Connecting OwnCloud to Let's Encrypt


#1

Hello everyone,

I feel like an idiot but I keep getting issues with connecting Let’s Encrypt with OwnCloud. It probably didn’t help that I followed the tutorial on connecting it to NextCloud, but over the past few days I’ve been trying to set it up everything boils down to a 502 error, and the past few times winds up with 404s. Does anyone know of a walk-through that explains everything? I’m running this through Docker on UnRAID.


#2

Hi,

Can you specify your question?

Or link us the tutorial you was used and the error presented when you try to use it?

Thank you


#3

I think I’ve run into this problem with OwnCloud before…
It had something to do with where it put the owncloud alias or had multiple owncloud aliases (if I recall correctly).
Please start by showing the main web configuration file.


#4

Yes, absolutely!


#5

I can, is that the OwnCloud/Config/Config.Php file?


#6

Please show these files:
/etc/apache2/sites-enabled/000-default*


#7

I don’t have the apache2 folder system at all (the etc folder in Lets Encrypt or in the root menu). Would I need to go in and install the apache docker?


#8

No. I’m presuming it is running Apache.
That is where I’m concerned.
If it is running NGINX, then show:
/etc/nginx/sites-enabled/000-default*


#10

I didn’t see that one either…

From the tutorial I read everything needed was contained within this folder:

/nginx/site-confs/defaults, and here is that page’s code:

[Edit: I figured out how to format code for this site properly, see below]


#11

Allow me to reformat that mess:

## Version 2018/04/20 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/default

# listening on port 80 disabled by default, remove the "#" signs to enable
# redirect all traffic to https
#server {
#	listen 80;
#	server_name _;
#	return 301 https://$host$request_uri;
#}

# main server block
server {
	listen 443 ssl default_server;

	root /config/www;
	index index.html index.htm index.php;

	server_name _;

	# enable subfolder method reverse proxy confs
	include /config/nginx/proxy-confs/*.subfolder.conf;

	# all ssl related config moved to ssl.conf
	include /config/nginx/ssl.conf;

	client_max_body_size 0;

	location / {
		try_files $uri $uri/ /index.html /index.php?$args =404;
	}

	location ~ \.php$ {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		# With php7-cgi alone:
		fastcgi_pass 127.0.0.1:9000;
		# With php7-fpm:
		#fastcgi_pass unix:/var/run/php7-fpm.sock;
		fastcgi_index index.php;
		include /etc/nginx/fastcgi_params;
	}

# sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp"
# notice this is within the same server block as the base
# don't forget to generate the .htpasswd file as described on docker hub
#	location ^~ /cp {
#		auth_basic "Restricted";
#		auth_basic_user_file /config/nginx/.htpasswd;
#		include /config/nginx/proxy.conf;
#		proxy_pass http://192.168.1.50:5050/cp;
#	}

}

# sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
# notice this is a new server block, you need a new server block for each subdomain
#server {
#	listen 443 ssl;
#
#	root /config/www;
#	index index.html index.htm index.php;
#
#	server_name cp.*;
#
#	include /config/nginx/ssl.conf;
#
#	client_max_body_size 0;
#
#	location / {
#		auth_basic "Restricted";
#		auth_basic_user_file /config/nginx/.htpasswd;
#		include /config/nginx/proxy.conf;
#		proxy_pass http://192.168.1.50:5050;	
#	}
#}

# enable subdomain method reverse proxy confs
include /config/nginx/proxy-confs/*.subdomain.conf;

#12

Please show whatever is in:
include /config/nginx/ssl.conf
include /config/nginx/proxy-confs/*.subfolder.conf
include /config/nginx/proxy-confs/*.subdomain.conf

And state the file name before each one.
Post them separately if needed to clarify better.
Feel free to remove any lines that start with # (they just take up space in your post).
Thanks


#13

Whoa, I never saw this before XDDD Clearly I didn’t pay attention.

Let me go in and change one of these sample pages into one for my domain and see what happens!


#14

Ok, this is from the owncloud.mysubdomain.conf file (and yes, I did include my actual subdomain both files)

server {
listen 443 ssl;

    server_name OwnCloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
#        auth_basic "Restricted";
#        auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;
        proxy_pass http://HOSTIP:8000;
        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

#15

and here is the owncloud.subfolder.conf

#replace HOSTIP below with the IP address of your emby server
#to enable password access, uncomment the two auth_basic lines

location /owncloud {
#auth_basic “Restricted”;
#auth_basic_user_file /config/nginx/.htpasswd;
include /config/nginx/proxy.conf;
rewrite /emby/(.*) /$1 break;
proxy_pass http://192.168.1.29:8000;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}


#16

Just saw your message for the third file, ssl.conf

# session settings
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

# Diffie-Hellman parameter for DHE cipher suites
ssl_dhparam /config/nginx/dhparams.pem;

# ssl certs
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

# protocols
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers (*I'm not sure if it's safe to be posting this online or not, so I'm cutting it out*)

# HSTS, remove # from the line below to enable HSTS
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;

# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;

#17

I don’t see anything obviously wrong…

Show this file:
include /config/nginx/proxy.conf


#18

Ok, here is the proxy.conf

client_max_body_size 10m;
client_body_buffer_size 128k;

#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;

# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;

#19

Not entirely sure…
But it seems that
proxy_redirect http:// $scheme://; (in the proxy.conf file)
is being called from the 80 and 443 blocks.
Not even sure if that would cause any problem.
But it is the only thing that seems out of place.

Try # out that line and restart apache.


#20

No change. Chrome is saying that “ERR_CONNECTION_REFUSED” instead of straight up not connecting if that helps you out any.


#21

This file name format:
owncloud.mysubdomain.conf

Doesn’t seem to match this include statement:
include /config/nginx/proxy-confs/*.subdomain.conf

Try showing:
nginx -T

(upload it as a file)