App or client connection issue

Nextcloud version : 29.0.03
Operating system and version: OpenMediaVault-7.2.1-1 /
Traefik Version: v3.0
Docker Version: 5:26.1.4

The issue you are facing:
Unable to connect from android app, or Win Desktop Client, recive error stating “Access Forbidden” and “App Not Enabled”

Is this the first time you’ve seen this error? : N

Steps to replicate it:

1. Start Docker compose with the following compose file.

---

networks:
frontend:
external: true
name: FrontEnd
backend:
external: true
name: backend
traefik-proxy:
external: true

volumes:
db:
driver: local
driver_opts:
o: bind
type: none
device: /srv/dev-disk-by-uuid-d1ebcbe5-f573-4a7f-becf-a91b7e43be08/cloud/_data/db

data:
driver: local
driver_opts:
o: bind
type: none
device: /srv/dev-disk-by-uuid-d1ebcbe5-f573-4a7f-becf-a91b7e43be08/cloud/_data/data

main:
driver: local
driver_opts:
o: bind
type: none
device: /srv/dev-disk-by-uuid-d1ebcbe5-f573-4a7f-becf-a91b7e43be08/cloud/_data/main

apps:
driver: local
driver_opts:
o: bind
type: none
device: /srv/dev-disk-by-uuid-d1ebcbe5-f573-4a7f-becf-a91b7e43be08/cloud/_data/main

config:
driver: local
driver_opts:
o: bind
type: none
device: /srv/dev-disk-by-uuid-d1ebcbe5-f573-4a7f-becf-a91b7e43be08/cloud/_data/config

theme:
driver: local
driver_opts:
o: bind
type: none
device: /srv/dev-disk-by-uuid-d1ebcbe5-f573-4a7f-becf-a91b7e43be08/cloud/_data/theme

services:

nextcloud:
image: nextcloud:29.0.3 #:fpm requires access through proxy
container_name: 201_NextCloud
hostname: drive.[mydomain].club
restart: unless-stopped
ports:
- 4480:80
links:
- nextcloud-db
# - nextcloud-collabora
volumes:
- main:/var/www/html
- apps:/var/www/html/custom_apps
- config:/var/www/html/config
- data:/var/www/html/data
- theme:/var/www/html/themes/Penguin
environment:
- MYSQL_PASSWORD=[dbPassword]
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=201_NextCloud-DB
#enable the following 3 if you plan to enable remote desktop apps
- OVERWRITECLIURL=https://drive.[mydomain].club
- OVERWRITEPROTOCOL=https
- OVERWRITEHOST=drive.[mydomain].club
- NEXTCLOUD_TRUSTED_DOMAINS=drive.[mydomain].club
networks:
- traefik-proxy
- frontend
- backend
labels:
- “traefik.enable=true”
- “traefik.docker.network=traefik-proxy”

 - "traefik.http.routers.drive-rtr.rule=Host(`drive.[mydomain].club`)"
 - "traefik.http.routers.drive-rtr.entrypoints=https"
 - "traefik.http.routers.drive-rtr.tls=true"
 - "traefik.http.routers.drive-rtr.service=drive-svc"
 - "traefik.http.services.drive-svc.loadbalancer.server.port=80"  

#Day to day stuff: Traefik v2 enable HSTS, Docker and nextcloud
- “traefik.http.middlewares.nextcloudredir.redirectregex.permanent=true”
- “traefik.http.middlewares.nextcloudredir.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav”
- “traefik.http.middlewares.nextcloudredir.redirectregex.replacement=https://$$1/remote.php/dav/”
- “traefik.http.middlewares.nextcloudsts.headers.stsincludesubdomains=false”
- “traefik.http.middlewares.nextcloudsts.headers.stspreload=true”
- “traefik.http.middlewares.nextcloudsts.headers.stsseconds=31536000”
- “traefik.http.middlewares.nextcloudsts.headers.isdevelopment=false”
- “traefik.http.routers.drive-rtr.middlewares=nextcloudredir,nextcloudsts”

#Docker Traefik Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds - #4 by adamshand

#Reverse proxy — Nextcloud latest Administration Manual latest documentation

nextcloud-db:
image: mariadb:10.6
container_name: 201_NextCloud-DB
restart: unless-stopped
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=[rootPasswprd
- MYSQL_PASSWORD=[dbPassword]
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
networks:
#- frontend
- backend

---

2. access through browser at drive[mydomain].club
3. setup admin account
4. access nextcloud without issue
5. try to connect with android app
6. connect to the server
7. login
8. screen responds with “Access forbidden” “App Not Enabled”
   

The output of your Nextcloud log in Admin > Logging:

PASTE HERE

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
Not sure how much of the log is viable, here is a excerpt of recent log

https://pastebin.com/5zTXzkqr

The output of your Apache/nginx/system log in /var/log/____:

I’m using traefik, didn’t find anything in its logs that were recent.

PASTE HERE

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

https://pastebin.com/uZQfx2bQ

I have been running a nextcloud for 2 years, I recently rebuilt my homelab, this time using traefik, I’ve been running in circles for the last week trying to figure out how to get the phone and desktop apps working again.

None of the tricks i used before have worked, and I’m not finding anything useful online.

I don’t immediately see an issue with your config.

The screenshot shows an error from NC so traefik seems to route the request to the app. I would focus on Nextcloud logs so far. I don’t remember App is not enabled but I could imagine some important app was not enabled while upgrading the container. This happened to my while upgrading to nc29.

from your log I see the problem at "class":"OCA\\Settings\\SetupChecks\\InternetConnectivity" ... "OCA\\Settings\\Controller\\CheckSetupController" sounds like your system doesn’t have internet access…

Please run this commands in your docker compose directory (for older compose versions you might need to replace docker compose with docker-compose) and report results

• docker compose down followed by
• docker compose up -d
• wait 90 sec or longer on slow hardware
• access your cloud URL
• run docker compose logs
• collect nextcloud.log

if you know how to and where to find config.php please adjust logging level to debug before you start.

Can you please edit your Compose file so it’s marked as preformatted text in the editor rather than quoted text? It’s extremely challenging to read when it is formatted incorrectly here on the forum.

Also, please post the output of occ config:list system from the app container.

Lastly, what happens when you connect to the Web UI from a browser and attempt to log-in?

I believe the “app is not enabled” comes up when an app is restricted (not enabled for the user). Do you by chance have a non-default default app set and any restrictions in place?