'Nextcloud + lighttpd setup' help needed

Hi all,

I setup DietPi with the standard setup, lighttpd is used as the default webserver.

I have some questions which I don’t understand or find out how to fix it, as I can’t find the solution :thinking:

Besides the standard setup and lighttpd I installed

  • Nextcloud
    Pi-Hole
    NZBGet

When I type I see the default lighttpd webserver address:

Placeholder page
The owner of this web site has not put up any web pages yet. Please come back later.
You should replace this page with your own web pages as soon as possible.
Unless you changed its configuration, your new server is configured as follows:
Configuration files can be found in /etc/lighttpd. Please read /etc/lighttpd/conf-available/README file.
The DocumentRoot, which is the directory under which all your HTML files should exist, is set to /var/www/html.
CGI scripts are looked for in /usr/lib/cgi-bin, which is where Debian packages will place their scripts. You can enable cgi module by using command "lighty-enable-mod cgi".
Log files are placed in /var/log/lighttpd, and will be rotated weekly. The frequency of rotation can be easily changed by editing /etc/logrotate.d/lighttpd.
The default directory index is index.html, meaning that requests for a directory /foo/bar/ will give the contents of the file /var/www/html/foo/bar/index.html if it exists (assuming that /var/www/html is your DocumentRoot).
You can enable user directories by using command "lighty-enable-mod userdir"

In directory root@DietPi:/etc/lighttpd/conf-enabled# I see

ls
10-fastcgi.conf  15-fastcgi-php.conf   98-dietpi-https_redirect.conf  99-dietpi-nextcloud.conf                  99-dietpi-pihole.conf
10-rewrite.conf  50-dietpi-https.conf  99-dietpi-dav_redirect.conf    99-dietpi-pihole-block_public_admin.conf  99-unconfigured.conf
root@DietPi:/etc/lighttpd/conf-enabled# nano 98-dietpi-https_redirect.conf

Question 1:
How to change the lighttpd webserver so that I will see the Nexcloud WebIf?


Question 2:
Is it possible to install Heimdall Dashboard within DietPi?
This way the central webserver of Heimdall can link to the different installed webserver pages of the corresponding software installation?


Question 3:
In the Nextcloud settings/admin/serverinfo I see:

Disk: mmcblk2p1
Where I expected to see my local harddisk as storage?

Mount: /
Filesystem: ext4
Size: 14.00 GB
Available: 10.70 GB
Used: 24%



root@DietPi:# dietpi-drive_manager
[ INFO ] DietPi-Drive_Manager | Detecting drives, please wait...
[ INFO ] DietPi-Drive_Manager |  - Detected mounted physical drive: /dev/mmcblk2p1 > /
[ INFO ] DietPi-Drive_Manager |  - Detected mounted physical drive: /dev/sda1 > /mnt/81ee498c-61b0-46fd-a3e6-519ba18a9d4a
[  OK  ] DietPi-Drive_Manager | mv .fstab /etc/fstab
[  OK  ] DietPi-Drive_Manager | systemctl daemon-reload
[ INFO ] DietPi-Drive_Manager | Checking for required APT packages: e2fsprogs
[  OK  ] DietPi-Drive_Manager | sync
root@DietPi:/#

After above command I see in the Nextcloud settings/admin/serverinfo also:

sda1
Mount: /mnt/81ee498c-61b0-46fd-a3e6-519ba18a9d4a
Filesystem: ext4
Size: 2.69 TB
Available: 2.69 TB
Used: 1%

How to setup that the harddisk on SDA1 is always used by Nextcloud fot sharing files?

PS1. Spindown is set to 5minutes, is this the reason Nextcloud didn’t show SDA1 harddisk drive?

PS2. How to preserve that the OS eMMC isn’t used by Nextcloud for storage?


Hope you can help me with my questions as I can’t find them in the available HowTo’s…

Thx!

Hello goodday Joulinar

can you have a look with me?

Thx!

I already had a look but took some time to look into Heimdall. Theoretically it’s able to run on DietPi but it require to adjust web server configuration in a way where it might influence other web apps like NextCloud

as you are running multiple web apps on same server, it is quite common to reach each app on their respective sub path.

To use your external disk as Nextcloud storage, you could have adjusted configuration before install of NextCloud

root@DietPi4:~# cat /boot/dietpi.txt | grep nextcloud
# - Optional data directory, default is "/mnt/dietpi_userdata/owncloud_data" respectively "/mnt/dietpi_userdata/nextcloud_data", applied during install
SOFTWARE_NEXTCLOUD_DATADIR=/mnt/dietpi_userdata/nextcloud_data
root@DietPi4:~#

As an alternative, you could move entire /mnt/dietpi_userdata/ to your external disk using dietpi-drive_manager

thanks Joulinar for your reply!

