help me Nextcloud

[ludji49]

DietPi Version | ```cat /DietPi/dietpi/.version 6.32.2 SBC Device (EG: RPi 3) Power supply used (EG: 5v 1A RAVpower) yes SD card used EG: Sandisk ultra 32 Go Distro (EG: Jessie) | François

hello for a few days I can no longer open nextcloud could - you help me thank you

[MichaIng]

Many thanks for your report.

Please paste the output of the following command:

journalctl -u apache2

[ludji49]

here is the newspaper

[Joulinar]

Looks like you have SSL/HTTPS enabled but there is no certificate found. If needed try to recreate the certificate.

[ludji49]

Looks like you have SSL/HTTPS enabled but there is no certificate found. If needed try to recreate the certificate.

how? can you explain me

[Joulinar]

did you used something like Let’s Encrypt to create the certificate before? And do you need SSL/HTTPS?

[MichaIng]

Also it is the default-ssl.conf that is enabled, not the one that Certbot would place (000-default-le-ssl.conf), so probably that config got accidentally enabled? Solution would be:

a2dissite default-ssl
systemctl restart apache2

[ludji49]

I did what you told me.

[ludji49]

ADMIN edit: I removed you screen print because it contains personal data (web site address). Pls mask personal data, always. Joulinar

[Joulinar]

pls can you post again

journalctl -u apache2

BTW: without SSL/HTTPS your system is reachable via HTTP only. Pls ensure you are using HTTP instead of HTTPS.

Pls run dietpi-letsencrypt ff you like to enable HTTPS again

[ludji49]

[ludji49]

[Joulinar]

ok looks like Apache is running now, as well you created the certificate? Are you able to access NextCloud from local network?

And pls remove your domain name from the screen shots

[ludji49]

how to find my local network

[MichaIng]

Try to access your Nextcloud now from a computer or mobile phone that is in the same LAN or WLAN as your Nextcloud server (=local network), respectively from you home.

[Joulinar]

and you should use the same IP address (192.168.x.x) to connect, like you use to access your system via SSH (putty).

[ludji49]

I can't access the site all the time

[MichaIng]

Okay lets check the binary error log:

tail -10 /var/log/apache2/error.log

If this is empty, please restart Apache (systemctl restart apache2), try to access Nextcloud to trigger the 50X error and run the above log tail again.

And lets check the Nextcloud logs:

tail -10 /mnt/dietpi_userdata/nextcloud_data/nextcloug.log

@Joulinar The webroot btw is Nextcloud itself in this case: https://github.com/MichaIng/DietPi/issues/1554 Probably this was not the best idea considering the confusion/additional effort on support requests.

Another thing that confuses me is the missing ServerName directive, as we explicitly set it that time: https://github.com/MichaIng/DietPi/issues/1554#issuecomment-368225992 @ludji49 Did you change something in the meantime, flashed new DietPi, upgraded the distribution or such? Probably we should get an overview about which Apache2 configs and sites are actually enabled:

ls -al /etc/apache2/{conf,sites}-enabled/*.conf

[ludji49]

[ludji49]

[ludji49]

I only changed my internet box and since then I have no more access to the site.

[MichaIng]

I only changed my internet box and since then I have no more access to the site.

I guess then you simply need to recreate the port forwarding rules? Did you try to access your Nextcloud via plain IP address instead of domain name? Most browsers will at least throw a warning since you enabled HSTS and certificates do not support IP addresses reasonably, but you should be able to ignore this warning to access Nextcloud.

