcloud# sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccess
Error updating .htaccess file, not enough permissions, not enough free space or "overwrite.cli.url" set to an invalid URL?

Btw here’s my config.php:

$CONFIG = array (
  'instanceid' => '***',
  'passwordsalt' => '***',
  'secret' => '***',
  'trusted_domains' => 
  array (
    0 => '192.168.2.200',
    1 => 'subdomain.mydomain.tld',
    2 => 'mydomain.tld',
  ),
  'overwrite.cli.url' => 'subdomain.mydomain.tld',
  'overwriteprotocol' => 'https',
  'htaccess.RewriteBase' => '/',
  'datadirectory' => '/share/nextcloud',
  'dbtype' => 'mysql',
  'version' => '28.0.3.2',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'mysql-nextcloud',
  'dbpassword' => '***',
  'installed' => true,
  'mail_domain' => 'mydomain.tld',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'address',
  'updater.secret' => '***',
);

This needs to have https or http in front of it.

/var/www/nextcloud/occ

• What user owns the occ file in your environment?
• What are the permissions on this file?
• What is the first line in this file?

/share/nextcloud

Same for this folder.

Here is the solution:
Put the value between two " (Double quotation) instead of ':
'overwrite.cli.url' => "subdomain.mydomain.tld",

I’m sorry, but while it may work and/or not cause any issues in your case, this is not the correct solution at all.

1. the documentation clearly states that the value should contain the full base URL: Configuration Parameters — Nextcloud latest Administration Manual latest documentation

2. I’m not a PHP expert, but as far as I know, the difference between single and double quotes in PHP is that in double quotes variables and escape characters are interpreted, whereas in single quotes they are not, and while it wouldn’t make a difference in this particular case, single quotes are generally preferred for explicit, static strings.

You seem to know a lot.

Been struggling a bit with Nextcloud and Snap for the last week. Did 2 or 3 reinstalls and 2 complete reinstalls of the system so far. But now :

Rating A+

https://nc.hostname.eu

Running Nextcloud 30.0.4.1
Latest patch level
Major version still supported

Security & setup warnings

It’s important for the security and performance of your instance that everything is configured correctly. To help you with that we are doing some automatic checks. Please see the linked documentation for more information.
There are some warnings regarding your setup.

• The PHP module “imagick” is not enabled although the theming app is. For favicon generation to work correctly, you need to install and enable this module. For more details see the documentation . <== can’t figure this 1 out.

But yes i was looking into this ‘clean url’ business and seem to be running into some issues.

When running the following:
root@nc:/var/snap# sudo nextcloud.occ maintenance:update:htaccess
Error updating .htaccess file, not enough permissions, not enough free space or “overwrite.cli.url” set to an invalid URL?

i changed the settings in config.php :
‘overwrite.cli.url’ => ‘https://nc.hostname.eu/’,
‘htaccess.RewriteBase’ => ‘/’,
(then again i don’t know if the ‘htaccess.rewritebase’ is correct)

i found the .htaccess file 4 times :

/mnt/nextcloud/data/.htaccess (on a different drive/mount and Nextcloud functions)
4 -rw-r–r-- 1 root root 542 Dec 26 14:52 .htaccess

/snap/nextcloud/45728/htdocs/.htaccess
5 -rw-r–r-- 1 root root 4312 Dec 12 10:00 .htaccess

/snap/nextcloud/45728/htdocs/config/.htaccess
1 -rw-r–r-- 1 root root 665 Dec 12 10:00 .htaccess

/var/snap/nextcloud/45728/nextcloud/config/.htaccess
4 -rw-rw-r-- 1 root root 665 Dec 24 19:28 .htaccess

occ :
/snap/nextcloud/45728/bin/occ
1 -rwxr-xr-x 1 root root 570 Dec 15 15:34 occ
/snap/nextcloud/45728/htdocs/occ
1 -rw-r–r-- 1 root root 308 Dec 12 10:00 occ

Output from occ config:list system

root@nc:/snap/nextcloud/45728/htdocs# nextcloud.occ config:list system
{
    "system": {
        "apps_paths": [
            {
                "path": "\/snap\/nextcloud\/current\/htdocs\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/snap\/nextcloud\/current\/nextcloud\/extra-apps",
                "url": "\/extra-apps",
                "writable": true
            }
        ],
        "supportedDatabases": [
            "mysql"
        ],
        "overwritehost": "nc.hostname.eu",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0
        },
        "log_type": "file",
        "logfile": "\/var\/snap\/nextcloud\/current\/logs\/nextcloud.log",
        "logfilemode": 416,
        "maintenance_window_start": 1,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "192.168.1.2",
            "nc.hostname.eu"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "30.0.4.1",
        "overwrite.cli.url": "https:\/\/nc.hostname.eu\/",
        "htaccess.RewriteBase": "\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "app_install_overwrite": [
            "occweb"
        ],
        "maintenance": false,
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "ssl",
        "mail_smtpport": "465",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "default_phone_region": "\u201cNL\u201d",
        "loglevel": 0
    }
}

If more information is needed?