Cannot login to Nextcloud Client

FranciscoGameiro2004 · March 28, 2026, 3:45pm

The issue

Hi, everyone!

Yesterday, I installed Nextcloud within a docker container alongside with Nginx Proxy Manager to obtain secure HTTPS with two domains: one localand another to use with Tailscale.

While Nextcloud appears to be working in general, when I try to login in the Nextcloud Client for Linux (in this case: Lubuntu 25.10) I recieve this error message:

The polling URL does not start with HTTPS despite the login URL started with HTTPS. Login will not be possible because this might be a security issue. Please contact your administrator.

Since the first time I saw this error I went trough post about this kind of issue on Nextcloud Forum and Reddit, for example. I did some things like the modification of config.php file to accommodate some variables like trusted_domains, overwritemethod and overwrite.cli.url and the implementation of custom configuration in the Nginx proxies for Nextcloud. But still, THE CLIENT LOGIN STILL DOESN’T WORK!!!

I thank you in advance to anyone who may try to help me to solve this. I provided some information that I think that will be useful to solve this issue and feel free to request more if needed.

Server Information

Nextcloud Server version:
- 33.0.1.2
Operating system and version:
- Ubuntu 24.04.4
Reverse proxy and version:
- Nginx 2.14.0
PHP version:
- 8.4.19
  - EDIT: I just noticed that originally I put the Nextcloud version instead the PHP one…
Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
- Docker Compose
Are you using CloudfIare, mod_security, or similar? (Yes / No)
- No

Nextcloud `config.php`

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'upgrade.disable-web' => true,
  'instanceid' => 'oclqwx7d5em5',
  'passwordsalt' => 'PLoUip5V+0zRxE9syBcmLA+r+W0vvQ',
  'secret' => '*secret sfuff*',
  'trusted_domains' => 
  array (
    0 => '*tailscale duckdns domain*', # To access through Tailscale
    1 => '*local duckdns domain*', # To access locally
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '33.0.1.2',
  'trusted_proxies' =>
  array (
    0 => '127.0.0.1:80', # Nginx proxy for HTTP
    1 => '127.0.0.1:443', # Nginx proxy to HTTPS
  ),
  'overwrite.cli.url' => 'http://*tailscale duckdns domain*',
  'overwritemethod' => 'https',
  'dbname' => '*database name*',
  'dbhost' => 'db',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => '*database username*',
  'dbpassword' => '*database password*',
  'installed' => true,
  'loglevel' => 0,
);

Nginx Custom Configuration

location /.well-known/carddav {
    return 301 $scheme://$host/remote.php/dav;
}

location /.well-known/caldav {
    return 301 $scheme://$host/remote.php/dav;
}

location ^~ /.well-known {
    return 301 $scheme://$host/index.php$uri;
}

Docker Compose

Nextcloud

services:
  # Note: MariaDB is external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/mariadb
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
    image: mariadb:lts
    container_name: nextcloud-compose-db
    restart: always
    command: --transaction-isolation=READ-COMMITTED
    volumes:
      - /home/*linux username*/nextcloud/db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=*database root password*
      - MYSQL_PASSWORD=*database password*
      - MYSQL_DATABASE=*database name*
      - MYSQL_USER=*database username*

  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always

  app:
    image: nextcloud
    container_name: nextcloud-compose
    restart: always
    ports:
      - 8080:80
    depends_on:
      - redis
      - db
    volumes:
      - /home/franciscogameiro2004/nextcloud/nextcloud:/var/www/html
    environment:
      - MYSQL_PASSWORD=*database password*
      - MYSQL_DATABASE=*database name*
      - MYSQL_USER=*database username*
      - MYSQL_HOST=db
      #
      - NEXTCLOUD_TRUSTED_DOMAINS=*local duckdns domain*,*tailscale duckdns domain*
      - NEXTCLOUD_DEFAULT_PHONE_REGION=PT

Nginx Proxy Manager

services:
  nginx_proxy_manager:
    image: "jc21/nginx-proxy-manager:latest"
    container_name: nginx_proxy_manager
    restart: unless-stopped
    network_mode: "host"
    ports:
      - "80:80"    # HTTP
      - "443:443"  # HTTPS
      - "81:81"    # Admin Panel
    volumes:
      - ./data/npm_data:/data
      - ./data/npm_letsencrypt:/etc/letsencrypt
      - ./data/npm_logs:/var/log/nginx
    environment:
      DB_SQLITE_FILE: "/data/database.sqlite" # Using SQLite instead of MySQL for simplicity
      INITIAL_ADMIN_EMAIL: admin@example.com
      INITIAL_ADMIN_PASSWORD: changeme
      X_FORWARDED_PROTO: "https"

mritzmann · March 28, 2026, 6:39pm

Have you tried it this way as well?

'overwrite.cli.url' => 'https://*tailscale duckdns domain*', # <-- with https
'overwriteprotocol' => 'https',

And if you call up the following:

curl -I https://*tailscale duckdns domain*/status.php

What status code do you see? A correct one would be, for example, HTTP/2 200. If you see a 301 or 302 redirect to http://, then something is still not quite right. But I’m not sure how Nextcloud constructs the URL that is returned during the login process.

FranciscoGameiro2004 · March 28, 2026, 7:07pm

I tried already to modify overwrite.cli.url in that way (and I just tried again just to confirm).

When I tried to do the request you suggested, it gave me this result:

HTTP/2 200 
server: openresty
date: Sat, 28 Mar 2026 18:57:38 GMT
content-type: application/json
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow
referrer-policy: no-referrer
x-powered-by: PHP/8.4.19
content-security-policy: default-src 'self'; script-src 'self' 'nonce-30IQ5GdX/ury7lO+dWgJw6cbwK5/J/+E6duVnuxGkKM='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
set-cookie: nc_sameSiteCookielax=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
set-cookie: nc_sameSiteCookiestrict=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
access-control-allow-origin: *
strict-transport-security: max-age=63072000; preload
x-served-by: *tailscale duckdns domain*

While I still got a 200 OK status code and got access to the webapp,I still cannot login in that client.

FranciscoGameiro2004 · April 2, 2026, 11:03pm

Update: I posted the same problem on Reddit and then a fellow user that not only suggested me to install Nextcloud AIO it also suggested tthe already mentioned setting above. Before installing AIO I tried to change in NPM from http to https but it didn’t work. After that I installed Nextcloud AIO and everything worked fine.

But that doesn’t solve the issue in itself. That’s the reason I have a theory on what caused the problem to begin with. I checked the docker compose I posted here and I saw that I was forwarding the port 8080 to go to the internal port 80. I’m not really sure if that’s the origin of that problem and I cannot test that because I deleted everything before installing the AIO version.