NextCloud access problem on iOS behind reverse proxy synology

Hi all!
I hope you are doing well in these troubled times…

I have a problem that I tried to solve for almost a week now, but no success.
First of all, let me describe my set up. I just bought an Odroid HC1 board for installing my NextCloud at home using the corresponding NextCloudPi distribution. In addition, I have several other network-connected machines (mostly on Raspberry Pi) like a 3D printing server (Octoprint) and a Rocket.chat server. On top of that, I have a Synology NAS system (on DSM6) that I use for file storage. On the internet side, I have a domain name that points directly to my (fixed) publi IP address.

Having that many different machines to access to through internet, I decided to benefit to the incredible function of Reverse Proxy that provide my Synology. Following several tutos (including this excellent one) I could set up the reverse proxy properly and I can now access to my different machines using the corresponding subdomains.

Concerning the NextCloud install, everything is running smoothly and I can access it too with cloud.domainname.tld on all my computers. But when I tried to set up my account in the iOS app I got surprinsingly the error: The operation could not terminate. Protocol error. (in french). I tried to enter both the http and https addresses (http://cloud.domainname.tld and https://domainname.tld) but none work. I precise that I have a HTTP to HTTPS redirection on my Syno reverse proxy. I deactivated it and retried but no access either. I get the same error all the time. I also tried to desactivate the “force HTTPS” option in NextCloudPi control panel, but no further success. I also tried to remove my Let’s Encrypt certificate that I installed on the Synology for this specific domain, but same result.

Then I tried to connect to NextCloud using my browser on my iDevice, and here I got something very strange. When I validate the address in the address bar, the browser starts to load, but the address I entered immediately disappears and the loading stay stuck there. I tried on both Firefox and Safari, but same behavior. So, it seems that I am having a problem on iOS with NextCloud behind my reverse proxy.

One more precision, when I directly route the ports on my router toward the NextCloud machine however, everything works fine on iOS, in both app and browser. So, it is definitely the Reverse Proxy AND iOS AND NextCloud that are messing up all together (my other machines are connecting perfectly on iOS as expected). I do not understand anything anymore…

So, if someone has un idea on what could cause this problem and how I could solve it, I would be eternally thankful. I would love to be able to use this reverse proxy, but if you have another idea for my set up, I will be pleased to try it. Just note that 80 and 443 ports are also needed for several other machines, including my Synology. And I do not see how to set up different ports for NextCloud in the NextCloudPi control panel.

Thank you in advance! Have a lovely day! And stay healthy.

P.S. I tried to change some parameters in the apache server of the NextCloud install just to see if it could help, or for changing the ports, but I am too much a newbie to be able to succeed in something here…

I have this same issue.

After extensive googleing, try this:

add this to the nginx proxy:
proxy_hide_header Upgrade;

Hi Egon

Seems like you have tried a lot of things. You don’t know what program synology uses for its reverse proxy do you?

Do you have configs for the reverse proxy on synology?

Hello Danielx86!

First thank you very much for answering me, and also for this hint! This seems to be the solution, or at least one possible explanation. However, I do not have the access on the nginx reverse proxy configuration on my synology. Yet at least. I will try to see if I can access to the config files through ssh. I will let you know! But what is strange is that there is an option in the reverse proxy config on the synology to enable or not http/2. I’ll have a look at this too.
I hope that one of the two solutions will make the deal. Because I do not know how to really configure the nginx server on the Synology otherwise ^^.

Thank you again! I’ll let you know in any case.

Hey Kevdog,

No sadly not directly as far as I know. I know that I can access to some files through ssh, but maybe not to the nginx config. I’ll let you know

Have a good time!

Egon

Is this reverse proxy built-into Synology?

Yes. It was introduce in the last version of their system (DSM6) few years ago. It is quite convenient to use for low level users like me, but kind of a black box though.

Research how you can make changes to its configuration. There has to be a way.

Hey fellows
Sorry for coming back so late. I followed the lead that danielx86 gave me about the header return problem. But first I ran out some further diagnosis. I noticed (as I described before) that not only safari, but also firefox and the iApp were not working on my tablet. So it is not restricted to safari but it may be more related to iOS itself. Then, instead of having the “The operation couldn’t be completed. Protocol error” (NSPOSIXErrorDomain:100) error, in my case nothing is loading in the browser. Not the easiest way to debug the problem though ^^.

Following this I tried to see if ot could still come from the header problem. I read carrefully the page suggested by danielx86, where it suggests to modify the nginx conf file by adding to it “proxy_hide_header Upgrade;”. As my reverse proxy is on my Synology, I connected to ssh, but I got some trouble to locate the proper file to modify (the tuto is not very precise on this aspect). Being not much confident with the idea of changing files in my Syno system (that I can not reinstall easily), I looked for an alternative.

I finnaly found this tuto, where it says that you can either add “proxy_hide_header Upgrade;” in the nginx conf file, or add “Header unset Upgrade” in the apache conf file of NextCloud. This second solution did sound more appealing as it would only affect my NextCloud system. However, here again, i did not know excatly the file to modify. I assumed it should be /etc/apache2/apache2.conf. I added the “Header unset Upgrade” code line right after “Header always set Strict-Transport-Security “max-age=xxxxxxxx; includeSubDomains””, and… voilà !! It worked !!

I am so happy! Thank you to both of you! Now, everything works fine on iOS, no need to change the NextCloud ports and open them on my router. Or almost ^^. I still have a strange https warning when I try to open a new chat room with video/audio discussion on the Talk app in firefox on my iPad, even if I am accessing the website through https. But as the Talk iOS app works great now, I 'am not worrying much.

So thank you again! I hope this will help others . Have a great evening (or day depending on where you are).

P.S. For thoses who want to change their listening ports on NextCloud, you have to modify the ports numbers in these 3 files: /etc/apache2/sites-available/000-default.conf, /etc/apache2/sites-available/default-ssl.conf and /etc/apache2/sites-available/nextcloud.conf.

Nice solution. Thanks for posting followup

YESSSSSS!!! I have been banging my head against the wall on this for WEEKS! Thanks for the solution!

Thank you sooo much!
I’d been banging my head against it for a while last September and finally gave up.
Today I searched these forums again and got lucky!
Opened nginx.conf (my reverse proxy is powered by nginx), added proxy_hide_header Upgrade; to the location section of my nextcloud server, nginx -s reload and bam!
My Nextcloud server is now hiding header the Upgrade header from the response to my iPad client.
I looked up the proxy_hide_header directive but since I’m very far from a skilled web admin, I don’t quite grasp exactly what’s going on behind the scenes. More specifically, I can’t quite say if adding that directive results in poorer performance or worse, degraded security. We’ll see!

Just added this to the bottom of my /etc/apache2/apache2.conf file, restarted the apache2 server and boom! I have regained access to my Nextcloud from my iOS devices after losing it due to adding Reverse Proxy to my setup.

Thanks so much for posting.

This solution saved my sanity. Thank you so very much @danielx86 !