Cannot play video from mobile app after reverse https proxy setting up

boliang319 · May 2, 2020, 1:55am

I deployed nextcloud 18.03 on a ubuntu server（version 16.04） with the official docker image. It works well before I add a nginx containner (in another docker containner) which act as an https revers proxy with self-signed certificates. After the reverse proxy was deployed, I cannot play any video files from the mobile apps including android and ios platform. I checked the logs of nginx and nextcloud, it seems that thers isn’t any request for the video file was received by the server. Here is the contents of my nginx config :

server {
listen 20443 ssl http2;
server_name

    ssl_certificate     /etc/nginx/ssl_certs/server.pem;
    ssl_certificate_key /etc/nginx/ssl_certs/server.key;

    location = /.well-known/carddav {
            return 301 $scheme://$host:$server_port/remote.php/dav;
    }
    location = /.well-known/caldav {
            return 301 $scheme://$host:$server_port/remote.php/dav;
    }

    location / {
            proxy_pass http://ncserver;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
    }

    client_max_body_size 8192M;
    fastcgi_buffers 64 4K;

}

I suppose it maybe caused by the self-signed certificats. Can anybody help me?

Thanks!

kevdog · May 2, 2020, 2:05am

It’s possible its the self-signed certs. But it could be other things. Perhaps try the following as well

proxy_set_header Host $proxy_host;

or
proxy_set_header Host ncserver;

I would also check the error logs of nginx and/or nextcloud.
Also from a different computer try to access your ncserver with curl or wget and see what error messages it generates.

With self-signed certs its likely to be a problem unless you’ve installed the CA cert on the client.

boliang319 · May 2, 2020, 2:30am

Thanks for your reply.
I tried your first 2 sugesstions, set the Host header to $proxy_host or ncserver, it still doesn’t work, but the mobile app shows another information of cannot play internal stream. Then I changed the host back to $http_host, and this time, after a long time loading, the mobile app said the default media player cannot play this file/stream. Since my mobile device is using Chinese, the app only shows a Chinese messge, and I translated these message as above.

For the error logs, I will post them here later.

Thanks again.

boliang319 · May 2, 2020, 2:37am

I can successfully wget the index.html page frome other desktop computer, and my browser works well, I can play video file in my browser both on my desktop and mobile.
When I play video form browser, I can see the log information that a request for the target video was received, but if I try to play it from mobile app, I can not see any request for the target video file.

boliang319 · May 2, 2020, 3:41am

The following is the containner log when I click a test.mp4 from my desktop browser, and it works well.

{“log”:“172.17.0.4 - - [02/May/2020:11:32:51 +0800] “PROPFIND /remote.php/dav/files/boliang/test/test.mp4 HTTP/1.0” 207 1862 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:32:51.978766429Z”}
{“log”:“172.17.0.4 - - [02/May/2020:11:32:51 +0800] “GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.0” 200 1376 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:32:52.016157891Z”}
{“log”:“172.17.0.4 - - [02/May/2020:11:32:51 +0800] “PROPFIND /remote.php/dav/files/boliang/test/ HTTP/1.0” 207 2789 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:32:52.109639496Z”}
{“log”:“172.17.0.4 - - [02/May/2020:11:32:52 +0800] “GET /remote.php/dav/files/boliang/test/test.mp4 HTTP/1.0” 206 2927420 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:32:52.366811897Z”}
{“log”:“172.17.0.4 - - [02/May/2020:11:32:52 +0800] “GET /remote.php/dav/files/boliang/test/test.mp4 HTTP/1.0” 206 18475 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:32:52.436334487Z”}
{“log”:“172.17.0.4 - - [02/May/2020:11:32:52 +0800] “GET /remote.php/dav/files/boliang/test/test.mp4 HTTP/1.0” 206 9619499 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:32:52.735954614Z”}

The following is the log I do the same operation on the mobile app (android):
{“log”:“172.17.0.4 - boliang [02/May/2020:11:34:02 +0800] “POST /ocs/v2.php/apps/dav/api/v1/direct?format=json HTTP/1.0” 200 939 “-” “Mozilla/5.0 (Android) Nextcloud-android/3.11.0”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:34:02.633947791Z”}
{“log”:“172.17.0.4 - - [02/May/2020:11:34:21 +0800] “GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.0” 200 1376 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:34:21.898234981Z”}
{“log”:“172.17.0.4 - - [02/May/2020:11:34:51 +0800] “GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.0” 200 1376 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:34:51.866113629Z”}
{“log”:“172.17.0.4 - - [02/May/2020:11:34:59 +0800] “GET /index.php/204 HTTP/1.0” 204 1195 “-” “Mozilla/5.0 (Android) Nextcloud-android/3.11.0”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:34:59.925958641Z”}
{“log”:“172.17.0.4 - - [02/May/2020:11:35:00 +0800] “GET /index.php/204 HTTP/1.0” 204 1203 “-” “Mozilla/5.0 (Android) Nextcloud-android/3.11.0”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:35:00.088364304Z”}
{“log”:“172.17.0.4 - - [02/May/2020:11:35:21 +0800] “GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.0” 200 1376 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:35:21.863787015Z”}

this is the nginx log for above test.

