[How-To] ownCloud using NGINX, PHP-FPM, and MySQL

[luckyal]

pkg install ffmpeg

So after running this command I'm no longer able to access Nextcloud either via LAN or WAN. Any ideas?

 

[Jailer]

So after running this command I'm no longer able to access Nextcloud either via LAN or WAN. Any ideas?

Start a new thread, this one has nothing to do with your problem.

 

[luckyal]

Start a new thread, this one has nothing to do with your problem.

What do you mean this thread doesn't have anything to do with my problem? I followed the directions of the OP and ended up where I am now.

 

[Jailer]

ffmpg has nothing to do with this tutorial, this tutorial is how to install owncloud/nextcloud. Start a new thread.

 

[Michael Sparks]

@Joshua Parker Ruehlig
Wanted to switch my nextcloud server to "pretty url" (without URL/nextcloud) I see documentation for owncloud regarding the usual stack, but not nginx php-fpm mysql. I tried following https://doc.owncloud.org/server/10.0/admin_manual/installation/changing_the_web_route.html
I have already changed
'overwrite.cli.url' => 'http://localhost/', in /usr/www/owncloud/config/config.php

But realize I need to change something in nginx config (just do not know what).

www.myURL.com returns

"
403 Forbidden
nginx/1.12.1"

My nginx.conf

Code:

worker_processes 4;

events {
	worker_connections 1024;
}

http {
	include	 mime.types;
	default_type application/octet-stream;
	sendfile		off;
	keepalive_timeout 65;
gzip off;

	server {
		listen 80 default_server;
		listen [::]:80 default_server;
	 #enforce https
		server_name 192.168.12.11; #IP Address or URL
		return 301 https://$server_name$request_uri;
		 }

	server {
		listen 444 ssl http2 default_server;
		listen [::]:444 ssl http2 default_server;
		server_name <www.myURL.com>;
		include ssl_common.conf;

		client_body_in_file_only clean;
		client_body_buffer_size 32K;

		# set max upload size
		client_max_body_size 5000M;

		# Add headers to serve security related headers
		# Before enabling Strict-Transport-Security headers please read into this
		# topic first.
		# add_header Strict-Transport-Security "max-age=15768000;
		# includeSubDomains; preload;";
		add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;

		root /usr/local/www;
		location = /robots.txt { allow all; access_log off; log_not_found off; }
		location = /favicon.ico { access_log off; log_not_found off; }

		location ^~ /nextcloud {
			error_page 403 /nextcloud/core/templates/403.php;
			error_page 404 /nextcloud/core/templates/404.php;
			location /nextcloud {
				rewrite ^ /nextcloud/index.php$request_uri;
			}
			location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|dat
				deny all;
			}
			location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
				deny all;
			}
			location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|sta
				fastcgi_split_path_info ^(.+\.php)(/.*)$;
				include fastcgi_params;
				fastcgi_pass unix:/var/run/php-fpm.sock;
				fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
				fastcgi_param PATH_INFO $fastcgi_path_info;
				fastcgi_param front_controller_active true;
				fastcgi_intercept_errors on;
			}
			location ~* \.(?:css|js|woff|svg|gif)$ {
				try_files $uri /nextcloud/index.php$request_uri;
				add_header Cache-Control max-age=15778463;
			}
			location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
				try_files $uri /nextcloud/index.php$request_uri;
			}

		}
	}
}

Nextcloud config.php
/usr/local/www/nextcloud/config/config.php.

Code:

<?php
$CONFIG = array (
  'instanceid' => 'ocl7uj4jtgaf',
  'passwordsalt' => 'I5XGv/uudE/aGEoCn+D7ML7LVKzpvy',
  'secret' => '/cXKcpsISKUbyffUmyDIiC1M2kFs37az0v4hLTCwQqayl9dc',
  'trusted_domains' =>
  array (
	0 => '192.168.12.11',
	1 => 'www.myURL.com',
  ),
  'datadirectory' => '/mnt/Nextcloud',
  'overwrite.cli.url' => 'http://localhost/',
  'dbtype' => 'mysql',
  'version' => '12.0.3.3',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost:/tmp/mysql.sock',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => '',
  'dbpassword' => '',
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
	'host' => '/tmp/redis.sock',
	'port' => 0,
  ),
  'updater.release.channel' => 'stable',
  'theme' => '',
  'loglevel' => 2,
  'maintenance' => false,
);

Any help would be appreciated.

