Nextcloud version (eg, 20.0.5): 23
Operating system and version (eg, Ubuntu 20.04): docker nextcloud repositoy on Docker Hub
Apache or nginx version (eg, Apache 2.4.25): apache I think
PHP version (eg, 7.4): not sure
Since updating to version 23 I am getting the warning " You are accessing your instance over a secure connection, however your instance is generating insecure URLs. This most likely means that you are behind a reverse proxy and the overwrite config variables are not set correctly. Please read the documentation page about this ."
I believe it is the same as the issue here but the solution didn’t work for me. I am using Nextcloud behind the docker nginx-proxy + acme-companion. I have had this instance for several versions.
What does the warning mean? Does it mean some of the links have http
instead of https
? My favicon is using http
for some reason, but all the other links appear to be https
. Does it mean my URL path is insecure? My URLs look like this: https://sub.domain.net/index.php/settings/admin/overview. Is the index.php
supposed to be there?
Any help would be appreciated so I can better debug this issue.
config.php:
<?php
$CONFIG = array (
'datadirectory' => '/var/www/html/data',
'memcache.local' => '\\OC\\Memcache\\APCu',
'instanceid' => 'xxx',
'passwordsalt' => 'xxx',
'secret' => 'xxx',
'trusted_domains' =>
array (
0 => 'sub.domain.net',
),
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'overwrite.cli.url' => 'https://sub.domain.net',
'dbtype' => 'mysql',
'version' => '23.0.10.1',
'dbname' => 'nextcloud',
'dbhost' => 'db',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'xxx',
'dbpassword' => 'xxx',
'installed' => true,
'mail_from_address' => 'postmaster',
'logtimezone' => 'Etc/UTC',
'logdateformat' => 'Y-m-d H:i:s',
'mail_smtpmode' => 'smtp',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpsecure' => 'tls',
'mail_domain' => 'sub.domain.net',
'mail_smtpauth' => 1,
'mail_smtphost' => 'xxx',
'mail_smtpname' => 'xxx',
'mail_smtppassword' => 'xxx',
'default_phone_region' => 'US',
'loglevel' => 0,
'maintenance' => false,
'theme' => '',
'updater.release.channel' => 'stable',
'app_install_overwrite' =>
array (
0 => 'spreed',
1 => 'twofactor_totp',
),
);
docker-compose.yml
version: '3.7'
x-volumes:
&nextcloud-volumes
- /mnt/data/ansible/nextcloud/custom_apps:/var/www/html/custom_apps
- /mnt/data/ansible/nextcloud/config:/var/www/html/config
- /mnt/data/ansible/nextcloud/data:/var/www/html/data
- /mnt/data/ansible/nextcloud/themes:/var/www/html/themes
- /mnt/data/ansible/nextcloud/root:/var/www/html
services:
db:
image: mariadb:10.6
environment:
MYSQL_ROOT_PASSWORD: "xxx"
MYSQL_DATABASE: xxx
MYSQL_USER: xxx
MYSQL_PASSWORD: "xxx"
volumes:
- /mnt/data/ansible/nextcloud/mariadb_data:/var/lib/mysql
networks:
- default
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed
app:
image: nextcloud:23
links:
- db
environment:
VIRTUAL_HOST: sub.domain.net
VIRTUAL_PORT: 80
LETSENCRYPT_HOST: xxx
LETSENCRYPT_EMAIL: xxx
NEXTCLOUD_ADMIN_USER: xxx
NEXTCLOUD_ADMIN_PASSWORD: "xxx"
MYSQL_DATABASE: xxx
MYSQL_USER: xxx
MYSQL_PASSWORD: "xxxx"
MYSQL_HOST: db
# Changes since version 23
# https://github.com/nextcloud/docker/issues/1672#issuecomment-1080467468
TRUSTED_PROXIES: sub.domain.net
OVERWRITECLIURL: https://sub.domain.net
OVERWRITEPROTOCOL: https
# I think this hooks in at a slightly different place
NEXTCLOUD_TRUSTED_DOMAINS: sub.domain.net
# maybe you also want this
OVERWRITEHOST: sub.domain.net
volumes:
*nextcloud-volumes
networks:
- nginx-proxy
- default
restart: always
cron:
image: nextcloud
restart: always
volumes:
*nextcloud-volumes
depends_on:
- app
entrypoint: |
bash -c 'bash -s <<EOF
trap "break;exit" SIGHUP SIGINT SIGTERM
while /bin/true; do
su -s "/bin/bash" -c "/usr/local/bin/php /var/www/html/cron.php" www-data
echo $$(date) - Running cron finished
sleep 900
done
EOF'
networks:
nginx-proxy:
external: true
default:
volumes:
nextcloud-root:
Extra vhost configuration for nginx-proxy:
client_max_body_size 10G;
# Fix for some clients not able to find sync URL
# https://docs.nextcloud.com/server/21/admin_manual/issues/general_troubleshooting.html#service-discovery
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}