Login impossible behind reverse proxy

mgrunwald · February 10, 2019, 6:08pm

Support intro

Sorry to hear you’re facing problems

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can

Nextcloud version: 15,0,1,2
Operating system and version: Debian 9.7
Apache or nginx version: 2.4.25-3+deb9u6
PHP version: 7.0.33-0+deb9u1

The issue you are facing:
Behind a reverse proxy, it is not possible to log in. After I have entered the credentials, I immediately land on the login page again

Is this the first time you’ve seen this error? Y

Steps to replicate it:

Configuration of nextcloud: (config.php):
<?php
$CONFIG = array (
  'instanceid' => 'ocgknq3u6yak',
  'passwordsalt' => 'OyW0QL9yU+VbFYr9nwtlVq+bMVU5mN',
  'secret' => 'V4zymVa/EooI2GUoIUMILYuLSHP43CYFuPxXGE8aCpGE8V5P',
  'trusted_domains' => 
  array (
          0 => 'zem',
          1 => 'nuvola.bob.fritz.box',
  ),
  'datadirectory' => '/srv/nuvola',
  'dbtype' => 'mysql',
  'version' => '15.0.1.2',
  'overwrite.cli.url' => 'http://nuvola.bob.fritz.box',
  'dbname' => 'nextcloud_nuvola',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud_nuvola_admin',
  'dbpassword' => 'FepBin.ojBap1',
  'installed' => true,

  'trusted_proxies' => ['192.168.178.0/24'],
  "overwritehost"     => "nuvola.bob.fritz.box",
  "overwriteprotocol" => "http",
  "overwritewebroot"  => "/",
  "overwritecondaddr" => "^192\.167\.178\.20$", 
);

Configuration of the reverse proxy:

<VirtualHost *:80>
    ServerName nuvola.bob.fritz.box

    ProxyPass "/"  "http://zem/nuvola/"
    ProxyPassReverse "/"  "http://zem/nuvola"
    ProxyPassReverseCookiePath "/" "/nuvola"
</VirtualHost>

The output of your Nextcloud log in Admin > Logging: impossible to reach.

Apache log on zem:

zem:80 192.168.178.20 - - [10/Feb/2019:19:04:18 +0100] "POST /nuvola/index.php/login?redirect_url=/nuvola/index.php/apps/files/ HTTP/1.1" 303 1427 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.53 Safari/537.36"
zem:80 192.168.178.20 - - [10/Feb/2019:19:04:18 +0100] "GET /nuvola/nuvola/index.php/apps/files/ HTTP/1.1" 302 949 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.53 Safari/537.36"
zem:80 192.168.178.20 - - [10/Feb/2019:19:04:18 +0100] "GET /nuvola/index.php/login HTTP/1.1" 200 5420 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.53 Safari/537.36"
zem:80 192.168.178.20 - - [10/Feb/2019:19:04:19 +0100] "GET /nuvola/cron.php HTTP/1.1" 200 1405 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.53 Safari/537.36"

Same on Bob:

nuvola.bob.fritz.box:80 127.0.0.1 - - [10/Feb/2019:19:04:18 +0100] "POST /index.php/login?redirect_url=/nuvola/index.php/apps/files/ HTTP/1.1" 303 1451 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.53 Safari/537.36"
nuvola.bob.fritz.box:80 127.0.0.1 - - [10/Feb/2019:19:04:18 +0100] "GET /nuvola/index.php/apps/files/ HTTP/1.1" 302 949 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.53 Safari/537.36"
nuvola.bob.fritz.box:80 127.0.0.1 - - [10/Feb/2019:19:04:18 +0100] "GET /index.php/login HTTP/1.1" 200 5444 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.53 Safari/537.36"
nuvola.bob.fritz.box:80 127.0.0.1 - - [10/Feb/2019:19:04:19 +0100] "GET /cron.php HTTP/1.1" 200 1429 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.53 Safari/537.36"

“Zem” is where nextcloud is running. “Bob” is where the reverse proxy is running.

The nextcloud log is empty:

 % ll data/nextcloud.log
-rw-r--r-- 1 www-data www-data 0 Jan 11 16:12 data/nextcloud.log

mgrunwald · February 16, 2019, 11:32am

Because of the tremendous feedback, I’ll try my luck at

yourcloudasia · February 18, 2019, 1:48am

Should that not be 192.168.178.20?

It looks like the login is successful, but this line in the log doesn’t look right.

Also, have you got any logs from the client?

kevdog · February 18, 2019, 3:36am

It looks like you are running apache on the reverse proxy. What are you running on the nextcloud box?

mgrunwald · February 18, 2019, 7:47pm

Yes, you’re right with the IP. Unfortunately, correcting the IP didn’t solve the problem.

I’ll generate logs on the client later and report back.

mgrunwald · February 18, 2019, 7:48pm

It’s apache, too:

Alias /nuvola “/srv/www/nuvola/htdocs”

<Directory /srv/www/nuvola/htdocs/>
  Options +FollowSymlinks
  AllowOverride All

 <IfModule mod_dav.c>
  Dav off
 </IfModule>

 SetEnv HOME /srv/www/nuvola/htdocs
 SetEnv HTTP_HOME /srv/www/nuvola/htdocs

</Directory>