I hesitate to start a topic which wounds like it should just be a documentation page, but I am stumped after days trying to install NextCloud on a standard Ubuntu 18.04 server.
The server has one fixed IP address and already has multiple DNS names. Apache2 uses IP name based routing to serve the right thing for different hostnames. The name cloud.example.org correctly points to my IP address, as do several other domain names. The IP address, 130.200.1.70, below, is fictitious.
Below is what I am trying, and the failed result. I have success getting the login page for a simple http (non-https) site after the first step, but need to get the https working.
sudo snap install nextcloud
sudo nextcloud.manual-install myadmin mypasswerd
sudo nextcloud.occ config:system:set trusted_domains 1 --value=cloud.example.org
sudo nextcloud.occ config:system:get trusted_domains
# Create a virtual host for apache2's http site,
# ie a file in /etc/apache2/sites-enabled for cloud.example.org.
# That file starts with
# <VirtualHost 130.200.1.70:80>
# ServerName cloud.example.org
#
# What else should be in that file?! Or do I need to use a different port,
# and redirect this domain there??
sudo letsencrypt cloud.example.org
# Copy the certificate files somewhere where nextcloud can read them
sudo cp -a /etc/letsencrypt/live/cloud.example.org/*.pem /var/snap/nextcloud/current/
# Apply this certificate to the nextcloud server
cd /var/snap/nextcloud/current
sudo nextcloud.enable-https custom ./cert.pem ./privkey.pem ./chain.pem
# (Can now delete the copied pem files above)
# Now everything should work. But it does not.
# Browsing to http://cloud.mydomain.com or
# https://cloud.mydomain.com gives (for https case):
Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Apache/2.4.29 (Ubuntu) Server at cloud.example.org Port 443
Some checks:
$ sudo snap get nextcloud ports
Key Value
ports.http 80
ports.https 443
$ sudo snap info nextcloud
name: nextcloud
summary: Nextcloud Server - A safe home for all your data
publisher: Nextcloud✓
store-url: https://snapcraft.io/nextcloud
contact: https://github.com/nextcloud/nextcloud-snap
license: unset
description: |
Where are your photos and documents? With Nextcloud you pick a server of your choice, at home, in
a data center or at a provider. And that is where your files will be. Nextcloud runs on that
server, protecting your data and giving you access from your desktop or mobile devices. Through
Nextcloud you also access, sync and share your existing data on that FTP drive at school, a
Dropbox or a NAS you have at home.
commands:
- nextcloud.disable-https
- nextcloud.enable-https
- nextcloud.export
- nextcloud.import
- nextcloud.manual-install
- nextcloud.mysql-client
- nextcloud.mysqldump
- nextcloud.occ
services:
nextcloud.apache: simple, enabled, inactive
nextcloud.mdns-publisher: simple, enabled, active
nextcloud.mysql: simple, enabled, active
nextcloud.nextcloud-cron: simple, enabled, active
nextcloud.nextcloud-fixer: simple, enabled, active
nextcloud.php-fpm: simple, enabled, active
nextcloud.redis-server: simple, enabled, active
nextcloud.renew-certs: simple, enabled, active
...
One more note. The following simple sequence works perfectly for bringing up Nextcloud service at https://cloud.example.org:9003:
sudo snap remove nextcloud
sudo snap install nextcloud
sudo nextcloud.manual-install myadmin mpasswerd
sudo snap set nextcloud ports.http=9002
sudo snap set nextcloud ports.https=9003
sudo nextcloud.occ config:system:set trusted_domains 1 --value=cloud.example.org
sudo cp /etc/letsencrypt/live/cloud.example.org/cert.pem /etc/letsencrypt/live/cloud.example.org/privkey.pem /etc/letsencrypt/live/cloud.example.org/chain.pem /var/snap/nextcloud/current/
cd /var/snap/nextcloud/current/
sudo nextcloud.enable-https custom cert.pem privkey.pem chain.pem
However, I don’t want to have to include a port number when sharing the server URL.
So the task remains to get Apache to forward requests on ports 80 and 443 to either localhost:9003 or cloud.example.org:9003 while making everyone happy with certificates and rewrite engines or whatever.