How to host site alongside nextcloud? How to disable “You are accessing the server from an untrusted domain” on nginx?

OskOskOsk · January 24, 2022, 2:14pm

Nextcloud version: 23.0.0
Operating system and version: FreeNAS Jail 12.2 (FreeBSD)
Nginx version: 1.20.2_6,2

I have the Nextcloud plugin installed on TrueNAS server. How can I disable the “You are accessing the server from an untrusted domain.” that popup on untrusted domains? I want Nextcloud to only show up on one single subdomain: nextcloud.example.com and use other subdomains for hosting diferent websites e.g. portfolio.example.com (hosted from freeNAS jails)

nextcloud.conf

upstream php-handler {
    server 127.0.0.1:9000;
    #server unix:/var/run/nextcloud-php-fpm.sock;
}

# Redirect to HTTPS
server {
    listen 80 default_server;
    listen [::]:80;
    server_name nextcloud.example.com;

    # Enforce HTTPS
    return 301 https://$server_name$request_uri;


}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name nextcloud.example.com;

    # HSTS settings
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;" always;

    include conf.d/nextcloud.inc;
}

nextcloud.inc

# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json appli>

# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;

# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy                      "no-referrer"   always;
add_header X-Content-Type-Options               "nosniff"       always;
add_header X-Download-Options                   "noopen"        always;
add_header X-Frame-Options                      "SAMEORIGIN"    always;
add_header X-Permitted-Cross-Domain-Policies    "none"          always;
add_header X-Robots-Tag                         "none"          always;
add_header X-XSS-Protection                     "1; mode=block" always;

# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;

# Path to the root of your installation
root /usr/local/www/nextcloud/;

# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;

# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
    if ( $http_user_agent ~ ^DavClnt ) {
        return 302 /remote.php/webdav/$is_args$args;
    }
}

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
    # The rules in this block are an adaptation of the rules
    # in `.htaccess` that concern `/.well-known`.

    # Needed to prevent including the scheme, domain and port in the Location header.
    absolute_redirect off;
    location = /.well-known/carddav { return 301 /remote.php/dav/; }
    location = /.well-known/caldav  { return 301 /remote.php/dav/; }

    location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
    location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

    # Let Nextcloud's API for `/.well-known` URIs handle all other
    # requests by passing them to the front-end controller.
    return 301 /index.php$request_uri;

devnull · January 24, 2022, 2:23pm

Sorry i do not use FreeNAS.

But on normal Nextclouds there is a config/config.php:

  'trusted_domains' => 
  array (
    0 => 'nextcloud.example.com',
  ),

Is there a file /usr/local/www/nextcloud/config/config.php?

OskOskOsk · January 24, 2022, 2:56pm

I have acces to ‘nextcloud.example.com’ and it works but i dont wont to have untrusted domains popup on all other subnets/domains. How can i set nextcloud to go only to nextcloud.example.com?