Heimdall isn’t installed in it’s own directorie with own web server configuration?

How to link for example the standard lighttpd webserver page to for example the Nextcloud startpage?
So that a portforward inside the router to the internal IP-address of the DietPi get’s routed to Nextcloud instead of the standard ‘none-edited’ lighttpd webserver and placeholder page?

For me as a hobbyist this is asked too much :thinking:

Hmmm this is a CLI command that needs to be run before installing Nextcloud?

The DietPi Userdata is just Document / Files / Harddisk data or also ‘server / OS data’ which now runs on the eMMC?

Hope you understand what I mean…!

just to avoid a misunderstanding, you have a single web server running. This web server is LISTEN on port 80/443 and that’s where your port forwarding is going to. Doesn’t matter which web application you are running.

Default web server root directory is located at /var/www/
PiHole application is located in a sub folder at /var/www/html
NextCloud application is located in a sub folder at /var/www/nextcloud

Changing web server root directory to /var/www/nextcloud might be possible, but would require more manual customising. Otherwise PiHole will not be reachable anymore.

Coming to Heimdall. Yes it has it’s own directory’s but it is using the exact same web server as PiHole and Nextcloud. Whatever change you do to get Heimdall working, will have influence in PiHole + Nextcloud. Because Heimdall explicitly require to be set as web server root /var/www/Heimdall/public/. Means it is directly conflicting with your wish to set NextCloud as web server root.

Hello Joulinar

yes, I’m trying to understand how it works :thinking:

My internal IP-address is showing the default lighttpd Placeholder page shows:


Placeholder page
The owner of this web site has not put up any web pages yet. Please come back later.
You should replace this page with your own web pages as soon as possible.
Unless you changed its configuration, your new server is configured as follows:
Configuration files can be found in /etc/lighttpd. Please read /etc/lighttpd/conf-available/README file.
The DocumentRoot, which is the directory under which all your HTML files should exist, is set to /var/www/html.
CGI scripts are looked for in /usr/lib/cgi-bin, which is where Debian packages will place their scripts. You can enable cgi module by using command "lighty-enable-mod cgi".
Log files are placed in /var/log/lighttpd, and will be rotated weekly. The frequency of rotation can be easily changed by editing /etc/logrotate.d/lighttpd.
The default directory index is index.html, meaning that requests for a directory /foo/bar/ will give the contents of the file /var/www/html/foo/bar/index.html if it exists (assuming that /var/www/html is your DocumentRoot).
You can enable user directories by using command "lighty-enable-mod userdir"
About this page
This is a placeholder page installed by the Debian release of the Lighttpd server package.

This computer has installed the Debian GNU/Linux operating system, but it has nothing to do with the Debian Project. Please do not contact the Debian Project about it.

If you find a bug in this Lighttpd package, or in Lighttpd itself, please file a bug report on it. Instructions on doing this, and the list of known bugs of this package, can be found in the Debian Bug Tracking System.

So I need to read the /etc/lighttpd/conf-available/README file, it shows:

ligghttpd Configuration under Debian GNU/Linux
==============================================

Files and Directories in /etc/lighttpd:
---------------------------------------

lighttpd.conf:
         main configuration file

conf-available/
        This directory contains a series of .conf files. These files contain
        configuration directives necessary to load and run webserver modules.
        If you want to create your own files they names should be
        build as nn-name.conf where "nn" is two digit number (number
        is used to find order for loading files)

conf-enabled/
        To actually enable a module for lighttpd, it is necessary to create a
        symlink in this directory to the .conf file in conf-available/.

Enabling and disabling modules could be done by provided
/usr/sbin/lighty-enable-mod and /usr/sbin/lighty-disable-mod scripts.

