Rewritebase / not in effect

Fred_Dresken_Maveric · July 10, 2016, 4:00pm

Added this to config.php

  'htaccess.RewriteBase' => '/',
  'check_for_working_wellknown_setup' => true,
  'check_for_working_webdav' => true,
  'check_for_working_htaccess' => true,

fred:/srv/www/htdocs/nextcloud # sudo -u wwwrun php occ maintenance:update:htaccess
    .htaccess has been updated

htaccess write and readable (wwwrun / www)

<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_fcgid.c>
       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
    <IfModule mod_proxy_fcgi.c>
       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>
  </IfModule>

  <IfModule mod_env.c>
    # Add security and privacy related headers
    Header set X-Content-Type-Options "nosniff"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Robots-Tag "none"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-Download-Options "noopen"
    Header set X-Permitted-Cross-Domain-Policies "none"
    SetEnv modHeadersAvailable true
  </IfModule>

  # Add cache control for CSS and JS files
  <FilesMatch "\.(css|js)$">
    Header set Cache-Control "max-age=7200, public"
  </FilesMatch>
</IfModule>
<IfModule mod_php5.c>
  php_value upload_max_filesize 513M
  php_value post_max_size 513M
  php_value memory_limit 512M
  php_value mbstring.func_overload 0
  php_value always_populate_raw_post_data -1
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>
<IfModule mod_php7.c>
  php_value upload_max_filesize 513M
  php_value post_max_size 513M
  php_value memory_limit 512M
  php_value mbstring.func_overload 0
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
  RewriteRule ^(\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>
<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddEncoding gzip svgz
</IfModule>
<IfModule mod_dir.c>
  DirectoryIndex index.php index.html
</IfModule>
AddDefaultCharset utf-8
Options -Indexes
<IfModule pagespeed_module>
  ModPagespeed Off
</IfModule>

(RewriteBase is working on my Joomla install)
Any suggestions?

oparoz · July 11, 2016, 11:56am

Are you sure the occ command is executed properly? Your .htaccess file does not get updated.

FredFS456 · July 11, 2016, 1:12pm

I have a similar problem - as above, htaccess.RewriteBase is defined as /. However, when looking at my .htaccess file, it doesn’t show the RewriteBase parameter. The command I ran for occ is:
sudo -u www-data ./occ maintenance:update:htaccess (I’m on Debian)
The result was .htaccess has been updated which seems to be the correct output.

Details of my setup
I have a ‘custom.config.php’ file on /config (the default config.php is untouched):

<?php
$CONFIG = array (
  'trusted_domains' =>
    array(
      '[snipped local IP]',
      '[snipped domain name]',
    ),
 'overwrite.cli.url' => 'https://[snipped domain name]',
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\OC\Memcache\APCu',
  'logtimezone' => 'America/Toronto',
  'enabledPreviewProviders' => array(
        'OC\Preview\PNG',
        'OC\Preview\JPEG',
        'OC\Preview\GIF',
        'OC\Preview\BMP',
        'OC\Preview\XBitmap',
        'OC\Preview\MP3',
        'OC\Preview\TXT',
        'OC\Preview\MarkDown',
        'OC\Preview\Illustrator',
        'OC\Preview\Movie',
        'OC\Preview\MSOffice2003',
        'OC\Preview\MSOffice2007',
        'OC\Preview\MSOfficeDoc',
        'OC\Preview\OpenDocument',
        'OC\Preview\PDF',
        'OC\Preview\Photoshop',
        'OC\Preview\Postscript',
        'OC\Preview\StarOffice',
        'OC\Preview\SVG',
        'OC\Preview\TIFF',
        'OC\Preview\Font'
  ),
);

Here is the resulting .htaccess (which is owned and rw by www-data)

<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_fcgid.c>
       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
    <IfModule mod_proxy_fcgi.c>
       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>
  </IfModule>
  <IfModule mod_env.c>
    # Add security and privacy related headers
    Header set X-Content-Type-Options "nosniff"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Robots-Tag "none"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-Download-Options "noopen"
    Header set X-Permitted-Cross-Domain-Policies "none"
    SetEnv modHeadersAvailable true
  </IfModule>
  # Add cache control for CSS and JS files
  <FilesMatch "\.(css|js)$">
    Header set Cache-Control "max-age=7200, public"
  </FilesMatch>
</IfModule>
<IfModule mod_php5.c>
  php_value upload_max_filesize 513M
  php_value post_max_size 513M
  php_value memory_limit 512M
  php_value mbstring.func_overload 0
  php_value always_populate_raw_post_data -1
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>
<IfModule mod_php7.c>
  php_value upload_max_filesize 513M
  php_value post_max_size 513M
  php_value memory_limit 512M
  php_value mbstring.func_overload 0
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
  RewriteRule ^(\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>
<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddEncoding gzip svgz
</IfModule>
<IfModule mod_dir.c>
  DirectoryIndex index.php index.html
</IfModule>
AddDefaultCharset utf-8
Options -Indexes
<IfModule pagespeed_module>
  ModPagespeed Off
</IfModule>

oparoz · July 11, 2016, 1:57pm

The problem with some occ commands is that this is printed even if the operation fails, so try to run it with -vvv to see if there aren’t any errors. Also check the log. If the file is not writeable there may be an entry stating just that.

oparoz · July 11, 2016, 2:00pm

Try to paste your code between triple backticks.

