Successful NC25 install - cant access apps, curl error - SOLVED

ngreene · November 2, 2022, 5:17am

Support intro

Sorry to hear you’re facing problems

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can

Nextcloud version (eg, 20.0.5): 25
Operating system and version (eg, Ubuntu 20.04): 22.04
Apache or nginx version (eg, Apache 2.4.25): 2.4.52
PHP version (eg, 7.4): 8.1-fpm

The issue you are facing:
I have NC behind an NGINX Reverse Proxy, which is handling HTTPS/SSL with a wildcard cert for my domain.

I have followed an excellent install tutorial Markus Weingartner, but omitted setting up ssl on my install due to the reverse proxy I already have (nginx).

The NC instance is up and stably running.

I need to set the correct trusted proxy statements in my config.php

I also need to solve an error from the install which is preventing the instance from accessing the appstore, or anything else for that matter. The error from logging is “Could not connect to appstore: cURL error 7: Failed to connect to apps.nextcloud.com port 443”

Clearly NC is not communicating correctly, and I do not know how to resolve that.

Appreciate any help in advance.

PHP modules installed are:
php8.1-cli php8.1-common php8.1-mbstring php8.1-gd php8.1-imagick php8.1-intl php8.1-bz2 php8.1-xml php8.1-pgsql php8.1-zip php8.1-dev php8.1-curl php8.1-fpm redis-server php8.1-redis php8.1-smbclient php8.1-ldap php8.1-bcmath php8.1-gmp libmagickcore-6.q16-6-extra

Apache Config:
<VirtualHost *:80>
ServerName xxxx.xxxx.net
ServerAdmin xxxx@big.nebbles.net
DocumentRoot /var/www/html/nextcloud

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

The output of your Nextcloud log in Admin > Logging:

Could not connect to appstore: cURL error 7: Failed to connect to apps.nextcloud.com port 443 after 3078 ms: No route to host (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://apps.nextcloud.com/api/v1/apps.json

The output of your config.php file in `/path/to/nextcloud` (make sure you remove any identifiable information!):

‘<?php
$CONFIG = array (
‘instanceid’ => ‘xxxxxxxxxxxxxxx’,
‘passwordsalt’ => ‘xxxxxxxxxxxxxx’,
‘secret’ => ‘xxxxxxxxxxxx’,
‘trusted_domains’ =>
array (
0 => ‘xxx.xxx.net’,
),
‘datadirectory’ => ‘/nextcloud_data’,
‘dbtype’ => ‘pgsql’,
‘version’ => ‘25.0.0.18’,
‘overwrite.cli.url’ => ‘http://big.nebbles.net’,
‘dbname’ => ‘nextclouddb’,
‘dbhost’ => ‘localhost’,
‘dbport’ => ‘’,
‘dbtableprefix’ => ‘oc_’,
‘dbuser’ => ‘xxxxxxxxxxx’,
‘dbpassword’ => ‘xxxxxxxxxxxx’,
‘installed’ => true,
‘memcache.local’ => ‘\OC\Memcache\Redis’,
‘memcache.locking’ => ‘\OC\Memcache\Redis’,
‘redis’ =>
array (
‘host’ => ‘localhost’,
‘port’ => 6379,
),
‘default_phone_region’ => ‘US’,
‘mail_smtpmode’ => ‘smtp’,
‘mail_smtpsecure’ => ‘tls’,
‘mail_sendmailmode’ => ‘smtp’,
‘mail_from_address’ => ‘nic’,
‘mail_domain’ => ‘nebbles.net’,
‘mail_smtpauthtype’ => ‘LOGIN’,
‘mail_smtpauth’ => 1,
‘mail_smtphost’ => ‘xxxxxxxxxxxxxxx’,
‘mail_smtpport’ => ‘587’,
‘mail_smtpname’ => ‘nic@nebbles.net’,
‘mail_smtppassword’ => ‘xxxxxxxxxxxxxxx’,
‘updater.secret’ => ‘xxxxxxxxxxxxxxxx’,
‘maintenance’ => false,
‘theme’ => ‘’,
‘loglevel’ => 2,
);’
…
The output of your Apache/nginx/system log in /var/log/____:

