Nextcloud - Two issues; not sure if they correlate

  • I have two issues with Nextcloud – not sure if they are related.



    One is when opening the updater it brings me back to the openingsscreen (i.e. no update).


    The other is about lots of errors in the log – all starting with “Error: is_file(): open_basedir restriction in effect.”.


    Anyone a suggestion what to do with either of these?



    Thank you – Will

    With warm greetings,

    - Will | IT visibility

  • Hi NogNeetMachinaal

    the Open_basedir is a security instrument from PHP, handling the files php and thereby also nextcloud is allowed to access.

    You can edit the preferences in your webhosting backend under PHP Settings.


    It seems as if you have stored your data outside the root directory - what you should do :)

    But php is not allowed to access them.

    The updater might have the same problem – or is missing a writable tmp directory!


    Nextcloud on an webhosting account is a little challenge, a VPS or Root Server would be the better alternative


  • Thank your the quick response.


    I know Nextcloud on a webhosting account can be challenging - but still - it is a php application like Wordpress and all those others... should be doable...(?)


    I know about the PHP-settings in the back-end and tried a few things - no improvements.

    The docroot-variable says:

    "/var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/nc.it-visibility.net/"

    So I guess the webspaceroot-variable is "httpdocs/nc.it-visibility.net/"?


    The domain nc.it-visibility.net is a subdomain of it-visibility.net.

    Perhaps that is messing things up - at least to some extend?


    Currently the php-setting for open_basedir says:

    {WEBSPACEROOT}{/}{:}{TMP}{/}{:}{/}var{/}lib{/}php{/}sessions


    There is a tmp-folder in httpdocs and in httpdocs/nc.it-visibility.net/.

    Also tried with a temp-folder (for no particular reason).


    But the remaining things... what (for example) is /var/lib/php/sessions for?


    Any suggestions on what these settings should/could be like for nextcloud?

    With warm greetings,

    - Will | IT visibility

  • I don't use my webspace account that much, but your webroot is


    Code
    "/var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/nc.it-visibility.net/"

    have you set the tmp directory on your NC config?


    Code
    'tempdirectory' => '/var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/nc.it-visibility.net/tmp',
  • I don't use my webspace account that much, but your webroot is


    Code
    "/var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/nc.it-visibility.net/"

    have you set the tmp directory on your NC config?


    Code
    'tempdirectory' => '/var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/nc.it-visibility.net/tmp',


    Thank you for the webroot-clarrification - makes sense.


    Didn't have the temp-dir in the config => just did => still no working update process.

    Also added a few other directory directives (templates & skeleton) => no improvements

    With warm greetings,

    - Will | IT visibility

  • but you created the /tmp directory?
    Can you pls. post the full error message?


    Thank you for getting back on this - really appreciated!


    Yes - the tmp-folder is there - see attached screenshot from the file manager.


    As far as starting the update process goes: there is no error => it goes straight back to the dashboard.

    Perhaps there is more in debug mode. But until now, I didn't see anything - even when setting 'debug' => true in the config.php file. Hoever, to be honest - this debug-part is a grey area => I may have missed things here...


    As for the open_basedir issue: every few seconds, the same 2 messages pop-up - see the code block with "Error log 1".

    The content of each message is the same - see the code block with "Error log 2" and "Error log 3".


    Not sure if the error log under /logs/nc.it-visibility.net has anything to do with it (see code block with "Error log 4").

    Tried with debug-mode on => no extra results.


    =====


    forum.netcup.de/system/attachment/7930/nextcloud-folder content.png





    Code
    Error log 4
    
    [Fri Jan 07 21:45:18.412588 2022] [core:crit] [pid 1405] (13)Permission denied: [client 141.101.76.57:32910] AH00529: /var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/nc.it-visibility.net/data/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/nc.it-visibility.net/data/' is executable
    [Sat Jan 08 10:46:40.077212 2022] [access_compat:error] [pid 17499] [client 141.101.76.183:35698] AH01797: client denied by server configuration: /var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/nc.it-visibility.net/config
    [Sat Jan 08 11:52:28.817008 2022] [core:crit] [pid 14483] (13)Permission denied: [client 141.101.105.83:46956] AH00529: /var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/nc.it-visibility.net/data/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/nc.it-visibility.net/data/' is executable
    [Sat Jan 08 12:12:33.013475 2022] [core:crit] [pid 24511] (13)Permission denied: [client 141.101.104.92:32924] AH00529: /var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/nc.it-visibility.net/data/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/nc.it-visibility.net/data/' is executable
    [Sat Jan 08 12:12:54.871065 2022] [core:crit] [pid 24566] (13)Permission denied: [client 141.101.104.92:33822] AH00529: /var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/nc.it-visibility.net/data/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/nc.it-visibility.net/data/' is executable

    With warm greetings,

    - Will | IT visibility

  • I installed "Nextcloud Hub II (23.0.0)" on Webhosting 4000.


