Моя среда
Хост-компьютер с Windows 10 pro по IP 192.168.2.11
FreeNAS работает на рабочей станции VMWare на хост-компьютере по IP 192.168.2.13
Экземпляр Nextcloud в тюрьме FreeNAS по IP 192.168.2.37
(установлен следующим образом эти инструкции и удаление настроек, связанных с SSL). Бэкэнд для Nextcloud использует NGINX и PGSQL.
Чего я пытаюсь достичь?
Я создал экземпляр Nextcloud в тюрьме FreeNAS, этот экземпляр Nextcloud отлично работает при обращении через локальную сеть через HTTP. Я хочу поставить его в WAN через HTTPS, используя IIS с обратным прокси. Сертификат SSL контролируется IIS. Домен, который я пытаюсь использовать для перенаправления на сервер Nextcloud: nextcloud.MyRedactedDomain.com
.
Результат
Примечание 1. Я использовал окно инкогнито, чтобы исключить плохое кеширование предыдущего результата статуса перенаправления или что-либо подобное.
Примечание 2: я ввел URL nextcloud.MyRedactedDomain.com
и он перенаправил меня на nextcloud.MyRedactedDomain.com/login
так что вроде Nextcloud что-то делает ...
Примечание 3: нет index.php
присутствует в URL-адресе, это было, когда я использовал плагин FreeNAS. Я только следовал инструкциям, и этого не было с самого начала. Его также нет, когда я подхожу к нему по локальной сети (что отлично работает). Вставка его в URL-адрес вручную приводит к той же ошибке.
Что я уже сделал?
nginx.conf
file: удаление заголовков, добавление заголовков, полное удаление запрещающих правил, копирование конфигурации из старого экземпляра, добавление некоторых заголовков прокси, которые присутствовали в старой конфигурации. Все без толку.config.php
следуя эти инструкции. Я даже пробовал использовать некоторые настройки, которые не были нужны в рабочем экземпляре плагина: overwritewebroot, overwritecondaddr и trust_proxies. Я также переключил IP в настройках прокси.Настройки
IIS ' web.config
правила, влияющие на сервер Nextcloud:
<rule name="HTTPS redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" />
</rule>
<rule name="NextCloud reverse proxy" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTP_HOST}" pattern=nextcloud.MyRedactedDomain.com" />
</conditions>
<action type="Rewrite" url="http://192.168.2.37/{REQUEST_URI}" />
</rule>
Nextcloud's config.php
как сейчас:
<?php
$CONFIG = array (
'apps_paths' =>
array (
0 =>
array (
'path' => '/usr/local/www/nextcloud/apps',
'url' => '/apps',
'writable' => true,
),
1 =>
array (
'path' => '/usr/local/www/nextcloud/apps-pkg',
'url' => '/apps-pkg',
'writable' => false,
),
),
'logfile' => '/var/log/nextcloud/nextcloud.log',
'memcache.local' => '\\OC\\Memcache\\APCu',
'instanceid' => 'REDACTED',
'passwordsalt' => 'REDACTED',
'secret' => 'REDACTED',
'trusted_domains' =>
array (
0 => '192.168.2.37',
),
'trusted_proxies' => ['192.168.2.11'],
'datadirectory' => '/usr/local/www/nextcloud/data',
'dbtype' => 'pgsql',
'version' => '19.0.1.1',
'dbname' => 'REDACTED',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'REDACTED',
'dbpassword' => 'REDACTED',
'installed' => true,
'overwrite.cli.url' => 'https://nextcloud.MyRedactedDomain.com',
'overwritehost' => 'nextcloud.MyRedactedDomain.com',
'overwriteprotocol' => 'https',
'overwritecondaddr' => '^192\.168\.2\.37$',
);
NGINX's nginx.conf
как сейчас:
user www;
worker_processes 4;
worker_rlimit_nofile 51200;
error_log /var/log/nginx/error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" ';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
upstream php-handler {
