Struggling with nginx configuration with owncloud 10.0.4 in subdirectory

10

#1

Hi

Apologies for the long post but I wanted to include as much detail as possible.

My setup is Pi3,Stretch,Nginx and owncloud10. I'm trying to setup owncloud in a subdirectory ie accessible by 192.168.xx.xx/owncloud. I've used the example nginx config file from https://doc.owncloud.org/server/10.0/admin_manual/installation/nginx_configuration.html for owncloud in a subdir of nginx and as suggested have added 'overwritewebroot' => '/owncloud', in config/config.php

When I access 192.168.xx.xx/owncloud the initial setup page displays correctly. However, when I enter the initial details and click Finish Setup I get a 404 Not Found error for 192.168.xx.xx/owncloud/index.php. On checking the /var/log/nginx/error.log I can see that the address for the index.php is incorrect, ie there is an extra owncloud directory:

*2 FastCGI sent in stderr: "Unable to open primary script: /var/www/owncloud/owncloud/index.php (No such file or directory)" while reading response header from upstream, client: 192.168.xx.xx, server: 192.168.xx.xx, request: "POST /owncloud/index.php HTTP/2.0", upstream: "fastcgi://127.0.0.1:9000", host: "192.168.xx.xx"

Has anyone any ideas how I can sort this? If I remove the overwritewebroot then the initial owncloud setup page does not display correctly as none of the .css files load.

Many thanks


#2

I think there is a wrong line in the nginx-documentation for subfolder. Try this:

In your nginx-configuration change this line:
root /var/www/owncloud/;
to:
# root /var/www/owncloud/;

After you changed that, reload nginx configuration with:
nginx -s reload


#3

Hi Bernie_O

Thanks for the reply but this hasn't fixed the problem. When attempting to load /192.168.x.x/owncloud I now get a HTP error 404 - this page cannot be found. The output from the nginx error.log is:

[error] 1557#1557: *28 FastCGI sent in stderr: "Unable to open primary script: /var/www/index.php (No such file or directory)" while reading response header from upstream, client: 192.168.xx.xx, server: 192.168.xx.xx, request: "GET /owncloud HTTP/2.0", upstream: "fastcgi://127.0.0.1:9000", host: "192.168.xx.xx"

Any other suggestions greatly received

Thanks


#4

Could you post your nginx configuration?


#5

Hi Bernie_O

My current nginx configuration file:

upstream php-handler {
server 127.0.0.1:9000;
# Depending on your used PHP version
#server unix:/var/run/php5-fpm.sock;
server unix:/var/run/php7-fpm.sock;
}

server {
listen 80;
server_name 192.168.xx.xx;

# For Lets Encrypt, this needs to be served via HTTP
location /.well-known/acme-challenge/ {
    root /var/www/owncloud; # Specify here where the challenge file is placed
}

# enforce https
location / {
    return 301 https://$server_name$request_uri;
}

}

server {
listen 443 ssl http2;
server_name 192.168.xx.xx;

# ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
# ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;
ssl_certificate /etc/nginx/cert.pem;
ssl_certificate_key /etc/nginx/cert.key;   


# Example SSL/TLS configuration. Please read into the manual of
# nginx before applying these.
#ssl_session_timeout 5m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers "-ALL:EECDH+AES256:EDH+AES256:AES256-SHA:EECDH+AES:EDH+AES:!ADH:!NULL:!aNULL:!eNULL:!EXPORT:!LOW:!MD5:!3DES:!PSK:!SRP:!DSS:!AESGCM:!RC4";
#ssl_dhparam /etc/nginx/dh4096.pem;
#ssl_prefer_server_ciphers on;
#keepalive_timeout    70;
#ssl_stapling on;
#ssl_stapling_verify on;

# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this topic first.
#add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
#add_header X-Content-Type-Options nosniff;
#add_header X-Frame-Options "SAMEORIGIN";
#add_header X-XSS-Protection "1; mode=block";
#add_header X-Robots-Tag none;
#add_header X-Download-Options noopen;
#add_header X-Permitted-Cross-Domain-Policies none;

# Path to the root of your installation
root /var/www/;

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /owncloud/public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /owncloud/public.php?service=host-meta-json last;

location = /.well-known/carddav {
    return 301 $scheme://$host/owncloud/remote.php/dav;
}
location = /.well-known/caldav {
    return 301 $scheme://$host/owncloud/remote.php/dav;
}

location ^~ /owncloud {

   root /var/www/owncloud/;

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 8 4K;                     # Please see note 1
    fastcgi_ignore_headers X-Accel-Buffering; # Please see note 2


