Good morning,
I use a docker-compose from nextcloud as follows:
front => apache:
<VirtualHost *:443>
ServerAdmin pou....
DocumentRoot /var/www/html
ServerAlias frontend.tld
RewriteEngine on
ErrorLog logs/cloud-dock-error_log
CustomLog logs/cloud-dock-access_log common
LogLevel warn
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
SSLEngine on
...
...
...
SetEnvIf Host "^(.*)$" THE_HOST=$1
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Host %{THE_HOST}e
ProxyAddHeaders Off
ProxyPassMatch (.*)(\/websocket)$ "ws://backend.tld:8082/$1$2"
ProxyPass / "http://backend.tld:8082/"
ProxyPassReverse / "http://backend.tld:8082/"
</VirtualHost>
back => docker compose:
https://github.com/nextcloud/docker/tree/master/.examples/docker-compose/insecure/postgres/fpm
everything seems to work, but I have these errors in Nextcloud->admin->overview:
-You access your instance via a secure connection, yet it generates insecure URLs. This probably means that you are behind a reverse proxy and that the rewrite variables are not set correctly. Refer to the documentation page on this subject .
-Your web server is not configured correctly to resolve â/.well-known/webfingerâ. More information can be found on our documentation.
-Your web server is not configured correctly to resolve â/.well-known/nodeinfoâ. More information can be found on our documentation.
-Your web server is not configured correctly to resolve â/.well-known/caldavâ. More information can be found on our documentation.
-Your web server is not configured correctly to resolve â/.well-known/carddavâ. More information can be found on our documentation.
and in Chrome (dev console) I have these errors:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: âattribution-reportingâ.
Error with Permissions-Policy header: Origin trial controlled feature not enabled: ârun-ad-auctionâ.
Error with Permissions-Policy header: Origin trial controlled feature not enabled: âjoin-ad-interest-groupâ.
Error with Permissions-Policy header: Origin trial controlled feature not enabled: âbrowsing-topicsâ.
bootstrap:19 JQMIGRATE: Migrate is installed, version 3.4.1
session-heartbeat.js:103 session heartbeat polling started
overview:1 Refused to connect to âhttp://backend.tld/index.php/.well-known/webfingerâ because it violates the following Content Security Policy directive: âconnect-src âselfââ.overview:1 Refused to connect to âhttp://backend.tld/index.php/.well-known/nodeinfoâ because it violates the following Content Security Policy directive: âconnect-src âselfââ.
NotificationsApp.vue:470 Notifications permissions not yet requested
overview:1 Refused to connect to âhttp://backend.tld/remote.php/dav/â because it violates the following Content Security Policy directive: âconnect-src âselfââ.overview:1 Refused to connect to âhttp://backend.tld/remote.php/dav/â because it violates the following Content Security Policy directive: âconnect-src âselfââ.
GET https://frontend.tld/data/.ocdata?t=1707749893587 404 (Not Found)
send@jquery.js:9940
ajax@jquery.js:9521
(anonymous) @jquery-migrate.min.js:2
e. @jquery-migrate.min.js:2
checkDataProtected@setupchecks.js?v=67d23e84-0:392
(anonymous) @admin.js:114
Show 4 more frames
Show less
settings:1 Manifest: property âstart_urlâ ignored, should be same origin as document.
I tried to configure the âcontent-security-policyâ headers in nginx but itâs worse, I think I didnât put the right directive.
If anyone has an architecture similar to mine with working headers, I would like some help.
Fred