Problem with LetsEncryp config

Phantomatz · July 7, 2019, 3:09pm

Hi,
I have installed Nextcloud on my NUC with Ubuntu and it works fine, however I have problems with the LetsEncrypt certifacte renewal by having nextcloud and my homepage hosted on the same installation

homepage dir is /var/www/html
Nexctloud dir is /var /www/html/nextclud

I have the config as follows (my server address is replaced with “MyServer”)

Problem:
Certificate renewal only works if I uncomment the first rows from currently commented out with # tag.
But homepage & nextcloud are only available when having them commented out.

Its obvious that I have not completely understood the system … but I do not find any example for a configuration with port 80 for homepage and port 443 for secured access for nextcloud.

Any hints ?? Thank you very much in advance.

Best regards

Holger

#<VirtualHost *:80>
#ServerName MyServer.com
#ErrorLog ${APACHE_LOG_DIR}/error.log
#CustomLog ${APACHE_LOG_DIR}/access.log combined
#Redirect permanent / https://myserver.com
#DocumentRoot /var/www.html
#</VirtualHost>


<IfModule mod_ssl.c>
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)

<VirtualHost *:443>
ServerName MyServer.com

DocumentRoot /var/www/html/nextcloud

ErrorLog ${APACHE_LOG_DIR}/error.log

CustomLog ${APACHE_LOG_DIR}/access.log combined

# SSL Konfiguration
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/myserver.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myserver.com/privkey.pem
SSLProtocol All -SSLv2 -SSLv3 -TLSv1.1

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>

#Nextcloud Konfiguration
<Directory /var/www/html/nextcloud/>
Options +FollowSymlinks
AllowOverride All

<IfModule mod_dav.c>
Dav off
</IfModule>

SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud
</Directory>

</VirtualHost>
</IfModule>

eehmke · July 8, 2019, 12:06am

I think you should set up two different subdomains like
www.myserver.com for your homepage

and
cloud.myserver.com for your cloud

Assign two virtual hosts for these domains and create the certificate matching these domains. Both domains can be put into the same certificate using subject alternate names.

Reiner_Nippes · July 8, 2019, 6:54am

Is this a typo? Should be /var/www/html Or?

Why don’t you setup only your Homepage (80/443) and access nextcloud via http://your.server/nextcloud ?

Phantomatz · July 8, 2019, 8:25am

Hello Reinder and eehmke, thank you for the hints.

Its not that easy to understand the way the config is build up, for complete NOOBs like me.

I finally came up with a conf file which solves my problem. I have no idea if all my settings are meaningfull, but can reach my homepage and my nextcloud and also can trigger the certificate renewal right away.

Thanks again.

<IfModule mod_ssl.c> SSLStaplingCache shmcb:/tmp/stapling_cache(128000) <VirtualHost *:443> ServerName myserver.com DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/letsencrypt/live/myserver.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/myserver.com/privkey.pem SSLProtocol All -SSLv2 -SSLv3 -TLSv1.1 <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> <Directory /var/www/html/> Options +FollowSymlinks AllowOverride All <IfModule mod_dav.c> Dav off </IfModule> SetEnv HOME /var/www/html/nextcloud SetEnv HTTP_HOME /var/www/html </Directory> </VirtualHost> </IfModule>