'[Tue Nov 01 04:25:10.308759 2022] [mpm_event:notice] [pid 20313:tid 140441007122304] AH00489: Apache/2.4.52 (Ubuntu) configured -- resuming normal operations
[Tue Nov 01 04:25:10.308844 2022] [core:notice] [pid 20313:tid 140441007122304] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 01 04:49:44.612484 2022] [mpm_event:notice] [pid 20313:tid 140441007122304] AH00492: caught SIGWINCH, shutting down gracefully
[Tue Nov 01 04:50:25.688376 2022] [mpm_event:notice] [pid 797:tid 140243880286080] AH00489: Apache/2.4.52 (Ubuntu) configured -- resuming normal operations
[Tue Nov 01 04:50:25.688584 2022] [core:notice] [pid 797:tid 140243880286080] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 01 05:15:42.820607 2022] [mpm_event:notice] [pid 797:tid 140243880286080] AH00492: caught SIGWINCH, shutting down gracefully
[Tue Nov 01 05:15:42.915716 2022] [mpm_event:notice] [pid 20200:tid 139778974488448] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 configured -- resuming normal operations
[Tue Nov 01 05:15:42.915855 2022] [core:notice] [pid 20200:tid 139778974488448] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 01 05:27:31.805194 2022] [mpm_event:notice] [pid 20200:tid 139778974488448] AH00493: SIGUSR1 received.  Doing graceful restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
[Tue Nov 01 05:27:31.810366 2022] [mpm_event:notice] [pid 20200:tid 139778974488448] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 configured -- resuming normal operations
[Tue Nov 01 05:27:31.810372 2022] [core:notice] [pid 20200:tid 139778974488448] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 01 05:37:32.138497 2022] [mpm_event:notice] [pid 20200:tid 139778974488448] AH00492: caught SIGWINCH, shutting down gracefully
[Tue Nov 01 05:37:32.188378 2022] [mpm_event:notice] [pid 20883:tid 140679489603456] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 configured -- resuming normal operations
[Tue Nov 01 05:37:32.188469 2022] [core:notice] [pid 20883:tid 140679489603456] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 01 06:04:47.954881 2022] [mpm_event:notice] [pid 20883:tid 140679489603456] AH00492: caught SIGWINCH, shutting down gracefully
[Tue Nov 01 06:04:49.426539 2022] [mpm_event:notice] [pid 22814:tid 140462167373696] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 configured -- resuming normal operations
[Tue Nov 01 06:04:49.426673 2022] [core:notice] [pid 22814:tid 140462167373696] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 01 06:56:44.952303 2022] [mpm_event:notice] [pid 22814:tid 140462167373696] AH00492: caught SIGWINCH, shutting down gracefully
[Tue Nov 01 06:56:47.384281 2022] [mpm_event:notice] [pid 25335:tid 140395842615168] AH00489: Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2 configured -- resuming normal operations
[Tue Nov 01 06:56:47.384379 2022] [core:notice] [pid 25335:tid 140395842615168] AH00094: Command line: '/usr/sbin/apache2'
[Tue Nov 01 23:42:21.496553 2022] [proxy_fcgi:error] [pid 25337:tid 140395358971456] [client 192.168.10.30:61309] AH01071: Got error 'Primary script unknown'
[Tue Nov 01 23:42:26.889178 2022] [proxy_fcgi:error] [pid 25336:tid 140395132466752] [client 192.168.10.30:12535] AH01071: Got error 'Primary script unknown'

JimmyKater · November 2, 2022, 8:47am

sure that this isn’t the same problem as here:

ngreene · November 2, 2022, 2:53pm

Thank you @JimmyKater. I do not think this is the same problem - I can see my installed apps etc., but cannot connect to the store. I suspect the problem is settings related - in my apache or php config. Appreciate the attention.

devnull · November 2, 2022, 3:21pm

I think there is “no route to host”. Can you e.g. ping or use “wget” on your server? Your server need an outgoing way to https://apps.nextcloud.com

ngreene · November 2, 2022, 3:30pm

Thanks devnull.