server 127.0.0.1:9000;
}
server {
listen 80;
# HEADERS SECURITY RELATED
add_header Referrer-Policy "no-referrer";
# HEADERS
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options "SAMEORIGIN";
# PATH TO THE ROOT OF YOUR INSTALLATION
root /usr/local/www/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# BUFFERS TIMEOUTS UPLOAD SIZES
client_max_body_size 16400M;
client_body_buffer_size 1048576k;
send_timeout 3000;
# ENABLE GZIP BUT DO NOT REMOVE ETag HEADERS
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
location / {
rewrite ^ /index.php$request_uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_keep_conn off;
fastcgi_buffers 16 256K;
fastcgi_buffer_size 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_send_timeout 3000s;
fastcgi_read_timeout 3000s;
fastcgi_connect_timeout 3000s;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# ADDING THE CACHE CONTROL HEADER FOR JS AND CSS FILES
# MAKE SURE IT IS BELOW PHP BLOCK
location ~ \.(?:css|js|woff2?|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# HEADERS
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options "SAMEORIGIN";
# OPTIONAL: DONT LOG ACCESS TO ASSETS
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# OPTIONAL: DONT LOG ACCESS TO OTHER ASSETS
access_log off;
}
}
}
Журнал ошибок NGINX (это совокупность нескольких попыток и корректировок файлов конфигурации):
2020/08/12 02:35:30 [error] 63641#101838: *50 access forbidden by rule, client: 192.168.2.11, server: _, request: "GET /data/.ocdata?t=1597224931108 HTTP/1.1", host: "192.168.2.37"
2020/08/12 02:41:12 [error] 64301#102558: *126 access forbidden by rule, client: 192.168.2.11, server: _, request: "GET /data/.ocdata?t=1597225273075 HTTP/1.1", host: "192.168.2.37"
2020/08/12 03:02:22 [error] 64302#101573: *542 access forbidden by rule, client: 192.168.2.11, server: _, request: "GET /data/.ocdata?t=1597226542349 HTTP/1.1", host: "192.168.2.37"
2020/08/12 05:46:30 [emerg] 7894#100667: unknown directive "includeSubDomains" in /usr/local/etc/nginx/nginx.conf:54
2020/08/12 05:54:49 [emerg] 8245#102122: unknown directive "proxy_cach_valid" in /usr/local/etc/nginx/nginx.conf:55
2020/08/12 05:55:16 [emerg] 8274#102086: invalid time value "lm" in /usr/local/etc/nginx/nginx.conf:55
2020/08/12 06:15:00 [error] 8986#102424: *1 rewrite or internal redirection cycle while processing "/index.php//", client: 192.168.2.11, server: , request: "GET // HTTP/1.1", host: "192.168.2.37"
2020/08/12 06:15:05 [error] 8987#101058: *2 rewrite or internal redirection cycle while internally redirecting to "/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/favicon.ico", client: 192.168.2.11, server: , request: "GET //favicon.ico HTTP/1.1", host: "192.168.2.37", referrer: "https://nextcloud.MyRedactedDomain.com/"
2020/08/12 06:17:06 [error] 9060#101663: *1 rewrite or internal redirection cycle while processing "/index.php//", client: 192.168.2.11, server: , request: "GET // HTTP/1.1", host: "192.168.2.37"
2020/08/12 06:17:11 [error] 9060#101663: *2 rewrite or internal redirection cycle while internally redirecting to "/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/favicon.ico", client: 192.168.2.11, server: , request: "GET //favicon.ico HTTP/1.1", host: "192.168.2.37", referrer: "https://nextcloud.MyRedactedDomain.com/"
2020/08/12 06:18:42 [error] 9113#102196: *1 rewrite or internal redirection cycle while processing "/index.php//", client: 192.168.2.11, server: , request: "GET // HTTP/1.1", host: "192.168.2.37"
