Nextcloud version (eg, 18.0.2): 18.0.4
Operating system and version (eg, Ubuntu 20.04): Debian 10
Apache or nginx version (eg, Apache 2.4.25): nginx 1.14.2
PHP version (eg, 7.1): 7.3.14
The issue you are facing:
When I logged into my NextCloud instance today, it seems that the stylesheet (or something) is pretty seriously messed up. The fonts are wrong and the menus do not have background, so they clip with the contents of the elements below them.
Is this the first time you’ve seen this error? (Y/N): Y
Steps to replicate it:
- Go to Web address of NC instance
- Log in
The output of your Nextcloud log in Admin > Logging:
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
config.php:
<?php
$CONFIG = array (
'instanceid' => '<del>',
'passwordsalt' => '<del>',
'secret' => '<del>',
'trusted_domains' =>
array (
0 => '<del>.org',
),
'datadirectory' => '/var/www/<del>.org/data',
'dbtype' => 'mysql',
'version' => '18.0.4.2',
'overwrite.cli.url' => 'https://<del>.org',
'dbname' => '<del>',
'dbhost' => '<del>',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => '<del>',
'dbpassword' => '<del>',
'installed' => true,
'memcache.local' => '\\OC\\Memcache\\APCu',
'twofactor_enforced' => 'false',
'twofactor_enforced_groups' =>
array (
),
'twofactor_enforced_excluded_groups' =>
array (
),
'maintenance' => false,
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'tls',
'mail_sendmailmode' => 'smtp',
'mail_from_address' => '<del>',
'mail_domain' => '<del>',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpauth' => 1,
'mail_smtphost' => '<del>',
'mail_smtpport' => '587',
'mail_smtpname' => '<del>',
'mail_smtppassword' => '<del>',
'theme' => '',
'loglevel' => 2,
'mysql.utf8mb4' => true,
);
The output of your Apache/nginx/system log in /var/log/____
:
/var/log/nginx/error.log:
2020/05/07 08:51:21 [notice] 9540#9540: signal process started
2020/05/07 08:55:52 [notice] 9615#9615: signal process started
2020/05/07 09:07:59 [error] 9616#9616: *2927 access forbidden by rule, client: <del>, server: <del>.org, request: "GET /data/.ocdata?t=1588856879950 HTTP/1.1", host: "<del>.org"
Just for the sake of reference, here’s my nginx config (more or less identical to the reference config but with some settings changed for letsencrypt and some SSL hardening):
/etc/nginx/sites_enabled/<del>.org
upstream php-handler {
server unix:/var/run/php/php7.3-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name <del>.org;
return 308 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name <del>.org;
ssl_certificate /etc/letsencrypt/live/<del>.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<del>.org/privkey.pem;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; ";
fastcgi_hide_header X-Powered-By;
root /var/www/<del>.org;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 308 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 308 $scheme://$host:$server_port/remote.php/dav;
}
location ~ ^/.well-known/acme-challenge/* {
allow all;
}
client_max_body_size 512M;
fastcgi_buffers 64 4K;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
access_log off;
}
}
Interestingly enough, there are no errors in the browser console (either Chrome or Firefox), except one that is expected. This issue persists across browsers, computers, fresh profiles, no extensions/add-ons, clearing browser cache, clearing Cloudflare cache, etc. I have no idea what else to do save for a completely fresh NC install, which is a bit of a pain because I support other users on this installation.