 

[artimess]

Could someone please tell me where and what I should change to overcome file size limit. When I try to upload I get the error that the file is too large.

I tried to use nextcloud .htaccess and .user.ini but did not do the job. Their examples are mostly tuned for apache and not ngnix

Thanks in advance.

 

[Yakje]

For some reason i am getting a promt like this when i execute the following command
make config-recursive install -C /usr/ports/databases/pecl-redis
:


Just before it goes to this prompt it says:


I tried deleting the jail multiple times and start all over, but it keeps showing up.

 

[Jailer]

Yeah it's supposed to do that. That's the config file where you select the options you want to install it with. If you want defaults just keep hitting ok and it will build the package.

 

[Yakje]

Yeah it's supposed to do that. That's the config file where you select the options you want to install it with. If you want defaults just keep hitting ok and it will build the package.

Thanks Jailer! i thought it was not supposed to show me that promt :p
So now i went through all the steps, but instead of owncloud i installed Nextcloud 12.0.3 using

Code:

fetch "https://download.nextcloud.com/server/releases/nextcloud-12.0.3.tar.bz2"

. Although whenever i try to open Nextcloud at the jail IP, in my case "192.168.0.13" it shows me the following:


I located the Nginx log, which gives me the following output:
2017/11/09 17:50:53 [crit] 62828#101341: *1 connect() to unix:/var/run/php-fpm.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.0.100, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.sock:", host: "192.168.0.13"
2017/11/09 18:03:05 [crit] 62828#101341: *6 connect() to unix:/var/run/php-fpm.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.0.100, server: , request: "GET /nextcloud HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.sock:", host: "192.168.0.13"

This is my Nginx config file (i used the one Joshua posted here):

Show : nginx.conf

Code:

worker_processes 2;

events {
	worker_connections  1024;
}

http {
	include	  mime.types;
	default_type  application/octet-stream;
	sendfile		off;
	keepalive_timeout  65;
	gzip off;

	server {
		root /usr/local/www/nextcloud;
		location = /robots.txt { allow all; access_log off; log_not_found off; }
		location = /favicon.ico { access_log off; log_not_found off; }
		location ^~ / {
			index index.php;
			try_files $uri $uri/ /index.php$is_args$args;
			fastcgi_intercept_errors on;
			error_page 403 /core/templates/403.php;
			error_page 404 /core/templates/404.php;
			client_max_body_size 512M;
			location ~ ^/(?:\.|data|config|db_structure\.xml|README) {
				deny all;
			}
			location ~ \.php(?:$|/) {
				fastcgi_split_path_info ^(.+\.php)(/.*)$;
				fastcgi_pass unix:/var/run/php-fpm.sock;
				fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
				fastcgi_param PATH_INFO $fastcgi_path_info;
				include fastcgi_params;
				fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
			}
			location ~* \.(?:jpg|gif|ico|png|css|js|svg)$ {
				expires 30d; add_header Cache-Control public;
			}
			location ^~ /data {
				internal;
				alias /mnt/files;
			}
		}
	}
}

This is my www conf file:

Show : www.conf

Code:

; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[www]

; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr/local) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;	   will be used.
user = www
group = www

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'	- to listen on a TCP socket to a specific IPv4 address on
;							a specific port;
;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
;							a specific port;
;   'port'				 - to listen on a TCP socket to all addresses
;							(IPv6 and IPv4-mapped) on a specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php-fpm.sock

; Set listen(2) backlog.
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 511

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
;				 mode is set to 0660
listen.owner = www
listen.group = www
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =

; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1

; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
;	   - The pool processes will inherit the master process priority
;		 unless it specified otherwise
; Default Value: no set
; process.priority = -19

