Content
Files storage integration Problem.
Added by Night Owl almost 2 years ago
My nextcloud website is run under https://my.nextcloud.com -- not https://my.nextcloud.com/nextcloud
Document Root is /var/www/nextcloud.
Last week I solved HTTPS, SSL stuff between openproject server and nextcloud.
So I can curl between them without SSL problem now.
But when I tried to connect openproject to nextcloud, there was an error as below image.
So I followed this troubleshooting guide, (https://www.openproject.org/docs/system-admin-guide/integrations/nextcloud/#troubleshooting)
the first step was successful.
curl --location --request GET 'https://my.nextcloud.com/index.php/apps/integration_openproject/check-config' --header 'Authorization: foo'
But when I tried the second step, I cannot get the result.
curl -H 'OCS-APIRequest:true' -H 'Accept:application/json' https://my.nextcloud.com/nextcloud/ocs/v2.php/cloud/capabilities
I noticed that the URL in above command is include /nextcloud/ in path,
which is not available in my nextcloud site. (My site root is at /var/www/nextcloud)
So I tried this instead. (remove /nextcloud/ path)
curl -H 'OCS-APIRequest:true' -H 'Accept:application/json' https://my.nextcloud.com/ocs/v2.php/cloud/capabilities
Then Nextcloud site return data as it should.
My questions are ..
1. Is the 'File Storage' tried to connect 'Nextcloud' site, by include /nextcloud/ in Requested URL?
2. If (1) was true, how do I remove that /nextcloud/ from requested URL, without re-build nextcloud site ?
Thanks !
Replies (2)
Found the root of problem by ....
- Enable debug level log using this guide >> https://community.openproject.org/topics/9247
- view log by command
journalctl -e -o short-full SYSLOG_IDENTIFIER=openproject-web-1.service --output-fields=MESSAGE > ./op-log.txt
- from log, found that openproject use openssl to test connection to nextcloud host.
so I think the problem is SSL Certificate configuration on nextcloud server.
Nextcloud server invalid host="https://my.nextcloud.com"
error_type=cannot_be_connected_to:
exception OpenSSL::SSL::SSLError: SSL_connect SYSCALL
returned=5 errno=0 peeraddr=192.168.x.x:443
state=error: certificate verify failed
try to use openssl command to manually check.
openssl s_client -showcerts -connect my.nextcloud.com:443 > ./ssl-log.txt
Found that, there was missing Intermediate CA certificate.
*** you need full chain certificate PEM format without key.
in my scenario, 3 certs are needed. which are nextcloud server cert, intermediate CA cert and the root CA cert.
So I make the new full chain PEM, replace the old one on nextcloud server. then restart apache service.
Then I use openssl command to test first.
openssl s_client -showcerts -connect my.nextcloud.com:443 > ./ssl-log.txt
from above command, you'll see message like.
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = "DigiCert, Inc.", CN = RapidSSL Global TLS RSA4096 SHA256 2022 CA1
verify return:1
depth=0 CN = *.nextcloud.com
verify return:1
You can see, there are 3 certs verified and 'Verify return: 1' that means successful.
Then I go back to File storage admin page. try connect again. DONE !
Same problem here but our nexctcloud uses letsencrypt:
That fixed the problem on my docker container:
https://gist.github.com/Lukas238/a27956da42eae5d082a04fe0f493a9e0