-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Wrong Setup & Security Warning about non-functional .htaccess
#46381
Comments
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
That check does not care about your use (or not) of an It does, however, run a check against each of your configured In prior Server versions these checks were client based, but now they're server based. If one of the listed domains returns a 200 code, that error will appear. Usually this is when people discover they have many unnecessary domains in their config and clean them out, which fixes things. Code is here:
|
You were right. That was the culprit. I am using virtual hosting with several sub-domains on a single Apache server with the same IP address. One sub-domain is I had the following entries for
Maybe there should be an explicit hint at NC Admin Manual: Configuration Parameters - Trusted Domains that for virtual hosting only the proper domain should be listed. In particular, with virtual hosting the default entries |
Closing, but created nextcloud/documentation#12003 to track possible documentation matter. |
Bug description
Since v29, Nextcloud falsely reports a non-functional
.htaccess
in the "Setup & Security Warning" if the.htaccess
is statically included in the Apache configuration.For efficiency (and security) reasons the Apache manual recommends to not enable support for
.htaccess
. If required, those files can be included as part of the "static" configuration. In that case the file is only parsed once, but not anew for each HTTP request.Hence my Apache configuration essentially looks as follows:
The relevant lines are:
AllowOverride None
which disables scanning for.htaccess
for the NC root directory and all sub-directoriesInclude /var/www/my-domain.tld/nextcloud/{config/,data/,}.htaccess which directly include the matching
.htaccess` file as a static part of the configurationWith previous installation, NC was happy with that. Since, v29 I get the message
NC should not show this message, if the
.htaccess
file is actually part of the configuration.Steps to reproduce
.htaccess
files, but includes those files as part of the static web server configuration.htaccess
fileExpected behavior
NC should not show an error.
Installation method
Community Manual installation with Archive
Nextcloud Server version
29
Operating system
None
PHP engine version
PHP 8.2
Web server
Apache (supported)
Database engine version
PostgreSQL
Is this bug present after an update or on a fresh install?
Upgraded to a MAJOR version (ex. 28 to 29)
Are you using the Nextcloud Server Encryption module?
None
What user-backends are you using?
Configuration report
List of activated Apps
Nextcloud Signing status
Nextcloud Logs
No response
Additional info
No response
The text was updated successfully, but these errors were encountered: