Can't get iOS app to connect - Protocol Error

rhysers · December 30, 2019, 6:36am

Still trying to get a new installation working properly. I’m running NextCloud on an LXC Container behind and Nginx reverse proxy. The webpage works, the Linux and Windows clients work, but the iOS one won’t connect. When I put in my url and tap “Log in” I get the following error:

All I see as far as logs is 192.168.136.133 - - [29/Dec/2019:20:23:02 -1000] “GET /nextcloud/status.php HTTP/1.0” 200 1580 “-” “Mozilla/5.0 (iOS) Nextcloud-iOS/2.25.3” in /var/log/apache2/access.log. No errors logged.
Not sure if it’s important, but 192.168.136.133 is the IP of my Nginx reverse proxy, not my client.
This is one of the last 2 things keeping me from jumping on board. Please help.
Rhys
system info: https://cloud.odinforce.net/nextcloud/index.php/s/2yc4PGbxkdGQbLa
pass BeuzmHdP+BirxOZpxEPG

rhysers · December 30, 2019, 6:59am

Forgot to mention, before I enabled 'overwriteprotocol' => 'https', to make logging in on chrome work, the iOS app would work over http, but not https. Now since the returned URLs get changed to https it doesn’t work on either protocol.

budy · December 31, 2019, 9:20am

iOS is veery picky when it comes to SSL certs. Did you use a self-signed cert for your NC instance?

rhysers · December 31, 2019, 10:23am

Hi! Thanks for the reply. My reverse proxy is using a letsencrypt cert, the communication between by proxy and my NC server is using a self signed cert, but that shouldn’t matter. Actually, when I posted this, it was using http between my proxy and NC server. After drudging through some packet captures I wondered if some of the http only cookies might be causing issues and switched to https. This allowed me to log in, but it tells me I have no files and when I try to refresh I get a pop up that is just blank. Sometimes it crashes the iOS app.

budy · December 31, 2019, 3:46pm

Then it’s most likely an issue between your reverse proxy and your NC instance. Does the DNS name resolv internally to your proxy and did you also make sure, that your NC instance uses that dns name internally?

Also, which reverse proxy are you using?

rhysers · December 31, 2019, 5:37pm

Yes, DNS resolves to my proxy and I’ve set the following, although the first one was there from install.

  'overwrite.cli.url' => 'https://hecate/',
  'overwriteprotocol' => 'https',
  'overwritehost' => 'cloud.odinforce.net',

I use nginx as reverse proxy. Heres my conifg for the subdomain:

server {
	server_name cloud.odinforce.net;

	access_log /var/log/nginx/cloud.example.com.access.log;
	error_log /var/log/nginx/cloud.example.com.error.log;

	client_max_body_size 0;
	underscores_in_headers on;

	ssl_stapling on;
	ssl_stapling_verify on;

	location / {
#		include config/odinforce.net/proxy.conf;
		client_max_body_size 10G;
		client_body_buffer_size 400M;
		proxy_headers_hash_max_size 512;
		proxy_headers_hash_bucket_size 64;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

		# add_header Front-End-Https on;
		# whatever the IP of your cloud server is
		proxy_pass https://192.168.136.134;
	}


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/odinforce.net-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/odinforce.net-0001/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
	location / {
		proxy_headers_hash_max_size 512;
		proxy_headers_hash_bucket_size 64;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

		# whatever the IP of your cloud server is
		proxy_pass http://192.168.136.134;
	}


	server_name cloud.odinforce.net;
	listen 80;
}

rhysers · December 31, 2019, 6:31pm

I bypassed my reverse proxy and got a new error:

Again, web access still works fine.

hokaido · June 9, 2020, 10:06pm

Same problem as rhysers.
Did you solve it?

eyduh · January 14, 2021, 8:38am

Did u get it working?

I’ve got the protocol error as well on iOS, web access, android app and linux & windows desktop sync works fine.

I’ve got nginx-proxy-manager handling the SSL with lets encrypt certs, ssl termination and hsts and the overwrite url/protocol in the config.php

I would like to use it to work with clients remotely and unfortunately there plenty of iphones out there would be nice to have a guide on this somewhere c:

eyduh · September 19, 2021, 7:01pm

Found the solution here:

basically trick iOS that the server is located at the reverse proxy…