Hi, my problem to connect with nextcloud android app is not resolv! always same error message into android app: SSL initialization failed
My actual server NC: 10, with PHP 7.0.10, powered by Nginx (1.10.1), on Ubuntu 14.04.1
My Nginx config file domain :
upstream php-handler {
server unix:/div_www/cld.stephane-huc.net/dir_fpm/fpm.sock;
}
include /div_nginx_cfg/cld.stephane-huc.net/301_to_https.cfg;
server {
include /div_nginx_cfg/cld.stephane-huc.net/port_https.cfg;
###########
### SSL cfguration
###########
include /div_nginx_cfg/cld.stephane-huc.net/ssl.cfg;
server_name cld.stephane-huc.net;
root /div_www/cld.stephane-huc.net/www/;
access_log /div_www/cld.stephane-huc.net/logs/access.log compression if=$loggable;
error_log /div_www/cld.stephane-huc.net/logs/errors.log;
include /div_nginx_cfg/cld.stephane-huc.net/headers.cfg;
##########
### Limit connections
##########
client_max_body_size 512M;
gzip off;
##########
### Manage returns errors
##########
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
##########
### rewritings!
##########
rewrite ^/caldav(.*)$ /remote.php/dav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/dav$1 redirect;
##########
### locations
##########
location / {
rewrite ^ /index.php$uri;
}
# auth .well-known
include /div_nginx_cfg/cld.stephane-huc.net/well_known.cfg;
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_param HTTP_AUTHORIZATION $http_authorization if_not_empty;
fastcgi_param XAUTHORIZATION $http_authorization if_not_empty;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# manage favicon
include /div_nginx_cfg/cld.stephane-huc.net/favicon.cfg;
# manage images
include /div_nginx_cfg/cld.stephane-huc.net/img.cfg;
# manage robots.txt
include /div_nginx_cfg/cld.stephane-huc.net/robots.cfg;
# manage scripts CSS/JS
include /div_nginx_cfg/cld.stephane-huc.net/scripts.cfg;
}
My config SSL :
ssl_certificate /div_www/cld.stephane-huc.net/dir_ssl/fullchain.pem;
ssl_certificate_key /div_www/cld.stephane-huc.net/dir_ssl/privkey.pem;
ssl_dhparam /srv/nginx/dhparam/dhp_4096.pem;
ssl_prefer_server_ciphers on;
# Intermediate
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDH:DH:AES:!aNULL:!eNULL:!NULL:!DES:!3DES:!DSS:!EXPORT:!LOW:!MEDIUM:!PSK:!RC4:!SHA';
ssl_session_cache shared:SSL:10m;
ssl_session_tickets on;
ssl_session_ticket_key /dir_nginx/t.k;
ssl_session_timeout 24h;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /div_www/cld.stephane-huc.net/dir_ssl/chain.pem;
resolver 80.67.169.12 80.67.169.40 142.4.204.111 142.4.205.47 valid=300s;
resolver_timeout 3s;
My well-known config nginx file is :
location '/.well-known' {
allow all;
}
location '/.well-known/acme-challenge' {
allow all;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
My pool php7-fpm file :
[pool]
prefix = /div_www/cld.stephane-huc.net
user = ***
group = ***
listen = /div_www/cld.stephane-huc.net/dir_fpm/server.sock
listen.owner = ***
listen.group = ***
listen.mode = 0660
listen.allowed_clients = 127.0.0.1
pm = ondemand
pm.max_children = 7
pm.process_idle_timeout = 30s;
pm.max_requests = 500
access.log = logs/$pool.access.log
access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
slowlog = logs/$pool.slow.log
request_slowlog_timeout = 30
request_terminate_timeout = 120
rlimit_files = 4096
chroot = /
chdir = /
catch_workers_output = yes
security.limit_extensions = .php
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
env[TMP] = /div_www/cld.stephane-huc.net/tmp/
env[TMPDIR] = /div_www/cld.stephane-huc.net/tmp/
env[TEMP] = /div_www/cld.stephane-huc.net/tmp/
php_admin_flag[log_errors] = on
php_admin_value[disable_functions] = dl,exec,passthru,system,proc_open,popen,curl_multi_exec,parse_ini_file,show_source
php_admin_value[error_log] = logs/cld.stephane-huc.net.php_errors.log
php_admin_value[memory_limit] = 32M
php_admin_value[open_basedir] = *******:/dev/urandom
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f ****@cld.stephane-huc.net
php_admin_value[session.save_path] = /div_www/cld.stephane-huc.net/***
php_admin_value[upload_max_filesize] = 8M
php_admin_value[upload_tmp_dir] = /div_www/cld.stephane-huc.net/tmp/
php_flag[display_errors] = off
php_value[max_execution_time] = 7
php_value[include_path] = .:/usr/share/pear:/usr/share/php
My headers HTTP:
Server: nginx!
Date: Fri, 26 Aug 2016 18:50:54 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 60609
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
content-security-policy: default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'
access-control-allow-origin: cld.stephane-huc.net
strict-transport-security: max-age=31536000; preload
X-Content-Type-Options: nosniff
x-download-options: noopen
frame-options: SAMEORIGIN
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
X-Powered-By: HucSte :D
x-robots-tag: none
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=edge,chrome=1
X-Firefox-Spdy: h2
200 OK