Access problem because "untrusted domain" but it is in the config

ℹ️ Support
, ,
1

Hello,

I have just installet Nextcloud and I have some problem with this " Access through untrusted domain" error. Maybe someone of you can help me with this.

My infra:

  • I have a VM with a nginx that works as reverse proxy. It has the certbot and is where I store the certificates, the internal traffic uses the port 80. [10.0.11.10]
  • I have a VM with all the databases (MariaDB included) [10.0.12.10]
  • And I have a VM with the Nextcloud + Nginx + PHP8.2-FPM [10.0.14.11]

I was able to run the installation setup and it has created everything in the database, so it works fine.

The problem starts now, when I try to access to https://nexcloud.mydomain.com. Appears the following error:

Access through untrusted domain

Please contact your administrator. If you are an administrator, edit the “trusted_domains” setting in config/config.php like the example in config.sample.php.

Further information how to configure this can be found in the [documentation]

I saw everywhere that we need to edit the /config/config.php file and we done that with the following configuration:


<?php
$CONFIG = array (
  'instanceid' => '******************',
  'passwordsalt' => '*****************',
  'secret' => '********************',
  'trusted_domains' =>
  array (
    0 => 'nextcloud.mydomain.com',
    1 => 'https://nextcloud.mydomain.com',
    2 => 'http://nextcloud.mydomain.com',
    3 => '10.0.11.10', <-- This is the reverse proxy IP
    4 => '10.0.12.10', <-- This is the mysql IP
    5 => '10.0.0.1', <-- This is my FW IP
    6 => '10.0.11.1', <-- This is the reverse proxy gateway
    7 => '10.0.12.1' <-- This is the mysql gateway
    8 => '127.0.0.1' <-- Localhost
    9 => '10.0.14.1' <-- This is the nextcloud VM gateway
  ),
  'trusted_proxies'   => ['10.0.11.10'],
  'datadirectory' => '/media/NEXTCLOUD/',
  'dbtype' => 'mysql',
  'version' => '27.0.2.1',
  'overwrite.cli.url' => 'https://nextcloud.mydomain.com',
  'dbname' => '**************',
  'dbhost' => '10.0.12.10',
  'dbport' => '3306',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => '*************',
  'dbpassword' => '********************',
  'installed' => true,
);

As you can see I have added the domain name, the Proxy IP, the localhost IP and the mysql IP (I know it is not necessary, but I am frustrated)

Can someone help me with this?

Best regards,

2

In general, your config looks fine. But there are some commas missing on some of those entries (7/8/9)

  • Did you try restarting FPM? Depending on your PHP configuration and opcache settings, your config.php may not be read immediately (or, in some cases, ever)
  • Can you run ./occ config:list system instead of pasting your actual config.php? It will show how the configuration is actually parsed by PHP. (It’ll also automatically redact most sensitive values for you so you don’t have to do it manually).

Based on the information provided, for your trusted_domains the following is all that should be necessary:

  'trusted_domains' =>
  array (
    0 => 'nextcloud.mydomain.com',
  ),

And your trusted_proxies value seems good. Is your NGINX reverse proxy maybe not set to provide the X-Forwarded-Host header?

3

Hello @Javier_Aragones,
usually you don’t need that many IP addresses in your config file. With us it’s just the domain, but WITHOUT “https”, “http” or “www” at the beginning. You’ve also written quite a lot of IP addresses here, but it might make sense to write in the IP address of the device as well. It would then look something like this (192.XXX.XXX.XX(X). In the end there are either two or three digits. Here you can also open the Nextcloud locally. Try that anyway - if it doesn’t work, you can just write again!
Best regards,
schBenedikt.

4

Hello jtr!

Thanks for your help.
I have changed the trusted domain as you mentioned but the problem persist.
Also I have restarted the php (php8.2-fpm) and nothing…

Here you have the occ result:

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "nextcloud.mydomain.com"
        ],
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "27.0.2.1",
        "overwrite.cli.url": "https:\/\/nc.simpleacc.net",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "3306",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true
    }
}

The trusted_proxie value still the same, 10.0.11.10 (the reverse proxy)
About the reverse proxy nginx config, here you can find it:

server {
        server_name nextcloud.mydomain.com;
        #listen 80;
        index index.php index.html index.htm index.nginx-debian.html;


        location /{
                proxy_set_header  Host $host;
                proxy_set_header  X-Real-IP $remote_addr;
                proxy_set_header  X-Forwarded-Proto https;
                proxy_set_header  X-Forwarded-Host $remote_addr;
                proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://10.0.14.11;
                proxy_buffers 16 4k;
                proxy_buffer_size 2k;
        }

        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/nextcloud.mydomain.com/fullchain.pem; # managed by Cer>
        ssl_certificate_key /etc/letsencrypt/live/nextcloud.mydomain.com/privkey.pem; # managed by C>
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
        if ($host = nextcloud.mydomain.com) {
                return 301 https://$host$request_uri;
        } # managed by Certbot

#listen 80;

server_name nextcloud.mydomain.com;
return 404; # managed by Certbot

}

Again, thanks for your help!

5

Hello SchBenedikt,

Thanks for your help!
Correct me if I’m wrong. Your recomendation is add the 10.0.. as trusted_domain?

Regards!

6

If that’s your local IP address, then I mean that. You can find out the local IP address by typing
hostname -I
in the terminal. Then there are a few sequences of numbers. You should then set the first one as a trusted domain. Then you can try to open the IP address in the browser.
This is where the installation process should be.
Best regards and good luck,
schBenedikt.

7

Hello SchBenedikt

I have tested but it does not work. (404 not found).
I think it is related with the Nextcloud nginx, I have specified the server name there, so in theory it will only work with the dns…

8

Yes, that can also be. But maybe only the Nextcloud folder is somewhere else? So that you would have to change the document root.
Have you already tried IP-ADDRESS/nextcloud

9

Add 10.0.14.11 to trusted_domains like so:

'trusted_domains' =>
  array (
    0 => 'nextcloud.mydomain.com',
    1 => '10.0.14.11`,
  ),

What URL did you use to install originally?

(you can redact it/modify it for privacy, but basically give me an idea of what you used).

And your Nextcloud VM’s NGINX is basically this?

https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx

10

Hello jtr,

I have updated the config file but it is still failing… About the installation I have used the external URL (nextcloud.mydomain.com) and the NGINX file is different… because the SSL is not there, I am using the reverse proxy for this.

11

Do this in the config.php

'overwrite.cli.url' => 'https://nextcloud.mydomain.com',