Hello,
I am installing nextcloud on openmediavault as a docker image, using a ducksdns.org domain name and using subfolders. Something like âhttps://mycustomdomaing.duckdns.org/nextcloudâ.
I am using the standard docker-compose file from openmediavault: [How-To] Nextcloud with Letsencrypt using OMV and docker-compose - Guides - openmediavault and of course I configured nginx proxy for the subdirectory as well as nextcloud config.php file for trusted domains.
This is working fine but is of course not safe as trusted domain contain a star instead of IPs or a domain name
<?php
$CONFIG = array (
'memcache.local' => '\\OC\\Memcache\\APCu',
'datadirectory' => '/data',
'instanceid' => 'ocapj1ywa0lp',
'passwordsalt' => 'XXX',
'secret' => 'XXX',
'trusted_domains' =>
array (
0 => '192.168.1.80',
),
'dbtype' => 'mysql',
'version' => '22.0.0.11',
'dbname' => 'nextcloud',
'dbhost' => 'nextclouddb',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'oc_admin',
'dbpassword' => 'apo3Y6kXTPkvguOTqyl9gBSjokWYDD',
'installed' => true,
'trusted_proxies' =>
array (
0 => 'swag',
),
'overwritewebroot' => '/nextcloud',
'overwrite.cli.url' => 'https://mycustomdomain.dyndns.org/nextcloud',
'trusted_domains' =>
array (
0 => '*',
),
);
But if I replace it with
'trusted_domains' =>
array (
0 => 'mycustomdomain.dyndns.org',
),
Note: yes, trusted_domains are defined two time, but I can also merge it in a single entry with 0=> and 1=> but it has no impact at all on the final behavior.
Then I cannot log to nextcloud with the famous error âAccess through untrusted domainâ. I am looking for any log file where I can understand why the incoming request is rejected. It must have something to do with the use of swag as nextcloud works with a direct https access (and thus an untrusted certificate) or with that star.
But I canât find any technical log explaining why it is rejected and how to solve it.
Here is the full docker-compose config, just in case:
version: "2"
services:
nextcloud:
image: ghcr.io/linuxserver/nextcloud
container_name: nextcloud
environment:
- PUID=998
- PGID=100
- TZ=Europe/Paris #change Time Zone if needed
volumes:
- /srv/dev-disk-by-uuid/appdata/nextcloud/config:/config
- /srv/dev-disk-by-uuid/appdata/nextcloud/data:/data
depends_on:
- mariadb
ports: # uncomment this and the next line if you want to bypass the proxy
- 450:443
restart: unless-stopped
mariadb:
image: ghcr.io/linuxserver/mariadb
container_name: nextclouddb
environment:
- PUID=998
- PGID=100
- MYSQL_ROOT_PASSWORD=mariadbpassword #change password
- TZ=Europe/Paris #Change Time Zone if needed
volumes:
- /srv/dev-disk-by-uuid/appdata/nextclouddb:/config
restart: unless-stopped
swag:
image: linuxserver/swag #swag is the replacement for letsencrypt (see link below)
container_name: swag
cap_add:
- NET_ADMIN
environment:
- PUID=998
- PGID=100
- TZ=Europe/Paris
- URL=mycustomdomain.duckdns.org #insert your domain name - yourdomain.url
- SUBDOMAINS=www,
- VALIDATION=http
- EMAIL=mymail@mailme.fr
volumes:
- /srv/dev-disk-by-uuid/appdata/swag:/config
ports:
- 10443:443
- 10080:80
restart: unless-stopped
As it works well by disabling the trusted_domains, I hope it is quite easy to fix !
Thanks