MichaIng / DietPi

Lightweight justice for your single-board computer!
https://dietpi.com/
GNU General Public License v2.0
4.89k stars 498 forks source link

help me Nextcloud #3798

Closed ludji49 closed 3 years ago

ludji49 commented 4 years ago

DietPi Version | ```cat /DietPi/dietpi/.version 6.32.2 SBC Device (EG: RPi 3) Power supply used (EG: 5v 1A RAVpower) yes SD card used EG: Sandisk ultra 32 Go Distro (EG: Jessie) | François

hello for a few days I can no longer open nextcloud could - you help me thank you

InkedCapture_LI

MichaIng commented 4 years ago

Many thanks for your report.

Please paste the output of the following command:

journalctl -u apache2
ludji49 commented 4 years ago

here is the newspaper

Capture

Joulinar commented 4 years ago

Looks like you have SSL/HTTPS enabled but there is no certificate found. If needed try to recreate the certificate.

ludji49 commented 4 years ago

Looks like you have SSL/HTTPS enabled but there is no certificate found. If needed try to recreate the certificate.

how? can you explain me

Joulinar commented 4 years ago

did you used something like Let’s Encrypt to create the certificate before? And do you need SSL/HTTPS?

MichaIng commented 4 years ago

Also it is the default-ssl.conf that is enabled, not the one that Certbot would place (000-default-le-ssl.conf), so probably that config got accidentally enabled? Solution would be:

a2dissite default-ssl
systemctl restart apache2
ludji49 commented 4 years ago

I did what you told me.

Capture

ludji49 commented 4 years ago

ADMIN edit: I removed you screen print because it contains personal data (web site address). Pls mask personal data, always. Joulinar

Joulinar commented 4 years ago

pls can you post again

journalctl -u apache2

BTW: without SSL/HTTPS your system is reachable via HTTP only. Pls ensure you are using HTTP instead of HTTPS.

Pls run dietpi-letsencrypt ff you like to enable HTTPS again

ludji49 commented 4 years ago

Capture

ludji49 commented 4 years ago

Capture

Joulinar commented 4 years ago

ok looks like Apache is running now, as well you created the certificate? Are you able to access NextCloud from local network?

And pls remove your domain name from the screen shots

ludji49 commented 4 years ago

how to find my local network

MichaIng commented 4 years ago

Try to access your Nextcloud now from a computer or mobile phone that is in the same LAN or WLAN as your Nextcloud server (=local network), respectively from you home.

Joulinar commented 4 years ago

and you should use the same IP address (192.168.x.x) to connect, like you use to access your system via SSH (putty).

ludji49 commented 4 years ago

I can't access the site all the time

MichaIng commented 4 years ago

Okay lets check the binary error log:

tail -10 /var/log/apache2/error.log

If this is empty, please restart Apache (systemctl restart apache2), try to access Nextcloud to trigger the 50X error and run the above log tail again.

And lets check the Nextcloud logs:

tail -10 /mnt/dietpi_userdata/nextcloud_data/nextcloug.log

@Joulinar The webroot btw is Nextcloud itself in this case: https://github.com/MichaIng/DietPi/issues/1554 Probably this was not the best idea considering the confusion/additional effort on support requests.

Another thing that confuses me is the missing ServerName directive, as we explicitly set it that time: https://github.com/MichaIng/DietPi/issues/1554#issuecomment-368225992 @ludji49 Did you change something in the meantime, flashed new DietPi, upgraded the distribution or such? Probably we should get an overview about which Apache2 configs and sites are actually enabled:

ls -al /etc/apache2/{conf,sites}-enabled/*.conf
ludji49 commented 4 years ago

Capture

ludji49 commented 4 years ago

Capture

ludji49 commented 4 years ago

I only changed my internet box and since then I have no more access to the site.

MichaIng commented 4 years ago

I only changed my internet box and since then I have no more access to the site.

