The Basics
- Nextcloud Server version (e.g., 29.x.x):
I am not sure where to look for this, but I run the latest channel and have it up to date
- Operating system and version (e.g., Ubuntu 24.04):
Ubuntu 20.04.3 LTS
- Web server and version (e.g, Apache 2.4.25):
Apache 2.4.63
- Reverse proxy and version _(e.g. nginx 1.27.2)
Caddy 2.9.1
- PHP version (e.g, 8.3):
replace me
- Is this the first time you’ve seen this error? (Yes / No):
Yes
- When did this problem seem to first start?
about a month ago
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
AIO
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
I am using CloudFlare
Summary of the issue you are facing:
I used a LLM to make this part of text more readable and understandable.
This is a follow-up to Most of the UI on nextcloud is invisible · nextcloud/all-in-one · Discussion #5891 · GitHub.
I was busy with other tasks since then, but I finally found time to revisit my setup. Previously, I ran everything on a single system, which meant that if one service failed, I lost everything. To improve reliability, I decided to migrate to Proxmox VMs.
I installed Proxmox on my server and created a VM using an Ubuntu ISO, allocating 4GB of RAM, 400GB of storage, and an x86-64-v2 CPU. After setting up Ubuntu, I followed the GitHub guide but skipped step 2. I was able to access the AIO interface, forward my USB HDD backup to the VM via Proxmox, and successfully verify the backup. All tests passed, so I proceeded with the restoration.
After restoring, I updated my Cloudflare (CF) DNS settings to point to my server and configured my router to forward ports 443 and 80 to the VM. However, this setup didn’t work. During troubleshooting, I disabled the CF DNS proxy, enabled Developer Mode, and set SSL/TLS to “Flexible.” I soon realized my mistake—I had forgotten to use Caddy.
To fix this, I deleted the Docker container and recreated it using the reverse proxy example from the AIO GitHub, as it suited my needs perfectly. I then configured Caddy via the Caddyfile to forward traffic to Apache on port 11000.
Despite these adjustments, I continued to experience timeout errors. However, when I tested access via cellular data, and it worked—I was able to see the login screen and login. That’s when I realized my ISP does not allow me to connect to my public IP from within my network. To resolve this, I re-enabled the CF DNS proxy and while I was there I changed the SSL/TLS setting to “Full.” This allowed my domain to work properly on all devices inside and outside my network.
However, after these changes, the Nextcloud UI disappeared. I reverted the configuration but now I get error 521 from CF in my network. Outside of my network site was now accessible normally. I used this opportunity to selectively turn features back on. First I enabled the DNS Proxy - The side worked outside, but not inside of the local network. I disabled it and now tried to set SSL/TLS to Full.
This has resulted in to site working inside and outside of my local network. But without UI. This setting somehow causes problems. Weirdly, my site works even without Proxy which I thought was required to bypass the ISPs restriction that disallows me to connect to myself, but apparently, I may have misunderstood what is happening.
At this point, I have no idea what could have gone wrong or where to continue troubleshooting. It might be a coincidence, but I’d appreciate any guidance on what to check next.
Steps to replicate it (hint: details matter!):
This seems to be a me-only issue, so I don’t think this is really replicable. Details about how this happened are in summary.
- Install nextcloud AIO
- Load backup
- Change CF SSL/TLS to Full
- UI is not working
Log entries
Nextcloud
Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.
I cannot get there.
Web Browser
If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.
The console suggests that the request to get /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js was blocked. There is also a second request blocked, but that was done via my addon, uBlock Origin.
Loading failed for the <script> with source “https://cloud.martinrusnak.eu/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js”. login:93:135
Content-Security-Policy: The page’s settings blocked a script (script-src-elem) at https://cloud.martinrusnak.eu/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js from being executed because it violates the following directive: “script-src-elem 'strict-dynamic' 'nonce-20YOEffUUy0Fq5yWNkVu6M4NXf6TYBLtzNSMK8ficmA='” login
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015. (Reason: CORS request did not succeed). Status code: (null).
^ This one is blocked by uBlock
None of the “sha512” hashes in the integrity attribute match the content of the subresource. The computed hash is “z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==”. login
Web server / Reverse Proxy
I’ve edited the caddyfile to create a log file for the domain, there is nothing useful. No errors, just info entries about what ip, port and useragent asked to visit a webiste.