So I have look in the directory /etc/lighttpd/conf-available , it shows the following configs

05-auth.conf       10-dir-listing.conf  10-fastcgi.conf        10-rewrite.conf       10-ssi.conf      10-usertrack.conf        50-dietpi-https.conf           99-dietpi-nextcloud.conf                  99-unconfigured.conf
05-setenv.conf     10-evasive.conf      10-flv-streaming.conf  10-rrdtool.conf       10-ssl.conf      11-extforward.conf       90-debian-doc.conf             99-dietpi-nextcloud.conf.dietpi-new       README
10-accesslog.conf  10-evhost.conf       10-no-www.conf         10-simple-vhost.conf  10-status.conf   15-fastcgi-php-fpm.conf  98-dietpi-https_redirect.conf  99-dietpi-pihole-block_public_admin.conf
10-cgi.conf        10-expire.conf       10-proxy.conf          10-sockproxy.conf     10-userdir.conf  15-fastcgi-php.conf      99-dietpi-dav_redirect.conf    99-dietpi-pihole.conf

Let’s have a look at 99-dietpi-nextcloud.conf

# Derived from:
# - Apache: https://github.com/nextcloud/server/blob/master/.htaccess
# - Nginx:  https://github.com/nextcloud/documentation/blob/master/admin_manual/installation/nginx-subdir.conf.sample

# Redirect webfinger and nodeinfo requests to Nextcloud endpoint:
url.redirect += (
        "^/.well-known/webfinger" => "/nextcloud/index.php/.well-known/webfinger",
        "^/.well-known/nodeinfo" => "/nextcloud/index.php/.well-known/nodeinfo"
)

$HTTP["url"] =~ "^/nextcloud($|/)" {

        # Hardening
        # - Directories
        $HTTP["url"] =~ "^/nextcloud/(build|tests|config|lib|3rdparty|templates|data)($|/)" { url.access-deny = ("") }
        # - Files
        $HTTP["url"] =~ "^/nextcloud/(\.|autotest|occ|issue|indie|db_|console)" { url.access-deny = ("") }
        # - Directory listing
        dir-listing.activate = "disable"
        # - Security and cache control headers for static resources
        $HTTP["url"] =~ "\.(css|js|svg|gif|png|woff2?|map)$" {
                setenv.add-response-header += (
                        "Referrer-Policy" => "no-referrer",
                        "X-Content-Type-Options" => "nosniff",
                        "X-Download-Options" => "noopen",
                        "X-Frame-Options" => "SAMEORIGIN",
                        "X-Permitted-Cross-Domain-Policies" => "none",
                        "X-Robots-Tag" => "none",
                        "X-XSS-Protection" => "1; mode=block",
                        "Cache-Control" => "public, max-age=15778463",
                )
        }

}

Do I need to replace the standard main configuration file lighttpd.conf:

server.modules = (
        "mod_indexfile",
        "mod_setenv",
        "mod_access",
        "mod_alias",
        "mod_redirect",
)

server.document-root = "/var/www"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80

# features
#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
server.feature-flags       += ("server.h2proto" => "enable")
server.feature-flags       += ("server.h2c"     => "enable")
server.feature-flags       += ("server.graceful-shutdown-timeout" => 5)
#server.feature-flags       += ("server.graceful-restart-bg" => "enable")

# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
#  if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
  "header-strict"           => "enable",# default
  "host-strict"             => "enable",# default
  "host-normalize"          => "enable",# default
  "url-normalize-unreserved"=> "enable",# recommended highly
  "url-normalize-required"  => "enable",# recommended
  "url-ctrls-reject"        => "enable",# recommended
  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
 #"url-path-2f-reject"      => "enable",
  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
 #"url-path-dotseg-reject"  => "enable",
 #"url-query-20-plus"       => "enable",# consistency in query string
)

index-file.names            = ( "index.php", "index.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"

#server.compat-module-load   = "disable"
server.modules += (
        "mod_dirlisting",
        "mod_staticfile",
)

with the 99-dietpi-nextcloud.conf ?

mv  lighttpd.conf  lighttpd.conf.original
cp /etc/lighttpd/conf-available/99-dietpi-nextcloud.conf /etc/lighttpdlighttpd.conf

?

It’s a advantage that every application has his own directory as you show

Default web server root directory is located at /var/www/
PiHole application is located in a sub folder at /var/www/html
NextCloud application is located in a sub folder at /var/www/nextcloud

Is it possible to install to it’s own directory /var/www/Heimdall/public/ and creat a own config in /etc/lighttpd/conf-available ?

So we can redirect the default lighttpd Placeholder to Heimdall?
And within the Heimdall dashboard we can link shortcuts to the other installed applications wich have there own directories?