I guess then you simply need to recreate the port forwarding rules? Did you try to access your Nextcloud via plain IP address instead of domain name? Most browsers will at least throw a warning since you enabled HSTS and certificates do not support IP addresses reasonably, but you should be able to ignore this warning to access Nextcloud.

Btw, since you use PuTTY to access your console:

ludji49 commented 4 years ago

even with the local ip address this site is inaccessible

Capture

Joulinar commented 4 years ago

Port 80 is forwarded as UDP. Pls can you forward it as TCP. Same like port 443.

ludji49 commented 4 years ago

this website is inaccessible

MichaIng commented 4 years ago

What is the exact error message the browser shows when you connect via local IP? As said, due to HSTS, it is expected that it at least throws a warning, probably blocks access completely.

And yes, TCP port is required, UDP protocol forwarding can actually be removed.

About Nextcloud log, I see in the old threads that yours is stored at a different location, please paste:

tail -10 /datastore/nextcloud.log

And to rule out the ServerName directive as issue:

G_CONFIG_INJECT 'ServerName' 'ServerName nextcloud-myweb.ddns.net' /etc/apache2/apache2.conf 'DocumentRoot'
sed -i '/^[[:blank:]]*ServerName/c\ServerName nextcloud-myweb.ddns.net' /etc/apache2/sites-available/000-default.conf
sed -i '/^[[:blank:]]*ServerName/c\ServerName nextcloud-myweb.ddns.net' /etc/apache2/sites-available/000-default-le-ssl.conf

And actually, since something has changed inside, lets review the Apache2 config:

cat /etc/apache2/apache2.conf
ludji49 commented 4 years ago
:~# cat /etc/apache2/apache2.conf
Mutex file:${APACHE_LOCK_DIR} default

PidFile ${APACHE_PID_FILE}

Timeout 60

KeepAlive On

MaxKeepAliveRequests 20

KeepAliveTimeout 5

User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

HostnameLookups Off

ErrorLog ${APACHE_LOG_DIR}/error.log

LogLevel error

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf

<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        DirectoryIndex index.php index.html
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

AccessFileName .htaccess

<FilesMatch "^\.ht">
        Require all denied
</FilesMatch>

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" v                                               host_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combine                                               d
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
root@DietPi:~#
MichaIng commented 4 years ago

Ah I forgot that we set DocumentRoot via vhost only, hence the following should work:

G_CONFIG_INJECT 'ServerName' 'ServerName nextcloud-myweb.ddns.net' /etc/apache2/apache2.conf 'HostnameLookups'

Can you also paste the content of the vhosts:

cat /etc/apache2/sites-available/000-default{,-le-ssl}.conf

And the nextcloud.log tail, wherever it's stored, in your Nextcloud data directory.

ludji49 commented 4 years ago
# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
root@DietPi:~# G_CONFIG_INJECT 'ServerName' 'ServerName nextcloud-myweb.ddns.net' /etc/apache2/apache2.conf 'HostnameLookups'
[  OK  ] G_CONFIG_INJECT | Added setting ServerName nextcloud-myweb.ddns.net to /etc/apache2/apache2.conf after line HostnameLookups Off
root@DietPi:~# cat /etc/apache2/sites-available/000-default{,-le-ssl}.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
        ServerName nextcloud-myweb.ddns.net
        Redirect permanent / https://nextcloud-myweb.ddns.net/
DocumentRoot /var/www/nextcloud

        #CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
        ServerName nextcloud-myweb.ddns.net
        ServerName nextcloud-myweb.ddns.net
DocumentRoot /var/www/nextcloud

        ErrorLog ${APACHE_LOG_DIR}/error.log
        #CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/nextcloud-myweb.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud-myweb.ddns.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000"
</VirtualHost>
</IfModule>
root@DietPi:~#
MichaIng commented 4 years ago

Okay, that looks all correct. There is a doubled ServerName directive in /etc/apache2/sites-available/000-default-le-ssl.conf but that does not cause issues.