Btw, since you use PuTTY to access your console:

• Do not create screenshots.
• Instead select the relevant lines within the PuTTY window, so that they are highlighted. This will automatically copy the text into your clipboard.
• Then go to GitHub and hit ctrl + v keys to paste the content.
• Then, in GitHub, select the lines again and hit the < >/Insert code button to make the logs nicely readable, like:

  2020-09-30 13:42:21 root@micha:/var/log# ls -al /etc/apache2/{conf,sites}-enabled/*.conf
  lrwxrwxrwx 1 root root 42 Sep 17 03:16 /etc/apache2/conf-enabled/dietpi-dav_redirect.conf -> ../conf-available/dietpi-dav_redirect.conf
  lrwxrwxrwx 1 root root 28 Sep 17 03:35 /etc/apache2/conf-enabled/micha.conf -> ../conf-available/micha.conf
  lrwxrwxrwx 1 root root 42 Sep 17 03:44 /etc/apache2/sites-enabled/000-default-le-ssl.conf -> ../sites-available/000-default-le-ssl.conf
  lrwxrwxrwx 1 root root 40 Sep 17 03:16 /etc/apache2/sites-enabled/dietpi-nextcloud.conf -> ../sites-available/dietpi-nextcloud.conf

[ludji49]

even with the local ip address this site is inaccessible

[Joulinar]

Port 80 is forwarded as UDP. Pls can you forward it as TCP. Same like port 443.

[ludji49]

this website is inaccessible

[MichaIng]

What is the exact error message the browser shows when you connect via local IP? As said, due to HSTS, it is expected that it at least throws a warning, probably blocks access completely.

And yes, TCP port is required, UDP protocol forwarding can actually be removed.

About Nextcloud log, I see in the old threads that yours is stored at a different location, please paste:

tail -10 /datastore/nextcloud.log

And to rule out the ServerName directive as issue:

G_CONFIG_INJECT 'ServerName' 'ServerName nextcloud-myweb.ddns.net' /etc/apache2/apache2.conf 'DocumentRoot'
sed -i '/^[[:blank:]]*ServerName/c\ServerName nextcloud-myweb.ddns.net' /etc/apache2/sites-available/000-default.conf
sed -i '/^[[:blank:]]*ServerName/c\ServerName nextcloud-myweb.ddns.net' /etc/apache2/sites-available/000-default-le-ssl.conf

And actually, since something has changed inside, lets review the Apache2 config:

cat /etc/apache2/apache2.conf

[ludji49]

:~# cat /etc/apache2/apache2.conf
Mutex file:${APACHE_LOCK_DIR} default

PidFile ${APACHE_PID_FILE}

Timeout 60

KeepAlive On

MaxKeepAliveRequests 20

KeepAliveTimeout 5

User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

HostnameLookups Off

ErrorLog ${APACHE_LOG_DIR}/error.log

LogLevel error

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf

<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        DirectoryIndex index.php index.html
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

AccessFileName .htaccess

<FilesMatch "^\.ht">
        Require all denied
</FilesMatch>

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" v                                               host_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combine                                               d
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
root@DietPi:~#

[MichaIng]

Ah I forgot that we set DocumentRoot via vhost only, hence the following should work:

G_CONFIG_INJECT 'ServerName' 'ServerName nextcloud-myweb.ddns.net' /etc/apache2/apache2.conf 'HostnameLookups'

Can you also paste the content of the vhosts:

cat /etc/apache2/sites-available/000-default{,-le-ssl}.conf

And the nextcloud.log tail, wherever it's stored, in your Nextcloud data directory.

[ludji49]

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
root@DietPi:~# G_CONFIG_INJECT 'ServerName' 'ServerName nextcloud-myweb.ddns.net' /etc/apache2/apache2.conf 'HostnameLookups'
[  OK  ] G_CONFIG_INJECT | Added setting ServerName nextcloud-myweb.ddns.net to /etc/apache2/apache2.conf after line HostnameLookups Off
root@DietPi:~# cat /etc/apache2/sites-available/000-default{,-le-ssl}.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
        ServerName nextcloud-myweb.ddns.net
        Redirect permanent / https://nextcloud-myweb.ddns.net/
DocumentRoot /var/www/nextcloud

        #CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
        ServerName nextcloud-myweb.ddns.net
        ServerName nextcloud-myweb.ddns.net
DocumentRoot /var/www/nextcloud

        ErrorLog ${APACHE_LOG_DIR}/error.log
        #CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/nextcloud-myweb.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud-myweb.ddns.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000"
</VirtualHost>
</IfModule>
root@DietPi:~#

[MichaIng]

Okay, that looks all correct. There is a doubled ServerName directive in /etc/apache2/sites-available/000-default-le-ssl.conf but that does not cause issues.