; Choose how the process manager will control the number of child processes.
; Possible Values:
;   static  - a fixed number (pm.max_children) of child processes;
;   dynamic - the number of child processes are set dynamically based on the
;			 following directives. With this process management, there will be
;			 always at least 1 children.
;			 pm.max_children	  - the maximum number of children that can
;									be alive at the same time.
;			 pm.start_servers	 - the number of children created on startup.
;			 pm.min_spare_servers - the minimum number of children in 'idle'
;									state (waiting to process). If the number
;									of 'idle' processes is less than this
;									number then some children will be created.
;			 pm.max_spare_servers - the maximum number of children in 'idle'
;									state (waiting to process). If the number
;									of 'idle' processes is greater than this
;									number then some children will be killed.
;  ondemand - no children are created at startup. Children will be forked when
;			 new requests will connect. The following parameter are used:
;			 pm.max_children		   - the maximum number of children that
;										 can be alive at the same time.
;			 pm.process_idle_timeout   - The number of seconds after which
;										 an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic

; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 5

; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 2

; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 1

; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 3

; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;

; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500

; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
;   pool				 - the name of the pool;
;   process manager	  - static, dynamic or ondemand;
;   start time		   - the date and time FPM has started;
;   start since		  - number of seconds since FPM has started;
;   accepted conn		- the number of request accepted by the pool;
;   listen queue		 - the number of request in the queue of pending
;						  connections (see backlog in listen(2));
;   max listen queue	 - the maximum number of requests in the queue
;						  of pending connections since FPM has started;
;   listen queue len	 - the size of the socket queue of pending connections;
;   idle processes	   - the number of idle processes;
;   active processes	 - the number of active processes;
;   total processes	  - the number of idle + active processes;
;   max active processes - the maximum number of active processes since FPM
;						  has started;
;   max children reached - number of times, the process limit has been reached,
;						  when pm tries to start more children (works only for
;						  pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
;   pool:				 www
;   process manager:	  static
;   start time:		   01/Jul/2011:17:53:49 +0200
;   start since:		  62636
;   accepted conn:		190460
;   listen queue:		 0
;   max listen queue:	 1
;   listen queue len:	 42
;   idle processes:	   4
;   active processes:	 11
;   total processes:	  15
;   max active processes: 12
;   max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
;   http://www.foo.bar/status
;   http://www.foo.bar/status?json
;   http://www.foo.bar/status?html
;   http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
;   http://www.foo.bar/status?full
;   http://www.foo.bar/status?json&full
;   http://www.foo.bar/status?html&full
;   http://www.foo.bar/status?xml&full
; The Full status returns for each process:
;   pid				  - the PID of the process;
;   state				- the state of the process (Idle, Running, ...);
;   start time		   - the date and time the process has started;
;   start since		  - the number of seconds since the process has started;
;   requests			 - the number of requests the process has served;
;   request duration	 - the duration in µs of the requests;
;   request method	   - the request method (GET, POST, ...);
;   request URI		  - the request URI with the query string;
;   content length	   - the content length of the request (only with POST);
;   user				 - the user (PHP_AUTH_USER) (or '-' if not set);
;   script			   - the main script called (or '-' if not set);
;   last request cpu	 - the %cpu the last request consumed
;						  it's always 0 if the process is not in Idle state
;						  because CPU calculation is done when the request
;						  processing has terminated;
;   last request memory  - the max amount of memory the last request consumed
;						  it's always 0 if the process is not in Idle state
;						  because memory calculation is done when the request
;						  processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
;   ************************
;   pid:				  31330
;   state:				Running
;   start time:		   01/Jul/2011:17:53:49 +0200
;   start since:		  63087
;   requests:			 12808
;   request duration:	 1250261
;   request method:	   GET
;   request URI:		  /test_mem.php?N=10000
;   content length:	   0
;   user:				 -
;   script:			   /home/fat/web/docs/php/test_mem.php
;   last request cpu:	 0.00
;   last request memory:  0
;
; Note: There is a real-time FPM status monitoring sample web page available
;	   It's available in: /usr/local/share/php/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
;	   anything, but it may not be a good idea to use the .php extension or it
;	   may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status

; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
;	   anything, but it may not be a good idea to use the .php extension or it
;	   may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping

; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong

; The access log file
; Default: not set
;access.log = log/$pool.access.log

; The access log format.
; The following syntax is allowed
;  %%: the '%' character
;  %C: %CPU used by the request
;	  it can accept the following format:
;	  - %{user}C for user CPU only
;	  - %{system}C for system CPU only
;	  - %{total}C  for user + system CPU (default)
;  %d: time taken to serve the request
;	  it can accept the following format:
;	  - %{seconds}d (default)
;	  - %{miliseconds}d
;	  - %{mili}d
;	  - %{microseconds}d
;	  - %{micro}d
;  %e: an environment variable (same as $_ENV or $_SERVER)
;	  it must be associated with embraces to specify the name of the env
;	  variable. Some exemples:
;	  - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
;	  - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
;  %f: script filename
;  %l: content-length of the request (for POST request only)
;  %m: request method
;  %M: peak of memory allocated by PHP
;	  it can accept the following format:
;	  - %{bytes}M (default)
;	  - %{kilobytes}M
;	  - %{kilo}M
;	  - %{megabytes}M
;	  - %{mega}M
;  %n: pool name
;  %o: output header
;	  it must be associated with embraces to specify the name of the header:
;	  - %{Content-Type}o
;	  - %{X-Powered-By}o
;	  - %{Transfert-Encoding}o
;	  - ....
;  %p: PID of the child that serviced the request
;  %P: PID of the parent of the child that serviced the request
;  %q: the query string
;  %Q: the '?' character if query string exists
;  %r: the request URI (without the query string, see %q and %Q)
;  %R: remote IP address
;  %s: status (response code)
;  %t: server time the request was received
;	  it can accept a strftime(3) format:
;	  %d/%b/%Y:%H:%M:%S %z (default)
;	  The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
;	  e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
;  %T: time the log has been written (the request has finished)
;	  it can accept a strftime(3) format:
;	  %d/%b/%Y:%H:%M:%S %z (default)
;	  The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
;	  e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
;  %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"

; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow

; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0

; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0

; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024

; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0

; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
;	   possible. However, all PHP paths will be relative to the chroot
;	   (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =

; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www

; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes

; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no

; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7

; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
;   php_value/php_flag			 - you can set classic ini defines which can
;									be overwritten from PHP call 'ini_set'.
;   php_admin_value/php_admin_flag - these directives won't be overwritten by
;									 PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.

; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.

; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr/local)

; Default Value: nothing is defined by default except the values in php.ini and
;				specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M

 

[Yakje]

I just restarted the whole jail and now the nextcloud configuration screen pops up whenever i go to my jails ip "http://192.168.0.13" :D
Now there is a problem connecting to the database though, this is the error:


I am sure i did enter the following commands, so i have no clue why it's not working:

Code:

mysql -e "CREATE DATABASE nextcloud;"
mysql -e "GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY 'mypass';"
mysql -e "FLUSH PRIVILEGES;"

Is there a way to test what could be causing the connection to fail?

 

[adrianwi]

Did you change the 'nextcloud' (i.e. user) or 'mypass' (i.e. password) on the 2nd line of the code block?

 

[Yakje]

Did you change the 'nextcloud' (i.e. user) or 'mypass' (i.e. password) on the 2nd line of the code block?

Well i ran the code block before running

mysql_secure_installation

It seems like you have to run

mysql_secure_installation

first and then run

mysql -e "CREATE DATABASE nextcloud;"
mysql -e "GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY 'mypass';"
mysql -e "FLUSH PRIVILEGES;"

Atleast that worked for me, got it up and running now

 

[adrianwi]

Lol. Always helps to install before configuring :D

 

[Yakje]

Lol. Always helps to install before configuring :D

Hehe i guess so. I just followed the guide from Joshua on the 1st page, that told me to do otherwise. But i probably screwed it up at some point myself

 

[Yakje]

Nextcloud is up and running, however according to Nextcloud there are still a few errors i need to fix.

Whenever i check the logs it says:
Error PHP Redis::connect(): connect() failed: Unspecified error at /usr/local/www/nextcloud/lib/private/RedisFactory.php#82
i checked line 82 in the Redisfactory.php which is:

Code:

$this->instance->connect($host, $port, $timeout);

And the admin panel is telling me to fix these:
The PHP OPcache is not properly configured. For better performance we recommend to use following settings in the php.ini:
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

Do i actually need to change these settings or should i just leave them as they are?

