The macOS Desktop client has been working well for a while, but today I noticed that my macOS does not have access when on my home network.
No connection to Nextcloud at https://MY_FQDN. Connection refused.
I am running everything behind nginx, and I have found some solutions to some of the potential issues (that helped for the initial setup), e.g. adding one or both of the following lines to
'overwrite.cli.url' => 'https://MY_FQDN', 'overwriteprotocol' => 'https',
But that no longer seems to do the trick for macOS client. Android app for files and “Talk”, and at least “Talk” for iOS work fine, as does the browser access. But as soon as I connect to my home network, I loose connection to Nextcloud in macOS client.
config.php, in case anyone can see something that should be different when behind a reverse proxy.
10.0.30.67 is the machine (well, FreeBSD jail) running nextcloud,
10.0.30.21 is an Ubuntu server running nginx, and
10.0.10.0/23 is the VLAN where all devices that would ever connect with a client are (phones, laptops, etc.).
<?php $CONFIG = array ( 'passwordsalt' => 'REDACTED', 'secret' => 'REDACTED', 'trusted_domains' => array ( 0 => 'localhost', 1 => 'MY_FQDN', 2 => '10.0.10.*', 3 => '10.0.30.67', 4 => '10.0.30.21', ), 'trusted_proxies' => array ( 0 => '10.0.30.21', ), 'datadirectory' => '/mnt/files', 'dbtype' => 'mysql', 'version' => '22.214.171.124', 'overwrite.cli.url' => 'https://MY_FQDN', 'overwriteprotocol' => 'https', 'dbname' => 'nextcloud', 'dbhost' => 'localhost:/tmp/mysql.sock', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud', 'dbpassword' => 'REDACTED', 'installed' => true, 'instanceid' => 'REDACTED', 'logtimezone' => 'REDACTED', 'default_phone_region' => 'REDACTED', 'log_type' => 'file', 'logfile' => '/var/log/nextcloud/nextcloud.log', 'loglevel' => '2', 'logrotate_size' => '104847600', 'memcache.local' => '\\OC\\Memcache\\APCu', 'mail_smtpmode' => 'smtp', 'mail_smtpsecure' => 'tls', 'mail_sendmailmode' => 'smtp', 'mail_from_address' => 'home', 'mail_domain' => 'REDACTED', 'mail_smtpauthtype' => 'LOGIN', 'mail_smtphost' => 'REDACTED', 'mail_smtpport' => '587', 'mail_smtpauth' => 1, 'mail_smtpname' => 'REDACTED', 'mail_smtppassword' => 'REDACTED', 'maintenance' => false, 'theme' => '', 'twofactor_enforced' => 'true', 'twofactor_enforced_groups' => array ( ), 'twofactor_enforced_excluded_groups' => array ( ), );
As mentioned, I tried with and without the
overwrite* lines. I also did a
DELETE FROM oc_bruteforce_attempts; in mariaDB, just in case it was an ipban or something like that.
I should also mention that this is not how it always was. I set up the macOS client while on home network, and synced a few dozen GB. The only changes I remember making, that could have been since it worked (but I think I saw it working after those changes) is adding the
10.0.10.* to the
trusted_domains, and setting up TOTP. I’ve made no changes to nginx.
macOS client v3.3.6