Ubuntu 19.04 & nginx help

🚧 Installation
1

Pls help a noob. I’m trying to install nextcloud on a Hetzner VPS running Ubuntu 19.04 with an existing nginx installation. I have followed the guide here and all has gone well until I try to access my server using at ‘myserver.co.uk/nextcloud’ and I just get a 404 screen.

nginx is working for other applications setup in the config file as other locations, it’s just this one.

My install directory is ‘/usr/share/nginx/nextcloud’ which is set to user & group ‘www-data’. My nginx config looks like the below and is in the location: ‘/etc/nginx/sites-enabled/reverse’ I’d really appreciate any help you can give o help me access and start setting up this application which seems to be one of the most used self-hosted apps!

When I look at the nginx log I see the error:

2019/10/29 16:21:23 [error] 2374#2374: *75 open() "/usr/share/nginx/nexcloud/404.html" failed (2: No such file or directory), client: 162.158.154.214, server: , request: "GET /nextcloud HTTP/1.1",$

Really, really appreciate any help… I’ve been trying to solve ot for the last few days myself. But have realised I now need help.

nginx file:
upstream php-handler {
server 127.0.0.1:9000;
# server unix:/var/run/php/php7.2-fpm.sock;
}

server {

        listen 80 default_server;
        listen [::]:80 default_server;
    
        server_name myserver.co.uk 195.201.xx.xxx;
        return 301 https://$server_name$request_uri;
}
server {

 # SSL configuration

 listen 443 ssl http2 default_server;
 listen [::]:443 ssl http2 default_server;
 include /etc/nginx/snippets/strong-ssl.conf;
 ssl_certificate /etc/letsencrypt/live/myserver.co.uk/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/myserver.co.uk/privkey.pem;
 error_log    /var/log/nginx/myserver.co.uk.error.log;

# Root location
 root /usr/share/nginx/nexcloud/;
 
 # Add index.php to the list if you are using PHP
 index index.html index.htm index.nginx-debian.html;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
    #
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;
 
    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

 # Basic Auth to protect the site
 auth_basic "Restricted";
 auth_basic_user_file /etc/nginx/.htpasswd;

 # Change the client side error pages (4xx) to prevent some information disclosure
 error_page 401 403 404 /404.html;

 # First attempt to serve request as file, then as directory,
 # then fall back to displaying a 404.
 
# location / {
#          try_files $uri $uri/ =404;
# }
 
 # Deny access to .htaccess files, if Apache's document
 # root concurs with nginx's one
 
 location ~ /\.ht {
          deny all;
 }

# Let's Encrypt Webroot plugin location -- allow access

 location ^~ /.well-known/acme-challenge/ {
          auth_basic off;
          autoindex on;
       }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

#NextCloud

    location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
       return 301 $scheme://$host/remote.php/dav;
    }

     # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

#    error_page 403 /core/templates/403.php;
#    error_page 404 /core/templates/404.php;

    location /nextcloud {
       rewrite ^ /nextcloud/index.php;
    }

       

    location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
       deny all;
    }
    location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) {
      deny all;
     }

        location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
            fastcgi_split_path_info ^(.+?\.php)(/.*|)$;
            set $path_info $fastcgi_path_info;
            try_files $fastcgi_script_name =404;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $path_info;
            fastcgi_param HTTPS on;
            # Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            # Enable pretty urls
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }

        location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) {
            try_files $uri/ =404;
            index index.php;
        }

        # Adding the cache control header for js, css and map files
        # Make sure it is BELOW the PHP block
        location ~ ^\/nextcloud\/.+[^\/]\.(?:css|js|woff2?|svg|gif|map)$ {
            try_files $uri /nextcloud/index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers  (It is intended
            # to have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read
            # into this topic first.
            #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
            #
            # WARNING: Only add the preload option once you read about
            # the consequences in https://hstspreload.org/. This option
            # will add the domain to a hardcoded list that is shipped
            # in all major browsers and getting removed from this list
            # could take several months.
            add_header Referrer-Policy "no-referrer" always;
            add_header X-Content-Type-Options "nosniff" always;
            add_header X-Download-Options "noopen" always;
            add_header X-Frame-Options "SAMEORIGIN" always;
            add_header X-Permitted-Cross-Domain-Policies "none" always;
            add_header X-Robots-Tag "none" always;
            add_header X-XSS-Protection "1; mode=block" always;

            # Optional: Don't log access to assets
            access_log off;
        }

        location ~ ^\/nextcloud\/.+[^\/]\.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
            try_files $uri /nextcloud/index.php$request_uri;
            # Optional: Don't log access to other assets
            access_log off;
        }

.... next location
2

Hi,

Try commenting the following line and restarting nginx:

1 Like
3

Hmm. still no luck and getting the same nginx ‘404 Not Found’ when I access the page. However the log is now giving this error:

2019/10/29 18:51:56 [error] 1017#1017: *253 open() "/usr/share/nginx/nexcloud/favicon.ico" failed (2: No such file or directory), client: 162.158.158.106, server: , request: "GET /favicon.ico HTTP/1.1", host: "myserver.co.uk"

Looking in this directory, it’s right - there is no favicon.ico

4

I think the root-directive is wrong, since you want to run nextcloud in a subdirectory of webroot (and there is also obviously a typo - but that doesn’t matter, because it needs to be removed anyway).

Change

root /usr/share/nginx/nexcloud/;

to

root /usr/share/nginx;

and let nginx reload its configuration with

nginx -s reload
2 Likes
5

Progress??? Maybe.

BTW - Appreciate the super-quick support from you. Community help sites like this are just an awesome place. And a big thank you for not making me feel like an idiot. I’m sure there are some real ‘noob’ errors I’ve made. I’m trying to piece bits from the internet and tweaking to my needs.

a) yes, typo - can’t believe I missed that. What a wally!

b) tried those suggestions and now I get a ‘403 forbidden’ and logs are now showing:

2019/10/29 19:55:31 [error] 18030#18030: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 162.158.159.13, server: , request: "GET /nextcloud HTTP/1.1", upstream:$
2019/10/29 19:55:34 [error] 18030#18030: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 162.158.159.13, server: , request: "GET /nextcloud HTTP/1.1", upstream:$
2019/10/29 19:55:43 [error] 18030#18030: *9 directory index of "/usr/share/nginx/" is forbidden, client: 162.158.154.124, server: , request: "GET / HTTP/1.1", host: "myserver.co.uk"
1 Like
6

Check the listen directive in /etc/php/7.2/fpm/pool.d/www.conf, whether php-fpm is really listening on port 9000.

BTW: for performance-reasons I would recommend to use a socket file instead of a port. So I suggest to change that block in the nginx-config to

upstream php-handler {
   # server 127.0.0.1:9000;
   server unix:/var/run/php/php7.2-fpm.sock;
}

and in /etc/php/7.2/fpm/pool.d/www.conf` use

listen = /var/run/php/php7.2-fpm.sock

If you are using a different version of php-fpm, you need to adapt the path (e.g. exchange 7.2 with 7.3 or whatever version of php-fpm you did install).
Afterwards you need again to reload the nginx-configuration with nginx -s reload and to restart php-fpm with systemctl restart php7.2-fpm.service.

2 Likes
7

Thanks both… @Bernie_O Your help has been invaluable! I think the changes you made plus the fact I was running the nginx conf from a different directory to the nextcloud install (conf was in /etc/nginx’ but nextcloud was installed in ‘/usr/share/nginx/’) so I copied the data so it all ran from the same location and now I have the setup screen and am happily on my way to configuring. THANK YOU!!!

2 Likes