Nextcloud 12 won't load on Firefox on http2

gabrielelucci · August 31, 2017, 2:49am

Hi,
I have a really weird issue with my Nextcloud 12.0.2 instance installed on Ubuntu 16.04 and served by nginx 1.12.1.

The main webpage (which you can find here [this](https:// cloud.gabrielelucci.xyz) btw) won’t load on Firefox. Works perfectly on any other browser / device I tried, but it just won’t work on Firefox 55 or even Firefox Nightly 57. I just see a blank page, no response header and no error message. Does anybody experienced something similar?

I’m guessing it has something to do with http2, because if I disable it in nginx or set network.http.spdy.enabled.http2 Firefox flag to false, it will actually work and load the page just finevia http/1.1. But why? Other sites (for example duckduckgo.com) using http2 load just fine.

Any help would be really appreciated, thanks.

tflidd · August 31, 2017, 5:34am

You can debug with curl:
curl -vso /dev/null --http2 https://cloud.gabrielelucci.xyz
at the end of the output, you get:

> User-Agent: curl/7.54.1
> Accept: */*
> 
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
} [5 bytes data]
> User-Agent: curl/7.54.1
> Accept: */*
> 
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
} [5 bytes data]
* http2 error: Invalid HTTP header field was received: frame type: 1, stream: 1, name: [strict-transport-security], value: [max-age=15768000;
    # includeSubDomains; preload;]
} [5 bytes data]
* HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)
* Closing connection 0
} [5 bytes data]
* TLSv1.2 (OUT), TLS alert, Client hello (1):
} [2 bytes data]
    # includeSubDomains; preload;]
} [5 bytes data]
* HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)
* Closing connection 0
} [5 bytes data]
* TLSv1.2 (OUT), TLS alert, Client hello (1):
} [2 bytes data]

It’s probably better to ask the nginx-community how to properly set up http2.

gabrielelucci · August 31, 2017, 11:32am

Turns out my nginx configuration was broken. I based my configuration on the one suggested by NC12 docs, but mistakenly uncommented a line.

Being more specific, I had this situation:

        add_header Strict-Transport-Security "max-age=15768000;
        #  includeSubDomains; preload;";

The configuration line was telling nginx to serve the broken header Strict-Transport-Security "max-age=15768000; # includeSubDomains; preload;". Most browsers do not complain for some weird reason, but curl and Firefox get (reasonably) mad.

Thank you @tflidd, debugging with curl was really key.

Oclair · November 6, 2017, 7:37pm

same issue, thanks for reporting the solution!

Oclair · November 6, 2017, 7:41pm

I’ll check github if they are already attending to the correction to the docs…
It was not corrected in Late October 2017…

Reported: https://github.com/nextcloud/documentation/issues/592