Configuration
Nextcloud
The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):
{
"system": {
"one-click-instance": true,
"one-click-instance.user-limit": 100,
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"check_data_directory_permissions": false,
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"password": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"overwritehost": "cloud.martinrusnak.eu",
"overwriteprotocol": "https",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
"cloud.martinrusnak.eu"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "pgsql",
"version": "30.0.5.1",
"overwrite.cli.url": "https:\/\/cloud.martinrusnak.eu\/",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"maintenance": false,
"loglevel": 2,
"log_type": "file",
"logfile": "\/var\/www\/html\/data\/nextcloud.log",
"log_rotate_size": 10485760,
"log.condition": {
"apps": [
"admin_audit"
]
},
"preview_max_x": 2048,
"preview_max_y": 2048,
"jpeg_quality": 60,
"enabledPreviewProviders": {
"1": "OC\\Preview\\Image",
"2": "OC\\Preview\\MarkDown",
"3": "OC\\Preview\\MP3",
"4": "OC\\Preview\\TXT",
"5": "OC\\Preview\\OpenDocument",
"6": "OC\\Preview\\Movie",
"7": "OC\\Preview\\Krita",
"0": "OC\\Preview\\Imaginary",
"23": "OC\\Preview\\ImaginaryPDF"
},
"enable_previews": true,
"upgrade.disable-web": true,
"mail_smtpmode": "smtp",
"trashbin_retention_obligation": "auto, 30",
"versions_retention_obligation": "auto, 30",
"activity_expire_days": 30,
"simpleSignUpLink.shown": false,
"share_folder": "\/Shared",
"one-click-instance.link": "https:\/\/nextcloud.com\/all-in-one\/",
"upgrade.cli-upgrade-link": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/2726",
"updatedirectory": "\/nc-updater",
"maintenance_window_start": 100,
"allow_local_remote_servers": true,
"davstorage.request_timeout": 3600,
"htaccess.RewriteBase": "\/",
"dbpersistent": false,
"auth.bruteforce.protection.enabled": true,
"ratelimit.protection.enabled": true,
"files_external_allow_create_new_local": false,
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
"preview_imaginary_key": "***REMOVED SENSITIVE VALUE***",
"default_phone_region": "CZ",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauth": 1,
"mail_smtpport": "465",
"mail_sendmailmode": "smtp",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"documentation_url.server_logs": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/5425",
"data-fingerprint": "a658970d709a82d14058cec293986e90",
"DOMAIN": "cloud.martinrusnak.eu"
}
}
Apps
The output of occ app:list (if possible).
Enabled:
- activity: 3.0.0
- admin_audit: 1.20.0
- bruteforcesettings: 3.0.0
- calendar: 5.0.9
- circles: 30.0.0
- cloud_federation_api: 1.13.0
- comments: 1.20.1
- contacts: 6.1.3
- contactsinteraction: 1.11.0
- dashboard: 7.10.0
- dav: 1.31.1
- deck: 1.14.3
- federatedfilesharing: 1.20.0
- federation: 1.20.0
- files: 2.2.0
- files_downloadlimit: 3.0.0
- files_fulltextsearch: 30.0.0
- files_pdfviewer: 3.0.0
- files_reminders: 1.3.0
- files_sharing: 1.22.0
- files_trashbin: 1.20.1
- files_versions: 1.23.0
- firstrunwizard: 3.0.0
- fulltextsearch: 30.0.0
- fulltextsearch_elasticsearch: 30.0.0
- logreader: 3.0.0
- lookup_server_connector: 1.18.0
- nextcloud-aio: 0.7.0
- nextcloud_announcements: 2.0.0
- notes: 4.11.0
- notifications: 3.0.0
- notify_push: 1.0.0
- oauth2: 1.18.1
- password_policy: 2.0.0
- photos: 3.0.2
- privacy: 2.0.0
- provisioning_api: 1.20.0
- recommendations: 3.0.0
- related_resources: 1.5.0
- richdocuments: 8.5.3
- serverinfo: 2.0.0
- settings: 1.13.0
- sharebymail: 1.20.0
- support: 2.0.0
- survey_client: 2.0.0
- systemtags: 1.20.0
- tasks: 0.16.1
- text: 4.1.0
- theming: 2.5.0
- twofactor_backupcodes: 1.19.0
- twofactor_totp: 12.0.0-dev
- user_status: 1.10.0
- viewer: 3.0.0
- weather_status: 1.10.0
- webhook_listeners: 1.1.0-dev
- workflowengine: 2.12.0
Disabled:
- app_api: 4.0.5 (installed 4.0.5)
- encryption: 2.18.0
- files_external: 1.22.0
- suspicious_login: 8.0.0
- twofactor_nextcloud_notification: 4.0.0
- user_ldap: 1.21.0
Tips for increasing the likelihood of a response
- Use the
preformatted textformatting option in the editor for all log entries and configuration output. - If screenshots are useful, feel free to include them.
- If possible, also include key error output in text form so it can be searched for.
- Try to edit log output only minimally (if at all) so that it can be ran through analyzers / formatters by those trying to help you.