Setting up Nextcloud with other Applications and SSL/https

Good Day!
i have setup a fresh ubuntu Server, VERSION=“18.04.2 LTS (Bionic Beaver)” and installed nextcloud-16.0.3 with PHP 7.2.19 and Apache/2.4.29 on it.
I used certbot and letsencrypt to setup https over a dyndns service. The result is a working nextcloud accessible over https://my.dynds.com/nextcloud .
Now i wanted also a Openproject server and i followed their instructions to set it up. All went well i got no errors during installation.
Bute when i now want to access https://my.dynds.com/openproject/login i get only a nextcloud error page:
Internal Server Error

The server was unable to complete your request.

If this happens again, please send the technical details below to the server administrator.

More details can be found in the server log.

Technical details

  • Remote Address: MyIP (altered)
  • Request ID: 7zgjonxrxOgI7wX0VsyB

when i run a2dissite nextcloud.conf, i can access https://my.dynds.com/openproject/login and validating that it is indeed working.
So i suspect somehow the nextcloud.conf blocks/conflicts the openproject.conf(and/or nextcloud-le-ssl.conf) but i do not really now what that could be.

It seems that i am neither allowed to add more than 4 links nor any files, i would have liked to give you all the .conf files…

The Nextcloud-error.log is empty
the apache error log does also not containe useful information:
[Sat Jul 20 09:03:01.473457 2019] [mpm_prefork:notice] [pid 1362] AH00169: caught SIGTERM, shutting down
[Sat Jul 20 09:03:53.476968 2019] [so:warn] [pid 954] AH01574: module dav_module is already loaded, skipping
[Sat Jul 20 09:03:54.021029 2019] [mpm_prefork:notice] [pid 1165] AH00163: Apache/2.4.29 (Ubuntu) SVN/1.9.7 OpenSSL/1.1.1 mod_perl/2.0.10 Perl/v5.26.1 configured – resuming normal operations
[Sat Jul 20 09:03:54.021136 2019] [core:notice] [pid 1165] AH00094: Command line: ‘/usr/sbin/apache2’

I noticed whilst all .conf files belong to the root openproject.conf can’t be read by a normal user.
I replaced my actual dyndns link with my.dyndns.com.

I’m a beginner with apache and don’t know much about it so i dont like poking in the dark here and killing the whole thing? Either way i am glad you read this and try to help me, thanks in advance. If you are missing some information i will try to provide it.

Depends a bit what is on your nextcloud.conf. The one from the documentation?
https://docs.nextcloud.com/server/16/admin_manual/installation/source_installation.html#apache-web-server-configuration
If you use this, I’m not sure if perhaps something in the .htaccess gets in the way.

However, I’d consider to use a separate subdomain. For security, it’s the host prefix:

and for the configuration, having two different virtual hosts is much easier to deal with (have different configurations, move certain vhosts to different machines, …) and usually don’t cost anything. For configuration, you can use cname records so you only have to keep one entry updated with your IP.

Hi @tflidd, thanks for looking into it!
My Confi file looks like this:

<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/nextcloud
Alias /nextcloud "/var/www/nextcloud/"

<Directory "/var/www/nextcloud/">
Options +FollowSymlinks
AllowOverride All

<IfModule mod_dav.c>
Dav off
</IfModule>

Require all granted

SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>

ErrorLog ${APACHE_LOG_DIR}/nextcloud_error_log
CustomLog ${APACHE_LOG_DIR}/nextcloud_access_log common
RewriteEngine on
RewriteCond %{SERVER_NAME} =my.dyndns.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

*EDIT: it doesn look like this there are for example “if’s” that get autoremoved by the forum…i don’t know how to fix this :frowning:

So it is the config you linked to, but expanded with the virtual host and the https redirect. I think the redirect was put in there by certbot automatically.
Concerning the rest of your post: Iam still reading the linked sites will come back when finished.

If you set that, everything in this virtualHost is in this folder. You should put this to the parent folder, so other applications remain accessible.

so you mean i should change

DocumentRoot /var/www/nextcloud

to

DocumentRoot /var/www

?

I think so, and possibly remove the alias as well? It would be unnecessary since /nextcloud is the actual path under the web root. Try that and see if it works.

If you use a different subdomain, then your sites would be in separate configs and virtual hosts and would not have to share the same virtual host and web root.

