Please help me with my apache cfg / syscheck errors

gmcpaul · November 22, 2024, 10:52am

hi all,
im having trouble to get all the syschecks right.
webdav keeps complaining and some minor checks as well
OS: Ubuntu 24.04.1

apache error log:

[Fri Nov 22 11:49:31.249182 2024] [php:error] [pid 546446] [client 127.0.0.1:52834] script '/var/www/html/remote.php' not found or unable to stat

so it does not seem to accept my path. why?

my conf:

config.php

<?php
$CONFIG = array (
  'instanceid' => 'xxx',
  'passwordsalt' => 'xxx',
  'secret' => 'xxx',
  'trusted_domains' => 
  array (
    0 => 'nextcloud.dengg.org',
  ),
  'datadirectory' => '/home/nextcloud',
  'dbtype' => 'mysql',
  'version' => '30.0.1.2',
  'overwrite.cli.url' => 'https://nextcloud.domain.org',
  'htaccess.RewriteBase' => '/',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'xxx',
  'installed' => true,
  'skeletondirectory' => '',
  'defaultapp' => 'files',
  'maintenance_window_start' => 1,
  'mail_smtpmode' => 'sendmail',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'owncloud',
  'mail_domain' => 'domain.org',
);

nextcloud.domain.org.conf

<VirtualHost 1.1.1.1:443>
 ServerName nextcloud.domain.org
 DocumentRoot /var/www/domain.org/nextcloud/
 #Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
 SetEnv HOME /var/www/domain.org/nextcloud
 SetEnv HTTP_HOME /var/www/domain.org/nextcloud
 Alias /nextcloud "/var/www/domain.org/nextcloud/"

<Directory /var/www/domain.org/nextcloud/>
  Require all granted
  AllowOverride All
  Options FollowSymLinks MultiViews

  <IfModule mod_dav.c>
    Dav off
  </IfModule>
</Directory>

  SSLEngine On
  Include /etc/letsencrypt/options-ssl-apache.conf
  SSLCertificateFile /etc/letsencrypt/live/domain.org/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/domain.org/privkey.pem
</VirtualHost>

<VirtualHost 1.1.1.1:80>
 ServerName nextcloud.domain.org
 Redirect "/"  "https://nextcloud.domain.org"
 RewriteEngine on
 RewriteCond %{SERVER_NAME} =nextcloud.domain.org
 RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

thanks in advance

gmcpaul · November 22, 2024, 11:03am

this his how a complete check looks like

==> /var/log/apache2/error.log <==
[Fri Nov 22 11:59:53.974211 2024] [php:error] [pid 547442] [client 127.0.0.1:59154] script '/var/www/html/remote.php' not found or unable to stat

