Steps to reproduce
- Install ubuntu 18.04 LTS server
- Install apache2, PHP 7.2 & MySQL-Server 5.7.24
- create a new db user and database
- create a vHost with https Support (let’s encrypt)
- Install Owncloud X (10.0.10) via apt-get
- fill in the initial setup information
Expected behaviour
a login should be possible
Actual behaviour
a website which shows the message “Access denied” is displayed. The Apache error log shows the message
AH01071: Got error 'Access to the script '/var/www/owncloud/login' has been denied (see security.limit_extensions)\n', referer: https://my.domain.com
Server configuration
Operating system:
ubuntu 18.04. LTS Server
Web server:
Apache 2.4.29
<VirtualHost *:80>
ServerName my.domain.com
Redirect / https://my.domain.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName my.domain.com
ServerAdmin msc@keineantwort.de
DocumentRoot /var/www/owncloud
SSLCertificateFile /etc/letsencrypt/live/my.domain.comfullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my.domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Alias /owncloud "/var/www/owncloud/"
<Directory /var/www/owncloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/owncloud
SetEnv HTTP_HOME /var/www/owncloud
</Directory>
</VirtualHost>
</IfModule>
Database:
MySQL 5.7.24
PHP version:
7.2
ownCloud version: (see ownCloud admin page)
owncloud X 10.0.10
Updated from an older ownCloud or fresh install:
fresh install
Where did you install ownCloud from:
ubuntu Repository (apt-get install owncloud
Signing status (ownCloud 9.0 and above):
Access denied.
The content of config/config.php:
{
"system": {
"updatechecker": false,
"instanceid": "oc1rwddci890",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"owncloud.august.de"
],
"datadirectory": "\/media\/rsc8tb2\/owncloud_data",
"overwrite.cli.url": "https:\/\/owncloud.august.de",
"dbtype": "mysql",
"version": "10.0.10.4",
"dbname": "owncloud",
"dbhost": "localhost:3306",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"logtimezone": "UTC",
"installed": true
}
}
List of activated apps:
Enabled:
- comments: 0.3.0
- configreport: 0.1.1
- dav: 0.4.0
- federatedfilesharing: 0.3.1
- federation: 0.1.0
- files: 1.5.1
- files_external: 0.7.1
- files_sharing: 0.11.0
- files_trashbin: 0.9.1
- files_versions: 1.3.0
- files_videoplayer: 0.9.8
- firstrunwizard: 1.1
- market: 0.2.5
- notifications: 0.3.5
- provisioning_api: 0.5.0
- systemtags: 0.3.0
- updatenotification: 0.2.1
Disabled:
- encryption
- external
- user_external
Are you using external storage, if yes which one: local/smb/sftp/…
no
Are you using encryption: yes/no
did not configure it -> default
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…
no
Client configuration
Browser:
Chome 71
Operating system:
MacOS 10.13.2
Logs
Web server error log
[Fri Dec 28 10:52:44.446749 2018] [proxy_fcgi:error] [pid 4580:tid 140122544654080] [client 192.168.1.1:56119] AH01071: Got error 'Access to the script '/var/www/owncloud/login' has been denied (see security.limit_extensions)\n', referer: https://my.domain.com
[Fri Dec 28 11:23:21.894332 2018] [proxy_fcgi:error] [pid 4580:tid 140122678871808] [client 192.168.1.1:58461] AH01071: Got error 'Access to the script '/var/www/owncloud/core/js/oc.js' has been denied (see security.limit_extensions)\n'
[Fri Dec 28 11:23:37.727492 2018] [proxy_fcgi:error] [pid 4580:tid 140122687264512] [client 192.168.1.1:58486] AH01071: Got error 'Access to the script '/var/www/owncloud/settings/integrity/failed' has been denied (see security.limit_extensions)\n'
ownCloud log (data/owncloud.log)
empty