I’m facing an issue where accessing the login page - or being redirected to it because of accessing a resource that requires login - results in a 403 Forbidden error. Accessing subdomain.example.com/login works just fine, but subdomain.example.com/login?redirect_url=/f/1031463 does not (trying to share a document with an internal link as the doc should require a login).
The current workaround is to log in beforehand, then open the share-URL. However, this is not very user friendly, especially on mobile devices where URL by default open in an embedded browser where you’d not be logged in.
My environment:
- Nextcloud
24.0.10 - unRAID
6.11.5with Docker20.10.21 - Nginx Proxy Manager
2.9.22 - PHP
8.1.18
NPM config:
location ^~ /.well-known {
location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; }
location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; }
location ^~ /.well-known { return 301 $scheme://$host/index.php$uri; }
try_files $uri $uri/ =404;
}
fastcgi_read_timeout 3600s;
proxy_connect_timeout 3600s;
proxy_read_timeout 3600s;
proxy_request_buffering off;
client_max_body_size 0;
The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'datadirectory' => '/data',
'instanceid' => 'xxxxxx',
'passwordsalt' => 'xxxxxx',
'secret' => 'xxxxxx',
'default_language' => 'de',
'default_locale' => 'de_DE',
'default_phone_region' => 'DE',
'installed' => true,
'version' => '24.0.10.1',
'maintenance' => false,
'auth.bruteforce.protection.enabled' => false,
'dbtype' => 'mysql',
'dbhost' => 'xxxxxx',
'dbport' => '3306',
'dbname' => 'xxxxxx',
'dbuser' => 'nextcloud',
'dbpassword' => 'xxxxxx',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'overwrite.cli.url' => 'xxxxxx',
'trusted_domains' =>
array (
0 => 'domain1',
1 => 'domain2',
2 => '[ipv6_of_homeserver]',
3 => 'ipv4_of_homeserver',
),
'trusted_proxies' =>
array (
0 => '127.0.0.1',
1 => 'ipv4_of_homeserver',
2 => '[ipv6_of_homeserver]',
),
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'filelocking.enabled' => 'true',
'redis' =>
array (
'host' => 'xxxxxx',
'port' => '6379',
'password' => 'xxxxxx',
),
'defaultapp' => 'files',
'versions_retention_obligation' => 'auto, 365',
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'ssl',
'mail_sendmailmode' => 'smtp',
'mail_from_address' => 'xxxxxx',
'mail_domain' => 'xxxxxx',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpauth' => 1,
'mail_smtphost' => 'xxxxxx',
'mail_smtpport' => '465',
'mail_smtpname' => 'xxxxxx',
'mail_smtppassword' => 'xxxxxx',
'onlyoffice' =>
array (
'verify_peer_off' => true,
),
'preview_max_memory' => '512',
'preview_max_scale_factor' => '1',
'preview_max_filesize_image' => '100',
'preview_max_x' => '4096',
'preview_max_y' => '4096',
'jpeg_quality' => '65',
'enable_previews' => true,,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\Movie',
1 => 'OC\\Preview\\PNG',
2 => 'OC\\Preview\\JPEG',
3 => 'OC\\Preview\\GIF',
4 => 'OC\\Preview\\BMP',
5 => 'OC\\Preview\\XBitmap',
6 => 'OC\\Preview\\MP3',
7 => 'OC\\Preview\\MP4',
8 => 'OC\\Preview\\TXT',
9 => 'OC\\Preview\\MarkDown',
10 => 'OC\\Preview\\PDF',
11 => 'OC\\Preview\\MKV',
12 => 'OC\\Preview\\HEIF',
13 => 'OC\\Preview\\AVIF',
14 => 'OC\\Preview\\HEIC',
15 => 'OC\\Preview\\AVI',
16 => 'OC\\Preview\\WEBP',
),
'app_install_overwrite' =>
array (
0 => 'talk_simple_poll',
),
'loglevel' => 2,
);