==> /var/log/apache2/other_vhosts_access.log <==
srv01.domain.org:80 127.0.0.1 - - [22/Nov/2024:11:59:53 +0100] "PROPFIND /remote.php/webdav HTTP/1.1" 404 442 "-" "Nextcloud Server Crawler"
nextcloud.domain.org:443 188.21.202.82 - - [22/Nov/2024:11:59:53 +0100] "PUT /ocs/v2.php/apps/user_status/api/v1/heartbeat?format=json HTTP/1.1" 200 1268 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
nextcloud.domain.org:443 188.21.202.82 - - [22/Nov/2024:11:59:53 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 1618 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
srv01.domain.org:80 127.0.0.1 - - [22/Nov/2024:11:59:54 +0100] "\x16\x03\x01\x02" 400 489 "-" "-"
srv01.domain.org:80 127.0.0.1 - - [22/Nov/2024:11:59:54 +0100] "GET /home/nextcloud/.ncdata HTTP/1.1" 404 442 "-" "Nextcloud Server Crawler"
nextcloud.domain.org:443 188.21.202.82 - - [22/Nov/2024:11:59:54 +0100] "GET /ocs/v2.php/cloud/groups/details HTTP/1.1" 200 913 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
srv01.domain.org:80 127.0.0.1 - - [22/Nov/2024:11:59:54 +0100] "\x16\x03\x01\x02" 400 489 "-" "-"
srv01.domain.org:80 127.0.0.1 - - [22/Nov/2024:11:59:54 +0100] "HEAD /apps/settings/js/map-test.js.map HTTP/1.1" 404 140 "-" "Nextcloud Server Crawler"
srv01.domain.org:80 127.0.0.1 - - [22/Nov/2024:11:59:54 +0100] "\x16\x03\x01\x02" 400 489 "-" "-"
srv01.domain.org:80 127.0.0.1 - - [22/Nov/2024:11:59:54 +0100] "HEAD /apps/settings/js/esm-test.mjs HTTP/1.1" 404 140 "-" "Nextcloud Server Crawler"
srv01.domain.org:80 127.0.0.1 - - [22/Nov/2024:11:59:54 +0100] "\x16\x03\x01\x02" 400 489 "-" "-"
srv01.domain.org:80 127.0.0.1 - - [22/Nov/2024:11:59:54 +0100] "HEAD /ocm-provider/ HTTP/1.1" 404 140 "-" "Nextcloud Server Crawler"
srv01.domain.org:80 127.0.0.1 - - [22/Nov/2024:11:59:54 +0100] "\x16\x03\x01\x02" 400 489 "-" "-"
srv01.domain.org:80 127.0.0.1 - - [22/Nov/2024:11:59:54 +0100] "HEAD /ocs-provider/ HTTP/1.1" 404 140 "-" "Nextcloud Server Crawler"
srv01.domain.org:80 127.0.0.1 - - [22/Nov/2024:11:59:54 +0100] "\x16\x03\x01\x02" 400 489 "-" "-"
srv01.domain.org:80 127.0.0.1 - - [22/Nov/2024:11:59:54 +0100] "GET /heartbeat HTTP/1.1" 404 442 "-" "Nextcloud Server Crawler"
srv01.domain.org:80 127.0.0.1 - - [22/Nov/2024:11:59:54 +0100] "\x16\x03\x01\x02" 400 489 "-" "-"
srv01.domain.org:80 127.0.0.1 - - [22/Nov/2024:11:59:54 +0100] "GET /.well-known/webfinger HTTP/1.1" 404 442 "-" "Nextcloud Server Crawler"
srv01.domain.org:80 127.0.0.1 - - [22/Nov/2024:11:59:54 +0100] "\x16\x03\x01\x02" 400 489 "-" "-"
srv01.domain.org:80 127.0.0.1 - - [22/Nov/2024:11:59:54 +0100] "HEAD /apps/theming/fonts/OpenDyslexic-Regular.otf HTTP/1.1" 404 140 "-" "Nextcloud Server Crawler"
nextcloud.domain.org:443 188.21.202.82 - - [22/Nov/2024:11:59:53 +0100] "GET /settings/ajax/checksetup HTTP/1.1" 200 4407 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
nextcloud.domain.org:443 188.21.202.82 - - [22/Nov/2024:11:59:55 +0100] "GET /index.php/apps/files/preview-service-worker.js HTTP/1.1" 200 6414 "https://nextcloud.domain.org/index.php/apps/files/preview-service-worker.js" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
mail.domain.org:443 188.21.202.82 - - [22/Nov/2024:11:58:01 +0100] "GET /groupoffice/api/sse.php?types=Alert,Group,UserDisplay,Field,FieldSet,Module,Link,EntityFilter,SmtpAccount,EmailTemplate,PdfTemplate,ImportMapping,CronJobSchedule,AuthAllowGroup,OauthClient,SpreadSheetExport,Contact,AddressBook,AddressBookGroup,Bookmark,BookmarksCategory,Note,NoteBook,TaskListGrouping,TaskCategory,TaskList,Task HTTP/1.1" 200 4479 "https://mail.domain.org/groupoffice/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
domain.org:443 188.21.202.82 - - [22/Nov/2024:12:00:13 +0100] "-" 408 3356 "-" "-"
srv01.domain.org:80 ::1 - - [22/Nov/2024:12:00:16 +0100] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.4.58 (Ubuntu) OpenSSL/3.0.13 (internal dummy connection)"
nextcloud.domain.org:443 188.21.202.82 - - [22/Nov/2024:12:00:24 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 304 1108 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
nextcloud.domain.org:443 188.21.202.82 - - [22/Nov/2024:12:00:54 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 304 1108 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"

bb77 · November 22, 2024, 1:33pm

Try to remove or comment out the following lines:

