Cant setup clients through HAProxy

ā„¹ļø Support šŸ“¦ Appliances (Docker, Snappy, VM, NCP, AIO)
1

Hi,

Ive just setup an Nextcloud, MySQL and HaProxy docker container, with HAProxy doing the SSL termination.
Ive only tested with the webinterface, and HAProxy manages to redirect HTTP ā†’ HTTPS.

Then i wanted to configure the Desktop clients, but for some reasons, that dosent work.
The client opens the website, and the Login and Grant access boxes works fine, but then this issue appears:

Issue1.PNG
Issue1.PNG774Ɨ420 70.8 KB

The client then reports this issue:

Issue2
Issue2751Ɨ278 11.4 KB

Ive googled for a couple of hours now, and can see that im far from the only one, having this issue.
Many of the HAProxy configurations are outdated, and the config is simply not accepted by HAProxy anymore.

So far ive tried:
10+ HAProxy configs - the one im using atm, is the one working best
Added both the 172.17. and my internal network CIDR to trusted_proxies
Connecting my NC Client directly to the Nextcloud container, which works, but then isnt encrypted.

Im not sure if the issue resides on the way Nextcloud handles this, or more likely the HAProxy config.

Any help and guidance, would be extremely appreciated!

My HAProxy config:

frontend FT_HTTP_IN
mode http
bind *:80
bind *:443 ssl crt /etc/ssl/
redirect scheme https if !{ ssl_fc }
acl acl_cloud hdr(host) -i hidden.domain.tld
use_backend BCK_Cloud_HTTP if acl_cloud

backend BCK_Cloud_HTTP
mode http
server cloud 192.168.4.30:8080 check

2

Iā€™m using HAProxy with the following and I can auth with the Windows client:

frontend webreverse
        bind                    :80
        bind                    :443 ssl crt cert.pem alpn h2,http/1.1
        mode                    http
        log                     global
        option                  forwardfor
        option                  http-use-htx
        option                  http-keep-alive
        acl https ssl_fc
        http-request add-header X-Forwarded-Port 443
        http-request add-header X-Forwarded-Proto https
        http-request add-header X-Forwarded-Ssl on
        http-request set-var(txn.txnhost) hdr(host)
        # Force ssl
        redirect scheme https code 301 if !{ ssl_fc }
        maxconn                 100
        timeout client          7200000
        acl     nextcloud       var(txn.txnhost) -m str -i nextcloud.mydomain.com
        use_backend nextcloud if nextcloud

        # nextcloud stuff
        acl url_discovery path /.well-known/caldav /.well-known/carddav /.well-known/webfinger /.well-known/nodeinfo
        http-request redirect location /remote.php/dav/ code 301 if url_discovery

backend nextcloud
        server                  nextcloud 192.168.0.XXX:XXXX check inter 1000