Nextcloud app external access

I have set up a UCS server for testing before doing the full install on the production server. In it I have added the active directory app, lets encrypt app and nextcloud app. All work fine on the internal network, but accessing from the internet is where I am having problems.

For this instance I have set up a dns entry which points to my testing server, which is caught by my haproxy server, which serves up the main ucs portal no problems. I can log into the admin side fine.
When I select the nextcloud app from the portal page, I get a 404 error page from the ucs apache server.

I have tried changing the nextcloud trusted domains and trusted proxies both inside the docker app and from the host config files but still get the 404 page.

Where do I allow access to the app from external sources in ucs?

Hey!

That should work out-of-the-box. AFAIK UCS and Apache2 do not distinguish between internal and external sources.

Just to clarify:

• If you access something like “https://myucs.example.intranet/nextcloud/” from the internal network, everything is fine?
• If you access something like “https://cloud.example.org/nextcloud/” from the internet, you get a 404 error? Or does the portal link redirect you to something else, e.g. “https://myucs.example.intranet/nextcloud/”?

I would check the Apache2 logfiles on the UCS host, especially /var/log/apache2/access.log. A regular 404 error will be logged there, e.g.:

192.168.13.13 - - [05/Jun/2018:12:49:23 +0200] "GET /here-be-dragons-maybe HTTP/1.1" 404 704 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0

Best regards,
Michael

Hi Michael,

Yes there is a 404 line logged in the access.log for each attempt. When accessing the portal I get 200, 302 & 304 responses. When accessing nextcloud I get the 404 response. The initiating IP for each entry is that of haproxy, and I only have a single acl and backend for access to UCS in haproxy.

If I try to access it via either the portal link or by typing it directly into the address bar I get the same error.

Can I add an entry in the Domain > Portal settings? or is more needed?

Iain

I have found something else. If I try to connect locally using http it gives the same message, which leads me to believe that apache is not allowing connections to the container via non secure http.
The strange thing is that apache has no issue serving the main ucs portal and subsequent pages through haproxy which is set to serve the backend server via port 80. If I change the port in haproxy to 443 I get the usual message about using http to access a https server.

Nextcloud is listening to 443 only, and also the reverse proxy on the UCS host is configured accordingly.

I thought this may be the case @blizzz, but in the ucr the nextcloud ports are both set (80/443) and I have commented out the line for overwriteprotocol => ‘https’.

Found it.

In the apache site config default-ssl.conf is proxypass and proxypassreverse lines that point to nextcloud.
By copying them into the 000-default.conf file and reloading apache it works.
However, the file starts with a warning about the file being overwritten by the ucr, so where in the ucr would I make the appropriate changes?

On update, the UMC reconfigures the Apache host. We can sort of configure of what we would like to have on a more abstract level. Back in the day (UCS 4.1 times) it was neither very intuitive nor could i get it to work with https by default on the UCS overview.

I’m have the same issue.

In 5.0 you need to reconfigure it in the associated template file. They can be found in /etc/univention/templates/files/ . I believe the exact file that needs to be modified is /etc/apache2/sites-available/univention.conf.

Cheers