Nextcloud desktop login issue
Hello.
There was a problem connecting nextcloud desktop to filerun. The filerun instance is deployed on an Apache server with nginx as a proxy. PHP version 7.4. SLL works. In the control panel, OAuth is enabled, API is enabled. When authorizing from nextcloud, after clicking the Login button and specifying the address of my server https://mydomainname.com, a blank white screen appears and that's it! If you click the "Connect WebDAV app" button in your account settings, the same blank screen is displayed. The path https://mydomainname.com/dav.php displays an authorization form, accepts a username and password, and displays an XML document. Tell me what could be the problem and how can it be solved?
Thanks!
Answer
Please make sure "log_errors" is set to "On" in your PHP configuration, and "error_log" is configured with a writable path. Then check if there are any related entries written in the error log file when trying to connect to FileRun using the desktop app. Would also be useful to check if there are any errors logged in the Apache error log. or in the Nginx log.
Hello!
My instance is deployed under the control of HestiaCP (analogous to VestaCP). Apache works with nginx proxy.
Here are the nginx server settings common and for a specific domain with SSL and HSTS. IP address and domain name changed to uorIP and ourDomain
# Server globals
user user;
worker_processes 1;
worker_rlimit_nofile 65535;
error_log /usr/local/hestia/log/nginx-error.log;
pid /var/run/hestia-nginx.pid;
# Worker config
events {
worker_connections 128;
use epoll;
multi_accept on;
}
http {
# Main settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_header_timeout 180s;
client_body_timeout 180s;
client_header_buffer_size 2k;
client_body_buffer_size 256k;
client_max_body_size 256m;
large_client_header_buffers 4 8k;
send_timeout 60s;
keepalive_timeout 30s;
keepalive_requests 100000;
reset_timedout_connection on;
server_tokens off;
server_name_in_redirect off;
server_names_hash_max_size 512;
server_names_hash_bucket_size 512;
charset utf-8;
# FastCGI settings
fastcgi_buffers 4 256k;
fastcgi_buffer_size 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_connect_timeout 30s;
fastcgi_read_timeout 600s;
fastcgi_send_timeout 600s;
# Proxy settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
proxy_buffers 32 4k;
proxy_connect_timeout 30s;
proxy_read_timeout 300s;
proxy_send_timeout 180s;
# Log format
log_format main '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format bytes '$body_bytes_sent';
access_log /usr/local/hestia/log/nginx-access.log main;
# Mime settings
include /usr/local/hestia/nginx/conf/mime.types;
default_type application/octet-stream;
# Compression
gzip on;
gzip_vary on;
gzip_comp_level 6;
gzip_min_length 1024;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
gzip_proxied any;
gzip_disable "MSIE [1-6]\.";
# SSL PCI compliance
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 60m;
ssl_buffer_size 1400;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE.......";
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_ecdh_curve secp384r1;
# ssl_reject_handshake on;
ssl_session_tickets off;
resolver 1.0.0.1 1.1.1.1 valid=300s ipv6=off;
resolver_timeout 5s;
ssl_stapling on;
ssl_stapling_verify on;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
}
##
#=======================================================================#
# Default Web Domain Template #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
#=======================================================================#
server {
listen ourIP:80;
server_name ourDomainName ;
include /home/admin/conf/web/ourDomain/nginx.forcessl.conf*;
location / {
proxy_pass http://ourIP:8080;
location ~* ^.+\.(jpg|jpeg|gif|png|ico|svg|css|zip|tgz|gz|rar|bz2|exe|pdf|doc|xls|ppt|txt|odt|ods|odp|odf|tar|bmp|rtf|js|mp3|avi|mpeg|flv|html|htm)$ {
root /home/admin/web/ourDomain/public_html;
access_log /var/log/apache2/domains/ourDomain.log combined;
access_log /var/log/apache2/domains/ourDomain.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location /error/ {
alias /home/admin/web/ourDomain/document_errors/;
}
location @fallback {
proxy_pass http://ourIP:8080;
}
location ~ /\.ht {return 404;}
location ~ /\.svn/ {return 404;}
location ~ /\.git/ {return 404;}
location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;}
include /home/admin/conf/web/ourDomain/nginx.conf_*;
}
##
## nginx.forcessl.conf
##
return 301 https://$host$request_uri;
##
## nginx.hsts.conf
##
add_header Strict-Transport-Security "max-age=15768000;" always;
