Hi guys,
I have the following problem:
I used to run owncloud with Apache but decided to move to nginx as I was using it for other services as well.
When accessing owncloud, I get: ERR_TOO_MANY_REDIRECTS
Testing with curl:
[root@server:~] # curl -I https://www.example.com/owncloud/index.php/login
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 11 Jul 2017 13:05:38 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/7.0.20
Set-Cookie: <redacted>; path=/owncloud; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: oc_sessionPassphrase=<redacted>; path=/owncloud; secure; HttpOnly
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *
Location: https://www.example.com/owncloud/index.php/login
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: nonenginx logs:
2017-07-11T13:08:12.038838712Z 172.17.0.1 - - [11/Jul/2017:13:08:12 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:12.126279135Z 172.17.0.1 - - [11/Jul/2017:13:08:12 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:12.215170922Z 172.17.0.1 - - [11/Jul/2017:13:08:12 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:12.299842449Z 172.17.0.1 - - [11/Jul/2017:13:08:12 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:12.384554276Z 172.17.0.1 - - [11/Jul/2017:13:08:12 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:12.456765009Z 172.17.0.1 - - [11/Jul/2017:13:08:12 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:12.551453891Z 172.17.0.1 - - [11/Jul/2017:13:08:12 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:12.640845620Z 172.17.0.1 - - [11/Jul/2017:13:08:12 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:12.729627535Z 172.17.0.1 - - [11/Jul/2017:13:08:12 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:12.803119594Z 172.17.0.1 - - [11/Jul/2017:13:08:12 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:12.897911686Z 172.17.0.1 - - [11/Jul/2017:13:08:12 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:12.984467704Z 172.17.0.1 - - [11/Jul/2017:13:08:12 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:13.068813309Z 172.17.0.1 - - [11/Jul/2017:13:08:13 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:13.161391458Z 172.17.0.1 - - [11/Jul/2017:13:08:13 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:13.245489414Z 172.17.0.1 - - [11/Jul/2017:13:08:13 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:13.352306593Z 172.17.0.1 - - [11/Jul/2017:13:08:13 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:13.433078938Z 172.17.0.1 - - [11/Jul/2017:13:08:13 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:13.511978130Z 172.17.0.1 - - [11/Jul/2017:13:08:13 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:13.585847890Z 172.17.0.1 - - [11/Jul/2017:13:08:13 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:13.668548916Z 172.17.0.1 - - [11/Jul/2017:13:08:13 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:13.742487980Z 172.17.0.1 - - [11/Jul/2017:13:08:13 +0000] "GET /owncloud/index.php/apps/files/ HTTP/2.0" 302 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
2017-07-11T13:08:14.426523012Z 2017/07/11 13:08:14 [error] 14#14: *623 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 172.17.0.1, server: www.example.com, request: "GET /owncloud/status.php HTTP/1.1", upstream: "fastcgi://172.17.0.9:9000", host: "www.example.com"
2017-07-11T13:08:14.427029572Z 2017/07/11 13:08:14 [error] 14#14: *623 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 172.17.0.1, server: www.example.com, request: "GET /owncloud/status.php HTTP/1.1", upstream: "fastcgi://172.17.0.9:9000", host: "www.example.com"
2017-07-11T13:08:14.427242166Z 172.17.0.1 - - [11/Jul/2017:13:08:14 +0000] "GET /owncloud/status.php HTTP/1.1" 404 162 "-" "Mozilla/5.0 (Macintosh) mirall/2.3.2 (build 4250)"
2017-07-11T13:08:14.590137404Z 172.17.0.1 - - [11/Jul/2017:13:08:14 +0000] "GET /owncloud/owncloud/status.php HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Macintosh) mirall/2.3.2 (build 4250)"
2017-07-11T13:08:14.789027984Z 172.17.0.1 - - [11/Jul/2017:13:08:14 +0000] "GET /owncloud/index.php/apps/files/ HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Macintosh) mirall/2.3.2 (build 4250)"Docker:
nginx
owncloud fpm (10.0.2)
docker create --name owncloud \
--expose 9000 \
--link mysql \
-v /opt/docker/containers/owncloud/config:/var/www/html/config \
-v /opt/docker/containers/owncloud/apps:/var/www/html/apps \
-v /mnt/storage/owncloud:/var/www/html/data \
owncloud:fpm
docker create --name nginx \
-p "80:80" \
-p "443:443" \
--link owncloud \
--volumes-from owncloud \
-v /opt/docker/containers/nginx/config/nginx.conf:/etc/nginx/nginx.conf:ro \
-v /opt/docker/containers/nginx/config/conf.d:/etc/nginx/conf.d:ro \
-v /opt/docker/containers/nginx/certs:/etc/nginx/certs \
nginxnginx configuration modified for my use case:
upstream php-handler { server owncloud:9000; }
server {
listen 80 default_server;
listen [::]:80;
server_name www.example.com;
include /etc/nginx/mime.types;
root /var/www;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com;
include /etc/nginx/mime.types;
root /var/www;
ssl on;
ssl_certificate /etc/nginx/certs/www.example.com.crt;
ssl_certificate_key /etc/nginx/certs/www.example.com.key;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_dhparam /etc/nginx/certs/dhparams.pem;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/www.example.com.crt;
ssl_session_timeout 24h;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = / {
deny all;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/owncloud/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/owncloud/remote.php/dav;
}
location ^~ /owncloud {
root /var/www/html/;
client_max_body_size 512M;
fastcgi_buffers 64 4K;
gzip off;
error_page 403 /owncloud/core/templates/403.php;
error_page 404 /owncloud/core/templates/404.php;
location /owncloud {
rewrite ^ /owncloud/index.php$uri;
}
location ~ ^/owncloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
return 404;
}
location ~ ^/owncloud/(?:\.|autotest|occ|issue|indie|db_|console) {
return 404;
}
location ~ ^/owncloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^/owncloud(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name; # necessary for owncloud to detect the contextroot https://github.com/owncloud/core/blob/v10.0.0/lib/private/AppFramework/Http/Request.php#L603
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_read_timeout 180; # increase default timeout e.g. for long running carddav/ caldav syncs with 1000+ entries
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off; #Available since NGINX 1.7.11
}
location ~ ^/owncloud/(?:updater|ocs-provider)(?:$|/) {
try_files $uri $uri/ =404;
index index.php;
}
location ~ /owncloud(\/.*\.(?:css|js)) {
try_files $1 /owncloud/index.php$1$is_args$args;
add_header Cache-Control "max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
access_log off;
}
location ~ /owncloud(/.*\.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|map)) {
try_files $1 /owncloud/index.php$1$is_args$args;
add_header Cache-Control "public, max-age=7200";
access_log off;
}
}
}owncloud config.php
<?php
$CONFIG = array (
'instanceid' => '<redacted>',
'passwordsalt' => '<redacted>',
'trusted_domains' =>
array (
0 => 'www.example.com',
),
'datadirectory' => '/var/www/html/data',
'dbtype' => 'mysql',
'version' => '10.0.2.1',
'dbname' => 'owncloud',
'dbhost' => 'mysql',
'dbtableprefix' => 'oc_',
'dbuser' => '<redacted>',
'dbpassword' => '<redacted>',
'installed' => true,
'theme' => '',
'maintenance' => false,
'loglevel' => 1,
'secret' => '<redacted>',
'trashbin_retention_obligation' => 'auto',
'updater.secret' => '<redacted>',
'overwritewebroot' => '/owncloud',
);Any ideas what is going on? I can't seem to find the error.