Infinite Redirect to login behind nginx reverse proxy in docker

Hi there,

I set up a raspberry pi with two docker images: nginx and nextcloud/postgres.
nginx looks like:

    # Datei: /data/RevProx/docker-compose.yml
    version: "3"
    services:
            proxy:
                    image: nginx:1
                    restart: always
                    ports:
                            - "80:80"
                            - "443:443"
                    volumes:
                            - ./conf.d:/etc/nginx/conf.d
                            - certs:/etc/letsencrypt
                            - certs-data:/data/letsencrypt
    volumes:
            certs:
            certs-data:

and its configuration:

    server {
            listen [::]:80;
            listen 80;
            server_name myserver.homelinux.net;
            location / {
                    return 301 https://$host$request_uri;
            }
    }
    server {
            listen [::]:443 ssl;
            listen 443 ssl;
            server_name myserver.homelinux.net;
            ssl_certificate ...
            ssl_certificate_key ...
            include /etc/letsencrypt/options-ssl-nginx.conf;
            ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
            client_max_body_size 512M;
            rewrite ^/\.well-known/caldav((/|$).*)$ /nextcloud/remote.php/dav$1 last;
            rewrite ^/\.well-known/carddav((/|$).*)$ /nextcloud/remote.php/dav$1 last;
            location /nextcloud {
                    proxy_set_header        Host $host;
                    proxy_set_header        X-Real-IP $remote_addr;
                    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header        X-Forwarded-Proto $scheme;
                    proxy_set_header        X-Forwarded-Host $server_name;
                    proxy_pass http://nextcloud_app_1.revprox_default;
            }
            location / {
                   # other Raspi. Works.
            }
    }

Now the nextcloud container:

    # Datei: data/nextcloud/docker-compose.yml
    version: '3'
    services:
            db:
                    image: postgres:10-alpine
                    restart: always
                    volumes:
                            - nextcloud_db:/var/lib/postgresql/data
                    environment:
                            - POSTGRES_PASSWORD=xxYxx
                            - POSTGRES_DB=nextcloud
                            - POSTGRES_USER=nextcloud
             app:
                    image: nextcloud:18-apache
                    volumes:
                            - nextcloud:/var/www/html
                            - nextcloud_data:/var/www/html/data
                    restart: always
                    ports:
                            - 8080:80
                    networks:
                            - revprox_default
                            - default
                    environment:
                            - POSTGRES_DB=nextcloud
                            - POSTGRES_USER=nextcloud
                            - POSTGRES_PASSWORD=xxYxx
                            - POSTGRES_HOST=db
                            - NEXTCLOUD_ADMIN_USER=yyy
                            - NEXTCLOUD_ADMIN_PASSWORD=zzz
                            - NEXTCLOUD_TRUSTED_DOMAINS=tsht2
    volumes:
            nextcloud_db:
                    external: true
            nextcloud:
                    external: true
            nextcloud_data:
                    external: true
    networks:
            revprox_default:
                    external: true

and the main parts of nextclouds config.php:

    <?php
    $CONFIG = array (
      'htaccess.RewriteBase' => '/nextcloud',
      'memcache.local' => '\\OC\\Memcache\\APCu',
      'trusted_domains' => 
      array (
        0 => 'localhost',
        1 => '192.168.200.14',
        2 => 'myserver.homelinux.net',
      ),
      'trusted_proxies' =>
      array(
        0 => '172.18.0.2',
      ),
      'version' => '18.0.1.3',
      'overwrite.cli.url' => 'https://myserver.homelinux.net/nextcloud',
      'overwritehost' => 'myserver.homelinux.net',
      'overwritewebroot' => '/nextcloud',
      'overwriteprotocol' => 'https',
);

First, I accessed the nextcloud container directly local and could install it successfully.
Then, I tried to access it via the reverse proxy. So I inserted the overwrite* parameters as I found it in the nextcloud documentation.

At the moment, when I access myserver.homelinux.net/nextcloud, it redirects to the https variant (301), then to /nextcloud/login (302).
Then it redirects to https://myserver.homelinux.net/nextcloud/login (302), and so on until the browser ends with a error (“Umleitungsfehler”).

I checked the network traffic with wireshark.
The Request:

    Hypertext Transfer Protocol
        GET /nextcloud/login HTTP/1.0\r\n
        Host: myserver.homelinux.net\r\n
        X-Real-IP: 00.42.177.96\r\n
        X-Forwarded-For: 00.42.177.96\r\n
        X-Forwarded-Proto: https\r\n
        Connection: close\r\n
        User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0\r\n
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n
        Accept-Language: de,en-US;q=0.7,en;q=0.3\r\n
        Accept-Encoding: gzip, deflate, br\r\n
         [truncated]Cookie: [...]
        Upgrade-Insecure-Requests: 1\r\n
        \r\n
        [Full request URI: http://myserver.homelinux.net/nextcloud/login]
        [HTTP request 1/1]
        [Response in frame: 81]

And the Response:

    Hypertext Transfer Protocol
        HTTP/1.1 302 Found\r\n
        Date: Sun, 17 May 2020 13:13:22 GMT\r\n
        Server: Apache/2.4.38 (Debian)\r\n
        X-Powered-By: PHP/7.3.14\r\n
        Expires: Thu, 19 Nov 1981 08:52:00 GMT\r\n
        Cache-Control: no-store, no-cache, must-revalidate\r\n
        Pragma: no-cache\r\n
         [truncated]Content-Security-Policy: [...]
        Referrer-Policy: no-referrer\r\n
        X-Content-Type-Options: nosniff\r\n
        X-Download-Options: noopen\r\n
        X-Frame-Options: SAMEORIGIN\r\n
        X-Permitted-Cross-Domain-Policies: none\r\n
        X-Robots-Tag: none\r\n
        X-XSS-Protection: 1; mode=block\r\n
        Location: https://myserver.homelinux.net/nextcloud/login\r\n
        Content-Length: 0\r\n
        Connection: close\r\n
        Content-Type: text/html; charset=UTF-8\r\n
        \r\n
        [HTTP response 1/1]
        [Time since request: 0.121199000 seconds]
        [Request in frame: 78]
        [Request URI: http://myserver.homelinux.net/nextcloud/login]

So… it redirects to exactly the URL of the request.

I googled around and read many posts, but I think I have done the configs in the way most of them suppose. I fiddled around a bit, but any try made it worse.

What happens? What have I configured wrong?

Thanks.

BTW: The links won’t work, since I replaced the real domain name

Hm…
Is the question to difficult? or too easy?
Too less information? or to many?

Can anyone help me please?

BTW: I deleted cookies and cache. I tried with firefox (win and linux) and edge. No success.

Well… I still don’t know, what happend.
In the meantime I changed my Hoster. My new one can use CNAME entries for subdomains, so I can use an URL without path.

I changed the entries in config.php accordingly, now anything works.

This hasn’t been closed off… And I was experiencing a very similar issue.

My problem was that in the nginx.conf file, I didn’t end the proxy_pass URI with a /… Yep, one character cost me several hours of head banging.

The missing / is also evident in OP’s nginx.conf file… And I’m curious if it would’ve fixed it if it had been there.

Anyways, all fixed now on my end.

Very interesting… I don’t have a / at the end of the proxy_pass anywhere, and it works (now).

That would leave the question for the Cracks: Should there be a / or shouldn’t it?