Nextcloud problems / questions

Troubleshooting
61

Oke, new thoughts, new plan

I just need the Subdomain Nextcloud.YourDomain.com, no need for the MainDomain

I started with a clean backup of just DietPi
Installed Nexcloud, choose again for Nginx as webserver

So the original after the standard installation is located at /etc/nginx/sites-dietpi/my-nextcl
I can edit the original and try /etc/nginx/sites-dietpi/dietpi-nextcloud.conf

what does the -a ?

root@DietPi:~# cd --help
cd: cd [-L|[-P [-e]] [-@]] [dir]
    Change the shell working directory.

    Change the current directory to DIR.  The default DIR is the value of the
    HOME shell variable.

    The variable CDPATH defines the search path for the directory containing
    DIR.  Alternative directory names in CDPATH are separated by a colon (:).
    A null directory name is the same as the current directory.  If DIR begins
    with a slash (/), then CDPATH is not used.

    If the directory is not found, and the shell option `cdable_vars' is set,
    the word is assumed to be  a variable name.  If that variable has a value,
    its value is used for DIR.

    Options:
      -L        force symbolic links to be followed: resolve symbolic
                links in DIR after processing instances of `..'
      -P        use the physical directory structure without following
                symbolic links: resolve symbolic links in DIR before
                processing instances of `..'
      -e        if the -P option is supplied, and the current working
                directory cannot be determined successfully, exit with
                a non-zero status
      -@        on systems that support it, present a file with extended
                attributes as a directory containing the file attributes

    The default is to follow symbolic links, as if `-L' were specified.
    `..' is processed by removing the immediately previous pathname component
    back to a slash or the beginning of DIR.

    Exit Status:
    Returns 0 if the directory is changed, and if $PWD is set successfully when
    -P is used; non-zero otherwise.
root@DietPi:~#
62

hhmmmm Still no go… :cry:

After installation of NC i ran Let’s Encrypt with the subdomain: nextcloud.Yourdomain.com
And options set to ON
.

image
image1004×267 55.1 KB

With NC it is visible
But not via DNS !?

With https://Yourdomain.com/nextcloud/ I got

Your connection is not private
Cyber criminals may be trying to steal your information from hemertje.com (for example, passwords, messages, or credit card information). More information
NET::ERR_CERT_COMMON_NAME_INVALID

With https://nextcloud.Yourdomain.com/ I got

Welcome to nginx!
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.

Thank you for using nginx.

So I edited

nano /var/www/nextcloud/config/config.php

And adjust value overwrite.cli.url

Remove the sub path /nextcloud from

‘overwrite.cli.url’ => ‘https://nextcloud.Yourdomain.com/nextcloud’,

Should looks like this now

‘overwrite.cli.url’ => ‘https://nextcloud.Yourdomain.com’,

Save and Close nano with CNTR+O ans CNTRL+X.

restart the Nginx webserver

systemctl restart nginx

In the hope that with https://nextcloud.Yourdomain.com NC would be accesseble!

Now on Local IP I even can’t login anymore
I get rejected…

https:// < local IP> /nextcloud/login?redirect_url=/nextcloud/apps/dashboard/

My 2 config files:

nano /var/www/nextcloud/config/config.php

<?php
$CONFIG = array (
  'passwordsalt' => 'hjQ4NMRn4UUU49svfnqrkfjnqwrkjn38772Jf',
  'secret' => 'ASdk6FVSA6+RC34972398y123r9y +peIW1aRqajkEIx6ynqH',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => '*',
  ),
  'datadirectory' => '/mnt/dietpi_userdata/nextcloud_data',
  'dbtype' => 'mysql',
  'version' => '25.0.2.3',
  'hashingThreads' => 6,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'filelocking.enabled' => true,
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => '/run/redis/redis-server.sock',
    'port' => 0,
  ),
  'overwrite.cli.url' => 'https://nextcloud.Yourdomain.com',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'oc_admin',
  'dbpassword' => '8sWa=)passwordb}9:Q,wtU$?k6&',
  'installed' => true,
  'instanceid' => 'octiwengfbzo9g5',
  'mail_from_address' => '?',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'Yourdomain.com',
  'mail_smtphost' => 'mail.mailserver.net',
  'mail_smtpsecure' => 'ssl',
  'mail_smtpport' => '465',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtpname' => 'info@Yourdomain.com',
  'mail_smtppassword' => '@password.comt',
  'default_phone_region' => 'optional',
);

