Server: 403 after allowing pretty URLs in NGINX
Steps to reproduce
- add fastcgi_param front_controller_active true; to the NGINX config
- Done
Expected behaviour
Removal of the index.php so I have a nice looking URL
Actual behaviour
The login page works fine, but once it redirects to /apps/files/ it gives a 403 forbidden error
Server configuration
Operating system: Ubuntu
Web server: NGING
Database: Not sure, followed tutorials, not an expert
PHP version: 7.0
Nextcloud version: (see Nextcloud admin page) cant reach
Updated from an older Nextcloud/ownCloud or fresh install: fresh
Where did you install Nextcloud from: your site
Signing status:
Signing status
Login as admin user into your Nextcloud and access
http://example.com/index.php/settings/integrity/failed
paste the results here.
List of activated apps:
App list
Enabled:
- comments: 1.3.0
- dav: 1.4.6
- encryption: 2.0.0
- federatedfilesharing: 1.3.1
- files: 1.8.0
- files_downloadactivity: 1.2.0
- files_pdfviewer: 1.2.1
- files_sharing: 1.5.0
- files_texteditor: 2.5.1
- files_trashbin: 1.3.0
- files_versions: 1.6.0
- files_videoplayer: 1.2.0
- firstrunwizard: 2.2.1
- gallery: 18.0.0
- logreader: 2.0.0
- lookup_server_connector: 1.1.0
- nextcloud_announcements: 1.2.0
- notifications: 2.1.2
- oauth2: 1.1.0
- password_policy: 1.3.0
- provisioning_api: 1.3.0
- quota_warning: 1.2.0
- serverinfo: 1.3.0
- sharebymail: 1.3.0
- systemtags: 1.3.0
- theming: 1.4.1
- twofactor_backupcodes: 1.2.3
- updatenotification: 1.3.0
- workflowengine: 1.3.0
Disabled:
- activity
- admin_audit
- federation
- files_external
- files_linkeditor
- mail
- registration
- survey_client
- user_external
- user_ldap
Nextcloud configuration:
Config report
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"cloud.kevinswebsite.nl"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"overwrite.cli.url": "https:\/\/cloud.kevinswebsite.nl",
"dbtype": "sqlite3",
"version": "13.0.1.1",
"installed": true,
"maintenance": false,
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "php",
"mail_smtpauthtype": "LOGIN",
"mail_from_address": "***REMOVED SENSITIVE VALUE***"
}
Are you using external storage, if yes which one: no
Are you using encryption: no
Are you using an external user-backend, if yes which one: no
Client configuration
Browser: Chrome
Operating system: Windows 10
Logs
Web server error log
Web server error log
Insert your webserver log here
Nextcloud log (data/nextcloud.log)
Nextcloud log
No permission to access data
I added my nginx config file:
NGINX file
server {
server_name kevinswebsite.nl cloud.kevinswebsite.nl;
root /var/www/cloud.kevinswebsite.nl/html;
index index.html index.htm index.nginx-debian.html index.php;
#error_page 403 /core/templates/403.php;
#error_page 404 /core/templates/404.php;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;";
#Enable PHP
#location ~ \.php(?:$|/) {
location ~ ^(.+?\.php)(/.*)?$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param front_controller_active true;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
# managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/kevinswebsite.nl/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/kevinswebsite.nl/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
kevinsnijder
All 10 comments
Sorry, I'm obviously not an expert and I tried to provide as much information as possible.
kevinsnijder
on 24 Mar 2018
Bump?
kevinsnijder
on 28 Mar 2018
i'm not a nginx expert but afaik pretty URLs requires the .htaccess file which is not supported by nginx. Did you asked in the forum (help.nextcloud.com)? Maybe there are some nginx users who either can confirm that it is not supported by nginx or help you to configure it correctly.
schiessle
on 28 Mar 2018
@schiessle offical doc is wrong, pretty URLs is not work, if you use force https, your site is down.
h0wardch3ng
on 29 Mar 2018
@kevinsnijder I think your nginx config is wrong. location ~ ^(.+?\.php)(/.*)?$ { makes no sense. I would remove the first question mark.
See https://docs.nextcloud.com/server/13/admin_manual/installation/nginx.html for a full documentation.
go2sh
on 29 Mar 2018
Sadly your solution doesnt work @go2sh
I'm just going to assume @ky0ncheng is right and the pretty URLs dont work with NGINX.
Thanks for the help guys!
kevinsnijder
on 31 Mar 2018
Does it work if you replace
location / {
try_files $uri $uri/ /index.php?$args;
}
by
location / {
rewrite ^ /index.php$request_uri;
}
?
benediktg
on 23 Apr 2018
Does it work if you replace
Not really, get 404s when I go to my main cloud page and the CSS has trouble loading.
kevinsnijder
on 13 May 2018
Here is my nginx config – pretty URLs do indeed work even with nginx:
nginx config
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name [...];
root /[...]/nextcloud/htdocs;
include snippets/ssl.conf; # some settings for TLS stuff
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection '1; mode=block';
add_header Referrer-Policy 'no-referrer';
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 1G;
fastcgi_buffers 64 4K;
location / {
rewrite ^ /index.php$request_uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/run/php-fpm/nextcloud.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control 'public, max-age=15778463, immutable';
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection '1; mode=block';
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
}
location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri;
}
}
Could you compare this to your config?
benediktg
on 16 May 2018
Closing this as this looks very much like a configuration issue and no bug/enhancement request for the server repo. Please head over to the forum at https://help.nextcloud.com
As @go2sh already mentioned, the documentation for nginx is located at https://docs.nextcloud.com/server/13/admin_manual/installation/nginx.html
juliushaertl
on 16 May 2018
Related issues
arno01
·
3Comments
e-alfred
·
3Comments
brylie
·
3Comments
blackcrack
·
3Comments
rullzer
·
3Comments
Most helpful comment
Here is my nginx config – pretty URLs do indeed work even with nginx:
nginx config
Could you compare this to your config?