2020/08/12 06:18:46 [error] 9112#101641: *2 rewrite or internal redirection cycle while internally redirecting to "/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/favicon.ico", client: 192.168.2.11, server: , request: "GET //favicon.ico HTTP/1.1", host: "192.168.2.37", referrer: "https://nextcloud.MyRedactedDomain.com/"
2020/08/12 06:19:13 [error] 9112#101641: *3 rewrite or internal redirection cycle while processing "/index.php//index.php/204", client: 192.168.2.11, server: , request: "GET //index.php/204 HTTP/1.1", host: "192.168.2.37"
2020/08/12 06:22:20 [crit] 9260#100919: *1 connect() to unix:/var/run/nextcloud-php-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 192.168.2.11, server: _, request: "GET // HTTP/1.1", upstream: "fastcgi://unix:/var/run/nextcloud-php-fpm.sock:", host: "192.168.2.37"
2020/08/12 06:22:25 [error] 9260#100919: *1 open() "/usr/local/www/nextcloud/favicon.ico" failed (2: No such file or directory), client: 192.168.2.11, server: _, request: "GET //favicon.ico HTTP/1.1", host: "192.168.2.37", referrer: "https://nextcloud.MyRedactedDomain.com/"
2020/08/12 06:22:25 [crit] 9260#100919: *1 connect() to unix:/var/run/nextcloud-php-fpm.sock failed (2: No such file or directory) while connecting to upstream, client: 192.168.2.11, server: _, request: "GET //favicon.ico HTTP/1.1", upstream: "fastcgi://unix:/var/run/nextcloud-php-fpm.sock:", host: "192.168.2.37", referrer: "https://nextcloud.MyRedactedDomain.com/"
2020/08/12 06:28:45 [error] 9489#100770: *7 access forbidden by rule, client: 192.168.2.11, server: , request: "GET /data/.ocdata?t=1597238925594 HTTP/1.1", host: "192.168.2.37"
2020/08/12 06:31:00 [error] 9489#100770: *78 access forbidden by rule, client: 192.168.2.11, server: , request: "GET /data/.ocdata?t=1597239060928 HTTP/1.1", host: "192.168.2.37"
2020/08/12 06:34:38 [error] 9489#100770: *109 access forbidden by rule, client: 192.168.2.11, server: , request: "GET /data/.ocdata?t=1597239279292 HTTP/1.1", host: "192.168.2.37"
2020/08/12 06:36:20 [error] 9862#102189: *6 access forbidden by rule, client: 192.168.2.11, server: , request: "GET /data/.ocdata?t=1597239381044 HTTP/1.1", host: "192.168.2.37"
Фрагмент журнала IIS (ошибки только из тех же настроек, что указаны выше):
2020-08-14 07:35:50 192.168.2.11 GET / X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=3f4ff15f-436f-4004-bb55-360f94826d4e&SERVER-STATUS=302 443 - cust-REDACTED-IP.dyn.as47377.net Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/84.0.4147.125+Safari/537.36 - 302 0 0 81
2020-08-14 07:35:50 192.168.2.11 GET /login X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=b0b256ce-9bb6-42b7-b098-c3ab117246f7&SERVER-STATUS=200 443 - cust-REDACTED-IP.dyn.as47377.net Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/84.0.4147.125+Safari/537.36 - 200 0 0 135
2020-08-14 07:35:50 192.168.2.11 GET /favicon.ico X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=1a8b782f-0381-4118-912e-5503406c0d84&SERVER-STATUS=302 443 - cust-REDACTED-IP.dyn.as47377.net Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/84.0.4147.125+Safari/537.36 https://nextcloud.MyRedactedDomain.com/login 302 0 0 81
2020-08-14 07:35:50 192.168.2.11 GET /login X-ARR-CACHE-HIT=0&X-ARR-LOG-ID=a70275c4-a20e-4c50-b994-933afecb9f2f&SERVER-STATUS=200 443 - cust-REDACTED-IP.dyn.as47377.net Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/84.0.4147.125+Safari/537.36 - 200 0 0 130