New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Help needed: owncloud 9.1.3 creates redirects without index.php (after upgrade from 8.1) on nginx+subdir #26869

Closed
aheusingfeld opened this Issue Dec 22, 2016 · 9 comments

Comments

Projects
None yet
5 participants
@aheusingfeld

aheusingfeld commented Dec 22, 2016

Steps to reproduce

  1. upgrade Ubuntu 14.04LTS to 16.04LTS
  2. Reinstall owncloud (see https://github.com/aheusingfeld/aheusingfeld.github.io/blob/develop/posts/2016-12-22-owncloud-updates-between-multiple-major-versions.adoc)
  3. adjust nginx config according to https://doc.owncloud.org/server/9.0/admin_manual/installation/nginx_examples.html (NOTE: I’m running owncloud behind nginx with a subdir/ contextroot other than /owncloud! The root folder is still at /var/www/owncloud)
  4. Fix broken config in subdir config sample from https://doc.owncloud.org/server/9.0/admin_manual/installation/nginx_examples.html#owncloud-in-a-subdir-of-nginx which doesn't work for JS and CSS files due to query_param and forgotten prefix

Expected behaviour

A request to /cloud/index.php/login should show the login page.

Actual behaviour

A request to /cloud/index.php/login returns a HTTP302 with Location: https://myserver/cloud/login which is then answered with HTTP404. Same behavior for other locations e.g. oc.js. /cloud/status.php works fine.

Server configuration

Operating system: Ubuntu 16.04.3

Web server: nginx/1.10.0

Database: MySQL5 (client driver mysqlnd 5.0.12)

PHP version: 7.0.8-0ubuntu0.16.04.3

ownCloud version: 9.1.3

Where did you install ownCloud from: see link to blog post

Signing status (ownCloud 9.0 and above): Sorry, I have no idea what that is

Login as admin user into your ownCloud and access 
http://example.com/cloud/index.php/settings/integrity/failed 
paste the results here.

This is answered with Location: https://myserver/cloud/login

List of activated apps:

Enabled:
  - activity: 2.3.2
  - comments: 0.3.0
  - dav: 0.2.7
  - external: 1.2
  - federatedfilesharing: 0.3.0
  - federation: 0.1.0
  - files: 1.5.1
  - files_external: 0.6.0
  - files_pdfviewer: 0.8.1
  - files_sharing: 0.10.0
  - files_texteditor: 2.1
  - files_trashbin: 0.9.0
  - files_videoplayer: 0.9.8
  - firstrunwizard: 1.1
  - gallery: 15.0.0
  - notifications: 0.3.0
  - provisioning_api: 0.5.0
  - systemtags: 0.3.0
  - templateeditor: 0.1
  - updatenotification: 0.2.1
Disabled:
  - calendar
  - contacts
  - documents
  - encryption
  - files_antivirus
  - files_embeddedvideo
  - files_versions
  - music
  - news
  - notes
  - tasks
  - user_external
  - user_ldap

The content of config/config.php:

{
    "system": {
        "instanceid": "oc639adcd88f",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "mydomain.com",
            "localhost",
            "192.168.242.11"
        ],
        "datadirectory": "\/mnt\/oc-data\/data",
        "version": "9.1.3.1",
        "dbtype": "mysql",
        "dbhost": "localhost",
        "dbname": "owncloud",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "dbtableprefix": "oc_",
        "installed": true,
        "default_language": "de",
        "knowledgebaseenabled": true,
        "enable_avatars": true,
        "mail_domain": "mydomain.com",
        "mail_from_address": "owncloud",
        "mail_smtpdebug": false,
        "mail_smtpmode": "smtp",
        "mail_smtphost": "otherdomain.com",
        "mail_smtpport": 25,
        "mail_smtptimeout": 10,
        "mail_smtpsecure": "tls",
        "mail_smtpauth": true,
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "overwritehost": "mydomain.com",
        "overwritewebroot": "\/cloud",
        "htaccess.RewriteBase": "\/cloud",
        "overwrite.cli.url": "https:\/\/mydomain.com\/cloud",
        "updatechecker": false,
        "check_for_working_webdav": true,
        "check_for_working_wellknown_setup": true,
        "check_for_working_htaccess": true,
        "config_is_read_only": false,
        "log_type": "owncloud",
        "logfile": "\/var\/log\/owncloud.log",
        "loglevel": 1,
        "syslog_tag": "ownCloud",
        "logdateformat": "F d, Y H:i:s",
        "logtimezone": "Europe\/Berlin",
        "log_query": false,
        "cron_log": false,
        "log_rotate_size": 104857600,
        "enable_previews": true,
        "preview_max_x": 2048,
        "preview_max_y": 2048,
        "maintenance": false,
        "singleuser": false,
        "hashingCost": 10,
        "blacklisted_files": [
            ".htaccess"
        ],
        "share_folder": "\/",
        "theme": "",
        "filesystem_check_changes": 0,
        "secret": "***REMOVED SENSITIVE VALUE***",
        "debug": true,
        "data-fingerprint": ""
    }
}