nano /etc/nginx/sites-dietpi/dietpi-nextcloud.conf

# Based on: https://github.com/nextcloud/documentation/blob/master/admin_manual/installation/nginx-subdir.conf.sample

# Redirect webfinger and nodeinfo requests to Nextcloud endpoint
location /.well-known/webfinger { return 301 /nextcloud/index.php$request_uri; }
location /.well-known/nodeinfo  { return 301 /nextcloud/index.php$request_uri; }

location ^~ /nextcloud {

        # Omit Nginx version on error response
        server_tokens off;

        # Set max upload size
        client_max_body_size 1048576M;
        fastcgi_buffers 64 4K;

        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifes>
        # HTTP response headers borrowed from Nextcloud `.htaccess`
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;

        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;


        # Specify how to handle directories -- specifying `/nextcloud/index.php$request_uri`
        # here as the fallback means that Nginx always exhibits the desired behaviour
        # when a client requests a path that corresponds to a directory that exists
        # on the server. In particular, if that directory contains an index.php file,
        # that file is correctly served; if it doesn't, then the request is passed to
        # the front-end controller. This consistent behaviour means that we don't need
        # to specify custom rules for certain paths (e.g. images and other assets,
        # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
        # `try_files $uri $uri/ /nextcloud/index.php$request_uri`
        # always provides the desired behaviour.
        index index.php index.html /nextcloud/index.php$request_uri;

        # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
        location = /nextcloud {
                if ( $http_user_agent ~ ^DavClnt ) {
                        return 302 /nextcloud/remote.php/webdav/$is_args$args;
                }
        }

        # Rules borrowed from `.htaccess` to hide certain paths from clients
        location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
        location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }

        # Ensure this block, which passes PHP files to the PHP process, is above the blocks
        # which handle static assets (as seen below). If this block is not declared first,
        # then Nginx will encounter an infinite rewriting loop when it prepends
        # `/nextcloud/index.php` to the URI, resulting in a HTTP 500 error response.
        location ~ \.php(?:$|/) {
                fastcgi_split_path_info ^(.+?\.php)(/.*|)$;
                set $path_info $fastcgi_path_info;
                try_files $fastcgi_script_name =404;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_param HTTPS $https;
                fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
                fastcgi_param front_controller_active true; # Enable pretty URLs without /index.php/
                fastcgi_pass php;
                fastcgi_intercept_errors on;
                fastcgi_request_buffering off;
                fastcgi_max_temp_file_size 0; # Allow downloads > 1 GiB: https://github.com/nextcloud/documentation/pul>       
}


        location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
                try_files $uri /nextcloud/index.php$request_uri;
                expires 6M; # Cache-Control policy borrowed from `.htaccess`
                access_log off; # Optional: Don't log access to assets
        }

        location ~ \.woff2?$ {
                try_files $uri /nextcloud/index.php$request_uri;
                expires 7d; # Cache-Control policy borrowed from `.htaccess`
                access_log off; # Optional: Don't log access to assets
        }

        # Rule borrowed from `.htaccess`
        location /nextcloud/remote {
                return 301 /nextcloud/remote.php$request_uri;
        }

        location /nextcloud {
                try_files $uri $uri/ /nextcloud/index.php$request_uri;
        }
}

Help, what goes wrong?

63

you did not adjust /etc/nginx/sites-available/default ?? If not, pls do and change root /var/www into root /var/www/nextcloud

64

And copy+edit the dietpi-nextcloud.conf as I suggested further above. -a of the cp command (not cd) is for preserving all UNIX permissions.

65

yes did it…!

66

no, not yet until now…

After editing and reboot NC, NC is available under

https://nextcloud.Yourdomain.com/

THANK YOU!

But!

# /etc/nginx/sites-available/default
server {

        root /var/www/nextcloud;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name nextcloud.Yourdomain.com;

        include /etc/nginx/sites-dietpi/*.conf;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php(?:$|/) {
                include snippets/fastcgi-php.conf;
                fastcgi_pass php;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/nextcloud.Yourdomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/nextcloud.Yourdomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


    add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot


    ssl_trusted_certificate /etc/letsencrypt/live/nextcloud.Yourdomain.com/chain.pem; # managed by Certbot
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot

}

server {
    if ($host = nextcloud.Yourdomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name nextcloud.Yourdomain.com;

        include /etc/nginx/sites-dietpi/*.conf;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php(?:$|/) {
                include snippets/fastcgi-php.conf;
                fastcgi_pass php;
        }




}

again these warnings

## Security & setup warnings

It's important for the security and performance of your instance that everything is configured correctly. To help you with that we are doing some automatic checks. Please see the linked documentation for more information.

