.mjs setup check failing with self-signed certificate

[theoriginalguy]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

After upgrading from 27.1.5 to 28.0.2 RC4, despite having support for mjs MIME type file, I am seeing the following unclear-able warning message:

"Could not check for JavaScript support. Please check manually if your webserver serves .mjs files using the JavaScript MIME type."

After investigation on my side it appears that the curl check from the JavaScriptModeules.php does not account for self signed certificates, and in my case I run Nextcloud locally and have no need for a legit certificate. I would like either support for self-signed certs, or a way to silence this message (preferably support for self-signed certs).

Steps to reproduce

1.Run NC with a self-signed certificate in 27.1.5
2. Follow upgrade documents to upgrade to NC 28.0.2 RC4

Expected behavior

There should be no warnings or errors regarding .mjs MIME Type support if the webserver allows them.

Installation method

Official All-in-One appliance

Nextcloud Server version

28

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.2

Web server

Nginx

Database engine version

None

Is this bug present after an update or on a fresh install?

Updated from a MINOR version (ex. 22.1 to 22.2)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

{
    "system": {
        "one-click-instance": true,
        "one-click-instance.user-limit": 100,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "check_data_directory_permissions": false,
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "overwritehost": "***REMOVED SENSITIVE VALUE***",
        "overwriteprotocol": "https",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "version": "28.0.2.3",
        "overwrite.cli.url": "https:\/\/***REMOVED SENSITIVE VALUE***\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "maintenance_window_start": "8",
        "updater.release.channel": "stable",
        "updatedirectory": "\/nc-updater",
        "loglevel": "2",
        "app_install_overwrite": [
            "nextcloud-aio"
        ],
        "log_type": "file",
        "logfile": "\/var\/www\/html\/data\/nextcloud.log",
        "log_rotate_size": "10485760",
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "preview_max_x": "2048",
        "preview_max_y": "2048",
        "jpeg_quality": "60",
        "enabledPreviewProviders": {
            "1": "OC\\Preview\\Image",
            "2": "OC\\Preview\\MarkDown",
            "3": "OC\\Preview\\MP3",
            "4": "OC\\Preview\\TXT",
            "5": "OC\\Preview\\OpenDocument",
            "6": "OC\\Preview\\Movie",
            "7": "OC\\Preview\\Krita",
            "0": "OC\\Preview\\Imaginary"
        },
        "enable_previews": true,
        "upgrade.disable-web": true,
        "mail_smtpmode": "smtp",
        "trashbin_retention_obligation": "auto, 30",
        "versions_retention_obligation": "auto, 30",
        "activity_expire_days": "30",
        "simpleSignUpLink.shown": false,
        "share_folder": "\/Shared",
        "one-click-instance.link": "https:\/\/nextcloud.com\/all-in-one\/",
        "upgrade.cli-upgrade-link": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/2726",
        "htaccess.RewriteBase": "\/",
        "files_external_allow_create_new_local": false,
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauth": 1,
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "default_phone_region": "\u201cUS\u201d",
        "davstorage.request_timeout": 3600,
        "dbpersistent": false,
        "appsallowlist": [],
        "allow_local_remote_servers": true,
        "data-fingerprint": "92d261033d7fdd3045fada654cd65f9e"
    }
}

List of activated Apps

Enabled:
  - activity: 2.20.0
  - admin_audit: 1.18.0
  - calendar: 4.6.4
  - circles: 28.0.0-dev
  - cloud_federation_api: 1.11.0
  - comments: 1.18.0
  - contacts: 5.5.1
  - contactsinteraction: 1.9.0
  - dashboard: 7.8.0
  - dav: 1.29.1
  - deck: 1.12.1
  - federatedfilesharing: 1.18.0
  - federation: 1.18.0
  - files: 2.0.0
  - files_antivirus: 5.4.1
  - files_pdfviewer: 2.9.0
  - files_reminders: 1.1.0
  - files_sharing: 1.20.0
  - files_trashbin: 1.18.0
  - files_versions: 1.21.0
  - firstrunwizard: 2.17.0
  - logreader: 2.13.0
  - lookup_server_connector: 1.16.0
  - nextcloud-aio: 0.4.0
  - nextcloud_announcements: 1.17.0
  - notes: 4.9.2
  - notifications: 2.16.0
  - notify_push: 0.6.8
  - oauth2: 1.16.3
  - password_policy: 1.18.0
  - photos: 2.4.0
  - privacy: 1.12.0
  - provisioning_api: 1.18.0
  - recommendations: 2.0.0
  - related_resources: 1.3.0
  - serverinfo: 1.18.0
  - settings: 1.10.1
  - sharebymail: 1.18.0
  - support: 1.11.0
  - survey_client: 1.16.0
  - systemtags: 1.18.0
  - tasks: 0.15.0
  - text: 3.9.1
  - theming: 2.3.0
  - twofactor_backupcodes: 1.17.0
  - twofactor_totp: 10.0.0-beta.2
  - user_status: 1.8.1
  - viewer: 2.2.0
  - weather_status: 1.8.0
  - workflowengine: 2.10.0
Disabled:
  - bruteforcesettings: 2.8.0
  - encryption: 2.16.0
  - files_external: 1.20.0
  - files_rightclick: 0.15.1 (installed 1.6.0)
  - suspicious_login: 6.0.0
  - updatenotification: 1.18.0 (installed 1.17.0)
  - user_ldap: 1.19.0

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

RequestException cURL error 60: SSL certificate problem: self-signed certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://***REMOVED SENSITIVE VALUE***/apps/settings/js/esm-test.mjs
Can not connect to local server for checking JavaScript modules support

Additional info

No response

[szaimen]

Cc @susnux

[susnux]

@theoriginalguy you can add your certificate to the truested ones like this:
https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security

[WechuTM]

I have the same problem with PHP 8.1 & Apache.

@theoriginalguy you can add your certificate to the truested ones like this: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security

This don't resolve the problem for me 👎

--
Updated on 2024-02-02

I made a few attempts by deleting and adding certificates again, and I found that:

1. The message appears only when I log in to the server via the local IP address, despite the added certificate for the internal IP;
2. When logging in via the public domain, the message does not appear because the certificate loaded into the NC coincides with the certificate assigned to the Apache Virtual Host;
3. Values entered in the config.php file under "trusted_domains" have no effect on the message;

To sum up:

• Maybe it would be worth rebuilding the verification mechanism?
• Currently, I can live with this message if it only appears while working in the local network.

[theoriginalguy]

So this did resolve my issue, but my question is am I going to have to do this every time the certificate expires?

[susnux]

So this did resolve my issue, but my question is am I going to have to do this every time the certificate expires?

you could also automate this when you deploy your new certificate to your server.

---

But we will include a fix for this in 28.0.3

[thomasmerz]

I'm using a certificate from Let's Encrypt and also have this message in serverurl/settings/admin/overview, "Security & setup warnings". But nice that it already will be fixed in next version 👍🏼

[susnux]

I'm using a certificate from Let's Encrypt and also have this message in serverurl/settings/admin/overview, "Security & setup warnings".

That could have a different reason, please enable debug logging ('loglevel' => 0) and provide the log entry about the failed setup check.

[tsipizic]

@thomasmerz make sure you are not missing this part

    # Add .mjs as a file extension for javascript
    # Either include it in the default mime.types list
    # or include you can include that list explicitly and add the file extension
    # only for Nextcloud like below:
    include mime.types;
    types {
        text/javascript js mjs;
    }

In your nginx configuration

[jameskimmel]

This nginx config will throw a warning, because application/javascript js is already set in the mimes.conf file.
Is it enough to only set mjs or would it be better to add mjs to the mimes.config file under application/javascript?

As far as I understand it, application/javascript is the better way to do it, but I don't know if Nextcloud can handle that.

[susnux]

You can do both, either add mjs to the mimes.config like js, or just add mjs in your config using text/javascript.

It does not make a big difference, as browsers support both, but the recommended MIME is text/javascript (RFC 9239)

[thomasmerz]

@tsipizic

… make sure you are not missing this part
…
In your nginx configuration

As https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf#L165-L176 says, this should be fixed uptream in nginx!? Currently it's only a warning that doesn't impact me or my users/family using our private nextcloud. So I can (and may have to?) wait… 😉

[susnux]

Currently it's only a warning that doesnÄ't impact me or my users/family using our private nextcloud.

Please not that if you do not configure your webserver to serve mjs correctly a lot of apps will stop working.

[susnux]

Fixed on master by #43588
Fixed on stable28 by #43587

Will be available with Nextcloud 28.0.3

[thomasmerz]

@susnux , still not available with 28.0.3? When will it be available or did the fix not work?

[susnux]

still not available with 28.0.3? When will it be available or did the fix not work?

It is working. As you can see it says that it could not check it but did not fail.
You can enable debug logging and have a look into the log file.

Are you sure your Nextcloud instance can connect to itself? Meaning that it can resolve any of the trusted domains?
Often this is a problem of a faulty DNS configuration on Docker, where you docker container (if you use any) can not resolve the hostname of your Nextcloud instance (speaking itself).

So please provide the debug log message so we can figure out what is going on.