Are you using external storage, if yes which one: no

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: Firefox 51, Safari 10.0.2

Operating system: macOS 10.12.2

Logs

Web server error log

excerpt of /var/log/nginx/access.log

client:1xx.1xx.xx.134 - - [2016-12-22T22:59:18+01:00] millis:1482443958.766 0.102 "POST /cloud/index.php/heartbeat HTTP/1.1" HTTP302 size:5 "referrer:-" "UA:Mozilla/5.0 (Macintosh; Intel M
ac OS X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:-"
client:1xx.1xx.xx.134 - - [2016-12-22T22:59:18+01:00] millis:1482443958.813 0.040 "GET /cloud/login HTTP/1.1" HTTP404 size:1581 "referrer:-" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10.1
2; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:4.29"
client:1xx.1xx.xx.134 - - [2016-12-22T23:03:59+01:00] millis:1482444239.411 0.090 "GET /cloud/index.php/login HTTP/1.1" HTTP302 size:5 "referrer:-" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS
 X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:-"
client:1xx.1xx.xx.134 - - [2016-12-22T23:03:59+01:00] millis:1482444239.472 0.047 "GET /cloud/login HTTP/1.1" HTTP404 size:1584 "referrer:-" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10.1
2; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:4.28"
client:1xx.1xx.xx.134 - - [2016-12-22T23:03:59+01:00] millis:1482444239.579 0.000 "GET /cloud/core/css/styles.css?v=0d5e94d3bdd136b070416c8a9ab9af65 HTTP/1.1" HTTP200 size:21989 "referrer:
-" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:-"
client:1xx.1xx.xx.134 - - [2016-12-22T23:03:59+01:00] millis:1482444239.586 0.000 "GET /cloud/core/css/inputs.css?v=0d5e94d3bdd136b070416c8a9ab9af65 HTTP/1.1" HTTP200 size:8973 "referrer:-
" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:-"
(...)
client:1xx.1xx.xx.134 - - [2016-12-22T23:03:59+01:00] millis:1482444239.659 0.000 "GET /cloud/core/css/tooltip.css?v=0d5e94d3bdd136b070416c8a9ab9af65 HTTP/1.1" HTTP200 size:2359 "referrer:
-" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:-"
client:1xx.1xx.xx.134 - - [2016-12-22T23:03:59+01:00] millis:1482444239.664 0.000 "GET /cloud/core/css/jquery.ocdialog.css?v=0d5e94d3bdd136b070416c8a9ab9af65 HTTP/1.1" HTTP200 size:1137 "r
eferrer:-" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:-"
client:1xx.1xx.xx.134 - - [2016-12-22T23:03:59+01:00] millis:1482444239.734 0.066 "GET /cloud/core/js/oc.js?v=0d5e94d3bdd136b070416c8a9ab9af65 HTTP/1.1" HTTP302 size:5 "referrer:-" "UA:Moz