There are some warnings regarding your setup.

* Your web server is not properly set up to resolve "/.well-known/webfinger". Further information can be found in the [documentation ↗](https://docs.nextcloud.com/server/25/go.php?to=admin-setup-well-known-URL).
* Your web server is not properly set up to resolve "/.well-known/nodeinfo". Further information can be found in the [documentation ↗](https://docs.nextcloud.com/server/25/go.php?to=admin-setup-well-known-URL).
* Your web server is not properly set up to resolve "/.well-known/caldav". Further information can be found in the [documentation ↗](https://docs.nextcloud.com/server/25/go.php?to=admin-setup-well-known-URL).
* Your web server is not properly set up to resolve "/.well-known/carddav". Further information can be found in the [documentation ↗](https://docs.nextcloud.com/server/25/go.php?to=admin-setup-well-known-URL).
67

Reading dozens of websites with the ‘solution’ all midday and evening I still didn’t find the answer

Here I found a possible solution, but that doesn’t also not work

Suggested Nginx default configuration seems to be the culprit!

It says:

fastcgi_intercept_errors on;

That causes Nginx to intercept HTTP error codes returned by the PHP script with the configured error page or nginx default error pages. See the documentation.

Normally /.well-known/nodeinfo in NextCloud is supposed to return HTTP 404 with {"message":"nodeinfo not supported"} JSON. If you have fastcgi_intercept_errors on, default Nginx not found page (or configured custom error page) will be returned for any 404 code, causing this error message to be printed in the Administration/Settings.

So to fix this, just set it to off:

fastcgi_intercept_errors off;

Changing redirects to 301 and even redirecting these requests to remote.php/dav to “fix” this are IMO all wrong.

So on nginx, define

fastcgi_intercept_errors off;

and

            location = /.well-known/webfinger   { return 301 /nextcloud/index.php$uri; }
            location = /.well-known/nodeinfo   { return 301 /nextcloud/index.php$uri; }

fix all the warnings.

I’m out of any other ideas…

68

Did you read my suggestion about dietpi-nextcloud.conf? It is the exact reason for the admin panel warnings. Revert all other solution attempts you tried/applied, to not mix/duplicate things.

69

Morning, yes I read it, but I do not understand it or know what to do with your tips as I’m not a coder…

Here is my /etc/nginx/sites-dietpi/dietpi-nextcloud.conf without my ‘solution’ attempts

# Based on: https://github.com/nextcloud/documentation/blob/master/admin_manual/installation/nginx-subdir.conf.sample

# Redirect webfinger and nodeinfo requests to Nextcloud endpoint
location /.well-known/webfinger { return 301 /nextcloud/index.php$request_uri; }
location /.well-known/nodeinfo  { return 301 /nextcloud/index.php$request_uri; }

location ^~ /nextcloud {

        # Omit Nginx version on error response
        server_tokens off;

        # Set max upload size
        client_max_body_size 1048576M;
        fastcgi_buffers 64 4K;

        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifes>

        # HTTP response headers borrowed from Nextcloud `.htaccess`
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;

        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;


        # Specify how to handle directories -- specifying `/nextcloud/index.php$request_uri`
        # here as the fallback means that Nginx always exhibits the desired behaviour
        # when a client requests a path that corresponds to a directory that exists
        # on the server. In particular, if that directory contains an index.php file,
        # that file is correctly served; if it doesn't, then the request is passed to
        # the front-end controller. This consistent behaviour means that we don't need
        # to specify custom rules for certain paths (e.g. images and other assets,
        # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
        # `try_files $uri $uri/ /nextcloud/index.php$request_uri`
        # always provides the desired behaviour.
        index index.php index.html /nextcloud/index.php$request_uri;

        # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
        location = /nextcloud {
                if ( $http_user_agent ~ ^DavClnt ) {
                        return 302 /nextcloud/remote.php/webdav/$is_args$args;
                }
        }

