Proofread config - having access issues behind nginx proxy

Hello,

Nextcloud version (eg, 20.0.5): 25.0.3.2
Operating system and version (eg, Ubuntu 20.04): 20.04
Apache or nginx version (eg, Apache 2.4.25): Apache2/2.4.52
PHP version (eg, 7.4): 8.1
Running on VM on ESXi host

The issue you are facing: lost access to web pages, need proofread of configs…
I first lost local access when I cleared the hosts file in my router. I figured it was pointing out to the WAN ip, now I can’t get into NC from WAN or LAN

Is this the first time you’ve seen this error? (Y/N): yes

Steps to replicate it:

  1. open browser returns connection refused
  2. i think it’s nextcloud refusing connection as all other services on NGINX reverse proxy work fine and I can enter nextcloud.mydomain.org or the ip in browser and it will automatically change to nextcloud.mydomain.org as directed in config

The output of Nextcloud log in Admin > Logging: (directed this to file as I couldn’t get to webpage)

root@nextcloud:/var/log/nextcloud# tail -f -n 150 nextcloud.log 
{"reqId":"nsCKvl2826vGhk","level":0,"time":"2023-03-20T20:50:25+00:00","remoteAddr":"192.168.40.52","user":"--","app":"no app in context","method":"GET","url":"/index.php/apps/photos/service-worker.js","message":"Current user is not logged in","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36","version":"25.0.3.2","exception":{"Exception":"OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotLoggedInException","Message":"Current user is not logged in","Code":401,"Trace":[{"file":"/var/www/nextcloud.mydomain.org/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php","line":97,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\Security\\SecurityMiddleware","type":"->"},{"file":"/var/www/nextcloud.mydomain.org/lib/private/AppFramework/Http/Dispatcher.php","line":125,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\MiddlewareDispatcher","type":"->"},{"file":"/var/www/nextcloud.mydomain.org/lib/private/AppFramework/App.php","line":172,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud.mydomain.org/lib/private/Route/Router.php","line":298,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/nextcloud.mydomain.org/lib/base.php","line":1047,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/nextcloud.mydomain.org/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/nextcloud.mydomain.org/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php","Line":153,"message":"Current user is not logged in","exception":{},"CustomMessage":"Current user is not logged in"}}
{"reqId":"ZwP8KY1wta90z","level":0,"time":"2023-03-20T20:51:31+00:00","remoteAddr":"","user":"--","app":"serverDI","method":"","url":"/occ","message":"The requested alias \"SystemConfig\" is deprecated. Please request \"OC\\SystemConfig\" directly. This alias will be removed in a future Nextcloud version.","userAgent":"--","version":"25.0.3.2","data":{"app":"serverDI"}}
{"reqId":"KXlYTcHi6GT6H","level":0,"time":"2023-03-20T20:57:31+00:00","remoteAddr":"","user":"--","app":"serverDI","method":"","url":"/occ","message":"The requested alias \"SystemConfig\" is deprecated. Please request \"OC\\SystemConfig\" directly. This alias will be removed in a future Nextcloud version.","userAgent":"--","version":"25.0.3.2","data":{"app":"serverDI"}}

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'myinstanceID',
  'passwordsalt' => 'funkycoolstring',
  'secret' => 'superseceretestring',
  'trusted_domains' =>
  array (
    0 => '127.0.0.1',
    1 => '192.168.40.60',
    2 => '192.168.40.52',
    3 => 'mydomain.org',
    4 => 'nextcloud.mydomain.org',
  ),
  'overwritehost' => 'nextcloud.mydomain.org',
  'overwriteprotocol' => 'https',
  'overwritewebroot' => '/',
  'overwrite.cli.url' => 'https://nextcloud.mydomain.org',
  'htaccess.RewriteBase' => '/',
  'trusted_proxies' =>
  array (
    0 => '127.0.0.1',
    1 => '192.168.40.52',
    2 => 'mydomain.org',
    3 => '192.168.40.60',
  ),
  'forwarded_for_headers' =>
  array (
    0 => 'HTTP_X_FORWARDED_FOR',
  ),
  'datadirectory' => '/var/www/nextcloud.mydomain.org/data',
  'dbtype' => 'mysql',
  'version' => '25.0.3.2',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'password',
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'default_phone_region' => 'US',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'username',
  'mail_domain' => 'mydomain.org',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'smtp.mailserver.net',
  'mail_smtpport' => '1025',
  'mail_smtpname' => 'username@mailbox.net',
  'mail_smtppassword' => 'superpassword',
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'logfile_audit' => '/var/log/nextcloud/audit.log',
  'loglevel' => 0,
);

