Access Through Untrusted Domain when i try to use my systems IP but it works fine for my public domain

Hello,

I’ve gone through tons of topics similar to this but unfortunately I haven’t had any luck.

I’m running into an issue when I try to access nextcloud through my server ip address. My servers IP and port are listed in the config.php file under trusted domains but when I try to access the IP in the URL I get the classic “access through untrusted domain” message. I have my public domain listed in the trust domains as well and it works perfectly fine through there but I would still like to be able to access nextcloud via my IP so that my sessions aren’t throttled by my domain which I tunnel through cloudflare.

If I remove the port number from the ip address under “trusted domains” , when I try to launch nextcloud through truenas it just loops me back to my truenas login.

Could it be an issue with something inside of the config.php file? ie localhost, ports or overwriteprotocol ‘https’?

I’ve been struggling with this issue for a while and would appreciate any insight/troubleshooting anyone might have to offer.

Thank you for your time!

Yes. But you’ll need to actually fill out the support template for us to provide any guidance.

but I would still like to be able to access nextcloud via my IP so that my sessions aren’t throttled by my domain which I tunnel through cloudflare.

You want to consider split DNS for this.

Thank you for a quick response, below is the best information I can provide. Really appreciate someone having a look at this!!

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can.

The Basics

• Nextcloud Server version : Nextcloud Hub 10 31.0.9

• Operating system and version: Linux 6.6.44-production+truenas x86_64

• Web server and version (e.g, Apache 2.4.25):

• Reverse proxy and version _(e.g. nginx 1.27.2):

• PHP version (e.g, 8.3):

• Is this the first time you’ve seen this error? (Yes / No): Yes

• When did this problem seem to first start? 1 month ago

• Installation method (e.g. AIO, NCP, Bare Metal/Archive, etc.)

• Are you using Cloudflare, mod_security, or similar? I am using cloudflare

Summary of the issue you are facing:

Untrusted Domain message even though my domain is trusted in the config.php file

Steps to replicate it (hint: details matter!):

1. I’ve tried added “https://” to my trust domains but that doesnt fix it.

2. I’ve tried removing the port at the end of the trusted domain (30028) but then when i try to launch nextcloud from Truenas it loops me back to the truenas login page

3. Not sure if this has anything to do with the “untrusted domain” message but with these current settings in the config.php file, when I try to access the webui through Truenas, it automatically adds https:// in front of 192.168.1.82:30028/ and when I try to remove the https:// in the URL the https:// continues to auto populate in front of my IP.

4. The information/questions in ‘The Basics” above that is bolded are things that I dont know how to get the information for. Please let me know if you require it and how to obtain it. Thanks!

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

No relevant logs

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

No relevant logs

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/____:

No relevant logs

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'redis',
    'password' => 'REMOVED',
    'port' => 6379,
  ),
  'overwriteprotocol' => 'https',
  'trusted_proxies' => 
  array (
    0 => '127.0.0.1',
    1 => '192.168.0.0/16',
    2 => '172.16.0.0/12',
    3 => '10.0.0.0/8',
  ),
  'upgrade.disable-web' => true,
  'passwordsalt' => 'REMOVED',
  'secret' => 'REMOVED',
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'pgsql',
  'version' => '31.0.8.1',
  'overwrite.cli.url' => 'https://localhost',
  'dbname' => 'nextcloud',
  'dbhost' => 'postgres:5432',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_REMOVED',
  'dbpassword' => 'REMOVED',
  'installed' => true,
  'instanceid' => 'REMOVED',
  'trusted_domains' => 
  array (
    0 => '100.118.99.106:30028',
    1 => '127.0.0.1',
    2 => '192.168.1.82:30028',
    3 => 'localhost',
    4 => 'nextcloud',
    5 => 'mydomain.mydomain.mydomain',
 