Hey @KarlF12 thanks for your help!
So i changed the document root to “/var/www” and testet again, this gives me now a “404Not found” instead of the internal Server error for the Openproject Site.
Disableing “a2dissite nextcloud” and “a2dissite nextcloud-ssl” lets me again access the Openproject Site. It also seems that the normal nextcloud.conf is now unnecessary, i can disable it and still accessmy netcloud Page.
So i only “a2ensite nextcloud-ssl” again and removed the alias there which changes nothing.
Changing the “ServerName” variable,only in the nextcloud-ssl.conf, to “my.dyndns.com/nextcloud” gives me a 404 on the nextcloud site and lets me access the Openproject Site.
Changing the “ServerName” variable,only in the openproject.conf, to “my.dyndns.com/opp” gives changes nothing.
Changing both lets again access the Openproject Site. but gives me a 404 on the nextcloud site.
here are my config files with changed root folder, otherwise reverted.
the “nextcloud-ssl.conf”:

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/
        Alias /nextcloud "/var/www/nextcloud/"
         
        <Directory "/var/www/nextcloud/">
            Options +FollowSymlinks
            AllowOverride All
             
            <IfModule mod_dav.c>
                Dav off
            </IfModule>
             
            Require all granted
             
            SetEnv HOME /var/www/nextcloud
            SetEnv HTTP_HOME /var/www/nextcloud
        </Directory>
         
        ErrorLog ${APACHE_LOG_DIR}/nextcloud_error_log
        CustomLog ${APACHE_LOG_DIR}/nextcloud_access_log common

        ServerName my.dyndns.com.com
        SSLCertificateFile /etc/letsencrypt/live/my.dyndns.com.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/my.dyndns.com.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
    </VirtualHost>
</IfModule>  

the “openproject.conf”:

Include /etc/openproject/addons/apache2/includes/server/*.conf

<VirtualHost *:80>
  ServerName my.dyndns.com.com
  RewriteEngine On
  RewriteRule ^/?(.*) https://%{SERVER_NAME}:443/$1 [R,L]
</VirtualHost>

<VirtualHost *:443>
  ServerName my.dyndns.com.com
  DocumentRoot /opt/openproject/public

  ProxyRequests off

  Include /etc/openproject/addons/apache2/includes/vhost/*.conf
  
  # Can't use Location block since it would overshadow all the other proxypass directives on CentOS
  ProxyPass /opp/ http://127.0.0.1:6000/opp/ retry=0
  ProxyPassReverse /opp/ http://127.0.0.1:6000/opp/
</VirtualHost>

i changed my url to my.dyndns.com
I am still at a loss.

Take the virtualhost of openproject and try to add this inside:

<VirtualHost *:80>
  ServerName my.dyndns.com.com
  RewriteEngine On
  RewriteRule ^/?(.*) https://%{SERVER_NAME}:443/$1 [R,L]
</VirtualHost>

<VirtualHost *:443>
  ServerName my.dyndns.com.com
  DocumentRoot /opt/openproject/public

  ProxyRequests off

  Include /etc/openproject/addons/apache2/includes/vhost/*.conf
  
  # Can't use Location block since it would overshadow all the other proxypass directives on CentOS
  ProxyPass /opp/ http://127.0.0.1:6000/opp/ retry=0
  ProxyPassReverse /opp/ http://127.0.0.1:6000/opp/

Alias /nextcloud "/var/www/nextcloud/"

<Directory "/var/www/nextcloud/">
Options +FollowSymlinks
AllowOverride All

<IfModule mod_dav.c>
Dav off
</IfModule>

Require all granted

SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud

ErrorLog ${APACHE_LOG_DIR}/nextcloud_error_log
CustomLog ${APACHE_LOG_DIR}/nextcloud_access_log common
RewriteEngine on
RewriteCond %{SERVER_NAME} =my.dyndns.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</Directory>


</VirtualHost>

I’m not sure about the proxy stuff and rewrite definition if it works like that. You might have to fiddle around a bit.

The problem if you define two VirtualHosts with the same hostname, it just takes one of them (the first or last definition).

It would be much easier and cleaner if you just use two different hostnames, nextcloud.example.com, openproject.example.com. If you don’t have your own domain there should be some dynamic dns operators or other services where you can get free ones. And if you want your own domain, it’s something about 1 $/€ a month.

1 Like

@tflidd
If i do that “systemctl reload apache2” with or withou nextcloud.conf enabled.
systemctl reload apache2 then says (condensed):

Process: 4212 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=1/FAILURE)
Jul 21 10:16:36 server13 systemd[1]: apache2.service: Control process exited, code=exited status=1
Jul 21 10:16:36 server13 systemd[1]: Reload failed for The Apache HTTP Server.
Jul 21 10:17:01 server13 systemd[1]: apache2.service: Control process exited, code=exited status=1
Jul 21 10:17:01 server13 systemd[1]: Reload failed for The Apache HTTP Server.