        # Rules borrowed from `.htaccess` to hide certain paths from clients
        location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
        location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }

        # Ensure this block, which passes PHP files to the PHP process, is above the blocks
        # which handle static assets (as seen below). If this block is not declared first,
        # then Nginx will encounter an infinite rewriting loop when it prepends
        # `/nextcloud/index.php` to the URI, resulting in a HTTP 500 error response.
        location ~ \.php(?:$|/) {
                fastcgi_split_path_info ^(.+?\.php)(/.*|)$;
                set $path_info $fastcgi_path_info;
                try_files $fastcgi_script_name =404;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_param HTTPS $https;
                fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
                fastcgi_param front_controller_active true; # Enable pretty URLs without /index.php/
                fastcgi_pass php;
                fastcgi_intercept_errors on;
                fastcgi_request_buffering off;
                fastcgi_max_temp_file_size 0; # Allow downloads > 1 GiB: https://github.com/nextcloud/documentation/pul>        }


        location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
                try_files $uri /nextcloud/index.php$request_uri;
                expires 6M; # Cache-Control policy borrowed from `.htaccess`
                access_log off; # Optional: Don't log access to assets
        }

        location ~ \.woff2?$ {
                try_files $uri /nextcloud/index.php$request_uri;
                expires 7d; # Cache-Control policy borrowed from `.htaccess`
                access_log off; # Optional: Don't log access to assets
        }

        # Rule borrowed from `.htaccess`
        location /nextcloud/remote {
                return 301 /nextcloud/remote.php$request_uri;
        }

        location /nextcloud {
                try_files $uri $uri/ /nextcloud/index.php$request_uri;
        }
}

Does all ’ /nextcloud/’ needs to be ’ www/nextcloud/’ ?

70

/nextcloud prefix basically needs to be removed everywhere, since nextcloud.domain.org/nextcloud does not exist/is not accessed after you changed the webroot. All directives need to apply to paths without /nextcloud instead. I’ll find time the next days to post an adjusted config. Until then you may try or use as starting point the one from Nextcloud docs, which we use as basis as well for ours: NGINX configuration — Nextcloud latest Administration Manual latest documentation

The part in last server block starting at server_tokens off; is what can go into a dedicated my-nextcloud.conf.

To compare with what is used if Nextcloud is in a subdir: NGINX configuration — Nextcloud latest Administration Manual latest documentation

71

dear @Joulinar @MichaIng

I thank you so much for all your help, I really appreciate it

will have a look in the meantime

72

In my search I found another possible problem!?

in file ‘/etc/nginx/sites-available/default’
I think I missed a root change?
see the - / + lines

# /etc/nginx/sites-available/default
server {

        root /var/www/nextcloud;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name nextcloud.hemertje.com;

        include /etc/nginx/sites-dietpi/*.conf;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php(?:$|/) {
                include snippets/fastcgi-php.conf;
                fastcgi_pass php;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/nextcloud.hemertje.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/nextcloud.hemertje.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


    add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot


    ssl_trusted_certificate /etc/letsencrypt/live/nextcloud.hemertje.com/chain.pem; # managed by Certbot
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot

}

server {
    if ($host = nextcloud.hemertje.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80 default_server;
        listen [::]:80 default_server;

-        root /var/www;
+        root /var/www/nextcloud;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name nextcloud.hemertje.com;

        include /etc/nginx/sites-dietpi/*.conf;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php(?:$|/) {
                include snippets/fastcgi-php.conf;
                fastcgi_pass php;
        }




}

?

73

not sure why but the 2nd server block is incorrect and looks different on a default system. Should looks like this

server {
    if ($host = nextcloud.hemertje.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


	listen 80 default_server;
	listen [::]:80 default_server;

	server_name nextcloud.hemertje.com;
    return 404; # managed by Certbot


}
74

So these blocks can be removed?

server {
if ($host = nextcloud.hemertje.com) {
return 301 https://$host$request_uri;
} # managed by Certbot

    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/nextcloud;
    index index.php index.html index.htm index.nginx-debian.html;

    server_name nextcloud.hemertje.com;

    include /etc/nginx/sites-dietpi/*.conf;

location / {
try_files $uri $uri/ =404;
}

    location ~ \.php(?:$|/) {
            include snippets/fastcgi-php.conf;
            fastcgi_pass php;
    }

And added:

return 404; # managed by Certbot

}

75

simply remove the whole block and replace it with the one I have shared.