{“log”:“61.163.72.203 - - [02/May/2020:11:46:39 +0800] “PROPFIND /remote.php/dav/files/boliang/test/test.mp4 HTTP/2.0” 207 1127 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36” “-”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:46:39.10175291Z”}
{“log”:“61.163.72.203 - - [02/May/2020:11:46:39 +0800] “PROPFIND /remote.php/dav/files/boliang/test/ HTTP/2.0” 207 2054 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36” “-”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:46:39.24167509Z”}
{“log”:“61.163.72.203 - - [02/May/2020:11:46:39 +0800] “GET /remote.php/dav/files/boliang/test/test.mp4 HTTP/2.0” 206 1559756 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36” “-”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:46:39.416642007Z”}
{“log”:“61.163.72.203 - - [02/May/2020:11:46:39 +0800] “GET /remote.php/dav/files/boliang/test/test.mp4 HTTP/2.0” 206 17651 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36” “-”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:46:39.58966966Z”}
{“log”:“2020/05/02 11:46:39 [warn] 7#7: *586 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/8/02/0000000028 while reading upstream, client: 61.163.72.203, server: 192.168.1.2, request: “GET /remote.php/dav/files/boliang/test/test.mp4 HTTP/2.0”, upstream: “http://172.17.0.3:80/remote.php/dav/files/boliang/test/test.mp4”, host: “nextcloud.boliang319.dynamic-dns.net:20443”\n”,“stream”:“stderr”,“time”:“2020-05-02T03:46:39.821819522Z”}
{“log”:“61.163.72.203 - - [02/May/2020:11:46:40 +0800] “GET /remote.php/dav/files/boliang/test/test.mp4 HTTP/2.0” 206 9618675 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36” “-”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:46:40.275871982Z”}
{“log”:“61.163.72.203 - boliang [02/May/2020:11:46:50 +0800] “POST /ocs/v2.php/apps/dav/api/v1/direct?format=json HTTP/1.1” 200 216 “-” “Mozilla/5.0 (Android) Nextcloud-android/3.11.0” “-”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:46:50.407655899Z”}
{“log”:“61.163.72.203 - boliang [02/May/2020:11:46:50 +0800] “GET /ocs/v1.php/cloud/user?format=json HTTP/1.1” 200 580 “-” “Mozilla/5.0 (Android) Nextcloud-android/3.11.0” “-”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:46:50.446895711Z”}
{“log”:“61.163.72.203 - boliang [02/May/2020:11:46:50 +0800] “PROPFIND /remote.php/webdav/test/ HTTP/1.1” 207 816 “-” “Mozilla/5.0 (Android) Nextcloud-android/3.11.0” “-”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:46:50.893135069Z”}
{“log”:“61.163.72.203 - boliang [02/May/2020:11:46:51 +0800] “PROPFIND /remote.php/webdav/test/ HTTP/1.1” 207 1962 “-” “Mozilla/5.0 (Android) Nextcloud-android/3.11.0” “-”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:46:51.04278081Z”}
{“log”:“61.163.72.203 - boliang [02/May/2020:11:46:51 +0800] “GET /ocs/v2.php/apps/files_sharing/api/v1/shares?path=%2Ftest%2F\u0026reshares=true\u0026subfiles=true HTTP/1.1” 200 138 “-” “Mozilla/5.0 (Android) Nextcloud-android/3.11.0” “-”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:46:51.347437031Z”}
{“log”:“61.163.72.203 - - [02/May/2020:11:46:51 +0800] “GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/2.0” 200 613 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36” “-”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:46:51.862851133Z”}
{“log”:“61.163.72.203 - boliang [02/May/2020:11:46:52 +0800] “POST /ocs/v2.php/apps/dav/api/v1/direct?format=json HTTP/1.1” 200 216 “-” “Mozilla/5.0 (Android) Nextcloud-android/3.11.0” “-”\n”,“stream”:“stdout”,“time”:“2020-05-02T03:46:52.944717477Z”}

boliang319 · May 7, 2020, 12:29pm

After I replaced the self-signed certs with a commercial certs, it worked.
So this should be a bug about self-signed certs.

kevdog · May 7, 2020, 12:45pm

Before attributing the error to self signed certs…it’s possible you didn’t make the certs correctly…what process did you use to generate the certificates?

boliang319 · May 7, 2020, 1:18pm

Here is the script I used to generate the root/CA certs:

openssl genrsa -out root.key 4096
openssl req -new -key root.key -out root.csr -subj “/C=CN/ST=HN/L=ZZ/O=Guolong/OU=Guolong/CN=root”
openssl x509 -req -days 3650 -sha256 -extensions v3_ca -signkey root.key -in root.csr -out root.crt
cat root.key root.crt > root.pem

And here is the script I used to generate the server certs:
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr -subj “/C=CN/ST=HN/L=ZZ/O=Guolong/OU=Guolong/CN=nextcloud.boliang319.dynamic-dns.net”
openssl x509 -req -days 3650 -sha256 -extensions v3_req -CA root.crt -CAkey root.key -CAcreateserial -in server.csr -out server.crt
cat server.key server.crt > server.pem

Is ther any errors?