Support intro
Sorry to hear you’re facing problems. 
The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.
If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.
Getting help
In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.
Before clicking submit: Please check if your query is already addressed via the following resources:
- Official documentation (searchable and regularly updated)
- How to topics and FAQs
- Forum search
(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).
Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can. 
The Basics
- Nextcloud Server version (e.g., 29.x.x):
- 32.0.1 (Docker container)
- Operating system and version (e.g., Ubuntu 24.04):
- Ubuntu 22.04.5
- Web server and version (e.g, Apache 2.4.25):
- Apache/2.4.65 (Debian)
- Reverse proxy and version _(e.g. nginx 1.27.2)
traefik 3.6.5
- PHP version (e.g, 8.3):
- 8.3.27
- Is this the first time you’ve seen this error? (Yes / No):
Yes
- When did this problem seem to first start?
After installing traefik as the reverse proxy
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
Docker Compose
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
No
Summary of the issue you are facing:
Hello,
I’m running Nextcloud 32.0.1.2 in a Docker container behind a Traefik reverse proxy, and I’m getting persistent security errors in the admin panel despite having everything configured correctly (as far as I can tell).
HTTPS access and URLs
Accessing site insecurely via HTTP. You are strongly advised to set up your server to require HTTPS instead. Without it some important web functionality like "copy to clipboard" or "service workers" will not work!
Setup:
-
Nextcloud: Docker container on 192.168.x.235:31000 (HTTP internally)
-
Traefik: v3.2 on 192.168.x.141 (handles SSL termination with Let’s Encrypt)
-
Public domain: cloud.someone.net (HTTPS to users)
Steps to replicate it (hint: details matter!):
Configuration in config.php:
php
'trusted_proxies' => ['192.168.x.141'],
'overwritehost' => 'cloud.someone.net',
'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://cloud.someone.net',
'forwarded_for_headers' => ['HTTP_X_REAL_IP', 'HTTP_X_FORWARDED_FOR'],
Traefik configuration:
http:
routers:
nextcloud:
rule: "Host(`cloud.someone.net`)"
entrypoints:
- websecure
service: nextcloud
middlewares:
- nextcloud_redirectregex
- nextcloud-headers
tls: {}
nextcloud-push:
rule: "Host(`cloud.someone.net`) && PathPrefix(`/push/`)"
entrypoints:
- websecure
service: nextcloud-push
priority: 100
tls: {}
signalling:
rule: "Host(`signalling.someone.net`)"
entrypoints:
- websecure
service: signalling
tls:
certResolver: letsencrypt
middlewares:
nextcloud_redirectregex:
redirectRegex:
permanent: true
regex: "https://(.*)/.well-known/(?:card|cal)dav"
replacement: "https://${1}/remote.php/dav/"
nextcloud-headers:
headers:
customRequestHeaders:
X-Forwarded-Proto: "https"
X-Forwarded-Host: "cloud.someone.net"
X-Forwarded-Ssl: "on"
X-Forwarded-For: "{realip}"
X-Real_IP: "{clientip}"
customResponseHeaders:
Strict-Transport-Security: "max-age=15552000; includeSubDomains"
services:
nextcloud:
loadBalancer:
servers:
- url: "http://192.168.x.235:31000"
nextcloud-push:
loadBalancer:
servers:
- url: "http://192.168.x.235:7867"
signalling:
loadBalancer:
servers:
- url: "http://192.168.x.235:8081"
The Problem: Admin panel shows these warnings:
-
“Accessing site insecurely via HTTP. You are strongly advised to set up your server to require HTTPS instead.”
-
“The Strict-Transport-Security HTTP header is not set (should be at least 15552000 seconds).”
What Actually Works:
-
Users access via HTTPS successfully with valid Let’s Encrypt certificates
-
All Nextcloud functionality works perfectly (sync, sharing, etc.)
-
No actual security issues
-
The warnings are cosmetic but concerning
What I’ve Tried:
-
Verified
trusted_proxiesis correct -
Confirmed all overwrite parameters are set
-
Added forwarded headers configuration
-
Checked that Traefik is sending the correct headers
-
Verified HSTS header is being sent by Traefik
Question: Is this warning expected when using HTTP backend with SSL termination at the reverse proxy? Is there an additional configuration I’m missing, or is it safe to ignore these warnings given that HTTPS is working correctly for end users?