If you don't know where your Nextcloud data dir is located, search for the log file:

find / -name nextcloud.log

And to exclude PHP/Nextcloud internal issues, you could do the following:

echo success > /var/www/nextcloud/index.htm

Then try to access this file via local IP address, like: https://192.168.1.100/index.htm (replace the IP withe the true local IP of your server) And also try it from console:

curl -ILk https://192.168.1.100/index.htm

[ludji49]

Access from an unapproved domain Please contact your administrator. If you are an administrator, edit the variable "trusted_domains" in the config/config.php file as the example in the config/config.sample.php file.

Further information on configuration can be found in the documentation .

[ludji49]

root@DietPi:~# curl -ILk https://192.168.0.00/index.htm
HTTP/1.1 400 Bad Request
Date: Wed, 30 Sep 2020 16:12:24 GMT
Server: Apache/2.4.25 (Raspbian)
Strict-Transport-Security: max-age=31536000
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block
Set-Cookie: oc5cbhxlsgns=jcuf35dc1n173dc9e5i3e8p2mj; path=/; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: oc_sessionPassphrase=HXqI4TvBwJPA74nmPYPnZIAtVUt7rFm%2FvgdjBYhOeECplhc0awTakY6Lxc8dwDFFULI8EZQ1BTiTSnSACwEqQMvfhBzM                          Xj7uENDMbQytZKkHg3yvW82wTL2PJaub5jy1; path=/; secure; HttpOnly
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-cFR4QjNCbFE4dlBydmQ5cXhMZkNJdzRaU1NvaDljRXF0YVBwNkdHT0tyb                          z06NUZFT25WQTJ3TWU1K0xBRHNmU1JkenBnSjBRVmdvcDZqY21kaFFPNlRPaz0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data                          : blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Set-Cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=stric                          t
Connection: close
Content-Type: text/html; charset=UTF-8

root@DietPi:~#

[MichaIng]

Okay so far so good, the webserver reacts as expected. Let's now check the same with domain:

curl -ILk https://nextcloud-myweb.ddns.net/index.htm

[Joulinar]

@MichaIng If I'm not mistaken, webserver is reachable again according this post https://github.com/MichaIng/DietPi/issues/3798#issuecomment-701491019

[ludji49]

does not work

 DietPi Team     : MichaIng (lead), Daniel Knight (founder), Joulinar (support)
 Web             : https://dietpi.com | https://twitter.com/DietPi_
 Patreon Legends : Bryce
 Donate          : https://dietpi.com/#donate
 DietPi Hosting  : Powered by https://myvirtualserver.com

 dietpi-launcher : All the DietPi programs in one place.
 dietpi-config   : Feature rich configuration tool for your device.
 dietpi-software : Select optimized software for installation.
 htop            : Resource monitor.
 cpu             : Shows CPU information and stats.

root@DietPi:~# curl -ILk https://nextcloud-myweb.ddns.net/index.htm
curl: (7) Failed to connect to nextcloud-myweb.ddns.net port 443: Connexion terminée par expiration du délai d'at                   tente
root@DietPi:~#

[MichaIng]

Then this is an issue with your router connection or port forwarding. Please try to follow the recommendation of Joulinar and remove the port 80 UDP forwarding and replace it with port 80 TCP.

