Unable to reach Nextcloud

Out of the blue, my Nextcloud doesn’t seem to be working. I cannot connect to the website and my syncing software is saying no connection.

The Nextcloud is running on Ubuntu 18.04 with Nginx, php7.2 fpm I believe. For months it worked without having to go in the terminal until now. When I tried to reach the page, I got the following.

image1039×463 19.9 KB

I switched off Cloudflare and then got this

image838×534 11.3 KB

I don’t know where my log files are, I’ve used this to install with sudo snap install nextcloud

And when I try snap info nextcloud
I get the following,

summary:   Nextcloud Server - A safe home for all your data
publisher: Nextcloud✓
store-url: https://snapcraft.io/nextcloud
contact:   https://github.com/nextcloud/nextcloud-snap
license:   unset
description: |
  Where are your photos and documents? With Nextcloud you pick a server of your choice, at home, in
  a data center or at a provider. And that is where your files will be. Nextcloud runs on that
  server, protecting your data and giving you access from your desktop or mobile devices. Through
  Nextcloud you also access, sync and share your existing data on that FTP drive at school, a
  Dropbox or a NAS you have at home.
commands:
  - nextcloud.disable-https
  - nextcloud.enable-https
  - nextcloud.export
  - nextcloud.import
  - nextcloud.manual-install
  - nextcloud.mysql-client
  - nextcloud.mysqldump
  - nextcloud.occ
services:
  nextcloud.apache:          simple, enabled, inactive
  nextcloud.mdns-publisher:  simple, enabled, active
  nextcloud.mysql:           simple, enabled, active
  nextcloud.nextcloud-cron:  simple, enabled, active
  nextcloud.nextcloud-fixer: simple, enabled, active
  nextcloud.php-fpm:         simple, enabled, active
  nextcloud.redis-server:    simple, enabled, active
  nextcloud.renew-certs:     simple, enabled, active
snap-id:      njObIbGQEaVx1H4nyWxchk1i8opy4h54
tracking:     latest/stable
refresh-date: 13 days ago, at 03:29 UTC
channels:
  latest/stable:    18.0.4snap1       2020-04-25 (20498) 243MB -
  latest/candidate: ↑                                          
  latest/beta:      ↑                                          
  latest/edge:      master-2020-05-08 2020-05-08 (20776) 247MB -
  18/stable:        18.0.4snap1       2020-04-25 (20498) 243MB -
  18/candidate:     ↑                                          
  18/beta:          ↑                                          
  18/edge:          18-2020-05-08     2020-05-08 (20771) 244MB -
  17/stable:        17.0.6snap1       2020-05-03 (20616) 229MB -
  17/candidate:     ↑                                          
  17/beta:          ↑                                          
  17/edge:          17-2020-05-08     2020-05-08 (20770) 229MB -
  16/stable:        16.0.9snap1       2020-05-03 (20623) 225MB -
  16/candidate:     ↑                                          
  16/beta:          ↑                                          
  16/edge:          16-2020-05-08     2020-05-08 (20767) 225MB -
  15/stable:        15.0.14snap1      2020-01-20 (18374) 216MB -
  15/candidate:     ↑                                          
  15/beta:          ↑                                          
  15/edge:          ↑                                          
  14/stable:        14.0.10snap1      2019-05-04 (13208) 202MB -
  14/candidate:     ↑                                          
  14/beta:          ↑                                          
  14/edge:          ↑                                          
  13/stable:        13.0.12snap1      2019-05-03 (13155) 193MB -
  13/candidate:     ↑                                          
  13/beta:          ↑                                          
  13/edge:          ↑                                          
  12/stable:        12.0.13snap1      2019-01-07 (10632) 206MB -
  12/candidate:     ↑                                          
  12/beta:          ↑                                          
  12/edge:          ↑                                          
  11/stable:        11.0.8snap1       2018-05-10  (6942) 202MB -
  11/candidate:     ↑                                          
  11/beta:          ↑                                          
  11/edge:          ↑                                          
installed:          18.0.4snap1                  (20498) 243MB -

I don’t know how to approach this. It seems like an SSL error.

Also my nginx config,

upstream php-handler {
    server 127.0.0.1:9000;
    #server unix:/var/run/php/php7.2-fpm.sock;
}

server {
    listen 80;
    listen [::]:80;
    server_name cloud.nlrp.xyz;
    # enforce https
    return 301 https://$server_name:443$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name cloud.example.com;

    # Use Mozilla's guidelines for SSL/TLS settings
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
    # NOTE: some settings below might be redundant
   # ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
   # ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    #
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header Referrer-Policy no-referrer;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /var/www/nextcloud;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

    # The following rule is only needed for the Social app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;

    location = /.well-known/carddav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    location / {
        rewrite ^ /index.php;
    }

    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
        deny all;
    }
    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;
        # Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        # Enable pretty urls
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
        try_files $uri/ =404;
        index index.php;
    }

    # Adding the cache control header for js, css and map files
    # Make sure it is BELOW the PHP block
    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into
        # this topic first.
        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        add_header Referrer-Policy no-referrer;

        # Optional: Don't log access to assets
        access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
        try_files $uri /index.php$request_uri;
        # Optional: Don't log access to other assets
        access_log off;
    }
}

I thought this was interesting,

root /var/www/nextcloud;

I went to /var/www/nextcloud but the nextcloud folder doesn’t exist. It was never deleted so I don’t know if that matters.

Also here are some files,

image736×592 9.2 KB

Looks like these are where the php files are located,

image820×641 36.1 KB

Hello,
We need more logs. For exemple in /var/log/nginx/error.log

There isn’t a ssl certificate in your Nginx config.
And when I try to reach your Nextcloud there is no ssl certificate delivered

This is what I get when trying sudo nextcloud.enable-https lets-encrypt

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: cloud.nlrp.xyz
   Type:   connection
   Detail: Fetching
   https://cloud.nlrp.xyz:443/.well-known/acme-challenge/kn5EtSCVrZ9WzhFzHRxFE9JbFfB_M6HpIyocj7UJ0mU:
   Error getting validation data

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

There has to be some disconnect between nginx and nextcloud.

Trying snap info nextcloud, it now says
nextcloud.apache: simple, enabled, active
so something must’ve changed, I am not even using Apache.

Run netstat -lntp and see if your server is listening on ports 80 and 443.

Have you rebooted it?

image1011×175 14.2 KB

I have rebooted it a couple times

Then I would say something is wrong with nginx because it isn’t listening on 443.

Tried it again and now it’s listening

image1022×172 15.6 KB

Still getting this when I try sudo nextcloud.enable-https lets-encrypt

image989×537 41.1 KB

Hold on… you said you’re using the snap version, which uses Apache, but you’re saying you use nginx, not configured as a reverse proxy.

You appear to be running two conflicting web servers.

I believe I am using the snap version, never installed Apache. It has been working for months. The issue seems to be an SSL error and if I fix that maybe it will all work? And it’s fighting me all the way when trying to do the SSL

Also I tried to deactivate the nginx config for the nextcloud and point the domain over to a simple html website, which doesnt work as well (seems like it times out)

image850×627 9.28 KB

Your first post showed that you have the snap with Apache and that it wasn’t running. And the reason it isn’t running is it probably crashed because nginx has taken its ports.

I didn’t know that was Apache, I thought it was all done through Nginx. If I uninstall Nginx, would I have to reinstall apache?

I don’t know when or why nginx was installed, but unless it’s providing a reverse proxy, there is no need for it.

Make it sense to use Cloudflare? Perhaps for millions of same downloads but for normal users with different data? I do not know.