Steps to reproduce
- open nextcloud app on ios
- sign in to https://cloud.my.domain
- enter 2FA code from Authenticator App
Expected behaviour
Successful sign in to my account
Actual behaviour
I get the following error with topt: (actual domain replaced with my.domain and parameters after login/flow/grant? removed)
NSURLErrorDomain error
The operation couldn’t be completed.
-999.)_WKRecoveryAttempterErrorKey
<WKReloadFrameErrorRecoveryAttemp
ter: 0x28348f300>
NSErrorFailingURLStringKey https://
cloud.my.domain/login/challenge/
totp?redirect_url=/login/flow/grant?[…]
NSErrorFailingURLKey https://
cloud.my.domain/login/challenge/
totp?redirect_url=/login/flow/grant?[…]
I believe this is similar to a 502 on non apple clients
and when using email, I get this error:
The operation couldn’t be completed.
(NSURLErrorDomain error
-999.)_WKRecoveryAttempterErrorKey
NSErrorFailingURLKeyhttps://
cloud.braun.house/login/flow/grant?
clientldentifier=&user=&direct=0&state
Token=[token removed]
Are clientIdentifier etc. meant to be empty?
The weird thing is, that after I click on “ok”, it displays nextcloud as a logged in website, it just doesn’t actually link it to the app.
Sign in for non 2FA accounts works fine
Security Setups and Warnings says “all checks passed”
Server configuration
Unraid with nextcloud docker and Nginx Proxy manager
https://cloud.my.domain → Nginx Proxy Manager (with letsencrypt certificate, force https, http/2, HSTS, netfinger etc. specified according to nextcloud documentation) → http://192.168.xx.yy:httpport
Version: (see admin page)
25.0.3
Updated from an older version or fresh install:
fresh install, restored from previous server running on Ubuntu, also version 25.0.3 though
The content of config/config.php:
<?php
$CONFIG = array (
'memcache.local' => '\\OC\\Memcache\\APCu',
'datadirectory' => '/data',
'instanceid' => 'id',
'passwordsalt' => 'salt',
'secret' => 'secret,
'trusted_domains' =>
array (
0 => '192.168.xx.yy:port,
1 => 'cloud.my.domain',
),
'trusted_proxies' =>
array (
0 => '192.168.xx.yy',
),
'overwrite.cli.url' => 'https://cloud.my.domain',
'dbtype' => 'mysql',
'version' => '25.0.3.2',
'dbname' => 'nextcloud',
'dbhost' => 'ip',
'dbport' => 'port',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'dbuser',
'dbpassword' => 'dbpasswd',
'installed' => true,
'overwriteprotocol' => 'https',
'default_phone_region' => 'DE',
'twofactor_enforced' => 'false',
'twofactor_enforced_groups' =>
array (
),
'twofactor_enforced_excluded_groups' =>
array (
),
);
If you need more details, I’ll happily provide them, however, it feels like to solution is something like adding another location-forwarding thing to the nginx config…