I precise i’m using a docker container from [https://hub.docker.com/r/linuxserver/nextcloud] and I also update image for both instances in the same time, I check on that part if there is a problem…
Niiiiiiiice ! It’s work for me ! It was a problem of trusted_domains…
And one less problem!
Thanks
1 Like
Got the same error after upgrading to Hub29. I am using nextcloud docker with an nginx as reverse proxy (which is on a different host). I don’t have the trusted_proxy config setting at all. My config.php is set as follows:
'trusted_domains' =>
array (
0 => 'my.domain.com',
),
'overwrite.cli.url' => 'https://my.domain.com',
'overwriteprotocol' => 'https',
If I remove trusted_domain, nextcloud doesn’t work. If I remove overwrite.cli.url and overwriteprotocol nextcloud still works but shows a lot of other errors. Really struggling how to fix this while also being worried that data is exposed.
Found this Frequent Nextcloud 29 (Hub 8) update issues - but it doesn’t really help.
There are some Website Security Scanners Out there. Checking your Website for vulnerabilit.
Google for Website SSL Check and Look out for some serious scanner
Same issue here. I’m using the recommended swag nginx config instructions:
## Version 2024/04/25
# make sure that your nextcloud container is named nextcloud
# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
# 'trusted_proxies' => [gethostbyname('swag')],
# 'overwrite.cli.url' => 'https://nextcloud.example.com/',
# 'overwritehost' => 'nextcloud.example.com',
# 'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
# array (
# 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
# 1 => 'nextcloud.example.com',
# ),```
1 Like
The solution for me was to remove the entry 'localhost' from 'trusted_domains' in config.php.
2 Likes
Not solving my issue on my part!
Thanks anyway 
Guys, my solution.
Configure properly your reverse proxy settings in config.php
for example, I am using Cloudflare as a main reverse proxy
thus I have to describe all possible IP addresses that can send the request to my Nextloud server.
'trusted_proxies' => ['173.245.48.0/20', '103.21.244.0/22', '103.22.200.0/22', .....]
When ‘trusted_proxies’ are presented must include also in the config.php the parameter
'forwarded_for_headers' => ['HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR'],
Therefore all the above will not only fix the error but also protect your Nextcloud from various attacks.
Good luck all of you 
2 Likes
Don’t remove it. You should have at least one entry in there: the domain you use to access Nextcloud.
Since you’re using Docker, please go into the container and determine whether my.domain.com resolves to the same IP address as it does from outside of your container.
I can’t remove ‘trusted_domain’ anyway, because otherwise nextcloud won’t work at all. However, whatever IP I put in ‘trusted_proxies’ I still get the error.
Thank you!
I solved it too by leaving the domain address in trusted_domains but removing the local IP.
But now how do I connect to nextcloud with my local IP? lol
2 Likes
same for me, just removed local ip from trusted. use him from domain name
In my case, it was a typo in overwrite.cli.url.
I had mistakenly put the host name of the NAS that the docker image is running on.
Changing it to be the same as the one listed in trusted_domains as resolved the issue for me.
1 Like
This help me resolve this problem.
Only thing to change was to add port in trusted domains
1 => '192.168.0.100:6443',
1 Like
Nextcloud version (eg, 29.0.5): 29.0.1
Operating system and version (eg, Ubuntu 29.04): Rocky Linux 9.4
Apache or nginx version (eg, Apache 2.4.25): 2.4.57
PHP version (eg, 8.3): 8.3.7
The issue you are facing:
I’m getting a warning message within my settings:
- Your data directory and files are probably accessible from the internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root.
So I tried to find some solutions but nothing from what I found solved the issue.
I even moved out my data folder now from the public_html folder, so it’s not even visible from the net anymore, but still seeing that error.
Also trusted domains and overwrite cli are correct in my eyes
'trusted_domains' =>
array (
0 => 'my.domain',
),
'overwrite.cli.url' => 'https://my.domain',
Someone wrote to use *.my.domain under trusted domains and here I than just get an error that I’m accessing from an untrusted domain
In my http config I checked also the overwrite:
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
Is this the first time you’ve seen this error? (Y/N): Y
The output of your Nextcloud log in Admin > Logging:
empty
The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'instanceid' => '',
'passwordsalt' => '/QokUhQNO',
'secret' => '',
'trusted_domains' =>
array (
0 => 'my.domain',
),
'datadirectory' => '/my_data_folder',
'dbtype' => 'mysql',
'version' => '29.0.1.1',
'dbname' => '',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'overwrite.cli.url' => 'https://my.domain',
'mysql.utf8mb4' => true,
'dbuser' => '',
'dbpassword' => '',
'installed' => true,
'memcache.local' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'localhost',
'port' => 1234,
),
'maintenance' => false,
'theme' => '',
'loglevel' => 2,
'updater.release.channel' => 'stable',
'app_install_overwrite' =>
array (
0 => 'unsplash',
1 => 'occweb',
2 => 'apporder',
3 => 'files_readmemd',
),
'default_phone_region' => 'LU',
'default_locale' => 'de_DE',
'remember_login_cookie_lifetime' => 172800,
'session_lifetime' => 86400,
'mail_smtpmode' => 'sendmail',
'mail_sendmailmode' => 'smtp',
'mail_from_address' => 'service',
'mail_domain' => 'domain.xyz',
'defaultapp' => 'apporder',
'simpleSignUpLink.shown' => false,
'twofactor_enforced' =>
array (
'false' => '',
),
'maintenance_window_start' => 1,
);
I’m now a bit lost as I don’t know what to do as next test - As I wrote even when moving out my data folder I’m still getting this message
The data folder has 770 as chmod and it is owned by the domain owner
The folders for the different users are drwxr-xr-x
Thanks for any idea and help
Hi @ISeeTWizard
You should have used the search function of the forum.
Read this please, maybe it explains your issue:
Much and good luck,
ernolf
1 Like
Hi
like mentioned I searched for it and I found several entries and tried all of them
[root@web ~]# httpd -M
Loaded Modules:
*
*
env_module (shared)
*
*
So I also checked that this module is loaded, which it is as you see on the return I got
1 Like
Upgraded to 29.0.2 and still same issue
I still don’t see how my data folder could be accessible from the net when it doesn’t even exist anymore in the public folder but somewhere else on the server
I am glad to see that I am not the only one facing this problem - I have tried all above suggestions but none of the worked for me.
1 Like
I can’t solve this either; I’ve removed all IP entries from my trusted domains section, and upgrading to 29.0.2 and I get the warning. My data directory is not in my www/nextcloud directory, but I’m still concerned due to the warning so I can’t upgrade my prod system until I have this solved 
1 Like