Android App can't connect to Nextcloud Server 19.05

ravb · November 23, 2020, 11:53am

Nextcloud version: 19.05
Operating system and version: Ubuntu Server 20.04 LTS
Apache or nginx version: nginx/1.18.0 (Ubuntu)
PHP version: PHP 7.4.3

App version: 3.14.0

The issue you are facing:
The android app hangs up when I enter my address and at some point will output “server took to long to answer”

The app never seems to reach the server, as there is no entry produced in the access.log

This behavior is new, as I could previously connect to my server without any issues from the app.
The Linux, Windows, and Web-Clients work without issue.

I’m running Nextcloud through a nginx reverse proxy:

server {
    listen 80;
    listen [::]:80;
    return 301 https://$host$request_uri;
}

upstream php-handler {
    server unix:/var/run/php/php7.4-fpm.sock;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name ****;

    root /var/www/nextcloud;
    ssl_certificate /etc/letsencrypt/live/****/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/****/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;" always;
    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    # set max upload size
    client_max_body_size 16G;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;


    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }

    location = /.well-known/caldav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }

    location / {
        rewrite ^ /index.php;
    }

    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
        deny all;
    }

    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;
        # Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        # Enable pretty urls
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
        try_files $uri/ =404;
        index index.php;
    }

    # Adding the cache control header for js, css and map files
    # Make sure it is BELOW the PHP block
    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;" always;
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;

        # Optional: Don't log access to assets
        access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
        try_files $uri /index.php$request_uri;
        # Optional: Don't log access to other assets
        access_log off;
    }

}

config.php

<?php
$CONFIG = array (
  'instanceid' => '',
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' =>
  array (
    0 => '',
  ),
  'datadirectory' => '/var/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '19.0.5.2',
  'overwrite.cli.url' => '',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'dbuser' => '',
  'dbpassword' => '',
  'installed' => true,
  'mail_from_address' => '',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => '',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => '',
  'mail_smtpport' => '',
  'mail_smtpsecure' => 'tls',
  'mail_smtpname' => '',
  'mail_smtppassword' => '',
  'maintenance' => false,
  'updater.secret' => '',
  'theme' => '',
  'loglevel' => 2,
);

The output of your Apache/nginx/system log in /var/log/____:
Does not produce any relevant entry.

kwurzel · November 24, 2020, 8:50pm

I’m having the same issues running 19.0.5 in a Docker container behind an SSL proxy. I completely reinstalled the app and was able to login again with a few tries, but after a few second, the app showed “Server not available” again.

I’ve updated from 17.0.5 via latest 18 to 19.0.5 and then realized the issue.

I’ve noticed that you haven’t added any overwrite_* options in your config.php. I’ve had to set overwrite.cli.url, overwritehost and overwriteprotocol, and it seems like the latest version also require setting trusted_proxies for reverse proxies. It didn’t help for me, but maybe it does for you?

kwurzel · November 24, 2020, 9:27pm

I’ve also just found https://github.com/nextcloud/android/issues/7444. This sounds like the issue is actually the Android app version 3.14. Maybe try installing an older version from Github and check if that helps. 3.13.x seems to work still.

ravb · November 26, 2020, 2:04pm

So, I am in a different town right now, and the same app (3.14.0) works without any changes to my server configuration right now in both LAN and 4G. So I can not check if the suggested changes would actually affect the outcome.

The issue most definitely seems to be related to the 3.14 app, I’ve posted about it in this issue, which seems to be the same / related issue as 7444.

I will update this post when I am able to test if the changes / downgrading the app affect the outcome. But as the issue seems to be related to the network (probably IPv6 as 7444 suggests) from which I connect, this has to wait until I am back home.