I am making this post mostly for awareness in case anyone else is having a similar issue.
Story
I am running nextcloudpi (nextcloudpi.ownyourbits.com) on a Raspberry Pi 4 8GB using the Debian Buster install script. Note: the OS is Raspberry Pi OS Bullseye 64bit. The install would succeed and tell me to navigate to https://<rpi_ip>/
or https://raspberrypi/
etc. As soon as I did that it would immediately return with a 403 Forbidden. I looked all over and everyone kept pointing to the "trusted_domains" config or the "trusted_proxy", basically trying to use the config file to fix the problem. However, I came to realize that the issue did not lie with the nextcloudpi (ncp) install but rather with apache2.
Well, I reinstalled Raspberry Pi OS and then installed nextcloudpi again fresh. Then, before navigating to https://<rpi_ip>/
I instead went to go check out the activation script located at /etc/apache2/sites-enabled/ncp-activation.conf
There is where I found this code block:
<RequireAny>
Require host localhost
Require local
Require ip 192.168
Require ip 172
Require ip 10
...
</RequireAny>
I now could see that my issue lied with this because my ip address pool did not start with 192.169
, or 172
, or 10
. I had made my ip addresses custom for this virtual network and therefore the activation script would never work. All I had to do was add:
<RequireAny>
Require host localhost
Require local
Require ip 192.168
Require ip 172
Require ip 10
Require ip 123
...
</RequireAny>
After that, the activation worked and I was able to get the initial passwords for the account and continue the initial setup.
tl;dr
Problem
- Initial load after installing NextCloudPi resulted in 403 because the IP address of the nextcloudpi install was custom and did not start with
192.168
, 172
, or 10
.
Solution
- After installation completes, open
/etc/apache2/sites-enabled/ncp-activation.conf
and add the first octet of the custom IP address, or you can tighten the scope by adding the second and third octets too.
I.e ->
<RequireAny>
Require host localhost
Require local
Require ip 192.168
Require ip 172
Require ip 10
# Add this line but change 123 to your custom ip pool's first octet
Require ip 123
# Or this to tighten scope of the ip range
Require ip 111.222.333
...
</RequireAny>