Desktop Client is trying to use HTTP instead of HTTPS

Nextcloud version 21.0.0
Operating system and version _ubuntu 18.04
Apache or nginx version nginx/1.21.1
PHP version 7.4.16

The issue you are facing:
I have a nextcloud install in a docker container with a NGINX proxy on the same machine,
I am trying to setup my desktop client but it keeps returning this:

The polling URL does not start with HTTPS despite the login URL started with HTTPS. Login will not be possible because this might be a security issue. Please contact your administrator

I have already searched across other support topics but adding 'overwriteprotocol' => 'https', to config.php does not fix anything and 'overwrite.cli.url' => 'domainname',

Does anyone understand what the issue could be and what else i could check?

Is this the first time you’ve seen this error? (Y/N):
Yes

Steps to replicate it:

  1. Install Nextcloud with the standard docker image
  2. install reverse proxy on the same machine
  3. insert config lines mentioned before
  4. attempt to connect desktop client

The output of your Nextcloud log in Admin > Logging:

No log related to this issue gets made

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'trusted_proxies'   => ['172.0.0.1'],
  'overwritehost'     => 'server.nextcloud.com',
  'overwriteprotocol' => 'https',
  'overwrite.cli.url' => 'server.nextcloud.com',
  'overwritecondaddr' => '^172\.0\.0\.1$',
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'instanceid' => '****',
  'passwordsalt' => '****',
  'secret' => '****',
  'trusted_domains' => 
  array (
    0 => 'https://server.nextcloud.com',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'sqlite3',
  'version' => '21.0.0.18',
  'overwrite.cli.url' => 'server.nextcloud.com',
  'installed' => true,
  'app_install_overwrite' => 
  array (
    0 => 'files_external_dropbox',
  ),
  'maintenance' => false,
  'mail_from_address' => 'noreply',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'server.nextcloud.com',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => '172.0.0.1',
  'mail_smtpport' => '587',
  'mail_smtpname' => 'noreply@server.nextcloud.com',
  'mail_smtppassword' => '****',
);

The output of your Apache/nginx/system log in /var/log/____:

an.ip.address.0 - - [21/Aug/2021:21:39:52 +0000] "GET /login HTTP/1.1" 301 169 "-" "Go-http-client/1.1" "-"
an.ip.address.0 - - [21/Aug/2021:21:39:52 +0000] "GET /login HTTP/1.1" 200 14872 "http://server.nextcloud.com/login" "Go-http-client/1.1" "-"
an.ip.address.1 - - [21/Aug/2021:21:39:55 +0000] "GET /apps/logreader/poll?lastReqId=JhbJQHHqOrasEE9R3QLy HTTP/1.1" 200 22 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0" "-"
an.ip.address.1 - - [21/Aug/2021:21:40:06 +0000] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0" "-"
an.ip.address.1 - - [21/Aug/2021:21:40:16 +0000] "GET /apps/logreader/poll?lastReqId=JhbJQHHqOrasEE9R3QLy HTTP/1.1" 200 22 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0" "-"
an.ip.address.0 - - [21/Aug/2021:21:40:20 +0000] "GET / HTTP/1.1" 200 25801 "-" "Go-http-client/1.1" "-"
1 Like

The best would be to create a redirect to https on your nginx.

i already have that in place, and it does redirect to HTTPS. But the nextcloud desktop app gets told to use http which causes the error mentioned earlier The polling URL does not start... which makes the app not attempt to connect at all. This issue started when i updated the destop app (so i assume this error message was coded in recently)

1 Like

This one isn’t redirected (would be http codes 30x)

I thought my config does redirect to https.

This is my nginx config, Pretty sure the first server part is supposed to redirect to https

server {
    listen 80;
    server_name server.nextcloud.com www.server.nextcloud.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name server.nextcloud.com www.server.nextcloud.com;

    ssl_certificate /etc/letsencrypt/live/server.nextcloud.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/server.nextcloud.com/privkey.pem;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;

    client_max_body_size 2048M;


    location / {
	proxy_pass http://172.0.0.1:8090;
	proxy_set_header        Host $http_host;
	proxy_set_header        X-Real-IP $remote_addr;
	proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header        X-Forwarded-Proto $scheme;
	proxy_read_timeout 300;
    }

    location /.well-known/carddav {
    return 301 $scheme://$host/remote.php/dav;
    }

    location /.well-known/caldav {
    return 301 $scheme://$host/remote.php/dav;
    }
}

Look here in the docs:
https://docs.nextcloud.com/server/stable/admin_manual/installation/nginx.html

They use
listen [::]:80;
as well (for ipv6).

If you have a linux system hanging around somewhere, you can check:
curl -v http://cloud.nextcloud.com/apps/logreader/poll?lastReqId=JhbJQHHqOrasEE9R3QLy

and I get this response:

< HTTP/1.1 301 Moved Permanently
< Date: Sun, 22 Aug 2021 10:27:23 GMT
< Server: Apache/2.4.41 (Ubuntu)
< Location: https://cloud.nextcloud.com//apps/logreader/poll?lastReqId=JhbJQHHqOrasEE9R3QLy
< Content-Length: 372
< Content-Type: text/html; charset=iso-8859-1

I get basically the exact same response. I know it is redirecting to https, adding ipv6 support also doesnt change anything, (also cause the router connected to it doesnt have ipv6 set up) My main issue is that its reporting to have to use HTTP when connecting. I can see that when i go on the website to the settings under “mobile & desktop” where it shows Server address it shows http, i’m pretty sure the nextcloud login fetches that url and then sees it is http and throws out this error.

Edit:

< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.21.1
< Date: Sun, 22 Aug 2021 10:35:06 GMT
< Content-Type: text/html
< Content-Length: 169
< Connection: keep-alive
< Location: https://cloud.nextcloud.com/apps/logreader/poll?lastReqId=JhbJQHHqOrasEE9R3QLy
1 Like

that shouldn’t be 127.0.0.1 (localhost)??

those ip’s were censored i use the server ip there not 172.0.0.1 or 127.0.0.1. It works either way

that is not an URL (https://…)

If you are on the webinterface, the links on the buttons, are they pointing correctly to the https address?

1 Like

I have this same issue. Hoping for a fix.

same issue here. (docker container+swag (letsencrypt+nginx container) for rProxy)

What i’ve noticed is all URL’s in the webui are pointing to HTTPS apart from the webdav and the Server address URL given at https://serverFQDN/nextcloud/settings/user/sync-clients which both reference http:// locations. I’m assuming the desktop client is using the Server Address URL as given on that sync-clients page and thats the issue, but how do we fix?

lil’ help here please on what needs to be done! :slight_smile:

edit: SOLVED for me. turns out i was missing ‘overwriteprotocol’ => ‘https’, in config.php. I’m guessing something has changed recently as my previous build notes havent covered this and nore does swags included rproxy nextcloud config.

6 Likes

I had the same issue and was able to fix it without much troubleshooting thanks to your note.

Thank you for putting the time in to write it up!

My Nextcloud servers are all behind an NGINX reverse proxy and I had to include the following in my nextcloud/config/config.php files:

  'overwrite.cli.url' => 'https://nextcloud.server.com/nextcloud',
  'overwriteprotocol' => 'https',

That worked for me but it may be because I am behind a reverse proxy.

Paul

5 Likes

Hello, I had the same problem, I have set both overwrite.cli.url and overwriteprotocol but it was still not working…

But what did fixed it for me was REMOVING overwritecondaddr parameter! After removing it, everything is working now for me.

1 Like

Hello, I have the same problem and for me adding overwriteprotocol is not working, and overwritecondaddr is not set. My nextcloud is old, 14.0.11, hope that this does not matter, I am stuck on this version and can’t upgrade.

By the way, I’m okay with just forcing the URL if I can do that somewhere, it’s just a small install for myself and all I need is this login to succeed.

This solution helped me. Thanks a lot!

I have nextcloud installed on a ubuntu 20.04 server (nextcloud) behind a ubuntu 20.04 reverse proxy server. Both use apache2. They are in separate boxes and both use private IP’s (192.168.x.x). Clients receive a certificate from the proxy and are then proxied to nextcloud using proxypass and proxypassreverse. Hence, the client uses https but from then on the two servers use http.
I have set up webdav on nextcloud.
Nextcloud at its web interface works fine and I can map the webdav directory to the nextcloud installation using Windows 10.
I have installed the nextcloud app on Windows 10 but I cannot initialise it. It refuses to accept that I am using https.
Part of the problem is that I can’t find documentation on the meaning of directives in the config. I am worried about “overwrite” because any rewrites should be handled by the proxy. Nextcloud is no use to me without the sync function which appears to be unavailable without the desktop app. I think the problem is the nextcloud config which may have been designed without attention to having a reverse proxy in a separate box. There may also be conflicts with the apache2 proxypass directive as I am not using the alternative rewrite protocol and the nextcloud config may assume I am. I don’t want to install a private cert on nextcloud because I don’t see any security problems with using http on the private LAN
my config is:
$CONFIG = array (
‘trusted_proxies’ => [‘IP of proxy’],
‘instanceid’ => ‘xyz’,
‘passwordsalt’ => ‘xyz’,
‘secret’ => ‘xyz’,
‘trusted_domains’ =>
array (
0 => ‘proxy name in /etc/hosts:8080’,
),
‘datadirectory’ => ‘/var/www/html/nextcloud/data’,
‘dbtype’ => ‘mysql’,
‘version’ => ‘22.1.1.2’,
‘overwrite.cli.url’ => ‘http://nextcloud name in /etc/hosts:8080’,
‘dbname’ => ‘xyz’,
‘dbhost’ => ‘localhost’,
‘dbport’ => ‘’,
‘dbtableprefix’ => ‘oc_’,
‘mysql.utf8mb4’ => true,
‘dbuser’ => ‘xyz’,
‘dbpassword’ => ‘’,xyz
‘installed’ => true,
‘app_install_overwrite’ =>
array (
0 => ‘twofactor_yubikey’, # I don’t know why this is here as another problem is that I can’t setup a yubikey - what does the ‘0’ mean?
),
);

I have now found the config file documentation. I have added overwriteprotocol setting it to http. So I assume that will force http back to the reverse proxy. I have also added the proxy to trusted domains in all its different forms. Neither of these things have made any difference. I still get the error that polling http! I still can’t log in to the desktop app.

Thanks, this worked for me too, url without http(s).
Best.