You are correct - wget returns same error: no route to host, 443 failed: Network is unreachable.
However I can ping my reverse proxy at 192.168.xx.xx

Is this perhaps because I have not set trusted proxy in config.php?
I think I need to know what is causing 443 (https) to fail - if it’s apache or what…

devnull · November 2, 2022, 3:31pm

I think not.

I think your routing from your Nextcloud installation to the internet. Or maybe a firewall in your network to restrict internet access.

ngreene · November 2, 2022, 3:53pm

@devnull, yes that makes sense.

What is strange is that when I intially installed, I started with NC24 and then got notified of an update to NC25, which I did, successfully. So that rules out all traffic from NC to internet being blocked.

Plus I can access the site remotely (tested).

What I don’t know how to do is to figure out what is causing this problem on 443, which is why I mentioned the reverse proxy, as it is handling https requests.

I had read somewhere about NC getting confused about what port to use unless defined - 80 or 443.

In any case I appreciate the input, this is the first time I used this forum.

Vincent_Stans · November 2, 2022, 4:48pm

Hi welcome to the forum,

in your nc server you should test if it has a route to where you want to go.

have you done

tracepath DOMAIN.TLD

OR

mtr DOMAIN.TLD

do they reach there domain

ngreene · November 2, 2022, 5:09pm

Thank you @Vincent_Stans.

I can confirm that mtr domain.tld works (with my NC domain, obviously) zero packet loss.

However tracepath is returning ‘no reply’

Any suggestions?

Vincent_Stans · November 2, 2022, 5:46pm

one more test

nmap -p 443 apps.nextcloud.com

EDIT
have you tried

curl https://apps.nextcloud.com/api/v1/apps.json

on the server

I’m thinking really hard why you aren’t able to connect.

have you tried adding your reverse proxy to your config.php

https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html

ps. add @[NAME] @ngreene to speak to a person

ngreene · November 2, 2022, 6:00pm

@Vincent_Stans - thanks this is helpful.
nmap returns 'host seems down, so we’re on the right track.

I have not enabled the reverse proxy as a trusted proxy yet. The NC documentation is helpful but gives no examples and I’m worried about throwing an internal server error.

However, this worked on my NC install on Truenas:

occ config:system:set trusted_proxies 0 --value="192.168.xx.xx"
where value is the address of my reverse proxy and
occ config:system:set overwriteprotocol --value="https"'
'
Could that be why NC is throwing 443 error on Curl to get to NC Apps?

Vincent_Stans · November 2, 2022, 6:14pm

i would need to look into the docs for your occ command
but it looks okay on first glance

example in docs Reverse proxy — Nextcloud latest Administration Manual latest documentation

trusted proxies are entered the same way as

  'trusted_domains' =>
  array (
    0 => 'cloud.domain.tkd',
    1 => '127.0.0.1',
  ),

result

'trusted_domains' =>
  array (
    0 => 'cloud.domain.tkd',
    1=> '127.0.0.1',
  ),
'trusted_proxies' =>
   array (
      0 => '192.168.x.x',
  ),

but the occ command you supplied should do that for you.

could you try curl directly as 2 post back under EDIT

ngreene · November 3, 2022, 5:48am

@Vincent_Stans - Thank you very much.

I successfully added Trusted Proxies to NC, as above.

Ok, so I updated my NetPlan config - removing Gateway4, which was deprecated, and adding:
routes:
- to: default
via: 192.168.xx.xx

Applied the config and Bingo appstore is connecting. Phew!

As a note, the NC install now has all Checks passed and an A+ Rating.