Snap HTTPS + Security

Hello,

Iā€™m hosting NextCloud on Debian 9 and i want to use HTTPS instead of HTTP.

I have completly read the installation guide but didnā€™t succeed.

In fact, I would like to completely secure the cloud, as well as intra and off-network exchanges.

Can you help me ?

Thanks.

You have to be more precise. If you are using Apache you may have a look at https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-debian-9

@peteman52 Thank you for your reply. I forgot to precise that i installed NC using snap and iā€™ve done nothing else.

nextcloud.enable-https -h ?

@Reiner_Nippes Iā€™ve already done this, but after i make these commands, i canā€™t access to nextcloud anymore.

ok. which error did you get? where (browser/server)? and what is in the logs?

@Reiner_Nippes I donā€™t know how to access to the logs.

whatā€™s the output of: ls $SNAP_DATA

@Reiner_Nippes

When i do that, itā€™s like iā€™m only doing ā€œlsā€ and nothing else. But i triend to do ā€œls $ā€ and $SNAP_DATA was not in the list and nothing like that appeared.

which user do you use?

$SNAP_DATA is a shell variable. but may be not set to all users. did you try as root?

to check if the variable is set: env

@Reiner_Nippes Iā€™m logged in as root and what iā€™m supposed to read when i do the command ā€œenvā€ ?

env provides you with the list of all shell variables.

env | grep SNAP would only output those with SNAP in there name. if this is blank the variable is not set.

since i donā€™t have great experience with snap give me a second to find out where the log files are.

@Reiner_Nippes oh no, itā€™s blank :frowning:

whatā€™s in sudo ls /var/snap/nextcloud/current/apache/logs/ ?

error_log php_errors.log
@Reiner_Nippes

tail /var/snap/nextcloud/current/apache/logs/error_log

tail /var/snap/nextcloud/current/apache/logs/error_log
[Sun Mar 10 16:23:21.676268 2019] [unixd:alert] [pid 7807:tid 140321933031296] AH02155: getpwuid: couldnā€™t determine user name from uid 4294967295, you probably need to modify the User directive
[Sun Mar 10 16:23:21.676301 2019] [unixd:alert] [pid 7806:tid 140321933031296] AH02155: getpwuid: couldnā€™t determine user name from uid 4294967295, you probably need to modify the User directive
[Sun Mar 10 16:23:48.701105 2019] [unixd:alert] [pid 9265:tid 140321933031296] AH02155: getpwuid: couldnā€™t determine user name from uid 4294967295, you probably need to modify the User directive
[Sun Mar 10 16:25:36.676883 2019] [mpm_event:notice] [pid 7804:tid 140321933031296] AH00491: caught SIGTERM, shutting down
AH00558: httpd: Could not reliably determine the serverā€™s fully qualified domain name, using 127.0.1.1. Set the ā€˜ServerNameā€™ directive globally to suppress this message
[Sun Mar 10 16:25:45.605974 2019] [mpm_event:notice] [pid 12080:tid 140397985822592] AH00489: Apache/2.4.38 (Unix) configured ā€“ resuming normal operations
[Sun Mar 10 16:25:45.606081 2019] [core:notice] [pid 12080:tid 140397985822592] AH00094: Command line: ā€˜httpd -d /snap/nextcloud/11891 -D FOREGROUNDā€™
[Sun Mar 10 16:25:45.607014 2019] [unixd:alert] [pid 12082:tid 140397985822592] AH02155: getpwuid: couldnā€™t determine user name from uid 4294967295, you probably need to modify the User directive
[Sun Mar 10 16:25:45.607190 2019] [unixd:alert] [pid 12081:tid 140397985822592] AH02155: getpwuid: couldnā€™t determine user name from uid 4294967295, you probably need to modify the User directive
[Sun Mar 10 16:25:45.607609 2019] [unixd:alert] [pid 12083:tid 140397985822592] AH02155: getpwuid: couldnā€™t determine user name from uid 4294967295, you probably need to modify the User directive
@Reiner_Nippes

could you please perform a

grep -i ssl /var/snap/nextcloud/current/apache/logs/error_log

?

@Reiner_Nippes Blank, nothing

@Reiner_Nippes Donā€™t forget that i just want to secure nextcloud using https. Nothing else. I can go back when i want using my snapshot.