76

So if I understand correctly:

server {
    if ($host = nextcloud.hemertje.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80 default_server;
        listen [::]:80 default_server;

#       root /var/www/nextcloud;
#       index index.php index.html index.htm index.nginx-debian.html;

        server_name nextcloud.hemertje.com;
#
#       include /etc/nginx/sites-dietpi/*.conf;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#
#       location ~ \.php(?:$|/) {
#               include snippets/fastcgi-php.conf;
#               fastcgi_pass php;
#       }
    return 404; # managed by Certbot



}

?

77

Back to the example
https://docs.nextcloud.com/server/stable/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx

The Howto says:
Adjust server_name, root, ssl_certificate and ssl_certificate_key to suit your needs.

Nextcloud in the webroot of NGINX

See my command lines below with #

#The lines below are arranged somewhere else in DietPi?
upstream php-handler {
    server 127.0.0.1:9000;
    #server unix:/var/run/php/php7.4-fpm.sock;
}

 Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
    "" "";
    default "immutable";
}



#The ‘listen 80’ lines below are arranged in the file ‘/etc/nginx/sites-available/default’
server {
    listen 80;
    listen [::]:80;
    server_name cloud.example.com;

    # Prevent nginx HTTP Server Detection
    server_tokens off;

    # Enforce HTTPS
    return 301 https://$server_name$request_uri;
}


#The ‘listen 443’ lines below are arranged in the file ‘/etc/nginx/sites-available/default’
server {
    listen 443      ssl http2;
    listen [::]:443 ssl http2;
    server_name cloud.example.com;

#The ‘root path’ lines below are arranged in the file ‘/etc/nginx/sites-available/default’
    # Path to the root of your installation
    root /var/www/nextcloud;

#The ‘SSL settings’ lines below are arranged in the file ‘/etc/nginx/sites-available/default’
    # Use Mozilla's guidelines for SSL/TLS settings
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
    ssl_certificate     /etc/ssl/nginx/cloud.example.com.crt;
    ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;

    # Prevent nginx HTTP Server Detection
    server_tokens off;


#The ‘HSTS settings’ lines below are arranged in the file ‘/etc/nginx/sites-available/default’
    # HSTS settings
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
# The option preload" is missing in the DietPi Certbot, see above warning!


#The ‘Upload settings’ lines below are arranged in the file ‘/etc/nginx/sites-dietpi/dietpi-nextcloud.conf’
    # set max upload size and increase upload timeout:
    client_max_body_size 512M; # DietPi uses 1048576M instead of 512M
    client_body_timeout 300s; # DietPi does not use the timeout setting
    fastcgi_buffers 64 4K; # DietPi uses same option settings


#The ‘Gzip settings’ lines below are arranged in the file ‘/etc/nginx/sites-dietpi/dietpi-nextcloud.conf’
    # Enable gzip but do not remove ETag headers
    gzip on; # DietPi uses same option settings
    gzip_vary on; # DietPi uses same option settings
    gzip_comp_level 4; # DietPi uses same option settings
    gzip_min_length 256; # DietPi uses same option settings
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; # DietPi uses same option settings
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;  # DietPi uses the option settings gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifes>


# Pagespeed is not used in the file ‘/etc/nginx/sites-dietpi/dietpi-nextcloud.conf’ or the file ‘/etc/nginx/sites-available/default’
    # Pagespeed is not supported by Nextcloud, so if your server is built
    # with the `ngx_pagespeed` module, uncomment this line to disable it.
    #pagespeed off;

# HTTP2 bandwidth is not used in the file ‘/etc/nginx/sites-dietpi/dietpi-nextcloud.conf’ or the file ‘/etc/nginx/sites-available/default’
    # The settings allows you to optimize the HTTP2 bandwitdth.
    # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
    # for tunning hints
    client_body_buffer_size 512k;