The Apache error log says nothing special:

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.1.44. Set the 'ServerName' directive globally to suppress this message
[Sun Jul 21 07:34:03.026068 2019] [mpm_prefork:notice] [pid 1190] AH00163: Apache/2.4.29 (Ubuntu) SVN/1.9.7 OpenSSL/1.1.1 mod_perl/2.0.10 Perl/v5.26.1 configured -- resuming normal operations
[Sun Jul 21 07:34:03.026082 2019] [core:notice] [pid 1190] AH00094: Command line: '/usr/sbin/apache2'
[Sun Jul 21 08:35:20.465534 2019] [autoindex:error] [pid 2851] [client IP:PORT] AH01276: Cannot serve directory /opt/openproject/public/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index$

I will fiddle around with it. If something changes i will report.

EDIT:

I tought something like this whilst reading the Documentation of the Virtual host and tried to change the Server Names to diffrent values. That didn’t solve it. I Tried something like */opp or my.dyndns.com/opp* and my.dyndns.com/opp after <VirtualHost replaceing the wildcard operator “*”.

I do agree domains are dirt cheap, it’s like 0.29€/Month (including a DNS Editor). But i do not yet go down this route. The documentation of the Apche2/ Virtual Host seems to point out that this is one of its major advantages…allthou i don’t know how to properly do it, yet.

Your problem is the virtual host configuration. When you have two virtual hosts running on the same port and ServerName, one of them knocks the other out. So to fix this you can:

  1. Use a unique ServerName and FQDN for both sites
  2. Use the same virtual host for both sites and access them in subfolders
1 Like

So it does now work. I had to combine the two .conf files to one and make a symbolic link from the /opt/… to /var/www/openproject. I used

sudo ln -s /opt/openproject/public /var/www/opp

to create the Link.
Now the only issue left is that the Document root is still accessible… i tried to use a .htaccess file to block this with a “deny All”, but this doesn’t change anything.
For futur references here is my resulting .conf:

Include /etc/openproject/addons/apache2/includes/server/*.conf

<VirtualHost *:80>
  ServerName my.dyndns.com
  RewriteEngine On
  RewriteRule ^/?(.*) https://%{SERVER_NAME}:443/$1 [R,L]
  Alias /nextcloud "/var/www/nextcloud/"
  Alias /opp "/var/www/opp/"
  <Directory "/var/www/nextcloud/">
    Options +FollowSymlinks
    AllowOverride All
 
    <IfModule mod_dav.c>
      Dav off
    </IfModule>
 
    Require all granted
 
    SetEnv HOME /var/www/nextcloud
    SetEnv HTTP_HOME /var/www/nextcloud
  </Directory>

  <Directory "/var/www/opp/">
    Options +FollowSymlinks
    AllowOverride All
 
    <IfModule mod_dav.c>
      Dav off
    </IfModule>
 
    Require all granted
    SetEnv HOME /var/www/opp
    SetEnv HTTP_HOME /var/www/opp
  </Directory>
ErrorLog ${APACHE_LOG_DIR}/server13_error_log
CustomLog ${APACHE_LOG_DIR}/server13_access_log common
RewriteEngine on
RewriteCond %{SERVER_NAME} =my.dyndns.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
  ServerName my.dyndns.com
  DocumentRoot /var/www/
  #DocumentRoot /opt/openproject/public #original root
  Alias /nextcloud "/var/www/nextcloud/"
  Alias /opp "/var/www/opp/"
  <Directory "/var/www/nextcloud/">
    Options +FollowSymlinks
    AllowOverride All
 
    <IfModule mod_dav.c>
      Dav off
    </IfModule>
 
    Require all granted
 
    SetEnv HOME /var/www/nextcloud
    SetEnv HTTP_HOME /var/www/nextcloud
  </Directory>

  <Directory "/var/www/opp/">
    Options +FollowSymlinks
    AllowOverride All
 
    <IfModule mod_dav.c>
      Dav off
    </IfModule>
 
    Require all granted
    SetEnv HOME /var/www/opp
    SetEnv HTTP_HOME /var/www/opp
  </Directory>

  ProxyRequests off

  Include /etc/openproject/addons/apache2/includes/vhost/*.conf
  SSLCertificateFile /etc/letsencrypt/live/my.dyndns.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/my.dyndns.com/privkey.pem
  Include /etc/letsencrypt/options-ssl-apache.conf
  # Can't use Location block since it would overshadow all the other proxypass directives on CentOS
  ProxyPass /opp/ http://127.0.0.1:6000/opp/ retry=0
  ProxyPassReverse /opp/ http://127.0.0.1:6000/opp/
</VirtualHost>

Thank you all for helping me!

What about using a redirect or rewrite to forward the document root to one of the two sites?

@KarlF12
Seemed like a good idea but did break openproject. I could only access a blank page with their head bar…
But i solved it anyways using the directory directive adding:

<Directory "/var/www/">
    order deny,allow
    Deny From All
  </Directory>

to the config above, one for each Virtual Host. I also had to add:

Order Allow,Deny
    Allow from All

in the directory directives for the Virtual host at Port 443.

Now everythingworks like a charm :slight_smile:
Thank you all again.