We leave everything original, redirect the default webserver to Heimdall?
From Heimdall we hit the Application link and it will show Pi-Hole or Nexcloud or…
Or visit them directly

PiHole application at /var/www/html
NextCloud application at /var/www/nextcloud

?

don’t replace any configuration file.

lighttpd.conf is the main configuration file and you will brake your system if you remove it. It defines the entire web server.99-dietpi-nextcloud.conf is already active and specify NextCloud app only. You can see all active configurations inside /etc/lighttpd/conf-enabled/.

pls ask Heimdall developer how it could work to have Heimdall + PiHole + NnextCloud running on same web server. Especially since Heimdall explicitly expect to be web server root.

Hi,

but what to do with?

You should replace this page with your own web pages as soon as possible.

The following are enabled

root@DietPi:~# cd /etc/lighttpd/conf-enabled/
root@DietPi:/etc/lighttpd/conf-enabled# ls
10-fastcgi.conf      50-dietpi-https.conf           99-dietpi-nextcloud.conf                  99-unconfigured.conf
10-rewrite.conf      98-dietpi-https_redirect.conf  99-dietpi-pihole-block_public_admin.conf
15-fastcgi-php.conf  99-dietpi-dav_redirect.conf    99-dietpi-pihole.conf
root@DietPi:/etc/lighttpd/conf-enabled#

What if I keep this situation, and want to have Nextcloud public available
How to portforward to a subfolder /var/www/nextcloud in a modem/router?

Normally you forward just to an IP with port?

but what to do with?

You should replace this page with your own web pages as soon as possible.

This is just a notification message done by the index file located in /var/www.

What if I keep this situation, and want to have Nextcloud public available
How to portforward to a subfolder /var/www/nextcloud in a modem/router?

You don’t make NextCloud public. It is the web server.
NextCloud is not an application. It is a web site hosted by the web server. Therefore you do port forwarding to the DietPi system on your router. On your DietPi system, the web server will pick it up as it is LISTEN on the specific port. Based on the URL / sub path you use, the web server will know which web site to be displayed. In case of Nextcloud, it would be http://your.ddns.com/nextcloud

Indeed,

but if I forward inside my modem/router port 80 the standard webserver port to my local IP and port 80 of the internal DietPi server it shows the router/modem webinterface page when I visit my DNS instead of the Nextcloud webinterface?

Again, as stated the post before, you need to add the sub path

http://your.ddns.com/nextcloud

If you are not happy with this solution (to add the /nextcloud to your DDNS URL) you could config Lighttpd to redirect to the sub directory.

$ sudo nano /etc/lighttpd/lighttpd.conf

add this line:

url.redirect = ("^/$" => "/nextcloud" )

I’m not sure if you can still access the root directory then by calling

http://your.ddns.com/index.lighttpd.html

But maybe you don’t need the root anyways.

well there was the request to use Heimdall and if I’m not mistaken this require to be web server root. That’s the challenge I would say integrate Heimdall with all other web apps. And that’s probably the question ask Heimdall guys how this is possible.

I tried some things out, but I couldn’t made it work with symlink (which lighttpd supports), nor alias.url or url.rewrite in the lighttpd.conf


Maybe the easiest solution for people like you and me is to install it with docker, like official wiki of Heimdall suggests, without dietpi at all.
I know, this is not a satisfying solution :slight_smile:

Or use a 2nd web server naively on DietPi. Should work as well. Some tweaks would be needed for this but in theory it might gonna work. I mean you would need to reconfigure it anyhow as you can have 2 app running on port 80 like Heimdall Docker container + web server hosting NextCloud /PiHole :sunglasses:

I made it work a little bit!
I changed in lighttpd.conf the root to the public folder of Heimdall

server.document-root = "/var/www/Heimdall/public"

and added these lines in lighttpd.conf:

alias.url += ( "/pihole" => "/var/www/pihole" )
alias.url += ( "/admin" => "/var/www/admin" )

I only testet with pihole, but I bet it works also for nextcloud and other stuff too.

But I have another problem, non of the links in Heimdall work now, I get only 404 messages. With apache this is solved with .htaccess stuff, in Lighttpd you have to do this with mod_rewrite and stuff. (see https://github.com/linuxserver/Heimdall/issues/563)

Good luck :slight_smile:

Still for me Heimdall is not a good web app. Not that flexible to work on a sub folder. For me this is a must, to be able to run multiple web apps next to each other. But we are moving off topic I guess.

:stuck_out_tongue: Yes I know it , but the rest of the world doesn’t, so port 80 is forwarded from the WWW to the standard lighttpd webinterface

How to secure this?

Asked for Help at the Heimdall Support chat

https://discord.com/channels/354974912613449730/413430508131975171/944697719866400799