The output of Apache error.log:

me@nextcloud:/var/log/apache2$ tail nextcloud.mydomain.org_error.log
[Mon Mar 20 11:30:58.100213 2023] [php:error] [pid 2274] [client 192.168.40.10:40218] PHP Parse error:  syntax error, unexpected identifier "forwarded_for_headers", expecting ")" in /var/www/nextcloud.mydomain.org/config/config.php on line 23
[Mon Mar 20 11:33:19.320814 2023] [php:error] [pid 1094] [client 192.168.40.10:42832] PHP Parse error:  syntax error, unexpected identifier "forwarded_for_headers", expecting ")" in /var/www/nextcloud.mydomain.org/config/config.php on line 23
[Mon Mar 20 11:33:19.444108 2023] [php:error] [pid 1095] [client 192.168.40.10:42848] PHP Parse error:  syntax error, unexpected identifier "forwarded_for_headers", expecting ")" in /var/www/nextcloud.mydomain.org/config/config.php on line 23
[Mon Mar 20 11:50:59.991751 2023] [php:error] [pid 1608] [client 192.168.40.10:51846] PHP Parse error:  syntax error, unexpected identifier "datadirectory", expecting ")" in /var/www/nextcloud.mydomain.org/config/config.php on line 23
[Mon Mar 20 11:51:00.130854 2023] [php:error] [pid 1609] [client 192.168.40.10:51858] PHP Parse error:  syntax error, unexpected identifier "datadirectory", expecting ")" in /var/www/nextcloud.mydomain.org/config/config.php on line 23
[Mon Mar 20 11:53:28.208719 2023] [php:error] [pid 1640] [client 192.168.40.10:60834] PHP Parse error:  syntax error, unexpected identifier "forwarded_for_headers", expecting ")" in /var/www/nextcloud.mydomain.org/config/config.php on line 23
[Mon Mar 20 11:53:28.317373 2023] [php:error] [pid 1641] [client 192.168.40.10:60848] PHP Parse error:  syntax error, unexpected identifier "forwarded_for_headers", expecting ")" in /var/www/nextcloud.mydomain.org/config/config.php on line 23
[Mon Mar 20 13:36:55.256428 2023] [php:error] [pid 2242] [client 192.168.40.52:59962] PHP Parse error:  syntax error, unexpected token "=", expecting ")" in /var/www/nextcloud.mydomain.org/config/config.php on line 53
[Mon Mar 20 13:37:26.199627 2023] [php:error] [pid 2243] [client 192.168.40.52:60158] PHP Parse error:  syntax error, unexpected token "=", expecting ")" in /var/www/nextcloud.mydomain.org/config/config.php on line 53, referer: https://nextcloud.mydomain.org/index.php/apps/photos/service-worker.js
[Mon Mar 20 13:49:54.407772 2023] [php:warn] [pid 2270] [client 192.168.40.52:41656] PHP Warning:  touch(): Unable to create file /var/log/nextcloud/nextcloud.log because Permission denied in /var/www/nextcloud.mydomain.org/lib/private/Log/File.php on line 65

**All these errors addressed and fixed**

The output of Apache access log:

me@nextcloud:/var/log/apache2$ tail nextcloud.mydomain.org_access.log
192.168.40.52 - - [20/Mar/2023:14:01:54 -0700] "GET /index.php/csrftoken HTTP/1.0" 200 122
192.168.40.52 - - [20/Mar/2023:14:02:25 -0700] "GET /index.php/apps/photos/service-worker.js HTTP/1.0" 401 43
192.168.40.10 - - [20/Mar/2023:14:13:26 -0700] "GET / HTTP/1.1" 302 -
192.168.40.52 - - [20/Mar/2023:14:13:54 -0700] "GET /index.php/csrftoken HTTP/1.0" 200 122
192.168.40.52 - - [20/Mar/2023:14:14:25 -0700] "GET /index.php/apps/photos/service-worker.js HTTP/1.0" 401 43
192.168.40.52 - - [20/Mar/2023:14:25:54 -0700] "GET /index.php/csrftoken HTTP/1.0" 200 122
192.168.40.52 - - [20/Mar/2023:14:26:25 -0700] "GET /index.php/apps/photos/service-worker.js HTTP/1.0" 401 43
192.168.40.52 - - [20/Mar/2023:14:37:54 -0700] "GET /index.php/csrftoken HTTP/1.0" 200 123
192.168.40.52 - - [20/Mar/2023:14:38:25 -0700] "GET /index.php/apps/photos/service-worker.js HTTP/1.0" 401 43
192.168.40.10 - - [20/Mar/2023:14:38:27 -0700] "GET / HTTP/1.1" 302 -

Ok, I’m making some headway, slow going but…

I’m not well versed with Wireshark however I was able to capture packets and look at the conversation between my pc 192.168.40.10 and the NextCloud server 192.168.40.60. The conversation is over port 443

39	4.006057025	192.168.40.10	192.168.40.60	TCP	74	34758 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=771289770 TSecr=0 WS=1024
40	4.006571985	192.168.40.60	192.168.40.10	TCP	60	443 → 34758 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

running netstat -tunlp on NC server shows port 443 is not being listened to by Apache and this results in the Reset “RST” flag being sent back.

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1074/mariadbd       
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1200/sshd: /usr/sbi 
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      999/systemd-resolve 
tcp6       0      0 :::22                   :::*                    LISTEN      1200/sshd: /usr/sbi 
tcp6       0      0 :::80                   :::*                    LISTEN      1202/apache2        
udp        0      0 127.0.0.53:53           0.0.0.0:*                           999/systemd-resolve 
udp        0      0 192.168.40.60:68        0.0.0.0:*                           942/systemd-network