    I have similar settings, but I do not have a tmp folder in httpdocs and no tmp folder in httpdocs/domain.example/cloud/nextcloud.

    My data folder is: httpdocs/domain.example/cloud/nextdata.


    Updates work ... upload works ... and there are no error messages in the log file :)


  • Interesting - it looks like you have the data folder stored outside of the nextcloud install?


    You/helpy:

    Nextcloud main: httpdocs/domain.example/cloud/nextcloud

    Nextcloud data: httpdocs/domain.example/cloud/nextdata


    Me/NogNeetMachinaal:

    Nextcloud main: httpdocs/nc.it-visibility.net

    Nextcloud data: httpdocs/nc.it-visibility.net/data


    Will give that a try.


    Thank you


    =====


    Edit: tried that with (no improvements):

    Nextcloud main: /httpdocs/nc.it-visibility.net/main

    Nextcloud data: /httpdocs/nc.it-visibility.net/data

    Here, no changes for the data-dir in config.php.


    Also tried with:

    Nextcloud main: ../httpdocs/nc.it-visibility.net/

    Nextcloud data: ../nc/data


    The config.php had then the following data-dir:

    'datadirectory' => '/var/www/vhosts/hosting160002.a2f36.netcup.net/nc/data',


    Previously this was:

    'datadirectory' => '/var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/nc.it-visibility.net/data',


    The last one made matters worse. The login screen says:

    Code
    Your data directory is invalid Ensure there is a file called ".ocdata" in the root of the data directory. Cannot create "data" directory This can usually be fixed by giving the webserver write access to the root directory. See https://docs.nextcloud.com/server/21/go.php?to=admin-dir_permissions


    So I reverted all the changes back to the previous one with main and data.


    helpy | I'm not sure how the next question will be experienced... but still... is there a way where I can have a view on your webhosting- and nextcloud settings?

  • This morning, I tried a manual upgrade with this install:

    • Nextcloud main: /httpdocs/some.host.de/main
    • Nextcloud data: /httpdocs/some.host.de/data
    • Nextcloud tmp: /httpdocs/some.host.de/tmp

    I renamed the current ../main-folder to ../main-2022jan8

    Then uploaded nextcloud.zip containing the next new version.

    This was then extracted to the folder ../nextcloud.

    After which it was renamed to ../main.


    I then connected to some.host.de and it suggested an upgrade through the web interfaces.

    Which was granted (of course). After a suggested retry it completed succesfully.


    Once this was completed and I did a new login, the Nextcloud-server suggested another upgrade.

    Which was started and completed without any manual interference.

    Meaning nothing else was done from my end (other then a confirmation on using the webui for the upgrade).


    At this time I have a running nextcloud with semi-automatic updates and no running errors in the log.

    Meaning there is only an error when clicking on system info.


    The for me relevant settings in config.php:

    Code
    'datadirectory' => '/var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/some.host.de/data',
    'tempdirectory' => '/var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/some.host.de/tmp',
    
    'overwrite.cli.url' => 'https://some.host.de/',


    The underlying webhosting package is Webhosting 2000



    Thank you for the support and patience.

  • The upgrade step at the login was the database schema upgrade, so unrelated to the NC files update you did manually.


    In case the error reappears with the next update.


    I always upgrade with the occ tool. This should also work in the SSH console of the webhosting.

    CentOS 7 / nginx / php-fpm / postfix / rspamd / clamav / dovecot / nextcloud running on RS 1000 SSDx4 G8 / VPS 500 G8 / VPS 2000 G8 Plus

  • I always upgrade with the occ tool. This should also work in the SSH console of the webhosting.

    Not out of the box, because for netcup webhostings the paths to the data directory in the SSH console and in a web process are different.

    So, to cope with that, you have to use a solution like e.g. this one.

  • Not out of the box, because for netcup webhostings the paths to the data directory in the SSH console and in a web process are different.

