How to disable "You are accessing the server from an untrusted domain."?

aaronraimist · November 2, 2016, 1:26am

I have the Nextcloud snap package installed on a server running Ubuntu 16.04.1 LTS. How can I disable the “You are accessing the server from an untrusted domain.” page that pops up when you open up a domain hosted on the same server but not in the trusted_domains list. I want Nextcloud to only show up on one single subdomain (the only domain in the trusted_domains list) and not affect any other page.

I assume I would want to edit the VirtualHost, inside the following config file, to specify a ServerName. The problem is when using the snap package, this file is readonly.
This file is located at /snap/nextcloud/current/conf/httpd.conf on my machine.

github.com

nextcloud/nextcloud-snap/blob/master/src/apache/conf/httpd.conf

# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used.  If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "${SNAP}"

#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to 
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80

This file has been truncated. show original

How can I
(a): edit this file
or
(b): disable this page in another way?

samerg · November 3, 2016, 7:14am

As far as I know you need to edit your config.php file and add your domain to this list (in fact I have three entries because of different domains pointing to the same IP, as well as an IP address for clients who connect locally):

  'trusted_domains' => 
  array (
    0 => 'your.domain.de',
    1 => 'another.dns.de',
    2 => '192.168.168.30',
  ),

This is what I did on my setup and it solved the issue.

Regards,
Sascha

aaronraimist · November 3, 2016, 3:32pm

I do have that subdomain in the list of trusted domains. Maybe I should clarify, I can access Nextcloud fine on that subdomain. The problem is that this “untrusted domain” page appears on the every single subdomain. Nextcloud just takes all traffic pointed at this box and returns this “untrusted domain” page. I only want Nextcloud to display any type of interface on one single subdomain. I don’t want it to display the “untrusted domain” page on any subdomains or domains that are hosted on this server.

nickvergessen · November 4, 2016, 7:06am

Try to replacing the * with the actual domain in

github.com

nextcloud/nextcloud-snap/blob/master/src/apache/conf/httpd.conf#L182


# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn


#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig conf/mime.types


# Disable HTTP TRACE method.
TraceEnable off


# Disable HTTP TRACK method.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACK
RewriteRule .* - [R=405,L]


# Only enable SSL if requested

And when you use SSL, also in

github.com

nextcloud/nextcloud-snap/blob/master/src/apache/conf/ssl.conf#L75


# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512


# Virtual host for HTTP. All it does it redirect to HTTPS.
<VirtualHost *:${HTTP_PORT}>
RewriteEngine on
# Disable HTTP TRACK method.
RewriteCond %{REQUEST_METHOD} ^TRACK
RewriteRule .* - [R=405,L]
# Redirect everything else to HTTPS
RewriteRule ^ https://%{SERVER_NAME}:${HTTPS_PORT}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>


# Virtual host for HTTPS.
<VirtualHost *:${HTTPS_PORT}>

and

github.com

nextcloud/nextcloud-snap/blob/master/src/apache/conf/ssl.conf#L81


SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512


# Virtual host for HTTP. All it does it redirect to HTTPS.
<VirtualHost *:${HTTP_PORT}>
RewriteEngine on
# Disable HTTP TRACK method.
RewriteCond %{REQUEST_METHOD} ^TRACK
RewriteRule .* - [R=405,L]
# Redirect everything else to HTTPS
RewriteRule ^ https://%{SERVER_NAME}:${HTTPS_PORT}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>


# Virtual host for HTTPS.
<VirtualHost *:${HTTPS_PORT}>


# Disable HTTP TRACK method.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACK
RewriteRule .* - [R=405,L]

aaronraimist · November 5, 2016, 12:30am

Yeah that is what I was trying to do except since I have Nextcloud installed via the snap package so these files are readonly. @nickvergessen Do you know how to disable the readonly protection on these files?

jdkratz · December 30, 2016, 2:07am

I don’t know if this is helpful, but I ran into the same issue after installing via the snap package and then turning on TLS with LetsEncrypt. On the “You are accessing the server from an untrusted domain” page, under the error message there’s an option to add the domain (or something along those lines). After clicking that I had to temporarily add the ‘invalid’ cert to my browser, but after that it pulled up the config page in NextCloud and let me add the domain. After that everything is working fine with TLS (and I checked from another machine to make sure it wasn’t from the cert I added).

I realize that doesn’t really answer your question about the read-only filesystem; I tried re-mounting it as rw but couldn’t get that to work, although I’m not very clear on exactly how snaps work.

Greg_Fordyce · January 4, 2017, 5:58pm

What is the location of the config.php file?

Greg_Fordyce · January 9, 2017, 7:41pm

Bump.

Location of config.php on nextcloud box please.

Vincent_Stans · January 9, 2017, 10:54pm

the config.php is found in the nextcloud root directory ex /nextcloud/config/config.php
mostly location is set at /var/www/[nextcloud_root]

Greg_Fordyce · January 10, 2017, 7:47pm

This is what I get when I ssh into my machine. I only see 2 folders php and redis but no config.php file?

ubuntu@nextcloud:/snap/nextcloud/current/config$ dir
php  redis
ubuntu@nextcloud:/snap/nextcloud/current/config$

Vincent_Stans · January 12, 2017, 3:44am

you can find all the config.php files using find
sudo find /snap/nextcloud -name config.php
This may help you find the config your looking for.

Use “find [NC_ROOT_LOCATION] -name [FILE_NAME]”

ex. output ( NOT a snap installation output)
/var/www/nextcloud/config/config.php
/var/www/nextcloud/apps/files_external/lib/config.php
/var/www/nextcloud/apps/gallery/controller/config.php

I found a place where they say /var/snap/nextcloud/current/nextcloud/config/config.php
as I do not use snap myself I can’t confirm.

Stuart_Naylor · January 12, 2017, 4:18am

If you are struggling with linux commands and stuff and want something a little easier maybe have a look at installing webmin.
Just search your distro and webmin “ubuntu webmin”.

The file manager in there is really easy to use and quick security is just to make it run on specific Ip addresses or local subnet which is also easy.

The bit you need is what either apache or nginx are serving and its in etc/apache/sites-available as your nextcloud app should be having those domains pop in.

Greg_Fordyce · January 12, 2017, 8:16am

Thanks Vincent_Stans, I was going to try that last night but I managed to brick my install. I’ll try that tonight and report back.

Greg_Fordyce · January 12, 2017, 8:18am

I’ve thought about using webmin and might give it a go.

Greg_Fordyce · January 12, 2017, 9:37pm

Found it, on my NC Box the config.php file is found in 2 folders.

/var/snap/nextcloud/550/nextcloud/config/config.php
/var/snap/nextcloud/136/nextcloud/config/config.php

clessley · April 5, 2017, 6:01pm

Snap install on encrypted Ubuntu MATE 16.04 64-bit using self signed cert with OTP inside Virtualbox v5.1.18 guest on Windows 7 32-bit host.

The config.php file was located for me at: /snap/nextcloud/1182/config/

Since the snap location is read only even for sudo/root, manually editing the config.php file isn’t possible. As I understand it, this is by Canonical snap design (and rightly so).

You can simply take the url:

https://localhost/index.php/settings/admin?trustDomain=xxx.xxx.x.xxx

and enter this from inside your local nextcloud browser, changing the xxx IP to whatever you need to be trusted.

The admin page will refresh and a little dialog will prompt to really trust the domain, select yes.

Back on your host OS, enter the IP of the nexcloud install as before; the untrusted domain warning page won’t appear. Amusingly in my particular setup the xxx IP is the same as the inet addr: using ifconfig command from within the linux guest.