If you don't know where your Nextcloud data dir is located, search for the log file:

find / -name nextcloud.log

And to exclude PHP/Nextcloud internal issues, you could do the following:

echo success > /var/www/nextcloud/index.htm

Then try to access this file via local IP address, like: https://192.168.1.100/index.htm (replace the IP withe the true local IP of your server) And also try it from console:

curl -ILk https://192.168.1.100/index.htm
ludji49 commented 4 years ago

Access from an unapproved domain Please contact your administrator. If you are an administrator, edit the variable "trusted_domains" in the config/config.php file as the example in the config/config.sample.php file.

Further information on configuration can be found in the documentation .

Capture

ludji49 commented 4 years ago
root@DietPi:~# curl -ILk https://192.168.0.00/index.htm
HTTP/1.1 400 Bad Request
Date: Wed, 30 Sep 2020 16:12:24 GMT
Server: Apache/2.4.25 (Raspbian)
Strict-Transport-Security: max-age=31536000
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block
Set-Cookie: oc5cbhxlsgns=jcuf35dc1n173dc9e5i3e8p2mj; path=/; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: oc_sessionPassphrase=HXqI4TvBwJPA74nmPYPnZIAtVUt7rFm%2FvgdjBYhOeECplhc0awTakY6Lxc8dwDFFULI8EZQ1BTiTSnSACwEqQMvfhBzM                          Xj7uENDMbQytZKkHg3yvW82wTL2PJaub5jy1; path=/; secure; HttpOnly
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-cFR4QjNCbFE4dlBydmQ5cXhMZkNJdzRaU1NvaDljRXF0YVBwNkdHT0tyb                          z06NUZFT25WQTJ3TWU1K0xBRHNmU1JkenBnSjBRVmdvcDZqY21kaFFPNlRPaz0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data                          : blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Set-Cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=stric                          t
Connection: close
Content-Type: text/html; charset=UTF-8

root@DietPi:~#
MichaIng commented 4 years ago

Okay so far so good, the webserver reacts as expected. Let's now check the same with domain:

curl -ILk https://nextcloud-myweb.ddns.net/index.htm
Joulinar commented 4 years ago

@MichaIng If I'm not mistaken, webserver is reachable again according this post https://github.com/MichaIng/DietPi/issues/3798#issuecomment-701491019

ludji49 commented 4 years ago

does not work


 DietPi Team     : MichaIng (lead), Daniel Knight (founder), Joulinar (support)
 Web             : https://dietpi.com | https://twitter.com/DietPi_
 Patreon Legends : Bryce
 Donate          : https://dietpi.com/#donate
 DietPi Hosting  : Powered by https://myvirtualserver.com

 dietpi-launcher : All the DietPi programs in one place.
 dietpi-config   : Feature rich configuration tool for your device.
 dietpi-software : Select optimized software for installation.
 htop            : Resource monitor.
 cpu             : Shows CPU information and stats.

root@DietPi:~# curl -ILk https://nextcloud-myweb.ddns.net/index.htm
curl: (7) Failed to connect to nextcloud-myweb.ddns.net port 443: Connexion terminée par expiration du délai d'at                   tente
root@DietPi:~#
MichaIng commented 4 years ago

Then this is an issue with your router connection or port forwarding. Please try to follow the recommendation of Joulinar and remove the port 80 UDP forwarding and replace it with port 80 TCP.

Also check your No-IP account. I remember one needs to login at their web UI every 30 days manually? And check the client state: systemctl status noip2

ludji49 commented 4 years ago
 dietpi-launcher : All the DietPi programs in one place.
 dietpi-config   : Feature rich configuration tool for your device.
 dietpi-software : Select optimized software for installation.
 htop            : Resource monitor.
 cpu             : Shows CPU information and stats.