##
## nginx.ssl.conf
##
#=======================================================================#
# Default Web Domain Template #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
#=======================================================================#
server {
listen ourIP:443 ssl http2;
server_name ourDomain ;
ssl_certificate /home/admin/conf/web/ourDomain/ssl/ourDomain.pem;
ssl_certificate_key /home/admin/conf/web/ourDomain/ssl/ourDomain.key;
ssl_stapling on;
ssl_stapling_verify on;
error_log /var/log/apache2/domains/ourDomain.error.log error;
include /home/admin/conf/web/ourDomain/nginx.hsts.conf*;
location / {
proxy_pass https://ourIP:8443;
location ~* ^.+\.(jpg|jpeg|gif|png|ico|svg|css|zip|tgz|gz|rar|bz2|exe|pdf|doc|xls|ppt|txt|odt|ods|odp|odf|tar|bmp|rtf|js|mp3|avi|mpeg|flv|html|htm)$ {
root /home/admin/web/ourDomain/public_html;
access_log /var/log/apache2/domains/ourDomain.log combined;
access_log /var/log/apache2/domains/ourDomain.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location /error/ {
alias /home/admin/web/ourDomain/document_errors/;
}
location @fallback {
proxy_pass https://ourIP:8443;
}
location ~ /\.ht {return 404;}
location ~ /\.svn/ {return 404;}
location ~ /\.git/ {return 404;}
location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;}
include /home/admin/conf/web/ourDomain/nginx.ssl.conf_*;
}
Logs for PHP are configured and do not contain errors.
Added entry to custimizables / config.php file.
## filerun/customizables/config.php
##
<?php $config['url']['root'] = 'https://ourDomain';
Also providing Apache log content after trying to connect from Nextcloud mobile app
with the device HUAWEI for Android.
##
##Apache LOGS
##
46.22.56.173 - - [07/Nov/2021:23:43:14 +0300] "GET /status.php HTTP/1.0" 200 518 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.17.1"
46.22.56.173 - - [07/Nov/2021:23:43:15 +0300] "HEAD /remote.php/webdav/ HTTP/1.0" 401 416 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.17.1"
46.22.56.173 - - [07/Nov/2021:23:43:15 +0300] "GET /ocs/v2.php/cloud/capabilities?format=json HTTP/1.0" 401 488 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.17.1"
46.22.56.173 - - [07/Nov/2021:23:43:15 +0300] "GET /index.php/login/flow HTTP/1.0" 302 600 "-" "Huawei PIC-LX9 (Android)"
46.22.56.173 - - [07/Nov/2021:23:43:15 +0300] "GET /oauth2/authorize/?response_type=ncflow&client_id=Nextcloud0000000000000000000Apps&redirect_uri=nc%3A%2F%2F&state=state61883a63dadef&scope=profile+email+list+download+upload+modify+delete+weblink HTTP/1.0" 200 367 "-" "Huawei PIC-LX9 (Android)"
ourDomain / dav.php takes a username and password and displays an XML document.
The Widows explorer connection also connects and displays content.
All the main functionality of FileRun works.
Installation is performed according to the instructions for UBUNTU 20.04. PHP 7.4 version on PHP-FPM.
Thanks for any help.
I see that signing in does open the authorization page. What do you see?
Why do you manually configure the hostname inside FileRun's config?
I see a clean white screen. The authorization form (login and password) is not displayed.
Your question: "Why do you manually configure the hostname inside FileRun's config?"
This is what you mean? /customizables/config.php file?
I tried it already in the process of finding a solution to the problem. But that didn't make any difference. I also see a blank white screen when I click "Connect WebDAV App" in the profile settings. A page with a URL: https://ourDomain/oauth2/authorize/?response_type=webdav&client_id=Generic0000000000000000000WebDAV&redirect_uri=nc%3A%2F%2F&state=state5df4f4de0f81e&scope=webdav opens and nothing is displayed either
You should not have to set anything in the config file. It can even cause this problem.
I deleted the contents of this file and reloaded Apache. This did not help in any way and the logs are the same.
If you contact us (https://filerun.com/contact) with remote access (FTP or similar) to the FileRun installation folder, I will troubleshoot this for you.
Your PHP configuration is faulty. "include_path" should always include the current folder "." See: https://www.php.net/manual/en/ini.core.php#ini.include-path
Thanks! That helped. I think you should add this item to the installation manual (in the contents of the filerun.ini file)
Customer support service by UserEcho
Your PHP configuration is faulty. "include_path" should always include the current folder "." See: https://www.php.net/manual/en/ini.core.php#ini.include-path