# HTTP response headers are used in the file ‘/etc/nginx/sites-dietpi/dietpi-nextcloud.conf’
    # HTTP response headers borrowed from Nextcloud `.htaccess`
    add_header Referrer-Policy                      "no-referrer"   always; # DietPi uses same option settings
    add_header X-Content-Type-Options               "nosniff"       always; # DietPi uses same option settings
    add_header X-Download-Options                   "noopen"        always; # DietPi uses same option settings
    add_header X-Frame-Options                      "SAMEORIGIN"    always; # DietPi uses same option settings
    add_header X-Permitted-Cross-Domain-Policies    "none"          always; # DietPi uses same option settings
    add_header X-Robots-Tag                         "none"          always; # DietPi uses same option settings
    add_header X-XSS-Protection                     "1; mode=block" always; # DietPi uses same option settings

# Remove X-Powered-By is used in the file ‘/etc/nginx/sites-dietpi/dietpi-nextcloud.conf’
    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By; # DietPi uses same option


# Index is used in the file ‘/etc/nginx/sites-dietpi/dietpi-nextcloud.conf’
    # Specify how to handle directories -- specifying `/index.php$request_uri`
    # here as the fallback means that Nginx always exhibits the desired behaviour
    # when a client requests a path that corresponds to a directory that exists
    # on the server. In particular, if that directory contains an index.php file,
    # that file is correctly served; if it doesn't, then the request is passed to
    # the front-end controller. This consistent behaviour means that we don't need
    # to specify custom rules for certain paths (e.g. images and other assets,
    # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
    # `try_files $uri $uri/ /index.php$request_uri`
    # always provides the desired behaviour.
    index index.php index.html /index.php$request_uri; #My file contains /nextcloud/ : index index.php index.html /nextcloud/index.php$request_uri;

# Rule `.htaccess` is used in the file ‘/etc/nginx/sites-dietpi/dietpi-nextcloud.conf’
    # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
    location = / { # my ‘dietpi-nextcloud.conf’ contains  location = /nextcloud {
        if ( $http_user_agent ~ ^DavClnt ) {
            return 302 /remote.php/webdav/$is_args$args; # my ‘dietpi-nextcloud.conf’ contains  location =  return 302 /nextcloud/remote.php/webdav/$is_args$args;
# My file contains extra:
# Rules borrowed from `.htaccess` to hide certain paths from clients
#        location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
#        location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }

        }
    }

# Robots is not used in the file ‘/etc/nginx/sites-dietpi/dietpi-nextcloud.conf’ or the file ‘/etc/nginx/sites-available/default’
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }


# These well-known is in my file ‘/etc/nginx/sites-dietpi/dietpi-nextcloud.conf’
# These follows a different setup of the line but it seems to me the result is the same?
# Redirect webfinger and nodeinfo requests to Nextcloud endpoint
#location /.well-known/webfinger { return 301 /nextcloud/index.php$request_uri; }
#location /.well-known/nodeinfo  { return 301 /nextcloud/index.php$request_uri; }

# Below the extended lines
    # Make a regex exception for `/.well-known` so that clients can still
    # access it despite the existence of the regex rule
    # `location ~ /(\.|autotest|...)` which would otherwise handle requests
    # for `/.well-known`.
    location ^~ /.well-known {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

        # Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
        return 301 /index.php$request_uri;
    }


# The Rules below are not used in the file ‘/etc/nginx/sites-dietpi/dietpi-nextcloud.conf’ or the file ‘/etc/nginx/sites-available/default’
    # Rules borrowed from `.htaccess` to hide certain paths from clients
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }


# The Rules below are used in the file ‘/etc/nginx/sites-dietpi/dietpi-nextcloud.conf’
    # Ensure this block, which passes PHP files to the PHP process, is above the blocks
    # which handle static assets (as seen below). If this block is not declared first,
    # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
    # to the URI, resulting in a HTTP 500 error response.
    location ~ \.php(?:$|/) {
        # Required for legacy support

#This part differs from my  ‘/etc/nginx/sites-dietpi/dietpi-nextcloud.conf’
        rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;

#This part is equal with my  ‘/etc/nginx/sites-dietpi/dietpi-nextcloud.conf’
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

        try_files $fastcgi_script_name =404;

        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on; # ‘on’vh is extra here!