illa/5.0 (Macintosh; Intel Mac OS X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0" "gzip:-"
(...)
client:1xx.1xx.xx.134 - - [2016-12-22T23:07:08+01:00] millis:1482444428.812 0.115 "POST /cloud/index.php/heartbeat HTTP/1.1" HTTP302 size:5 "referrer:-" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/602.3.12 (KHTML, like Gecko) Version/10.0.2 Safari/602.3.12" "gzip:-"
client:1xx.1xx.xx.134 - - [2016-12-22T23:07:08+01:00] millis:1482444428.869 0.054 "GET /cloud/login HTTP/1.1" HTTP404 size:1586 "referrer:-" "UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/602.3.12 (KHTML, like Gecko) Version/10.0.2 Safari/602.3.12" "gzip:4.28"
client:1xx.1xx.xx.134 - - [2016-12-22T23:07:54+01:00] millis:1482444474.810 0.287 "OPTIONS /cloud/remote.php/caldav/principals/user1/ HTTP/1.1" HTTP401 size:367 "referrer:-" "UA:iOS/10.0.2 (14A456) dataaccessd/1.0" "gzip:-"
client:1xx.1xx.xx.134 - user1 [2016-12-22T23:07:58+01:00] millis:1482444478.834 4.006 "OPTIONS /cloud/remote.php/caldav/principals/user1/ HTTP/1.1" HTTP500 size:351 "referrer:-" "UA:iOS/10.0.2 (14A456) dataaccessd/1.0" "gzip:-"
client:1xx.1xx.xx.134 - user1 [2016-12-22T23:07:59+01:00] millis:1482444479.436 0.412 "PROPFIND /cloud/remote.php/caldav/principals/user1/ HTTP/1.1" HTTP500 size:351 "referrer:-" "UA:iOS/10.0.2 (14A456) dataaccessd/1.0" "gzip:-"
client:1xx.1xx.xx.134 - user2 [2016-12-22T23:08:18+01:00] millis:1482444498.781 0.073 "GET /cloud/status.php HTTP/1.1" HTTP200 size:106 "referrer:-" "UA:Mozilla/5.0 (Macintosh) mirall/2.2.4 (build 3709)" "gzip:-"
client:1xx.1xx.xx.134 - user2 [2016-12-22T23:08:18+01:00] millis:1482444498.923 0.033 "GET /cloud/status.php HTTP/1.1" HTTP200 size:106 "referrer:-" "UA:Mozilla/5.0 (Macintosh) mirall/2.2.4 (build 3709)" "gzip:-"
client:1xx.1xx.xx.134 - user2 [2016-12-22T23:08:19+01:00] millis:1482444499.549 0.623 "PROPFIND /cloud/remote.php/webdav/ HTTP/1.1" HTTP500 size:285 "referrer:-" "UA:Mozilla/5.0 (Macintosh) mirall/2.2.4 (build 3709)" "gzip:-"
client:1xx.1xx.xx.134 - user2 [2016-12-22T23:08:50+01:00] millis:1482444530.307 0.059 "GET /cloud/status.php HTTP/1.1" HTTP200 size:106 "referrer:-" "UA:Mozilla/5.0 (Macintosh) mirall/2.2.4 (build 3709)" "gzip:-"
client:1xx.1xx.xx.134 - user2 [2016-12-22T23:08:50+01:00] millis:1482444530.703 0.393 "PROPFIND /cloud/remote.php/webdav/ HTTP/1.1" HTTP500 size:285 "referrer:-" "UA:Mozilla/5.0 (Macintosh) mirall/2.2.4 (build 3709)" "gzip:-"

