Folks - got a bit of a weird (not stopping me using it), annoying error that I can’t quite figure out.
I’ve got a http/https (302/307) loop on the front page only. If I use the base domain, it gets the loop, however if I go to the login page, nextcloud.domain.com/login - it works fine. Everything else works fine, without any errors at all. Just the login page.
While debugging, I’ve made sure cookies have been cleaned up, and 2 browsers. Restarted the nextcloud docker container and the nginx service every time I’ve tinkered around with the config files.
Here’s the NC config (I’ve included only the sections I think relevant):
'trusted_domains' =>
array (
0 => '127.0.0.1:8082',
1 => 'nextcloud.domain.com',
2 => '80.xx.xx.153',
),
'forwarded-for-headers' =>
array (
0 => 'HTTP_X_FORWARDED_FOR',
),
'openssl' =>
array (
'config' => '/etc/ssl/openssl.cnf',
),
'datadirectory' => '/var/www/html/data',
'dbtype' => 'mysql',
'version' => '19.0.1.1',
'overwrite.cli.url' => 'https://nextcloud.domain.com/',
'overwritehost' => 'nextcloud.domain.com:443',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/',
'trusted_proxies' =>
array (
0 => '127.0.0.1',
1 => '192.168.1.77',
2 => 'localhost',
3=> '80.xx.xx.153',
),
I’ve tinkered around with the trusted proxies, added external IP addresses for good measure, still no luck.
Here’s the nginx.conf file. This is running on a Synology, but it’s nginx - just a custom version. Again, I’ve tinkered with adding root addresses (no luck), various settings inside the proxy_set_header section, still the same issue. Actually, I removed all the proxy_set_header settings, it broke the site, but the redirect loop was still there.
server {
listen 80;
listen [::]:80;
server_name nextcloud.domain.com;
return 301 https://$host$request_uri;
root /var/www/html/nextcloud/;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/html/nextcloud/;
server_name nextcloud.domain.com;
ssl_certificate /usr/syno/etc/certificate/ReverseProxy/xxx/fullchain.pem;
ssl_certificate_key /usr/syno/etc/certificate/ReverseProxy/xxx/privkey.pem;
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload" always;
location / {
proxy_connect_timeout 12000;
proxy_read_timeout 12000;
proxy_send_timeout 12000;
proxy_intercept_errors off;
proxy_http_version 1.1;
# proxy_set_header Host $Host;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Front-End-Https on;
proxy_set_header X-Forwarded-Host $server_name;
# proxy_redirect off;
proxy_pass http://192.168.1.77:8082;
}
location = /.well-known/carddav {
# return 301 $scheme://$host/nextcloud/remote.php/dav;
return 301 $scheme://$host:443/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:443/remote.php/dav;
}
error_page 403 404 500 502 503 504 @error_page;
location @error_page {
root /usr/syno/share/nginx;
rewrite (.*) /error.html break;
allow all;
}
}
Any ideas, I’m scratching my head at this point, and thinking a dive into nginx might be worth my time at this point as I’m not totally familiar with the tech.
Cheers in advance!