Nextcloud 15.0.2: Error during logout (wrong redirect)

giftzwerg · January 12, 2019, 6:57pm

Hello Nextcloud Community,

today I upgraded to Nextcloud 15.0.2.0. Runs smoothly so far.
My Nextcloud host is running behind a Sophos Web Application Firewall. The https connection is terminated at the Sophos WAF (LetsEncrypt certificate). The Nextcloud GUI is called using https and a DNS name which is resolved to a public static IP address. In the background, the WAF forwards the requests to the actual Nextcloud web server. The connection between the WAF and the Nextcloud host is established via an internal IP address (10.x.x.x).
The first time after upgrading Nextcloud accessing the GUI I get the following message:
screen1

In config.php I have correspondingly stored the private IP of the Nextcloud host in the field “trusted domains”. The login to the new 15.0.2 GUI works fine. The public domain name is displayed in the browser (https://mydomain.com/nextcloud/)

When I log out now, the logout link points to the internal IP address instead of the DNS name the page was originally called from (https://10.x.x.x(Nextcloud-host-ip)/login?redirect_url=/logout%3Frequesttoken%3DNtDjo4bi2zEzCx2o3Bv…)

After pressing the logout button the login window appears. If you log back in normally via the GUI using the hostname (https://mydomain.com/nextcloud/), the session still seems to be active and you don’t need a password to login.

Until now, the problem didn’t exist with the previous Nextcloud versions and I never had to store the internal IP address of the Nextcloud host in config.php despite WAF. Only the DNS name mydomain.com.

Why exactly does the logout link have the internal IP address and no longer the domain name that was used to call the Nextcloud GUI? Who knows the problem?

If the connection is established directly between the client and the nextcloud host, the logout works.

Here are some technical data:
Ubuntu 16.04.5 LTS
Nextcloud 15.0.2.0
Apache/2.4.18 (Ubuntu)
PHP 7.0.32-0ubuntu0.16.04.1
/var/log/apache2/error.log: No error messages
/var/www/html/nextcloud/data/nextcloud.log (screenshot below):

Thanks in advance for your support!

---- Possible work around ----
In the meantime (or additionally) used alternative in config.php, as long as the manual logout does not work:
‘session_lifetime’ => 20,
‘session_keepalive’ => ‘false’,

kritek · January 12, 2019, 9:59pm

On logout I get a redirect to non-SSL URL which doesn’t exist as I don’t have a configuration for non-SSL host in nginx.

Tom112 · January 16, 2019, 6:58am

Hello giftzwerg,

i have the same issue. Can u tell me, how to you resolve the problem?

thx tom

herrmannsdorfer · January 16, 2019, 7:31am

Hello Giftzwerg,

check your config.php. You are missing some proxy info that will help NC stop guessing FQDN, protocol and webroot. This fails sometimes when you are proxified according to the admin manual.

‘overwritehost’ => ‘yourdomain.com’,
‘overwriteprotocol’ => ‘https’,
‘overwritewebroot’ => ‘/nextcloud’,

HTH

SysAdmin1001 · January 16, 2019, 9:03am

Hi Giftzwerk,

For me, the solution was to change the order of hostname/IP:

don´t work with 15.02:
0 => ‘localhost’,
1 => ‘1.2.3.4’,
2 => ‘nextcloud.mydomain.com’,

this works on15.02:

0 => ‘localhost’,
1 => ‘nextcloud.mydomain.com’,
2 => ‘1.2.3.4’,

SysAdmin1001 · January 16, 2019, 9:31am

AND these to lines, like hermannsdorfer written:

‘overwritehost’ => ‘nextcloud.mydomain.com’,
‘overwriteprotocol’ => ‘https’,

Tom112 · January 16, 2019, 10:36am

Hi SysAdmin1001,

The 2 lines and the right order was the solution for me.

Thanks so much!

giftzwerg · January 16, 2019, 4:45pm

Hello, Guys,

for the first time many thanks for your quick support. The problem could be solved with your help!

The final solution was:

What I couldn’t reproduce was change the order of the “trusted_domains”. These had no influence on my concrete case. Likewise no influence on my error had " ‘overwriteprotocol’ => ‘https’,"

selmoc · January 17, 2019, 8:54am

Dear Community.

I´m facing the same problem as giftzwerg.
I am running almost the same coniguration as he does.
adding folloging line helped to solve the logout redirecton issue.
‘overwritehost’ => ´nextcloud.mydomain.com’,

but now the onlyoffice integration is not working anymore.

Does anyone has an idea on this.

Thanks in advance

selmoc · January 28, 2019, 9:55am

Dear all.

Meanwhile I could solve this issue.
The only thing nessesary was to add “trusted_proxies” within the config.

‘trusted_domains’ =>
array (
0 => ‘my.domain.com’,
1 => ‘192.168.1.12’,
),
‘trusted_proxies’ =>
array (
0 => ‘127.0.0.1’,
1 => ‘192.168.1.11’,
),
‘datadirectory’ => ‘/srv/REDACTED/subdomains/cloud-data’,

Best regards

selmoc