NextCloud Version 18.0.1
OnlyOffice Version 4.1.4
Passwords Version 2020.2.1
pfSense Version 2.4.4-Release p3
HAProxy Version 0.59_21
NextCloud is hosted on an Ubuntu 18.04 VM with PHP 7.3.14-1
External traffic is routed to the VM using HAProxy and on the shared front end I have the following pass throughs set:
#Remove headers attempt with rspidel
add some security related headers
http-response set-header Strict-Transport-Security max-age=31535400;\ includeSubDomains;\ preload;
http-response set-header X-Content-Type-Options nosniff
http-response set-header X-XSS-Protection 1;\ mode=block
#http-response set-header Referrer-Policy no-referrer
http-response set-header Referrer-Policy same-origin
http-response set-header Content-Security-Policy “frame-ancestors https://*.domain.co.uk https://domain.co.uk”
http-response set-header X-Frame-Options SAMEORIGIN
Traffic is always routed via port 443 and has valid certificates for the domain and subdomain.
When a client is trying to access NextCloud and the Passwords or OnlyOffice app when they are behind a proxy (e.g. my work’s network) I receive 500 internal server errors from both apps.
When the client is on a network that isn’t using a proxy everything works as expected.
I have checked all of the logs I can find and there is nothing being logged as to the error.
In the console of the browser for Passwords I see “Error: Content type mismatch: Expected application/json, got text/html; charset=UTF-8”.
In the network tab the requests “open” and “find” return the 500 Internal Server Errors. These are shown as “fetch” types.