Alias /nextcloud "/var/www/domain.org/nextcloud/",

Redirect "/" "https://nextcloud.domain.org"

Also, you should probably put the VirtualHost that redirects to HTTPS above the one it is supposed to redirect to:

<VirtualHost 1.1.1.1:80>
 ServerName nextcloud.domain.org
 RewriteEngine on
 RewriteCond %{SERVER_NAME} =nextcloud.domain.org
 RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost 1.1.1.1:443>
 ServerName nextcloud.domain.org
 DocumentRoot /var/www/domain.org/nextcloud/
 #Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
 SetEnv HOME /var/www/domain.org/nextcloud
 SetEnv HTTP_HOME /var/www/domain.org/nextcloud
 
<Directory /var/www/domain.org/nextcloud/>
  Require all granted
  AllowOverride All
  Options FollowSymLinks MultiViews

  <IfModule mod_dav.c>
    Dav off
  </IfModule>
</Directory>

  SSLEngine On
  Include /etc/letsencrypt/options-ssl-apache.conf
  SSLCertificateFile /etc/letsencrypt/live/domain.org/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/domain.org/privkey.pem
</VirtualHost>

Oh and just out of curiosity, is there a specific reason why you specified an IP address for the VirtualHosts? Does your server have multiple IP addresses?

gmcpaul · November 22, 2024, 9:42pm

hi, and thanks for your reply
so i moved :80 config up and tried again but no luck

i have another virtual nic on my system and had problems to bind subdomains to my primary ip, thats why i bind the ip to the port

<VirtualHost 1.1.1.1:80>
 ServerName nextcloud.domain.org
 RewriteEngine on
 RewriteCond %{SERVER_NAME} =nextcloud.domain.org
 RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost 1.1.1.1:443>
 ServerName nextcloud.domain.org
 DocumentRoot /var/www/domain.org/nextcloud/
 ProxyRequests off
 SSLProxyEngine on
 ProxyPreserveHost on
 Header always set Strict-Transport-Security "max-age=63072000;"

<Directory /var/www/domain.org/nextcloud/>
  Require all granted
  AllowOverride All
  Options FollowSymLinks MultiViews

  <IfModule mod_dav.c>
    Dav off
  </IfModule>

 SetEnv HOME /var/www/domain.org/nextcloud
 SetEnv HTTP_HOME /var/www/domain.org/nextcloud
 Satisfy Any
</Directory>

  SSLEngine On
  Include /etc/letsencrypt/options-ssl-apache.conf
  SSLCertificateFile /etc/letsencrypt/live/domain.org/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/domain.org/privkey.pem
</VirtualHost>

ernolf · November 22, 2024, 11:31pm

Hi @gmcpaul,

Try removing these lines:

Those lines where actualy never required. Once added to the documentation without further explanation under OwnCloud:

… and removed nearly 5 years ago:

h.t.h.

Much and good luck,
ernolf

gmcpaul · November 23, 2024, 10:00am

tank you for helping ernolf.

so now it appears my problem was that i bound the nextcloud service only to the wan ip and because of that it did not listen to the loopback ip

so i came up with following solution :

<VirtualHost 1.1.1.1:443 127.0.0.1:443>
 ServerName nextcloud.domain.org
 DocumentRoot /var/www/domain.org/nextcloud/
 ProxyRequests off
 SSLProxyEngine on
 ProxyPreserveHost on
 Header always set Strict-Transport-Security "max-age=63072000;"

<Directory /var/www/domain.org/nextcloud/>
  Require all granted
  AllowOverride All
  Options FollowSymLinks MultiViews

  <IfModule mod_dav.c>
    Dav off
  </IfModule>

</Directory>

  SSLEngine On
  Include /etc/letsencrypt/options-ssl-apache.conf
  SSLCertificateFile /etc/letsencrypt/live/domain.org/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/domain.org/privkey.pem
</VirtualHost>

<VirtualHost 1.1.1.1:80 127.0.0.1:80>
 ServerName nextcloud.domain.org
 RewriteEngine on
 RewriteCond %{SERVER_NAME} =nextcloud.domain.org
 RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

only warning left:

Your web server is not properly set up to resolve `.well-known` URLs, failed on: `/.well-known/caldav` For more details see the documentation ↗.

updated the .htaccess with occ but that didnt help