        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
        fastcgi_param front_controller_active true;     # Enable pretty urls
        fastcgi_pass php-handler;

        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;

        fastcgi_max_temp_file_size 0;
    }

    location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
        try_files $uri /index.php$request_uri; # my ‘dietpi-nextcloud.conf’ contains extra  /nextcloud/

# my ‘dietpi-nextcloud.conf’ contains  extra:
#expires 6M; # Cache-Control policy borrowed from `.htaccess`

        add_header Cache-Control "public, max-age=15778463, $asset_immutable"; # this line is missing in my ‘dietpi-nextcloud.conf’
        access_log off;     # Optional: Don't log access to assets # same as in my ‘dietpi-nextcloud.conf’

# my ‘dietpi-nextcloud.conf’ does not contain the lines below:
        location ~ \.wasm$ {
            default_type application/wasm;
        }
    }
# my ‘dietpi-nextcloud.conf’ does contain the lines below:
#location ~ \.woff2?$ {
#                try_files $uri /nextcloud/index.php$request_uri;
#               expires 7d; # Cache-Control policy borrowed from `.htaccess`
#              access_log off; # Optional: Don't log access to assets

    }

    # Rule borrowed from `.htaccess`
    location /remote { # my ‘dietpi-nextcloud.conf’ contains  /nextcloud/remote
        return 301 /remote.php$request_uri; # my ‘dietpi-nextcloud.conf’ contains  /nextcloud/remote.php
    }

    location / { # my ‘dietpi-nextcloud.conf’ contains  ‘location /nextcloud’
        try_files $uri $uri/ /index.php$request_uri; # my ‘dietpi-nextcloud.conf’ contains  /nextcloud/index.php…
    }
}
78

I don’t think you need to do all this development. There should be no need to create own files. Basically, it is quite simple.

  1. adjust /etc/nginx/sites-available/default and change root /var/www into root /var/www/nextcloud
  2. adjust /etc/nginx/sites-available/default and remove small block for location /
  3. adjust /etc/nginx/sites-dietpi/dietpi-dav_redirect.conf and remove sub path /nextcloud from all configs
  4. adjust /etc/nginx/sites-dietpi/dietpi-nextcloud.conf and remove sub path /nextcloud from all configs (should be quite some)
  5. restart Nginx
79

1 and 2: What do you mean with?

remove small block for location /

/etc/nginx/sites-available/default

# /etc/nginx/sites-available/default
server {

        root /var/www/nextcloud;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name nextcloud.hemertje.com;

        include /etc/nginx/sites-dietpi/*.conf;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php(?:$|/) {
                include snippets/fastcgi-php.conf;
                fastcgi_pass php;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/nextcloud.hemertje.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/nextcloud.hemertje.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


    add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot


    ssl_trusted_certificate /etc/letsencrypt/live/nextcloud.hemertje.com/chain.pem; # managed by Certbot
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot

}

server {
    if ($host = nextcloud.hemertje.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80 default_server;
        listen [::]:80 default_server;

        server_name nextcloud.hemertje.com;

    return 404; # managed by Certbot



}
  1. ‘/etc/nginx/sites-dietpi/dietpi-dav_redirect.conf’
# Redirect Cal/CardDAV requests to Nextcloud endpoint:
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav  { return 301 /remote.php/dav/; }
  1. what to do with:

location ^~ /nextcloud {

    # Omit Nginx version on error response
    server_tokens off;

‘location ^~ /nextcloud {’ ?

will this be like ‘location ^~ / {’ ?

        # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
        location = /nextcloud {
                if ( $http_user_agent ~ ^DavClnt ) {
                        return 302 /nextcloud/remote.php/webdav/$is_args$args;
                }
        }

        # Rule borrowed from `.htaccess`
        location /nextcloud/remote {
                return 301 /nextcloud/remote.php$request_uri;
        }

        location /nextcloud {
                try_files $uri $uri/ /nextcloud/index.php$request_uri;
        }
}
80

With the file (removed “nextcoud”)

# Based on: https://github.com/nextcloud/documentation/blob/master/admin_manual/installation/nginx-subdir.conf.sample

# Redirect webfinger and nodeinfo requests to Nextcloud endpoint
location /.well-known/webfinger { return 301 /index.php$request_uri; }
location /.well-known/nodeinfo  { return 301 /index.php$request_uri; }

location ^~ / {

        # Omit Nginx version on error response
        server_tokens off;

        # Set max upload size
        client_max_body_size 1048576M;
        fastcgi_buffers 64 4K;

        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml app>
        # HTTP response headers borrowed from Nextcloud `.htaccess`
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;