ALL entries from /var/log/nginx/error.log in the same timespan

2016/12/22 23:03:59 [error] 15700#15700: *332 open() "/var/www/owncloud/cloud/login" failed (2: No such file or directory), client: 176.199.28.134, server: localhost, request: "GET /cloud/login HTTP/1.1", host: "mydomain.com"
2016/12/22 23:04:00 [error] 15700#15700: *339 open() "/var/www/owncloud/cloud/login" failed (2: No such file or directory), client: 176.199.28.134, server: localhost, request: "GET /cloud/login HTTP/1.1", host: "mydomain.com"
2016/12/22 23:07:08 [error] 15700#15700: *343 open() "/var/www/owncloud/cloud/login" failed (2: No such file or directory), client: 176.199.28.134, server: localhost, request: "GET /cloud/login HTTP/1.1", host: "mydomain.com"

ALL entries from /var/log/owncloud.log in the same timeframe

{"reqId":"SB\/GkShDip2wfcuMooHm","remoteAddr":"","app":"no app in context","message":"Invalidating tokens older than 2016-12-21T22:05:02+00:00","level":1,"time":"December 22, 2016 23:05:02","method":"--","url":"\/cloud\/cron.php","user":"--"}
{"reqId":"1x41aVQSi5Sfi3q+MjVx","remoteAddr":"1xx.1xx.xx.134","app":"caldav","message":"Exception: {\"Message\":\"Requested uri (\\\/cloud\\\/remote.phpote.php\\\/caldav\\\/principals\\\/nessa\\\/) is out of base uri (\\\/cloud\\\/remote.php\\\/caldav\\\/)\",\"Exception\":\"LogicException\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAVACL\\\/Plugin.php(728): Sabre\\\\HTTP\\\\Request->getPath()\\n#1 [internal function]: Sabre\\\\DAVACL\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#2 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#3 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(446): Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#4 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(248): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#5 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/caldav.php(83): Sabre\\\\DAV\\\\Server->exec()\\n#6 \\\/var\\\/www\\\/owncloud\\\/remote.php(164): require_once('\\\/var\\\/www\\\/ownclo...')\\n#7 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/http\\\/lib\\\/Request.php\",\"Line\":214,\"User\":\"nessa\"}","level":4,"time":"December 22, 2016 23:07:58","method":"OPTIONS","url":"\/cloud\/remote.phpote.php\/caldav\/principals\/nessa\/","user":"nessa"}
{"reqId":"tCqgVFFHprc6AEze2tbF","remoteAddr":"1xx.1xx.xx.134","app":"caldav","message":"Exception: {\"Message\":\"Requested uri (\\\/cloud\\\/remote.phpote.php\\\/caldav\\\/principals\\\/nessa\\\/) is out of base uri (\\\/cloud\\\/remote.php\\\/caldav\\\/)\",\"Exception\":\"LogicException\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAVACL\\\/Plugin.php(728): Sabre\\\\HTTP\\\\Request->getPath()\\n#1 [internal function]: Sabre\\\\DAVACL\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#2 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#3 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(446): Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#4 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(248): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#5 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/caldav.php(83): Sabre\\\\DAV\\\\Server->exec()\\n#6 \\\/var\\\/www\\\/owncloud\\\/remote.php(164): require_once('\\\/var\\\/www\\\/ownclo...')\\n#7 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/http\\\/lib\\\/Request.php\",\"Line\":214,\"User\":\"nessa\"}","level":4,"time":"December 22, 2016 23:07:59","method":"PROPFIND","url":"\/cloud\/remote.phpote.php\/caldav\/principals\/nessa\/","user":"nessa"}
{"reqId":"V4W5FGS2EMvzJ8bjbj2P","remoteAddr":"1xx.1xx.xx.134","app":"webdav","message":"Exception: {\"Message\":\"Requested uri (\\\/cloud\\\/remote.phpote.php\\\/webdav\\\/) is out of base uri (\\\/cloud\\\/remote.php\\\/webdav\\\/)\",\"Exception\":\"LogicException\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(1225): Sabre\\\\HTTP\\\\Request->getPath()\\n#1 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(454): Sabre\\\\DAV\\\\Server->checkPreconditions(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#2 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(248): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#3 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(56): Sabre\\\\DAV\\\\Server->exec()\\n#4 \\\/var\\\/www\\\/owncloud\\\/remote.php(164): require_once('\\\/var\\\/www\\\/ownclo...')\\n#5 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/http\\\/lib\\\/Request.php\",\"Line\":214,\"User\":\"user2\"}","level":4,"time":"December 22, 2016 23:08:19","method":"PROPFIND","url":"\/cloud\/remote.phpote.php\/webdav\/","user":"user2"}
{"reqId":"5+rzOXJAQsKd25myoM\/5","remoteAddr":"1xx.1xx.xx.134","app":"webdav","message":"Exception: {\"Message\":\"Requested uri (\\\/cloud\\\/remote.phpote.php\\\/webdav\\\/) is out of base uri (\\\/cloud\\\/remote.php\\\/webdav\\\/)\",\"Exception\":\"LogicException\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(1225): Sabre\\\\HTTP\\\\Request->getPath()\\n#1 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(454): Sabre\\\\DAV\\\\Server->checkPreconditions(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#2 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(248): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#3 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(56): Sabre\\\\DAV\\\\Server->exec()\\n#4 \\\/var\\\/www\\\/owncloud\\\/remote.php(164): require_once('\\\/var\\\/www\\\/ownclo...')\\n#5 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/http\\\/lib\\\/Request.php\",\"Line\":214,\"User\":\"user2\"}","level":4,"time":"December 22, 2016 23:08:50","method":"PROPFIND","url":"\/cloud\/remote.phpote.php\/webdav\/","user":"user2"}