 

[artimess]

Could someone please help me to understand what is wrong with my nginx config.
I am trying to create certificate using certbot. If I use staging option it works but when I use --webroot
I get the following error, my conf file is also posted at the end of this message.:

Code:

root@mycloud:/usr/local/etc/nginx # certbot certonly --webroot -w /usr/local/www/owncloud -d noealpha.hd.free.fr
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /usr/local/etc/letsencrypt/renewal/noealpha.hd.free.fr.conf)

What would you like to do?
-------------------------------------------------------------------------------
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for noealpha.hd.free.fr
Using the webroot path /usr/local/www/owncloud for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. noealpha.hd.free.fr (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [FPqY81RCgt35r78BxhsvpJh0SmzeVGDHgZNdK5kRE6A.hKAOkSwS1i9WimHVbyjNu8n6LvJ0yE1t1e3cgAotsNQ] != []

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: noealpha.hd.free.fr
   Type:   unauthorized
   Detail: The key authorization file from the server did not match
   this challenge
   [FPqY81RCgt35r78BxhsvpJh0SmzeVGDHgZNdK5kRE6A.hKAOkSwS1i9WimHVbyjNu8n6LvJ0yE1t1e3cgAotsNQ]
   != []

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
root@mycloud:/usr/local/etc/nginx # certbot certonly --staging -w /usr/local/www/owncloud -d noealpha.hd.free.fr
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /usr/local/etc/letsencrypt/renewal/noealpha.hd.free.fr.conf)

What would you like to do?
-------------------------------------------------------------------------------
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for noealpha.hd.free.fr
Using the webroot path /usr/local/www/owncloud for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /usr/local/etc/letsencrypt/live/noealpha.hd.free.fr/fullchain.pem
   Your key file has been saved at:
   /usr/local/etc/letsencrypt/live/noealpha.hd.free.fr/privkey.pem
   Your cert will expire on 2018-02-09. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"

my config file:

Code:

# Change the following line to match the number of threads you have ###
worker_processes 2;

events {
	worker_connections  1024;
}

http {
	include	  mime.types;
	default_type  application/octet-stream;
	log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
	access_log  logs/access.log  main;
	sendfile		off;
	#keepalive_timeout  0;
	keepalive_timeout  65;
	gzip off;


	server {
		listen 80;
		## Change the following line to match your environment ###
		server_name noealpha.hd.free.fr;
		root /usr/local/www/owncloud;
		add_header X-Frame-Options "SAMEORIGIN"; # Prevent Clickacking


		error_page 403 = /core/templates/403.php;
		error_page 404 = /core/templates/404.php;

		rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
		rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
		rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

		location = /robots.txt { allow all; access_log off; log_not_found off; }
		location = /favicon.ico { access_log off; log_not_found off; }

		location ^~ / {
			index index.php;
			try_files $uri $uri/ /index.php?$args;
			client_max_body_size 2048M;

			location ~ ^/(?:\.|data|config|db_structure\.xml|README) {
				deny all;
			}

			location ~ \.php(?:$|/) {
				fastcgi_split_path_info ^(.+\.php)(/.+)$;
				fastcgi_pass unix:/var/run/php-fpm.sock;
				fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
				fastcgi_param PATH_INFO $fastcgi_path_info;
				include fastcgi_params;
				fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
			}

			location ~* \.(?:jpg|gif|ico|png|css|js|svg)$ {
				expires max; add_header Cache-Control public;
			}

			location ^~ /data {
				internal;
				## Change the following line to match your environment ###
				alias /mnt/owncloudstorage;
			}
		}
	}
}
 

root@mycloud:/usr/local/etc/nginx #
d

 

[Jailer]

It says right in what youve posted that you already have a cert for your domain. You also dont have your server listening on port 443. You’ll never get an encrypted response until you do.

 

[artimess]

It says right in what youve posted that you already have a cert for your domain. You also dont have your server listening on port 443. You’ll never get an encrypted response until you do.

I added the ssl portion, still I get the same error. Here is new config and the message

Code:

root@mycloud:~ # certbot certonly --webroot -w /usr/local/www/owncloud -d noealpha.hd.free.fr

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator webroot, Installer None

Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.

(ref: /usr/local/etc/letsencrypt/renewal/noealpha.hd.free.fr.conf)
What would you like to do?

-------------------------------------------------------------------------------

1: Keep the existing certificate for now

2: Renew & replace the cert (limit ~5 per 7 days)

-------------------------------------------------------------------------------

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Renewing an existing certificate

Performing the following challenges:

http-01 challenge for noealpha.hd.free.fr

Using the webroot path /usr/local/www/owncloud for all unmatched domains.

Waiting for verification...

Cleaning up challenges

Failed authorization procedure. noealpha.hd.free.fr (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://noealpha.hd.free.fr/.well-known/acme-challenge/oFemN_Ph2H0S7snpToPj9lZh3qylnn0clE0MSLSZyCk: "<!doctype html>

<html>

<head>
	<title>Example Domain</title>
	<meta charset="utf-8" />
	<meta http-equiv="Content-type"

IMPORTANT NOTES:

 - The following errors were reported by the server:
  Domain: noealpha.hd.free.fr
  Type:   unauthorized

  Detail: Invalid response from

  http://noealpha.hd.free.fr/.well-known/acme-challenge/oFemN_Ph2H0S7snpToPj9lZh3qylnn0clE0MSLSZyCk:

  "<!doctype html>

  <html>

  <head>
	  <title>Example Domain</title>
	  <meta charset="utf-8" />
	  <meta http-equiv="Content-type"

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

# Change the following line to match the number of threads you have ###

worker_processes 2;
events {

worker_connections 1024;

}


http {

include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
access_log logs/access.log main;

sendfile off;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip off;

#SSL
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
ssl_prefer_server_ciphers on;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;

server {
listen 80;
### Change the following two lines to match your environment ###
server_name noealpha.hd.free.fr;
return 301 https://example.com$request_uri;
add_header X-Frame-Options "SAMEORIGIN"; # Prevent Clickjacking
}


server {

listen 443 ssl;
## Change the following line to match your environment ###
server_name noealpha.hd.free.fr;
root /usr/local/www/owncloud;
add_header X-Frame-Options "SAMEORIGIN"; # Prevent Clickacking


## Change the following lines to match your environment ###

# SSL Settings

ssl_certificate /usr/local/etc/letsencrypt/live/noealpha.hd.free.fr/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/noealpha.hd.free.fr/privkey.pem;
add_header Strict-Transport-Security "max-age=16070400; includeSubdomains"; # Force the use of SSL
error_page 403 = /core/templates/403.php;
error_page 404 = /core/templates/404.php;

rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
location = /robots.txt { allow all; access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location ^~ / {
index index.php;
try_files $uri $uri/ /index.php?$args;
client_max_body_size 2048M;

location ~ ^/(?:\.|data|config|db_structure\.xml|README) {
deny all;
}
location ~ \.php(?:$|/) {

fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
}

location ~* \.(?:jpg|gif|ico|png|css|js|svg)$ {
expires max; add_header Cache-Control public;
}
location ^~ /data {
internal;
## Change the following line to match your environment ###
alias /mnt/owncloudstorage;
}
}
}
}

 

[Jailer]

Add this below your ssl config.

Code:

location ~ /.well-known {
				allow all;

 

[artimess]

Add this below your ssl config.

Code:

location ~ /.well-known {
				allow all;

I did, still being refused: here is what I get know. And sincerely do appreciate your help.

Code:

p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff} p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo; color: #000000; background-color: #ffffff; min-height: 13.0px} span.s1 {font-variant-ligatures: no-common-ligatures}

 - The following errors were reported by the server:
  Domain: noealpha.hd.free.fr
  Type:   unauthorized
  Detail: Invalid response from
  http://noealpha.hd.free.fr/.well-known/acme-challenge/VQuTmSPOAwXRLPitX2NBulVc3oHmnrqlksxN1LU1Rzs:
  "<!doctype html>
  <html>
  <head>
	  <title>Example Domain</title>
	  <meta charset="utf-8" />
	  <meta http-equiv="Content-type"

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.