    # Disable gzip to avoid the removal of the ETag header
    # Enabling gzip would also make your server vulnerable to BREACH
    # if no additional measures are done. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773332
    gzip off;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    error_page 403 /owncloud/core/templates/403.php;
    error_page 404 /owncloud/core/templates/404.php;

    location /owncloud {
        rewrite ^ /owncloud/index.php$uri;
    }

    location ~ ^/owncloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        return 404;
    }
    location ~ ^/owncloud/(?:\.|autotest|occ|issue|indie|db_|console) {
        return 404;
    }

    location ~ ^/owncloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
        fastcgi_split_path_info ^/owncloud(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name; # necessary for owncloud to detect the contextroot https://github.com/owncloud/core/blob/v10.0.0/lib/private/AppFramework/Http/Request.php#L603
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
        # EXPERIMENTAL: active the following if you need to get rid of the 'index.php' in the URLs
        #fastcgi_param front_controller_active true;
        fastcgi_read_timeout 180; # increase default timeout e.g. for long running carddav/ caldav syncs with 1000+ entries
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off; #Available since NGINX 1.7.11
    }

    location ~ ^/owncloud/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri $uri/ =404;
        index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~ /owncloud(\/.*\.(?:css|js)) {
        try_files $1 /owncloud/index.php$1$is_args$args;
        add_header Cache-Control "max-age=15778463";
        # Add headers to serve security related headers  (It is intended to have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into this topic first.
        #add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
    }

    location ~ /owncloud(/.*\.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|map)) {
        try_files $1 /owncloud/index.php$1$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        # Optional: Don't log access to other assets
        access_log off;
    }
}

}


#6

Try that:

change
root /var/www/owncloud/;
to
# root /var/www/owncloud/;
(you could actually also delete that line..)

change
fastcgi_split_path_info ^/owncloud(.+\.php)(/.*)$;
to
fastcgi_split_path_info ^(.+\.php)(/.*)$;

change
location ~ /owncloud(\/.*\.(?:css|js)) {
to
location ~ /owncloud(/.*\.(?:css|js)) {

change (this line is there twice - you need to change both occurences)
try_files $1 /owncloud/index.php$1$is_args$args;
to
try_files $uri /owncloud/index.php$uri$is_args$args;

restart nginx with nginx -s reload and navigate to https://192.168.xx.xx/owncloud

Sidenote: I noticed that you declare two lines as upstream php-handler. Although it sounds like in your setup nginx can communicate with php, I would only use one line (preferably a socket-connection). The socket-connection for php7.0-fpm in Debian Stretch should be unix:/run/php/php7.0-fpm.sock; instead of unix:/var/run/php7-fpm.sock;


404 Page not found after successful owncloud setup
#7

Hi Bernie_O

Thanks for this - it works!. The fastcgi_split_path_info ^(.+\.php)(/.*)$; seemed particularly key. I am still getting a couple of errors in the error.log but they don't seem to be affecting the look or how it's running:

2018/01/15 16:04:41 [crit] 592#592: *8 connect() to unix:/run/php/php7.0-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 192.168.xx.xx, server: 192.168.xx.xx, request: "GET /owncloud/index.php/apps/files/ HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.0-fpm.sock:", host: "192.168.xx.xx"

2018/01/15 16:05:26 [crit] 592#592: *8 connect() to unix:/run/php/php7.0-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 192.168.xx.xx, server: 192.168.xx.xx, request: "GET /owncloud/index.php/core/js/oc.js?v=f23b49e0391ed08afeebaa748ed4956f HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.0-fpm.sock:", host: "192.168.xx.xx"

Thanks again

Rob


#8

Glad to hear that it is working now :slight_smile:

I would try to get rid of that error. Obviously your php is listening at a TCP-socket. Because of better performance I recommend changing that to unix socket. Are you using php5-fpm or php7.0-fpm (what is the output of php -v)?


#9

Hi

Output of php -v is:

PHP 7.0.19-1 (cli) (built: May 11 2017 14:04:47) ( NTS )


#10

Open file:
/etc/php/7.0/fpm/pool.d/www.conf
find this line:
listen = 127.0.0.1:9000
and change it to:
listen = /run/php/php7.0-fpm.sock
Make sure the directory /run/php/ exists and is writeable for user www-data with:
ls -ld /run/php
If the directory is not there (error-message) or the directory is not owned by user www-data you need to run the following commands:
mkdir -p /run/php
chown -R www-data:www-data /run/php

Next you need to change your nginx configuration. Make sure the beginning of your nginx configuration is (delete other lines in this „upstream php-handler“-block):
upstream php-handler {
server unix:/run/php/php7.0-fpm.sock;
}

After all that you need to restart php7.0-fpm and reload nginx configuration with:
systemctl restart php7.0-fpm
nginx -s reload

That‘s all.


#11

Hi Bernie_O

That's worked and no more error messages. Many thanks for all your help and patience with a novice.

Rob