Nextcloud version (eg, 20.0.5): 23
Operating system and version (eg, Ubuntu 20.04): 22.04
Apache or nginx version (eg, Apache 2.4.25): up to date
PHP version (eg, 7.4): 8.0
I’m trying to set up my Nextcloud via Cloudflare CDN, since I only have DS-Lite access and all users with IPv4 address have no access otherwise. Everything works so far.
When I select the domain via IPv4 user, it shows “Access through untrusted domain”. But the domain in the address line is “https://cloud.example.com”, which is also in config.php (cloud.example.com).
If I select the cloud with the same domain via IPv6 user, then I get (quite normal) access.
Can I allow all domains via wildcard?
Can I find out (show) what domain the cloud thinks it is accessed through?
Thank you very much.
Have you tried asking cloudflare or consulting their documentation?
No, because everything works from their side.
I did it according to these instructions:
But that was not my question
The best way would be to only use one domain. Either you tunnel both v4 and v6 through Cloudflare or you could probably also set a seperate AAAA record that points the same name to the IPv6 address of your DS-lite connection . And of course there is always the option to not use IPv6 at all.
Disclaimer: I’m neither an expert when it comes to Cloudflare Proxys nor when it comes to IPv6. But in general it is possible to use the same domainname for both IPv4 and IPv6
You can of course also configure your webserver and Nextcloud to use multiple names if you want. (Keywords: Apache ServerAlias and Nextcloud trusted domain) but that’s less than ideal imho.
That’s what I meant by there being a single domain:
This is really only about the questions written in bold:
If I replace the Nextcloud with an index.html, then I (no matter if Ipv6 or IPv4 user) always get to see this one file. Same content, everything is as it should be.
But if I call the domain (it’s always just an identical domain) by IPv6 user, the cloud comes as it should.
As an IPv4 user I get (for the same identical domain, at the same moment) but the said error message.
Sorry somehow I must have missed that.
Because if you are using IPv6 you are connecting directly to your server.
If you are using IPv4, you are connecting through the Cloudflare proxy. Therefore adding the Cloudflare IPs to the trusted proxies array, like suggested in the thread @devnull linked to, could indeed be the solution…
No, definitely not. When I resolve the domain via
dig, it will always point to the cloudflare domain first, even via IPv6.
Thank you, but unfortunately this is not a solution. Unfortunately, nothing has changed at all.