QUESTION: Is it possible to get rid of the triple-escaping backslashes in the log?

nginx config

upstream php-handler {
  #server 127.0.0.1:9000;
  server unix:/run/php/php7.0-fpm.sock;
}


server {
    listen 443;
    #listen [::]:443 default_server ipv6only=on;
    server_name localhost mydomain.com;

    ssl on;
    ssl_certificate /etc/ssl/startssl-2016.pem;
    ssl_certificate_key /etc/ssl/startssl.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "-ALL:EECDH+AES256:EDH+AES256:AES256-SHA:EECDH+AES:EDH+AES:!ADH:!NULL:!aNULL:!eNULL:!EXPORT:!LOW:!MD5:!3DES:!PSK:!SRP:!DSS:!AESGCM:!RC4";
    ssl_dhparam /etc/nginx/dh4096.pem;
    ssl_prefer_server_ciphers on;
    keepalive_timeout    70;
    #ssl_session_timeout 1d;
    #ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;


    # Add headers to serve security related headers
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    root /var/www/ssl/;

    error_log /var/log/nginx/ssl_error.log error;
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav {
        return 301 https://mydomain.com/cloud/remote.php/dav;
    }
    location = /.well-known/caldav {
        return 301 https://mydomain.com/cloud/remote.php/dav;
    }
    location /.well-known/acme-challenge { }

    # rewrite ^/owncloud/(.*) /cloud/$1 permanent;
    location ^~ /cloud {
        root /var/www/owncloud/;
        client_max_body_size 1G;
        fastcgi_buffers 64 4K;
        index index.php

        # Disable gzip to avoid the removal of the ETag header
        gzip off;

        error_page 403 /cloud/core/templates/403.php;
        error_page 404 /cloud/core/templates/404.php;

        location ~ ^/cloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            return 404;
        }
        location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) {
            return 404;
        }

        # NOTE: added 'inf' in order to reach '/var/www/owncloud/inf.php' which contains phpinfo()
        location ~ ^/cloud/(?:inf|index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
            #fastcgi_split_path_info ^(.+\.php)(/.*)$;
            # FIXED: added contextroot
            fastcgi_split_path_info ^/cloud/(.+?\.php)(/?.*)$;
            include fastcgi_params;
            add_header X-Debug1 "$fastcgi_script_name $fastcgi_path_info";
            fastcgi_param SCRIPT_FILENAME /var/www/owncloud/$fastcgi_script_name;
            #set $path_info $fastcgi_path_info;  # workaround for bug: try_files resets fastcgi_path_info for some reason.
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param HTTPS on;
            fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
            #try_files $fastcgi_script_name = 404;
        }

        # FIXED: added contextroot
        location ~ ^/cloud/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri $uri/ =404;
            index index.php;
        }

        # Adding the cache control header for js and css files
        # Make sure it is BELOW the PHP block
        # FIXED: added contextroot and removed trailing '$' as OC js files contain '?v=' cachebuster
        location ~* /cloud(/.*\.(?:css|js)) {
            try_files $1 /cloud/index.php$1$is_args$args;
            add_header X-Debug2 "$1 $fastcgi_path_info";
            add_header Cache-Control "public, max-age=7200";
            # Add headers to serve security related headers  (It is intended to have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into this topic first.
            #add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
            add_header X-Content-Type-Options nosniff;
            add_header X-Frame-Options "SAMEORIGIN";
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            # Optional: Don't log access to assets
            #access_log off;
        }

        # FIXED: added contextroot and removed trailing '$' as OC js files contain '?v=' cachebuster
        location ~* /cloud(/.*\.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|map)) {
            try_files $1 /cloud/index.php$1$is_args$args;
            add_header X-Debug3 "$1 $uri";
            add_header Cache-Control "public, max-age=7200";
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
}
@aheusingfeld

This comment has been minimized.

Show comment
Hide comment
@aheusingfeld

aheusingfeld Dec 22, 2016

BTW: I first thought this "remote.phpote.php" was a logging error but Requested uri (/cloud/remote.phpote.php/webdav/) is out of base uri (/cloud/remote.php/webdav/) is exactly the message the miral/ owncloud macOS client displays. I have no idea whether this is related to the above mentioned problem.

aheusingfeld commented Dec 22, 2016

BTW: I first thought this "remote.phpote.php" was a logging error but Requested uri (/cloud/remote.phpote.php/webdav/) is out of base uri (/cloud/remote.php/webdav/) is exactly the message the miral/ owncloud macOS client displays. I have no idea whether this is related to the above mentioned problem.