        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;
        # Specify how to handle directories -- specifying `/nextcloud/index.php$request_uri`
        # here as the fallback means that Nginx always exhibits the desired behaviour
        # when a client requests a path that corresponds to a directory that exists
        # on the server. In particular, if that directory contains an index.php file,
        # that file is correctly served; if it doesn't, then the request is passed to
        # the front-end controller. This consistent behaviour means that we don't need
        # to specify custom rules for certain paths (e.g. images and other assets,
        # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
        # `try_files $uri $uri/ /nextcloud/index.php$request_uri`
        # always provides the desired behaviour.
        index index.php index.html /index.php$request_uri;

        # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
        location = / {
                if ( $http_user_agent ~ ^DavClnt ) {
                        return 302 /remote.php/webdav/$is_args$args;
                }
        }

        # Rules borrowed from `.htaccess` to hide certain paths from clients
        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
        location ~ ^(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
        # Ensure this block, which passes PHP files to the PHP process, is above the blocks
        # which handle static assets (as seen below). If this block is not declared first,
        # then Nginx will encounter an infinite rewriting loop when it prepends
        # `/nextcloud/index.php` to the URI, resulting in a HTTP 500 error response.
        location ~ \.php(?:$|/) {
                fastcgi_split_path_info ^(.+?\.php)(/.*|)$;
                set $path_info $fastcgi_path_info;
                try_files $fastcgi_script_name =404;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_param HTTPS $https;
                fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
                fastcgi_param front_controller_active true; # Enable pretty URLs without /index.php/
                fastcgi_pass php;
                fastcgi_intercept_errors on;
                fastcgi_request_buffering off;
                fastcgi_max_temp_file_size 0; # Allow downloads 1 GiB: https://github.com/nextcloud/documentation/pull/7979
        }

        location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
                try_files $uri /index.php$request_uri;
                expires 6M; # Cache-Control policy borrowed from `.htaccess`
                access_log off; # Optional: Don't log access to assets
        }

        location ~ \.woff2?$ {
                try_files $uri /index.php$request_uri;
                expires 7d; # Cache-Control policy borrowed from `.htaccess`
                access_log off; # Optional: Don't log access to assets
        }
        # Rule borrowed from `.htaccess`
        location /remote {
                return 301 /remote.php$request_uri;
        }

        location / {
                try_files $uri $uri/ /index.php$request_uri;
        }
}

I get the error:

root@DietPi:/# systemctl restart nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
root@DietPi:/#

Jan 06 15:17:04 DietPi systemd[1]: Starting A high performance web server and a reverse proxy server...
░░ Subject: A start job for unit nginx.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit nginx.service has begun execution.
░░
░░ The job identifier is 1124.
Jan 06 15:17:04 DietPi nginx[4569]: nginx: [emerg] location "/remote" is outside location "/nextcloud" in /etc/nginx/sites-dietpi/dietpi-nextcloud.conf:93
Jan 06 15:17:04 DietPi nginx[4569]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jan 06 15:17:04 DietPi systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStartPre= process belonging to unit nginx.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Jan 06 15:17:04 DietPi systemd[1]: nginx.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit nginx.service has entered the 'failed' state with result 'exit-code'.
Jan 06 15:17:04 DietPi systemd[1]: Failed to start A high performance web server and a reverse proxy server.
░░ Subject: A start job for unit nginx.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit nginx.service has finished with a failure.
░░
░░ The job identifier is 1124 and the job result is failed.
Jan 06 15:18:30 DietPi systemd[1]: Starting A high performance web server and a reverse proxy server...
░░ Subject: A start job for unit nginx.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit nginx.service has begun execution.
░░
░░ The job identifier is 1182.
Jan 06 15:18:30 DietPi nginx[4575]: nginx: [emerg] duplicate location "/" in /etc/nginx/sites-enabled/default:11
Jan 06 15:18:30 DietPi nginx[4575]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jan 06 15:18:30 DietPi systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStartPre= process belonging to unit nginx.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Jan 06 15:18:30 DietPi systemd[1]: nginx.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit nginx.service has entered the 'failed' state with result 'exit-code'.
Jan 06 15:18:30 DietPi systemd[1]: Failed to start A high performance web server and a reverse proxy server.
░░ Subject: A start job for unit nginx.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit nginx.service has finished with a failure.
░░
░░ The job identifier is 1182 and the job result is failed.
root@DietPi:/#