Hi all,
Iâm running Nextcloud in a FreeNAS jail and am having trouble getting my clients to access the server via my public facing domain. Through a web browser off of my network I can access my server just fine so I know itâs up and running. It is behind an Nginx reverse-proxy.
Editing config.php file in /usr/local/www/nextcloud/config to add âoverwriteprotocolâ => âhttpsâ does not work for me for allowing the android client to access my nextcloud server off of my LAN.
Does anyone have a solution for this? It doesnât seem like it should be a complicated issue especially in this case where I know the server is accessible publicly in the first place.
I also had this problem, on only one of my machines not the other one (but both run Debian 10 and version 2.5.x from the PPA).
Nextcloud server is installed without a proxy and âoverwritehostâ => âhttpsâ did not fix the issue as that only fixes it when itâs behind a proxy (like with Docker deployments).
it definitely seems like a bug in the version 2.5 Nextcloud desktop for Debian 10 Buster, possibly more systems. The symptoms are the same: it loops around between the login screen and the grant access screen, never getting logged back in. It used to work until one day it broke. It doesnât break every time (my desktop and laptop both run same versions of linux and are hooked up to same 4 nextcloud servers, it only broke on one machine on one server).
To make my account sync again, I built myself version 2.6 from the Git 2.6-stable branch, and that worked well but it took me some time to get it to work. I had a linker/library version conflict with the old libnextcloudsync that was installed from the packages. once I removed libnextcloudsync* and nextcloud* , I then had a missing libnextcloudsync.so error. I had to add my /home/me/nextcloud-desktop-client/lib/x86_64-linux-gnu/ to /etc/ld.so.conf and then âldconfig -v | grep libnextcloudsyncâ to confirm it was seen by the system.
Finally after all that, i was able to run bin/nextcloud and immediately I was able to reconnect the one failed account in the settings. It didnât prompt me for password at all (I was already logged in) and let me press Grant access and then everything started syncing again.
So that worked but probably wonât be easy for any non-developers. For anyone else using Debian and having this login/grant access loop issue, your best bet is to probably just download the pre-built version 2.6, 2.7, or 3.x version of Nextcloud Desktop. Then make the downloaded .AppImage file executable and you should be able to then just run it (make sure the old one is quit first) and it will hopefully get you logged back in and working. If so uninstall the old one and use the newly downloaded AppImage one until the PPAâs get upgraded to 2.6/2.7.
As the bug is already fixed in the code, this isnât really something to take up in Github, it will get fixed when the PPAâs for Debian ship version 2.6+
I had the same problem with docker nextcloud 20.0.1. As discussion above I added **âoverwriteprotocolâ => âhttpsâ, ** in config.php then itâs ok!
Thank you, everybody!
Hi all, Iâm also running Nextcloud from behind an NGNIX reverse proxy with letsencrypt and I encountered (and solved) the same problem on both android app and Windows Client
The error in the browser console was the following:
[nextcloud nginx Refused to send form data to âhttp://mydomain.com/login/v2/grantâ because it violates the following Content Security Policy directive: âform-action âselfââ.]
additionally to add
âoverwriteprotocolâ => âhttpsâ
I also modified the line:
âoverwrite.cli.urlâ => âhttp://mydomain.comâ
to
âoverwrite.cli.urlâ => âhttps://mydomain.com:443â
that fixed the issue
Related to find the config file in docker it is on the nextcloud app container volume (if you used one) I would suggest to create volumes as indicated in the examples at github nextcloud/docker
I set Traefik to reroute http to https (this works). I tested client 2.6 from the Ubuntu 20.04 repoâs and also the AppImage (3.1.1). Nothing worked. Any other suggestions? Is there perhaps a way to set up the sync client with an app-password? I do have TOTP 2fa enabled.
I just tested the config based http>https and the Traefik one, they both work separately from each other, still, the access granting does not work.
Thanx,
Freek
Edit: I fixed this by temporarily setting security.csp.enable
to False in the about:config of Firefox.
i would like to investigate here in this topic because i have the same problem.
First i want to sum up what i think is the status:
The problem depends on the docker-installation of nextcloud.
