Nextcloud version: 13.0.0
Operating system and version: Linux Mint 18.3 Sylvia
Apache or nginx version: nginx/1.10.3 (Ubuntu)
PHP version: PHP 7.0.25-0ubuntu0.16.04.1
If I visit nextcloud via the reverse proxy, I immediately get logged in with the admin account, the logout link works fine, but it redirects to /login and then back to /apps/files.
Interesting enough, if I visit nextcloud via the local IP, the logout works fine.
Steps to replicate it:
- Setup nextcloud behind a NGINX reverse proxy with the given config files
- Try to logout behind the reverse proxy
The nextcloud.log shows an empty String at remoteAddr:
{"reqId":"puOc3JFbLZJpXJr71n8L","level":3,"time":"2018-02-17T11:59:08+01:00","remoteAddr":"","user":"henning","app":"PHP","method":"GET","url":"\/settings\/admin","message":"unlink(\/media\/HDD1\/appdata_oczebt34cvd9\/css\/core\/a395fc1c-jquery.ocdialog.css.deps): No such file or directory at \/var\/www\/nextcloud\/lib\/private\/Files\/Storage\/Local.php#225","userAgent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit\/604.5.6 (KHTML, like Gecko) Version\/11.0.3 Safari\/604.5.6","version":"13.0.0.14"}
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'memcache.local' => '\\OC\\Memcache\\APCu',
'instanceid' => '',
'passwordsalt' => '',
'secret' => '',
'trusted_domains' =>
array (
0 => '192.168.178.62',
1 => '10.8.0.10',
2 => 'domain.tld',
),
'datadirectory' => '/media/HDD1',
'dbtype' => 'mysql',
'version' => '13.0.0.14',
'dbname' => 'nextCloudDB',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextcloudDB',
'dbpassword' => '',
'logtimezone' => 'Europe/Berlin',
'installed' => true,
'mail_smtpmode' => 'smtp',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpsecure' => 'ssl',
'mail_from_address' => 'cloud',
'mail_domain' => '',
'mail_smtpauth' => 1,
'mail_smtphost' => '',
'mail_smtpport' => '465',
'mail_smtpname' => '',
'mail_smtppassword' => '',
);
NGINX reverse proxy config (/etc/nginx/sites-available/cloud):
server {
listen 80;
server_name domain.tld;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/ssl-domain.tld.conf;
include snippets/ssl-params.conf;
server_name domain.tld;
underscores_in_headers on;
location / {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
include /etc/nginx/proxy_params;
proxy_pass http://10.8.0.10;
}
}
/etc/nginx/proxy_params:
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
client_max_body_size 0;
NGINX Config on nextcloud server:
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Content-Type-Options nosniff;
root /var/www/nextcloud/;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 50000M;
fastcgi_buffers 64 4K;
gzip off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_param REMOTE_ADDR $http_x_real_ip;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~* \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
access_log off;
}
location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
}
Hope you guys can help me