    So, to cope with that, you have to use a solution like e.g. this one.


    Perhaps true (and I'm overlooking something) - but if I add that config file to the config-folder, then nextcloud as whole becomes unavailable. It complains about folder rights and a missing file called ".ocdata". So I removed it.

    With warm greetings,

    - Will | IT visibility

  • it is not recommended to store your files (data directory) inside the webroot!


    Code
    Nextcloud main: httpdocs/nc.it-visibility.net
    Nextcloud data: httpdocs/nc.it-visibility.net/data
    Would be better to move the data folder:


    Code
    Nextcloud data: httpdocs/nc.it-visibility.net_data
    or
    Nextcloud data: nc.it-visibility.net_data


    Please also check


    Code
    [Fri Jan 07 21:45:18.412588 2022] [core:crit] [pid 1405] (13)Permission denied: [client 141.101.76.57:32910] AH00529: /var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/nc.it-visibility.net/data/.htaccess


    Permission denied, check and fix!

    Sorry for the stupid question, but how are you accessing the nextcloud?

    Through
    nc.it-visibility.net

    or

    it-visibility.net/nextcloud ?

    have you set the right webroot directory for nc.it-visibility.net ?


  • See also:

    https://forum.netcup.de/anwend…hey-correlate/#post172314


    Currently the Nextcloud-data folder is outside the Nextcloud-webroot folder: httpdocs/nc.it-visibility.net/data/

    The Nextcloud-webroot is defined as: httpdocs/nc.it-visibility.net/main/

    Which is configured as a sub-domain from https://it-visibility.net/: https://nc.it-visibility.net/


    The webUI now works as expected and has no errors. This includes the upgrade process.


    The only thing I didn't check is occ. According to tab this requires different directive to the data-folder.

    But when I add this to the config-folder, Nextcloud doesn't run at all => comes with:

    Code
    Your data directory must be an absolute pathCheck the value of "datadirectory" in your configuration
    Your data directory is invalidEnsure there is a file called ".ocdata" in the root of the data directory.
    Cannot create "data" directoryThis can usually be fixed by giving the webserver write access to the root directory. See https://docs.nextcloud.com/server/22/go.php?to=admin-dir_permissions  


    So I deleted that one (for now).


    What is your view here?

    With warm greetings,

    - Will | IT visibility

  • If it works everything is fine :)

    You are right with the data folder thats not inside the webroot, my mistake.
    I dont know why you would want to add this line;

    Code
        'datadirectory' => realpath(__dir__ . '/../data'),

    This would only be necessary if you don’t know your Webroot directory. But in your case, it should not make a difference.

  • It is not needed for the WebUI. But in the moment you use occ in the SSH Konsole, it will search the data directory at the path given in the config.php - and will obviously not find it there, because of the chroot environment.

    What is '/var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/some.host.de/data' for the WebUI is '/httpdocs/some.host.de/data' for occ.

    If you use the data.config.php mentioned above, the script assumes, that the data directory is in its default place inside the Webroot. So you oviously would have to change it to someting like given below for your case:

    PHP
    <?php
    
    $CONFIG =
    [
        'datadirectory' => realpath(__dir__ . '/../../data'),
    ];

    the script is lying in the config directory, so you have to add the relative path from config directory to the data directory, which should be like above in your case, if I get your paths right.

    This will work in the WebUI and in the console with occ, because the relative path from .../main/config to .../data is the same in both cases and the realpath function does the rest to make it an absolute path.


    Edit: the code above should result in

    '/var/www/vhosts/hosting160002.a2f36.netcup.net/httpdocs/some.host.de/data' when used via WebUI and

    '/httpdocs/some.host.de/data' when used via occ


    Quite an elegant solution, cudos to KB19

  • This seems to work - thank you tab

    With warm greetings,

    - Will | IT visibility

  • Just for information my settings ...

    Maybe some of the settings are not necessary. I do not know.

    But as long it works, I leave as it is ...



    1. My php settings:

    cloud - php-settings.png



    2. in the web folder httpdocs/domain.example/cloud/nextcloud

    I have a symlink to httpdocs/domain.example/cloud/nextdata

    cloud - symlink.png



    3. httpdocs/domain.example/cloud/nextcloud/config/config.php

    cloud - config.php.png



    4. httpdocs/domain.example/cloud/nextcloud/config/data.config.php

    cloud - data.config.php.png