Can't login via my mobile device(Android && ipad) by nginx reverse proxy

ℹ️ Support
,
1
Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 20.0.5): 23.0.0.10
Operating system and version (eg, Ubuntu 20.04): Ubuntu 20.04
Apache or nginx version (eg, Apache 2.4.25): 2.4.51
PHP version (eg, 7.4): 8.0.14

The issue you are facing:

Can’t login via my andriod phone and ipad.

At the beginning, when I login in via my lan ip 10.88.xx.xx, it works well.

But when I login in via my ssl domain https://xxx.xxx, it went wrong, which shows ‘strict mode:not allow http connection’.

I know the cause is that my nginx is using https but nextcloud use http and when I login nextcloud response a http redirect location, but Strict-Transport-Security don’t allow http redirect to https.

so I configure my nginx below

    location / {
        proxy_pass  http://lanip:8010;
        ...
        proxy_redirect http:// https://;
        add_header Strict-Transport-Security "max-age=0;";
   }

Another problem turns out—‘Access forbidden invalid request’

By the way, I can login via both lan ip and ssl domain by my chrome browser in useing this configure.

I just dont know what happend in my mobile device.

this is the docker log below, just cant figure out any error

app_1       | 117.170.147.13 - - [05/Jan/2022:02:59:26 +0000] "POST /login HTTP/1.0" 303 1176 "-" "Xiaomi M2007J1SC (Android)"
app_1       | 117.170.147.13 - - [05/Jan/2022:02:59:29 +0000] "GET /login/flow/grant?clientIdentifier=&stateToken=3NhuTtop9tjbCY6InbTs6acW1PbSsq7nm6jpqjAJjB6DXGcGFJXwjqtm5TMM44yz HTTP/1.0" 200 5493 "-" "my device (Android)"
app_1       | 117.170.147.13 - - [05/Jan/2022:02:59:29 +0000] "GET /core/js/oc.js?v=1aa3ab97 HTTP/1.0" 200 2246 "-" "my device (Android)"
app_1       | 117.170.147.13 - - [05/Jan/2022:02:59:31 +0000] "GET /login/flow HTTP/1.0" 200 5187 "-" "my device (Android)"
app_1       | 117.170.147.13 - - [05/Jan/2022:02:59:31 +0000] "GET /core/js/oc.js?v=1aa3ab97 HTTP/1.0" 200 2245 "-" "my device (Android)"
app_1       | 117.170.147.13 - - [05/Jan/2022:03:11:32 +0000] "GET /csrftoken HTTP/1.0" 200 788 "-" "my device(Android)"