Also check your No-IP account. I remember one needs to login at their web UI every 30 days manually? And check the client state: systemctl status noip2

[ludji49]

 dietpi-launcher : All the DietPi programs in one place.
 dietpi-config   : Feature rich configuration tool for your device.
 dietpi-software : Select optimized software for installation.
 htop            : Resource monitor.
 cpu             : Shows CPU information and stats.

root@DietPi:~# systemctl status noip2
● noip2.service - noip2
   Loaded: loaded (/etc/systemd/system/noip2.service; disabled; vendor preset: e
nabled)
   Active: active (running) since Wed 2020-09-30 13:42:56 CEST; 16h a
go
  Process: 860 ExecStart=/usr/local/bin/noip2 (code=exited, status=0/SUCCESS)
 Main PID: 861 (noip2)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/noip2.service
           └─861 /usr/local/bin/noip2

sept. 30 13:42:56 DietPi systemd[1]: Starting noip2...
sept. 30 13:42:56 DietPi noip2[861]: v2.1.9 daemon started with NAT enabled
sept. 30 13:42:56 DietPi systemd[1]: Started noip2.
sept. 30 13:42:59 DietPi noip2[861]: No user '' found at dynupdate.no-ip
.com.
sept. 30 14:13:19 DietPi noip2[861]: Can't gethostbyname for dynupdate.n
o-ip.com
sept. 30 14:13:19 DietPi noip2[861]: Can't get our visible IP address fr
om ip1.dynupdate.no-ip.com
root@DietPi:~#

[ludji49]

can the error come from ip? because I'm not the same ip since I've changed my place of residence

The server is unable to execute your request.

If this happens again, please send the technical details below to the server administrator.

The server log file may provide more information.

Technical details Remote address: 192.168.0... Application ID: A..............................

[Joulinar]

can you login to NoIP website and check status of your account

[MichaIng]

The No-IP client was definitely not able to report your IP, hence your domain is pointing to a wrong IP, which explains all the issues. Please redo the No-IP client config:

mkdir -p /usr/local/etc
noip2 -C
# ... follow the instructions
systemctl restart noip2

EDIT: And yes, as well login into your No-IP account at their website, to refresh the 30 days timeout.

[ludji49]

root@DietPi:~# systemctl restart noip2
root@DietPi:~# mkdir -p /usr/local/etc
root@DietPi:~# noip2 -C

Configuration file '/usr/local/etc/no-ip2.conf' is in use by process 7474.
Ending!

root@DietPi:~# # ... follow the instructions
root@DietPi:~# systemctl restart noip2
root@DietPi:~#

[MichaIng]

systemctl stop noip2
noip2 -C
systemctl start noip2

[ludji49]

 dietpi-launcher : All the DietPi programs in one place.
 dietpi-config   : Feature rich configuration tool for your device.
 dietpi-software : Select optimized software for installation.
 htop            : Resource monitor.
 cpu             : Shows CPU information and stats.

root@DietPi:~# systemctl stop noip2
root@DietPi:~# noip2 -C

Auto configuration for Linux client of no-ip.com.

Please enter the login/email string for no-ip.com

[MichaIng]

Yes go ahead to reconfigure the client with your No-IP account credentials. The errors before indicated that this information was somehow lost.

[ludji49]

I have modified my ip

[Joulinar]

Ok for me it's working now and I'm able to connect to your Nextcloud installation.

[ludji49]

The server is unable to execute your request.

If this happens again, please send the technical details below to the server administrator.

The server log file may provide more information.

Technical details Remote address: 192.168.0.254 Application ID: GTB23136MkqsAUytOFxd

[Joulinar]

Can you check all services running

dietpi-service status

[ludji49]

 dietpi-launcher : All the DietPi programs in one place.
 dietpi-config   : Feature rich configuration tool for your device.
 dietpi-software : Select optimized software for installation.
 htop            : Resource monitor.
 cpu             : Shows CPU information and stats.

root@DietPi:~# dietpi-service status
-bash: dietpi-service : commande introuvable
root@DietPi:~#

[Joulinar]

sorry my fault.

dietpi-services status

[MichaIng]

That is a Nextcloud-internal error, we need the Nextcloud logs to identify those. I forgot the CLI which makes it easy to see the last log entries. Please run and paste the output of: ncc log:tail dietpi-services status is good as well, just to be sure.