#### Apps
The output of `occ app:list` (if possible).
* activity: 4.0.0
  * app_api: 5.0.2
  * bruteforcesettings: 4.0.0
  * circles: 31.0.0
  * cloud_federation_api: 1.14.0
  * comments: 1.21.0
  * contactsinteraction: 1.12.0
  * dashboard: 7.11.0
  * dav: 1.33.0
  * federatedfilesharing: 1.21.0
  * federation: 1.21.0
  * files: 2.3.1
  * files_downloadlimit: 4.0.0
  * files_pdfviewer: 4.0.0
  * files_reminders: 1.4.0
  * files_sharing: 1.23.1
  * files_trashbin: 1.21.0
  * files_versions: 1.24.0
  * firstrunwizard: 4.0.0
  * logreader: 4.0.0
  * lookup_server_connector: 1.19.0
  * nextcloud_announcements: 3.0.0
  * notifications: 4.0.0
  * oauth2: 1.19.1
  * password_policy: 3.0.0
  * photos: 4.0.0
  * privacy: 3.0.0
  * profile: 1.0.0
  * provisioning_api: 1.21.0
  * recommendations: 4.0.0
  * related_resources: 2.0.0
  * serverinfo: 3.0.0
  * settings: 1.14.0
  * sharebymail: 1.21.0
  * support: 3.0.0
  * survey_client: 3.0.0
  * systemtags: 1.21.1
  * text: 5.0.0
  * theming: 2.6.1
  * twofactor_backupcodes: 1.20.0
  * updatenotification: 1.21.0
  * user_status: 1.11.0
  * viewer: 4.0.0
  * weather_status: 1.11.0
  * webhook_listeners: 1.2.0
  * workflowengine: 2.13.0
    Disabled:
  * admin_audit: 1.21.0
  * encryption: 2.19.0
  * files_external: 1.23.0
  * suspicious_login: 9.0.1
  * twofactor_nextcloud_notification: 5.0.0
  * twofactor_totp: 13.0.0-dev.0
  * user_ldap: 1.22.0
### Tips for increasing the likelihood of a response
* Use the `preformatted text` formatting option in the editor for all log entries and configuration output.
* If screenshots are useful, feel free to include them.
  * If possible, also include key error output in text form so it can be searched for.
* Try to edit log output only minimally (if at all) so that it can be ran through analyzers / formatters by those trying to help you.

See

The entries unter Trusted_domains partially are wrong.

Could you please be more specific about what exactly you think is partially wrong with my trusted domains? After looking through the link you posted I’m still not certain where I went wrong. Thanks

Remove the portnumbers

My nextcloud instance is mounted on truenas with a local network ip of 192.168.1.82:30028

If I remove the port then I try to access that ip it takes me to the truenas login page. So unfortunately I don’t think getting rid of the ports will change anything

The port number in trusted_domains nothing has to do with adressing the server.

The port number must be entered in the browser to call it.

The webserver must be able to accept calls using port 30028 and ???(SSL). In the router the port forwarding of port 80 and 443 must be forwarded to 30028 and ???(SSL) of Nextcloud instance.

Ok interesting I’ll have a closer look and report back to you. thank you!

Also make sure to use occ config:list system to view your real config. This is important because your real config is likely merged from a combination of other other config files + environment variables (since you’re using a container in particular).

P.S. You can use the --private to see uncensored private values if desired too.

Thank you. I was able to use this command and it shows the exact same information that i’ve been editing in my config.php file. So nothing is different

image914×325 14.5 KB

This is what I had in there already. Is this correct?

If these are incoming connections, they are correct.

Just a thought…. It seems like you are trying to do this for faster lan transfers on Nextcloud?

Could you just use samba shares to the Nextcloud folders on lan? Then when you are out and about access it through your cloudflare proxy? If you want more security you could also use FileZilla over sftp. This isn’t an actual fix for what you are trying to do. Just an alternative suggestion

Hi Dude!

Thanks for the suggestion as it sounds exactly what Id like my end goal to be. I’m a newbie and will have to look into this more and figure out how to do it. A majority of my large files will be uploaded from my main PC which is at the same location as my NAS so setting up SMB shares might be the way to go.

Thanks again for your suggestion!