Hello Nextcloud Community,
today I upgraded to Nextcloud 188.8.131.52. Runs smoothly so far.
My Nextcloud host is running behind a Sophos Web Application Firewall. The https connection is terminated at the Sophos WAF (LetsEncrypt certificate). The Nextcloud GUI is called using https and a DNS name which is resolved to a public static IP address. In the background, the WAF forwards the requests to the actual Nextcloud web server. The connection between the WAF and the Nextcloud host is established via an internal IP address (10.x.x.x).
The first time after upgrading Nextcloud accessing the GUI I get the following message:
In config.php I have correspondingly stored the private IP of the Nextcloud host in the field “trusted domains”. The login to the new 15.0.2 GUI works fine. The public domain name is displayed in the browser (https://mydomain.com/nextcloud/)
When I log out now, the logout link points to the internal IP address instead of the DNS name the page was originally called from (https://10.x.x.x(Nextcloud-host-ip)/login?redirect_url=/logout%3Frequesttoken%3DNtDjo4bi2zEzCx2o3Bv…)
After pressing the logout button the login window appears. If you log back in normally via the GUI using the hostname (https://mydomain.com/nextcloud/), the session still seems to be active and you don’t need a password to login.
Until now, the problem didn’t exist with the previous Nextcloud versions and I never had to store the internal IP address of the Nextcloud host in config.php despite WAF. Only the DNS name mydomain.com.
Why exactly does the logout link have the internal IP address and no longer the domain name that was used to call the Nextcloud GUI? Who knows the problem?
If the connection is established directly between the client and the nextcloud host, the logout works.
Here are some technical data:
Ubuntu 16.04.5 LTS
/var/log/apache2/error.log: No error messages
/var/www/html/nextcloud/data/nextcloud.log (screenshot below):
Thanks in advance for your support!
---- Possible work around ----
In the meantime (or additionally) used alternative in config.php, as long as the manual logout does not work:
‘session_lifetime’ => 20,
‘session_keepalive’ => ‘false’,