Ubuntu (18.04) snap + apache2 + multiple virtual hosts + DNS+ letsencrypt

cpbl · July 30, 2020, 5:53pm

I hesitate to start a topic which wounds like it should just be a documentation page, but I am stumped after days trying to install NextCloud on a standard Ubuntu 18.04 server.

The server has one fixed IP address and already has multiple DNS names. Apache2 uses IP name based routing to serve the right thing for different hostnames. The name cloud.example.org correctly points to my IP address, as do several other domain names. The IP address, 130.200.1.70, below, is fictitious.

Below is what I am trying, and the failed result. I have success getting the login page for a simple http (non-https) site after the first step, but need to get the https working.

sudo snap install nextcloud
sudo nextcloud.manual-install myadmin  mypasswerd


sudo nextcloud.occ config:system:set trusted_domains 1 --value=cloud.example.org
sudo nextcloud.occ config:system:get trusted_domains


# Create a virtual host for apache2's http site, 
#    ie a file in /etc/apache2/sites-enabled for cloud.example.org.
#  That file starts with
#            <VirtualHost 130.200.1.70:80>
#            ServerName   cloud.example.org
#
# What else should be in that file?!  Or do I need to use a different port, 
#  and redirect this domain there??

sudo letsencrypt cloud.example.org

# Copy the certificate files somewhere where nextcloud can read them

sudo cp -a /etc/letsencrypt/live/cloud.example.org/*.pem /var/snap/nextcloud/current/

# Apply this certificate to the nextcloud server
cd /var/snap/nextcloud/current
sudo nextcloud.enable-https custom ./cert.pem ./privkey.pem ./chain.pem  

# (Can now delete the copied pem files above)


# Now everything should work. But it does not.
# Browsing to http://cloud.mydomain.com or 
# https://cloud.mydomain.com gives (for https case):

    Service Unavailable
    The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

    Apache/2.4.29 (Ubuntu) Server at cloud.example.org Port 443

Some checks:

$ sudo snap get nextcloud ports

  Key          Value
  ports.http   80
  ports.https  443


$ sudo snap info nextcloud

name:      nextcloud
summary:   Nextcloud Server - A safe home for all your data
publisher: Nextcloud✓
store-url: https://snapcraft.io/nextcloud
contact:   https://github.com/nextcloud/nextcloud-snap
license:   unset
description: |
  Where are your photos and documents? With Nextcloud you pick a server of your choice, at home, in
  a data center or at a provider. And that is where your files will be. Nextcloud runs on that
  server, protecting your data and giving you access from your desktop or mobile devices. Through
  Nextcloud you also access, sync and share your existing data on that FTP drive at school, a
  Dropbox or a NAS you have at home.
commands:
  - nextcloud.disable-https
  - nextcloud.enable-https
  - nextcloud.export
  - nextcloud.import
  - nextcloud.manual-install
  - nextcloud.mysql-client
  - nextcloud.mysqldump
  - nextcloud.occ
services:
  nextcloud.apache:          simple, enabled, inactive
  nextcloud.mdns-publisher:  simple, enabled, active
  nextcloud.mysql:           simple, enabled, active
  nextcloud.nextcloud-cron:  simple, enabled, active
  nextcloud.nextcloud-fixer: simple, enabled, active
  nextcloud.php-fpm:         simple, enabled, active
  nextcloud.redis-server:    simple, enabled, active
  nextcloud.renew-certs:     simple, enabled, active
...

One more note. The following simple sequence works perfectly for bringing up Nextcloud service at https://cloud.example.org:9003:

sudo snap remove nextcloud
sudo snap install nextcloud
sudo nextcloud.manual-install myadmin mpasswerd
sudo snap set nextcloud ports.http=9002
sudo snap set nextcloud ports.https=9003
sudo nextcloud.occ config:system:set trusted_domains 1 --value=cloud.example.org
sudo cp /etc/letsencrypt/live/cloud.example.org/cert.pem /etc/letsencrypt/live/cloud.example.org/privkey.pem /etc/letsencrypt/live/cloud.example.org/chain.pem  /var/snap/nextcloud/current/
cd /var/snap/nextcloud/current/
sudo nextcloud.enable-https custom cert.pem  privkey.pem chain.pem

However, I don’t want to have to include a port number when sharing the server URL.
So the task remains to get Apache to forward requests on ports 80 and 443 to either localhost:9003 or cloud.example.org:9003 while making everyone happy with certificates and rewrite engines or whatever.

devnull · August 3, 2020, 2:27pm

If you like you can dist-upgrade to Ubuntu 20.04 LTS. In a few years you must upgrade or install a different php-version from a third party.

If Snap does not work and help you for install with lower knowledge you should perhaps install nextcloud and all other software without Snap. I hate Snap. Why do you use Snap? I think there is no reason for port-mapping. You can easy use name based virtual hosts (80/443) in apache2-configuration. Names all CNAME to your ip at your naming provider.

Here an easy installation guide for Debian.
Perhaps you can modify it for Ubuntu.
If you like you can install Debian 10 Buster and you do not need “sudo” for root anymore. Nobody need it for user to root switching. It is really a stupid windows administor replica.

How to Install NextCloud on Debian 10

cpbl · August 3, 2020, 4:03pm

Thanks for your reply.
Why do you mention 20.04 LTS and PHP versions? Is that related to my problem?

This server has a lot of services going on, and upgrades and OSs cannot be changed on a whim. The version upgrade won’t happen for a few months.

I don’t believe using “sudo” is the problem.
I don’t believe using Ubuntu rather than Debian is the problem.

I could try without snap. It’s very much more complicated without snap.
Doint so would be an easy choice if someone tells me that it’s not possible to do what I want using snap.