FredFS456 · July 11, 2016, 2:32pm

Running with -vvv gives the exact same output.
Log - do you mean the owncloud.log file in the data directory? If occ has its own logs, I can’t find them. There’s nothing relevant in the owncloud.log.

Fred_Dresken_Maveric · July 11, 2016, 2:47pm

The htaccess is written because the other commands I added to config.php are visible in my htaccess file.

oparoz · July 11, 2016, 3:02pm

Thanks

oparoz · July 11, 2016, 3:05pm

I don’t see any custom actions being written to the .htaccess pasted in the OP. Looks like the shipped one.

FredFS456 · July 11, 2016, 3:06pm

Sorry, I can’t tell if that’s sarcasm. There is genuinely nothing of value in owncloud.log for this purpose - the last entry was from a trusted domain error because of a config mistake I made a few hours ago.

oparoz · July 11, 2016, 3:07pm

No sarcasm at all. It helps that you’ve told me that there wasn’t anything significant in the logs

oparoz · July 11, 2016, 3:08pm

Does it make a difference if you guys set .htaccess to 777?

FredFS456 · July 11, 2016, 3:14pm

Huh, that did the trick. It added the following block to my .htaccess file (probably not useful to you but I’ll post it anyway)

#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####

ErrorDocument 403 /core/templates/403.php
ErrorDocument 404 /core/templates/404.php
<IfModule mod_rewrite.c>
  Options -MultiViews
  RewriteRule ^core/js/oc.js$ index.php [PT,E=PATH_INFO:$1]
  RewriteRule ^core/preview.png$ index.php [PT,E=PATH_INFO:$1]
  RewriteCond %{REQUEST_FILENAME} !\.(css|js|svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$
  RewriteCond %{REQUEST_FILENAME} !core/img/favicon.ico$
  RewriteCond %{REQUEST_FILENAME} !/remote.php
  RewriteCond %{REQUEST_FILENAME} !/public.php
  RewriteCond %{REQUEST_FILENAME} !/cron.php
  RewriteCond %{REQUEST_FILENAME} !/core/ajax/update.php
  RewriteCond %{REQUEST_FILENAME} !/status.php
  RewriteCond %{REQUEST_FILENAME} !/ocs/v1.php
  RewriteCond %{REQUEST_FILENAME} !/ocs/v2.php
  RewriteCond %{REQUEST_FILENAME} !/updater/
  RewriteCond %{REQUEST_FILENAME} !/ocs-provider/
  RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
  RewriteRule . index.php [PT,E=PATH_INFO:$1]
  RewriteBase /
  <IfModule mod_env.c>
    SetEnv front_controller_active true
    <IfModule mod_dir.c>
      DirectorySlash off
    </IfModule>
  </IfModule>
</IfModule>

oparoz · July 11, 2016, 3:16pm

Yep, that’s the correct block

So it seems there is a permission problem. occ can’t write to your .htaccess with the permissions you had before.

FredFS456 · July 11, 2016, 3:19pm

Ah, I just realized that my .htaccess was 640 root:www-data before, that would explain it. I’ve now set it to 660 root:www-data, which should be the correct permissions.

Edit: on second thought, that’s probably not a good idea from a security standpoint. I’ll set it back to 640 now that I’ve updated it, and I’ll have to remember to set it to 660 before I run the script again… although the script really should tell me about that problem.

oparoz · July 11, 2016, 3:23pm

I was about to guide you in this direction ;).
Also, that’s something you have to change before an update as well, so it might be worth having a script handy.

I’ve opened an issue: Better error handling in occ · Issue #368 · nextcloud/server · GitHub

FredFS456 · July 11, 2016, 3:26pm

Hm, re-reading the template script that sets strong directory permissions, it seems to set the .htaccess files to 644 instead of 640. Have any insight into why it might need to be world-readable?
(I had manually chmod’d and chown’d the files instead of running the script)

oparoz · July 11, 2016, 3:36pm

I’m not sure, maybe to make sure a rogue request using a different user and looking at that folder always parses the file? @LukasReschke might know.

enoch85 · December 14, 2016, 1:45am

I get this when using occ with 777 and www-data permissions.

System config value htaccess.RewriteBase set to string /
Error updating .htaccess file, not enough permissions?

Nextcloud 11.0.0

slapps · December 24, 2016, 5:28am

Yep the same for me for occ error.

for rewrite issue, i solve mine : Apache didn’t load the rewrite module :
cat /etc/apache2/mods-available/rewrite.load returned nothing empty.

i’ve added in it :
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so

More info at : http://xmodulo.com/how-to-enable-mod_rewrite-in-apache2-on-debian-ubuntu.html

To ensure the module is load run apachectl -M it should be in the list.