Score:0

403 Forbidden on initial load after installing NextCloudPi

cn flag

I am making this post mostly for awareness in case anyone else is having a similar issue.

Story

I am running nextcloudpi (nextcloudpi.ownyourbits.com) on a Raspberry Pi 4 8GB using the Debian Buster install script. Note: the OS is Raspberry Pi OS Bullseye 64bit. The install would succeed and tell me to navigate to https://<rpi_ip>/ or https://raspberrypi/ etc. As soon as I did that it would immediately return with a 403 Forbidden. I looked all over and everyone kept pointing to the "trusted_domains" config or the "trusted_proxy", basically trying to use the config file to fix the problem. However, I came to realize that the issue did not lie with the nextcloudpi (ncp) install but rather with apache2.

Well, I reinstalled Raspberry Pi OS and then installed nextcloudpi again fresh. Then, before navigating to https://<rpi_ip>/ I instead went to go check out the activation script located at /etc/apache2/sites-enabled/ncp-activation.conf There is where I found this code block:

<RequireAny>
  Require host localhost
  Require local
  Require ip 192.168
  Require ip 172
  Require ip 10
  ...
</RequireAny>

I now could see that my issue lied with this because my ip address pool did not start with 192.169, or 172, or 10. I had made my ip addresses custom for this virtual network and therefore the activation script would never work. All I had to do was add:

<RequireAny>
  Require host localhost
  Require local
  Require ip 192.168
  Require ip 172
  Require ip 10
  Require ip 123
  ...
</RequireAny>

After that, the activation worked and I was able to get the initial passwords for the account and continue the initial setup.

tl;dr

Problem

  • Initial load after installing NextCloudPi resulted in 403 because the IP address of the nextcloudpi install was custom and did not start with 192.168, 172, or 10.

Solution

  • After installation completes, open /etc/apache2/sites-enabled/ncp-activation.conf and add the first octet of the custom IP address, or you can tighten the scope by adding the second and third octets too.

I.e ->

<RequireAny>
  Require host localhost
  Require local
  Require ip 192.168
  Require ip 172
  Require ip 10
  # Add this line but change 123 to your custom ip pool's first octet
  Require ip 123
  # Or this to tighten scope of the ip range
  Require ip 111.222.333
  ...
</RequireAny>
Score:0
cn flag

Answer is in the original post but I am posting it again here

Problem

  • Initial load after installing NextCloudPi resulted in 403 because the IP address of the nextcloudpi install was custom and did not start with 192.168, 172, or 10.

Solution

  • After installation completes, open /etc/apache2/sites-enabled/ncp-activation.conf and add the first octet of the custom IP address, or you can tighten the scope by adding the second and third octets too.

I.e ->

<RequireAny>
  Require host localhost
  Require local
  Require ip 192.168
  Require ip 172
  Require ip 10
  # Add this line but change 123 to your custom ip pool's first octet
  Require ip 123
  # Or this to tighten scope of the ip range
  Require ip 111.222.333
  ...
</RequireAny>
Rainb avatar
cn flag
This is the best, I was struggling with this, even chatGPT had no clue, lmao. You need to mention, apache must be restarted in order for this to work, or in other words, you can also kill and remove the container, and then restart it from the image.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.