Android app can't connect to my instance on Kubernetes

📱 Desktop & mobile clients 🤖 Android
1

Hello,

I installed Nextcloud on my home k3s cluster.

I used bitnami/mariadb & stable/nextcloud Helm charts.

I can access through Firefox on my laptop & my Samsung S9, but can’t with the app (F-Droid & PlayStore versions).

The connect button won’t stop “Connecting…”

My ingress (kubernetes/ingress-nginx) look like this :

---
# Source: nextcloud/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: nextcloud
  labels:
    app.kubernetes.io/name: nextcloud
    helm.sh/chart: nextcloud-1.12.0
    app.kubernetes.io/instance: nextcloud
    app.kubernetes.io/managed-by: Helm
    app: nextcloud
    component: nextcloud-core
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod-cluster-issuer
    kubernetes.io/ingress.class: nginx-external
    nginx.ingress.kubernetes.io/proxy-body-size: 4G
    nginx.ingress.kubernetes.io/server-snippet: |-
      server_tokens off;
      proxy_hide_header X-Powered-By;
    
      rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
      rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
      rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
      location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
      }
      location = /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav;
      }
      location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
      }
      location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
      }
      location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
        deny all;
      }
spec:
  rules:
  - host: cloud.mydomain.tld
    http:
      paths:
      - backend:
          serviceName: nextcloud
          servicePort: 8080
  tls:
    - hosts:
      - cloud.mydomain.tld
      secretName: nextcloud-prod-tls
2

When trying to connect from the app

Nextcloud pod logs:

10.42.2.138 - - [29/Jul/2020:09:29:41 +0000] "GET /csrftoken HTTP/1.1" 200 805 "-" "Samsung SM-G960F (Android)"
10.42.2.138 - - [29/Jul/2020:09:29:43 +0000] "POST /login HTTP/1.1" 303 847 "-" "Samsung SM-G960F (Android)"
10.42.2.138 - - [29/Jul/2020:09:29:44 +0000] "GET /core/img/favicon.ico HTTP/1.1" 304 125 "-" "Samsung SM-G960F (Android)"

Ingress pod (nginx reverse proxy) logs:

10.42.1.0 - - [29/Jul/2020:09:29:43 +0000] "GET /csrftoken HTTP/2.0" 200 101 "-" "Samsung SM-G960F (Android)" 549 1.381 [nextcloud-nextcloud-8080] [] 10.42.2.174:80 101 1.384 200 bc4c2ba197f0893d9f1d98e5a9e55519
10.42.1.0 - - [29/Jul/2020:09:29:44 +0000] "POST /login HTTP/2.0" 303 0 "-" "Samsung SM-G960F (Android)" 564 0.332 [nextcloud-nextcloud-8080] [] 10.42.2.174:80 0 0.328 303 80dd218883804d1ec9e94a418eaf6336
10.42.1.0 - - [29/Jul/2020:09:29:44 +0000] "GET /core/img/favicon.ico HTTP/2.0" 304 0 "-" "Samsung SM-G960F (Android)" 120 0.003 [nextcloud-nextcloud-8080] [] 10.42.2.174:80 0 0.004 304 800c8f5e934a1d8f2d79817064d72e3a

Reverse uses 308 redirection to https and accepts TLS1.2 & TLS1.3.

3

I can connect using application token though, I may have miss something…

4

@DamienT Have you found something new about this ? I am facing the same issue.

5

I might sound like a moron asking this, but where/how do you terminate TLS? I helped my Dad with this exact issue like three weeks ago. I found nothing wrong, and ended up fixing it by changing the only part that differed between our setups, TLS termination. Once I started to terminate TLS in nextclouds webserver, it worked fine.

This was with apache reverse proxy, and apache for nextcloud, running in FreeBSD jails

Absolutely no idea why however.

6

Sorry for the delay.

I found some people had to configure 'overwriteprotocol' => 'https', inside config/config.php file when reverse proxy are used.
As I use ingress to proxy my connections, I tried this parameter and it fixed the issue.