Log entries
Nextcloud
Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.
N/A - nothing in log
Web Browser
If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.
N/A
Web server / Reverse Proxy
The output of your Apache/nginx/system log in /var/log/____:
No related errors in Traefik (clean log)
Configuration
Nextcloud
The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):
{
"system": {
"htaccess.RewriteBase": "\/",
"memcache.local": "\\OC\\Memcache\\APCu",
"filelocking.enabled": true,
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 6379,
"timeout": 0
},
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"overwritehost": "cloud.someone.net",
"overwriteprotocol": "https",
"overwritewebroot": "",
"overwrite.cli.url": "https:\/\/cloud.someone.net",
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"maintenance_window_start": 100,
"trusted_domains": [
"cloud.someone.net"
],
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"forwarded_for_headers": [
"HTTP_X_REAL_IP",
"HTTP_X_FORWARDED_FOR"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "32.0.1.2",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"default_phone_region": "GB",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpauth": 1,
"mail_smtpsecure": "ssl",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"maintenance": false,
"loglevel": 2,
"theme": "",
"forbidden_filename_basenames": [
"con",
"prn",
"aux",
"nul",
"com0",
"com1",
"com2",
"com3",
"com4",
"com5",
"com6",
"com7",
"com8",
"com9",
"com\u00b9",
"com\u00b2",
"com\u00b3",
"lpt0",
"lpt1",
"lpt2",
"lpt3",
"lpt4",
"lpt5",
"lpt6",
"lpt7",
"lpt8",
"lpt9",
"lpt\u00b9",
"lpt\u00b2",
"lpt\u00b3"
],
"forbidden_filename_characters": [
"<",
">",
":",
"\"",
"|",
"?",
"*",
"\\",
"\/"
],
"forbidden_filename_extensions": [
" ",
".",
".filepart",
".part"
],
"overwritecondaddr": "https"
}
}
Apps
The output of occ app:list (if possible).
Enabled:
- activity: 5.0.0-dev.0
- app_api: 32.0.0
- bruteforcesettings: 5.0.0-dev.0
- calendar: 6.0.2
- circles: 32.0.0
- cloud_federation_api: 1.16.0
- comments: 1.22.0
- contacts: 8.0.5
- contactsinteraction: 1.13.1
- dashboard: 7.12.0
- dav: 1.34.2
- federatedfilesharing: 1.22.0
- federation: 1.22.0
- files: 2.4.0
- files_downloadlimit: 5.0.0-dev.0
- files_pdfviewer: 5.0.0-dev.0
- files_reminders: 1.5.0
- files_sharing: 1.24.0
- files_trashbin: 1.22.0
- files_versions: 1.25.0
- firstrunwizard: 5.0.0-dev.0
- logreader: 5.0.0-dev.0
- lookup_server_connector: 1.20.0
- nextcloud_announcements: 4.0.0-dev.0
- notifications: 5.0.0-dev.0
- notify_push: 1.2.0
- oauth2: 1.20.0
- password_policy: 4.0.0-dev.0
- photos: 5.0.0-dev.1
- privacy: 4.0.0-dev.0
- profile: 1.1.0
- provisioning_api: 1.22.0
- recommendations: 5.0.0-dev.0
- related_resources: 3.0.0-dev.0
- serverinfo: 4.0.0-dev.0
- settings: 1.15.1
- sharebymail: 1.22.0
- spreed: 22.0.2
- support: 4.0.0-dev.0
- survey_client: 4.0.0-dev.0
- systemtags: 1.22.0
- text: 6.0.1
- theming: 2.7.0
- twofactor_backupcodes: 1.21.0
- updatenotification: 1.22.0
- user_status: 1.12.0
- viewer: 5.0.0-dev.0
- weather_status: 1.12.0
- webhook_listeners: 1.3.0
- workflowengine: 2.14.0
Disabled:
- admin_audit: 1.22.0
- encryption: 2.20.0
- files_external: 1.24.0
- files_rightclick: 0.15.1 (installed 1.6.0)
- suspicious_login: 10.0.0-dev.0
- twofactor_nextcloud_notification: 6.0.0-dev.0
- twofactor_totp: 14.0.0
- user_ldap: 1.23.0