root@DietPi:~# systemctl status noip2
● noip2.service - noip2
   Loaded: loaded (/etc/systemd/system/noip2.service; disabled; vendor preset: e
nabled)
   Active: active (running) since Wed 2020-09-30 13:42:56 CEST; 16h a
go
  Process: 860 ExecStart=/usr/local/bin/noip2 (code=exited, status=0/SUCCESS)
 Main PID: 861 (noip2)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/noip2.service
           └─861 /usr/local/bin/noip2

sept. 30 13:42:56 DietPi systemd[1]: Starting noip2...
sept. 30 13:42:56 DietPi noip2[861]: v2.1.9 daemon started with NAT enabled
sept. 30 13:42:56 DietPi systemd[1]: Started noip2.
sept. 30 13:42:59 DietPi noip2[861]: No user '' found at dynupdate.no-ip
.com.
sept. 30 14:13:19 DietPi noip2[861]: Can't gethostbyname for dynupdate.n
o-ip.com
sept. 30 14:13:19 DietPi noip2[861]: Can't get our visible IP address fr
om ip1.dynupdate.no-ip.com
root@DietPi:~#
ludji49 commented 4 years ago

can the error come from ip? because I'm not the same ip since I've changed my place of residence

The server is unable to execute your request.

If this happens again, please send the technical details below to the server administrator.

The server log file may provide more information.

Technical details Remote address: 192.168.0... Application ID: A..............................

Joulinar commented 4 years ago

can you login to NoIP website and check status of your account

MichaIng commented 4 years ago

The No-IP client was definitely not able to report your IP, hence your domain is pointing to a wrong IP, which explains all the issues. Please redo the No-IP client config:

mkdir -p /usr/local/etc
noip2 -C
# ... follow the instructions
systemctl restart noip2

EDIT: And yes, as well login into your No-IP account at their website, to refresh the 30 days timeout.

ludji49 commented 4 years ago
root@DietPi:~# systemctl restart noip2
root@DietPi:~# mkdir -p /usr/local/etc
root@DietPi:~# noip2 -C

Configuration file '/usr/local/etc/no-ip2.conf' is in use by process 7474.
Ending!

root@DietPi:~# # ... follow the instructions
root@DietPi:~# systemctl restart noip2
root@DietPi:~#
MichaIng commented 4 years ago
systemctl stop noip2
noip2 -C
systemctl start noip2
ludji49 commented 4 years ago

 dietpi-launcher : All the DietPi programs in one place.
 dietpi-config   : Feature rich configuration tool for your device.
 dietpi-software : Select optimized software for installation.
 htop            : Resource monitor.
 cpu             : Shows CPU information and stats.

root@DietPi:~# systemctl stop noip2
root@DietPi:~# noip2 -C

Auto configuration for Linux client of no-ip.com.

Please enter the login/email string for no-ip.com
MichaIng commented 4 years ago

Yes go ahead to reconfigure the client with your No-IP account credentials. The errors before indicated that this information was somehow lost.

ludji49 commented 4 years ago

I have modified my ip

Capture

Joulinar commented 4 years ago

Ok for me it's working now and I'm able to connect to your Nextcloud installation.

ludji49 commented 4 years ago

The server is unable to execute your request.

If this happens again, please send the technical details below to the server administrator.

The server log file may provide more information.

Technical details Remote address: 192.168.0.254 Application ID: GTB23136MkqsAUytOFxd Capture

Joulinar commented 4 years ago

Can you check all services running

dietpi-service status

ludji49 commented 4 years ago
 dietpi-launcher : All the DietPi programs in one place.
 dietpi-config   : Feature rich configuration tool for your device.
 dietpi-software : Select optimized software for installation.
 htop            : Resource monitor.
 cpu             : Shows CPU information and stats.

root@DietPi:~# dietpi-service status
-bash: dietpi-service : commande introuvable
root@DietPi:~#
Joulinar commented 4 years ago

sorry my fault.

dietpi-services status

MichaIng commented 4 years ago

That is a Nextcloud-internal error, we need the Nextcloud logs to identify those. I forgot the CLI which makes it easy to see the last log entries. Please run and paste the output of: ncc log:tail dietpi-services status is good as well, just to be sure.