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Dec 23, 2016

Member

Signing status (ownCloud 9.0 and above): Sorry, I have no idea what that is

Just follow the instructions in the box below that

Member

PVince81 commented Dec 23, 2016

Signing status (ownCloud 9.0 and above): Sorry, I have no idea what that is

Just follow the instructions in the box below that

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Dec 23, 2016

Member

remote.phpote.php looks like a substr operation failed because it was expecting the URL to contain a specific string but it actually contained another string. Some parts of the code only assume the presence without checking for perf reasons, mostly because it's always the case.

I wonder if your problem is related to this:

I’m running owncloud behind nginx with a subdir/ contextroot other than /owncloud! The root folder is still at /var/www/owncloud

I don't have an nginx env nor nginx experience, so I hope someone who has that can help debugging this.

Member

PVince81 commented Dec 23, 2016

remote.phpote.php looks like a substr operation failed because it was expecting the URL to contain a specific string but it actually contained another string. Some parts of the code only assume the presence without checking for perf reasons, mostly because it's always the case.

I wonder if your problem is related to this:

I’m running owncloud behind nginx with a subdir/ contextroot other than /owncloud! The root folder is still at /var/www/owncloud

I don't have an nginx env nor nginx experience, so I hope someone who has that can help debugging this.

@aheusingfeld

This comment has been minimized.

Show comment
Hide comment
@aheusingfeld

aheusingfeld Dec 23, 2016

Thanks for the heads up. I compared the current nginx config to the one I had with OC8.1 which was running perfectly fine with the /cloud contextroot. The differences are marginal. Anyway I changed to /owncloud just to be sure: The redirect issue persists and the Sabre Error message is now Requested uri (/cloud/remote.phpremote.php/webdav/) is out of base uri (/cloud/remote.php/webdav/). That supports your assumption that there is some place in the code not honoring overwritewebroot nor htaccess.RewriteBase config parameters! -> separate ticket!

aheusingfeld commented Dec 23, 2016

Thanks for the heads up. I compared the current nginx config to the one I had with OC8.1 which was running perfectly fine with the /cloud contextroot. The differences are marginal. Anyway I changed to /owncloud just to be sure: The redirect issue persists and the Sabre Error message is now Requested uri (/cloud/remote.phpremote.php/webdav/) is out of base uri (/cloud/remote.php/webdav/). That supports your assumption that there is some place in the code not honoring overwritewebroot nor htaccess.RewriteBase config parameters! -> separate ticket!

@aheusingfeld aheusingfeld changed the title from Help needed: owncloud 9.1.3 creates redirects without index.php (after upgrade from 8.1) to Help needed: owncloud 9.1.3 creates redirects without index.php (after upgrade from 8.1) on nginx+subdir Dec 23, 2016

@aheusingfeld

This comment has been minimized.

Show comment
Hide comment
@aheusingfeld

aheusingfeld Dec 23, 2016

FYI just confirmed that everything performs perfectly well, when I remove the contextroot/ subdir completely. Unfortunately that's not a long-term option. Admin check complains about missing headers but that's a none-issue:

    Der „X-XSS-Protection“-HTTP-Header ist nicht so konfiguriert, dass er „1; mode=block“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der „X-Content-Type-Options“-HTTP-Header ist nicht so konfiguriert, dass er „nosniff“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der „X-Robots-Tag“-HTTP-Header ist nicht so konfiguriert, dass er „none“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der „X-Frame-Options“-HTTP-Header ist nicht so konfiguriert, dass er „SAMEORIGIN“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der „X-Download-Options“-HTTP-Header ist nicht so konfiguriert, dass er „noopen“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der „X-Permitted-Cross-Domain-Policies“-HTTP-Header ist nicht so konfiguriert, dass er „none“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der "Strict-Transport-Security" HTTP-Header ist nicht auf mindestens "15552000" Sekunden eingestellt. Um die Sicherheit zu erhöhen, empfehlen wir das Aktivieren von HSTS, wie es in den Sicherheitshinweisen erläutert ist.

