Closed alex9434 closed 4 years ago
stefan-niedermann
commented
4 years ago Can you provide logs from the browser console and from the nextcloud logging?
Do you have any browser extensions enabled which might blocking requests like adblocker (and disable them to try if it works without them)?
alex9434
commented
4 years ago hi @stefan-niedermann I have disabled tracking protection in FireFox and uBlock Origin for the Nextcloud site. I have also tried the site in Chrome without any adblockers with the same result.
Here is the result from the FireFox Web Console:
Content Security Policy: Directive ‘child-src’ has been deprecated. Please use directive ‘worker-src’ to control workers, or directive ‘frame-src’ to control frames respectively.
Content Security Policy: The page's settings blocked the loading of a resource at eval ("script-src").
Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src"). common.js:2:316
JQMIGRATE: Migrate is installed, version 1.4.1 jquery-migrate.min.js:2:551
oc_config is deprecated: use OC.config instead globals.js:26:15
The script from “https://***deleted***/apps/files/” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
notes
SyntaxError: expected expression, got '<'Here is the log from Chrome:
QMIGRATE: Migrate is installed, version 1.4.1
globals.js:26 oc_config is deprecated: use OC.config instead
He @ globals.js:26
get @ globals.js:52
mounted @ App.vue:97
Wt @ vue.esm.js:1863
rn @ vue.esm.js:4222
insert @ vue.esm.js:3148
A @ vue.esm.js:6351
(anonymous) @ vue.esm.js:6570
t._update @ vue.esm.js:3948
r @ vue.esm.js:4069
mn.get @ vue.esm.js:4482
mn @ vue.esm.js:4471
(anonymous) @ vue.esm.js:4076
On.$mount @ vue.esm.js:9057
On.$mount @ vue.esm.js:11953
t._init @ vue.esm.js:5021
On @ vue.esm.js:5088
(anonymous) @ init.js:41
n @ bootstrap:19
(anonymous) @ bootstrap:83
(anonymous) @ notifications.js:1
(index):1 Uncaught SyntaxError: Unexpected token '<'I have enable logging in config.php:
<?php
$CONFIG = array (
'debug' => true,
...However, the file data/nextcloud.log does has filesize 0. Nginx error log is also empty.
korelstar
commented
4 years ago It looks like there is a problem with your Nextcloud installation in general. Does any other app work?
Content Security Policy: Directive ‘child-src’ has been deprecated. Please use directive ‘worker-src’ to control workers, or directive ‘frame-src’ to control frames respectively.
Content Security Policy: The page's settings blocked the loading of a resource at eval ("script-src").
Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src"). common.js:2:316This means that your Content Security Policy configuration in nginx is wrong and some JavaScript code was blocked due to this. Please have a look at the Nextcloud documentation to fix this.
The script from “https://***deleted***/apps/files/” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
notes
SyntaxError: expected expression, got '<'This means, that a JavaScript file was not delivered correctly. It looks that a JavaScript file contains HTML code instead of JavaScript. This could be caused by a wrong server configuration which leads to delivering an error message (in HTML) instead of the original JavaScript. You could have a look in the browser's Network console in order to see what the server is exactly delivering to the browser.
alex9434
commented
4 years ago Hi @korelstar, that is strange. The other apps (talk, onlyoffice) seem to work. I followed the instructions of
https://docs.nextcloud.com/server/17/admin_manual/installation/nginx.html
for installing nextcloud in a subdirectory. The only change I did was to delete the SSL stuff because the SSL termination is done by a seperate NGINX instance as reverse proxy. To eliminate issues with SSL termination, I opened the website directly in http bypassing the reverse proxy. I got the same errors:
Content Security Policy: Directive ‘child-src’ has been deprecated. Please use directive ‘worker-src’ to control workers, or directive ‘frame-src’ to control frames respectively.
Content Security Policy: The page's settings blocked the loading of a resource at eval ("script-src").
Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src"). common.js:2:316
Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.
notes
JQMIGRATE: Migrate is installed, version 1.4.1 jquery-migrate.min.js:2:551
oc_config is deprecated: use OC.config instead globals.js:26:15
The script from “http://nextcloud.lan/nextcloud/apps/files/” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
notes
SyntaxError: expected expression, got '<'
notes.js:1So the issue must be the configuration of this server. Here is a printout of nginx -T:
# configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
# configuration file /etc/nginx/modules-enabled/10-mod-http-ndk.conf:
load_module modules/ndk_http_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-auth-pam.conf:
load_module modules/ngx_http_auth_pam_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-cache-purge.conf:
load_module modules/ngx_http_cache_purge_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-dav-ext.conf:
load_module modules/ngx_http_dav_ext_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-echo.conf:
load_module modules/ngx_http_echo_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-fancyindex.conf:
load_module modules/ngx_http_fancyindex_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf:
load_module modules/ngx_http_geoip_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-headers-more-filter.conf:
load_module modules/ngx_http_headers_more_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-lua.conf:
load_module modules/ngx_http_lua_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-perl.conf:
load_module modules/ngx_http_perl_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-subs-filter.conf:
load_module modules/ngx_http_subs_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-uploadprogress.conf:
load_module modules/ngx_http_uploadprogress_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-upstream-fair.conf:
load_module modules/ngx_http_upstream_fair_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-nchan.conf:
load_module modules/ngx_nchan_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# configuration file /etc/nginx/sites-enabled/nextcloud:
upstream php-handler {
server unix:/run/php/php7.3-fpm.sock;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
#set_real_ip_from 192.168.1.1;
#real_ip_header X-Forwarded-For;
#real_ip_header proxy_protocol;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass php-handler;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
}
location /.well-known/acme-challenge { }
location ^~ /nextcloud {
root /usr/local/share;
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 6;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location /nextcloud {
rewrite ^ /nextcloud/index.php;
}
location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ ^\/nextcloud\/.+[^\/]\.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /nextcloud/index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended
# to have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read
# into this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Referrer-Policy "no-referrer" always;
#add_header X-Content-Type-Options "nosniff" always;
#add_header X-Download-Options "noopen" always;
#add_header X-Frame-Options "SAMEORIGIN" always;
#add_header X-Permitted-Cross-Domain-Policies "none" always;
#add_header X-Robots-Tag "none" always;
#add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ ^\/nextcloud\/.+[^\/]\.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /nextcloud/index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
#include snippets/onlyofficeds.conf
}
# configuration file /etc/nginx/snippets/fastcgi-php.conf:
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;
# configuration file /etc/nginx/fastcgi.conf:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
# configuration file /etc/nginx/fastcgi_params:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;Can you spot anything that might cause the issue? Any help would be appreciated.
korelstar
commented
4 years ago I've no experience with nginx, so the Nextcloud forum would be the better place to discuss the server configuration.
But before, one question: What is the source for your Notes app installation (appstore, git, ..)? And please check if the file apps/notes/js/notes.js exists and what exactly the server delivers for the request on that file when opening the notes app (using the browser's network console).
alex9434
commented
4 years ago Hi @korelstar, that was it. For some reason there was no js-directory. I therefore downloaded the new 3.0.3 version and extracted it to the apps2 folder. Everything seems to be working now!
I still get some errors in the web console:
Content Security Policy: Directive ‘child-src’ has been deprecated. Please use directive ‘worker-src’ to control workers, or directive ‘frame-src’ to control frames respectively.
Content Security Policy: The page's settings blocked the loading of a resource at eval ("script-src").
Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src"). common.js:2:316
JQMIGRATE: Migrate is installed, version 1.4.1 jquery-migrate.min.js:2:551
oc_config is deprecated: use OC.config instead globals.js:26:15
@babel/polyfill is loaded more than once on this page. This is probably not desirable/intended and may have consequences if different versions of the polyfills are applied sequentially. If you do need to load the polyfill more than once, use @babel/polyfill/noConflict instead to bypass the warning. notes.js:843:82883
New search handler registered search.js:67:12
Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.
notes
The escapeHTML library is deprecated! It will be removed in nextcloud 19.Is there anything in there that I still need to solve or is it safe to ignore these issues?
korelstar
commented
4 years ago I think you should fix the Content Security Policy thing and switch to https (both with behalf of the documentation or forum), but the other log entries are for developers.
Describe the bug Blank screen with only the top menu (see screenshot). No option to add/edit notes.
To Reproduce Fresh install of notes on NC17 with PHP 7.3, Postgresql 9.6 and NGINX on Debian.
Server (please complete the following information):
Client (please complete the following information):
Log files No entries in log file, however I have set 'debug' => true