Nextcloud 12 won't load on Firefox on http2

Hi,
I have a really weird issue with my Nextcloud 12.0.2 instance installed on Ubuntu 16.04 and served by nginx 1.12.1.

The main webpage (which you can find here [this](https:// cloud.gabrielelucci.xyz) btw) won’t load on Firefox. Works perfectly on any other browser / device I tried, but it just won’t work on Firefox 55 or even Firefox Nightly 57. I just see a blank page, no response header and no error message. Does anybody experienced something similar?

I’m guessing it has something to do with http2, because if I disable it in nginx or set network.http.spdy.enabled.http2 Firefox flag to false, it will actually work and load the page just finevia http/1.1. But why? Other sites (for example duckduckgo.com) using http2 load just fine.

Any help would be really appreciated, thanks.

You can debug with curl:
curl -vso /dev/null --http2 https://cloud.gabrielelucci.xyz
at the end of the output, you get:

> User-Agent: curl/7.54.1
> Accept: */*
> 
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
} [5 bytes data]
> User-Agent: curl/7.54.1
> Accept: */*
> 
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
} [5 bytes data]
* http2 error: Invalid HTTP header field was received: frame type: 1, stream: 1, name: [strict-transport-security], value: [max-age=15768000;
    # includeSubDomains; preload;]
} [5 bytes data]
* HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)
* Closing connection 0
} [5 bytes data]
* TLSv1.2 (OUT), TLS alert, Client hello (1):
} [2 bytes data]
    # includeSubDomains; preload;]
} [5 bytes data]
* HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)
* Closing connection 0
} [5 bytes data]
* TLSv1.2 (OUT), TLS alert, Client hello (1):
} [2 bytes data]

It’s probably better to ask the nginx-community how to properly set up http2.

1 Like

Turns out my nginx configuration was broken. I based my configuration on the one suggested by NC12 docs, but mistakenly uncommented a line.

Being more specific, I had this situation:

        add_header Strict-Transport-Security "max-age=15768000;
        #  includeSubDomains; preload;";

The configuration line was telling nginx to serve the broken header Strict-Transport-Security "max-age=15768000; # includeSubDomains; preload;". Most browsers do not complain for some weird reason, but curl and Firefox get (reasonably) mad.

Thank you @tflidd, debugging with curl was really key.

1 Like

same issue, thanks for reporting the solution!

I’ll check github if they are already attending to the correction to the docs…
It was not corrected in Late October 2017…

Reported: https://github.com/nextcloud/documentation/issues/592