aheusingfeld commented Dec 23, 2016

FYI just confirmed that everything performs perfectly well, when I remove the contextroot/ subdir completely. Unfortunately that's not a long-term option. Admin check complains about missing headers but that's a none-issue:

    Der „X-XSS-Protection“-HTTP-Header ist nicht so konfiguriert, dass er „1; mode=block“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der „X-Content-Type-Options“-HTTP-Header ist nicht so konfiguriert, dass er „nosniff“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der „X-Robots-Tag“-HTTP-Header ist nicht so konfiguriert, dass er „none“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der „X-Frame-Options“-HTTP-Header ist nicht so konfiguriert, dass er „SAMEORIGIN“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der „X-Download-Options“-HTTP-Header ist nicht so konfiguriert, dass er „noopen“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der „X-Permitted-Cross-Domain-Policies“-HTTP-Header ist nicht so konfiguriert, dass er „none“ entspricht. Dies ist ein potentielles Sicherheitsrisiko und es wird empfohlen, diese Einstellung zu ändern.
    Der "Strict-Transport-Security" HTTP-Header ist nicht auf mindestens "15552000" Sekunden eingestellt. Um die Sicherheit zu erhöhen, empfehlen wir das Aktivieren von HSTS, wie es in den Sicherheitshinweisen erläutert ist.
@aheusingfeld

This comment has been minimized.

Show comment
Hide comment
@aheusingfeld

aheusingfeld Dec 28, 2016

Update: spend a few hours troubleshooting and found the reason for the error message Requested uri (/cloud/remote.phpremote.php/webdav/) is out of base uri (/cloud/remote.php/webdav/):

https://github.com/owncloud/core/blob/master/apps/dav/appinfo/v1/webdav.php uses getRequestUri() from https://github.com/owncloud/core/blob/master/lib/private/AppFramework/Http/Request.php#L597 which returns the wrong value! The reason for this again being that L597 doesn't honor the overwritewebroot property. I'll create a pull-request for this.

aheusingfeld commented Dec 28, 2016

Update: spend a few hours troubleshooting and found the reason for the error message Requested uri (/cloud/remote.phpremote.php/webdav/) is out of base uri (/cloud/remote.php/webdav/):

https://github.com/owncloud/core/blob/master/apps/dav/appinfo/v1/webdav.php uses getRequestUri() from https://github.com/owncloud/core/blob/master/lib/private/AppFramework/Http/Request.php#L597 which returns the wrong value! The reason for this again being that L597 doesn't honor the overwritewebroot property. I'll create a pull-request for this.

aheusingfeld added a commit to aheusingfeld/core that referenced this issue Dec 28, 2016

Fix #26869 honor overwritewebroot and PATH_INFO
Fixes #26869: honor overwritewebroot config property and PATH_INFO in request handling so that owncloud can be run under a contextroot such as /owncloud or /cloud
@aheusingfeld

This comment has been minimized.

Show comment
Hide comment
@aheusingfeld

aheusingfeld Dec 29, 2016

I created a pull-request for fixes and docs. During retesting I found that when I set 'front_controller_active true' in the nginx config, the above mentioned redirect error still occurs! When I set it to 'false' everything works as expected!

aheusingfeld commented Dec 29, 2016

I created a pull-request for fixes and docs. During retesting I found that when I set 'front_controller_active true' in the nginx config, the above mentioned redirect error still occurs! When I set it to 'false' everything works as expected!

@DeepDiver1975 DeepDiver1975 added this to the development milestone Jul 17, 2017

@PVince81 PVince81 modified the milestones: triage, development Aug 3, 2017

@ownclouders

This comment has been minimized.

Show comment
Hide comment
@ownclouders

ownclouders Dec 21, 2017

Hey, this issue has been closed because the label status/STALE is set and there were no updates for 7 days. Feel free to reopen this issue if you deem it appropriate.

(This is an automated comment from GitMate.io.

ownclouders commented Dec 21, 2017

Hey, this issue has been closed because the label status/STALE is set and there were no updates for 7 days. Feel free to reopen this issue if you deem it appropriate.

(This is an automated comment from GitMate.io.

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Dec 21, 2017

Member

please submit an issue or PR to the documentation repo for nginx with the suggested change

Member

PVince81 commented Dec 21, 2017

please submit an issue or PR to the documentation repo for nginx with the suggested change

@felixboehm felixboehm removed this from the triage milestone Apr 10, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment