Nextcloud version: 24.0.2
Operating system and version: Ubuntu 20.04.4
Apache version: 2.4.41
PHP version: 7.4.3
The issue you are facing: I’ve successfully been running NC since version 19. I was looking at my logs and noticed some trusted domain errors from unknown IP addresses directly to my IP (not domain name). When I open my web browser and enter my domain, I am taken to the login page for my installation. When I enter my IP address, I am taken to the web installation wizard.
Possibly I am remembering this incorrectly, but I thought there was a way to disable the web installation wizard to prevent any nefarious activities from unwanted parties. I’ve searched through the official docs, done many web searches, and searched this forum and seemingly found nothing about how to do this. Maybe I’m using the incorrect search terms, but this seems like a security risk.
Is this the first time you’ve seen this error?: Yes
If anyone has recommendations for how to disable the installation wizard, it would be appreciated.
Edit:
@just My apologies. Please see below.
Nextcloud Config FIle:
<?php
$CONFIG = array (
'instanceid' => 'my_instance_ID',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.local' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'localhost',
'port' => 6379,
),
'passwordsalt' => 'my_very_long_password_salt',
'secret' => 'my_much_longer_password_secret',
'trusted_domains' =>
array (
0 => 'nc.mydomain.co',
),
'datadirectory' => '/var/www/nextcloud/data',
'dbtype' => 'mysql',
'version' => '24.0.2.1',
'overwrite.cli.url' => 'https://nc.mydomain.co',
'dbname' => 'mydbname',
'dbhost' => 'localhost:3306',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'mydbusername',
'dbpassword' => 'mydbpassword',
'installed' => true,
'default_phone_region' => 'US',
'maintenance' => false,
'updater.secret' => 'my_super_long_updater_secret_that_you_don_t_know',
'theme' => '',
'loglevel' => 2,
);
Apache Error Log 1:
[Fri Jun 24 00:00:04.449408 2022] [mpm_prefork:notice] [pid 1888] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f con>
[Fri Jun 24 00:00:04.449513 2022] [core:notice] [pid 1888] AH00094: Command line: '/usr/sbin/apache2'
Apache Error Log 2:
[Thu Jun 23 00:00:02.164563 2022] [mpm_prefork:notice] [pid 872] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f conf>
[Thu Jun 23 00:00:02.164608 2022] [core:notice] [pid 872] AH00094: Command line: '/usr/sbin/apache2'
[Thu Jun 23 01:15:35.215935 2022] [proxy_fcgi:error] [pid 4891] (70007)The timeout specified has expired: [client 71>
[Thu Jun 23 01:30:35.668753 2022] [proxy_fcgi:error] [pid 4370] (70007)The timeout specified has expired: [client 71>
[Thu Jun 23 01:34:25.558682 2022] [mpm_prefork:notice] [pid 872] AH00169: caught SIGTERM, shutting down
[Thu Jun 23 01:34:41.913461 2022] [mpm_prefork:notice] [pid 876] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f conf>
[Thu Jun 23 01:34:41.977509 2022] [core:notice] [pid 876] AH00094: Command line: '/usr/sbin/apache2'
[Thu Jun 23 04:53:30.141316 2022] [core:error] [pid 1442] [client 185.7.214.104:39938] AH00126: Invalid URI in reque>
[Thu Jun 23 09:09:28.981131 2022] [proxy_fcgi:error] [pid 1442] [client 120.92.147.164:21774] AH01071: Got error 'Pr>
[Thu Jun 23 09:09:29.449273 2022] [proxy_fcgi:error] [pid 1908] [client 120.92.147.164:24656] AH01071: Got error 'Pr>
[Thu Jun 23 19:26:05.040200 2022] [proxy_fcgi:error] [pid 1544] [client 185.7.214.104:56140] AH01071: Got error 'Pri>
Nextcloud Error Log:
The existing error logs are unrelated to this issue. The only error logs I have relate to apps that I was testing on my instance.
Nextcloud Warning Log (there are no failures):
There are several dozen just like the following, from different IP addresses all to access my IP as host.
[core] Warning: Trusted domain error. "20.XXX.XXX.XX3" tried to access using "XX.XX.XX.XX" as host.
POST /
from 20.XXX.XXX.XX3 at 2022-06-24T00:11:11+00:00