If you use âonlyâ docker it helps to use the overwriteprotocol-option.
But those of us using a reverse-proxy between internet and nextcloud it doesnât help.
So from my point of view, we need further actions on this topic.
Inbetween this time it helps to login via browser, generate an application-password and use this for login with the client.
But it would be nice to fix this also with reverse proxys.
Hi everybody,
I had pretty much the same problem (NC 20.0.7 running the official docker image with apache, plus reverse ssl proxy (nginx)). Even though overwriteprotocol was already set to https, I couldnât grant access to new NC clients. In the firefox console I saw an error with the content security policy, but I didnât want to override this. What did the trick for me in the end was to remove the overwriteconaddr parameter from the config.php!
Hope this helps anybody else!
And I added the following to my /usr/share/nginx/nextcloud/config/config.php file:
âoverwrite.cli.urlâ => âhttps://cloud.abc123comâ, # originally it was http
âoverwritehostâ => âcloud.abc123.comâ, # entirely new line
âoverwriteprotocolâ => âhttpsâ, # entirely new line
âoverwritecondaddrâ => â^192\.168\.1\.23$â, # IP of the reverse proxy
'overwritewebroot â => â/â, # entirely new line
Had the same problem, but Iâm not using Nginx. I use Apache. However, not sure if my fix would help you all. But whatever. Hereâs what I did. I tried the overwrite protocol: https as what raghnarok did, but it still didnât work. So I edited the âoverwritehostâ instead, adding the port number :444 at the end. It works now.
Sorry folks, I have tried all of the above recommendations in many different forms and nothing has worked. The only way to log on to Nextcloud through iOS was the QR code on desktop, but Nextcloud Talk get stuck at Grant Access.
I have an Apache Proxy that redirects to my NAS where Nextcloud is sitting.
My config.php currently stands as:
array (
âtrusted_proxiesâ => âmy.public.ipâ,
âoverwritehostâ => âthe.webaddress.netâ,
âoverwriteprotocolâ => âhttpsâ,
âoverwritewebrootâ => âhttp://192.168.xxx.xxx:xxxxâ, #this is the internal ip:port where Nextcloud is sitting
âoverwrite.cli.urlâ => âhttps://the.webaddress.netâ,
),
Hi there, I am unable to solve this issue, this is so weird. On my laptop, I managed to solve the issue by adding 'overwriteprotocol' => 'https'. However, on my phone I had to use a QR code (app password) to authenticate.
Now, I want to sync my desktop computer. 'overwriteprotocol' => 'https' doesnât help. So I had the idea to try using an app password (as I did for my phone) but I have a very weird bug. In the browser, I have an error message telling me that the username or the password is wrong BUT in the page where I created the app password I can see a successful authentication in the list of sessions (âDevices & sessionsâ). Because of that, I cannot use the same trick as on my phone and I am truly unable to grant access to my desktop computer.
I saw some people mentioning that having a reverse-proxy makes a difference and that the overwriteprotocol trick doesnât work in this case. In my particular case, I use Traefik. Is there someone who had to deal with this issue while using Traefik? Can someone please help me? Itâs driving me crazy
Or maybe, as several people are unable like me to solve this issue, should we open an issue on Github?
Hi again I found a hack to bypass the issue. It is not a fix but it allowed me to authenticate for this one time. I think it might be helpful for people who are unable to fix the issue with overwriteprotocol, so I will try to explain what I did there.
In the browser window (I use Firefox), instead of clicking on the âGrant Accessâ button, right click on the button and âInspectâ. In the HTML source, look for the URL of your server. Basically, the button is programmed to execute a POST request using this URL. The problem is that the URL starts with âhttpâ instead of âhttpsâ. Now, right click on the code and âEdit As HTMLâ. Add a âsâ manually so that the URL looks like âhttps://â.
Now, click on the âGrant Accessâ button. As you edited the URL, the POST request will use the right protocol and it should work
If I understood well, overwriteprotocol is supposed to replace âhttpâ with âhttpsâ. My hack consists in doing this job manually, basically
I found a hack to bypass the issue. It is not a fix but it allowed me to authenticate for this one time. I think it might be helpful for people who are unable to fix the issue with 
