Nextcloud Android App doesn't work with reverse Proxy

ℹ️ Support
, ,
1

Hello,

after a few steps with the good documentation I was able to install a newly set up Nextcloud installation behind a reverse proxy. The access from web works wonderfully.
I also have Nextcloud Talk app and the associated STUN and TURN server. Everything works fine (video, screen sharing and calling) as long as I use the browser (on Windows and Android). But if I want to use the Android app, I don’t end up on the app settings but on the Nextcloud dashboard (see screentshot).

grafik
grafik588×1007 118 KB

using android app after login

I am sure that something is wrong with the configuration, so here are the apache configurations and the config.php. I hope someone have a hint :slight_smile:

The server ist running an a raspberry pi with the dietpi image.

Server 1 - reverse Proxy
Server 2 - Nextcloud running

Apache 2 Virtual Host of Server 1

<VirtualHost *:443>
ServerName *.*.*.eu
DocumentRoot /var/www/nextcloud/
        ServerAdmin webmaster32@localhost
        ErrorLog ${APACHE_LOG_DIR}/error.log
        #CustomLog ${APACHE_LOG_DIR}/access.log combined

ProxyRequests Off
<Proxy *>
          Order deny,allow
          Allow from all
</Proxy>
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLProxyEngine On

ProxyPass / https://server2.ip.*.*/nextcloud/
ProxyPassReverse / https://server2.ip.*.*/nextcloud/

RewriteEngine On
RewriteRule ^/\.well-known/carddav https://*.*.*.eu/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/caldav https://*.*.*.eu/remote.php/dav/ [R=301,L]

Header always set Strict-Transport-Security "max-age=31536000"
SSLCertificateFile /etc/letsencrypt/live/*.*.eu/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/*.*.eu/privkey.pem

<Location />
          Order allow,deny
          Allow from all
</Location>
</VirtualHost>

Apache 2 Virtual Host of Server 2

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName *.*.*.eu
ServerAlias Server1.IP.*.*
        DocumentRoot /var/www/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        #CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLCertificateFile /etc/letsencrypt/live/*.*.eu/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/*.*.eu/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Config.php

<?php
$CONFIG = array (
  'passwordsalt' => '*',
  'secret' => '*',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => '*',
  ),
  'datadirectory' => '*',
  'dbtype' => 'mysql',
  'version' => '20.0.4.0',
  'hashingThreads' => 4,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'filelocking.enabled' => true,
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => '/run/redis/redis-server.sock',
    'port' => 0,
  ),
  'trusted_proxies' =>
  array (
    0 => 'Server1.IP.*.*',
    1 => '*.*.*.eu',
    2 => '*.*.eu',
  ),
  'overwrite.cli.url' => 'https://localhost/',
  'htaccess.RewriteBase' => '/nextcloud',
  'overwritewebroot' => '/',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => '*',
  'dbpassword' => '*',
  'installed' => true,
  'instanceid' => '*',
  'maintenance' => false,
  'mail_smtpmode' => '*',
  'mail_smtpsecure' => '*',
  'mail_sendmailmode' => '*',
  'mail_from_address' => '*',
  'mail_domain' => '*',
  'mail_smtpauth' => 1,
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtphost' => '*',
  'mail_smtpport' => '*',
  'mail_smtpname' => '*',
  'mail_smtppassword' => '*',
);

edit: I forgot to mention that the ports are of course enabled, the portforwarding for the turn server do not go through the reverse proxy but directly to the server 2 with the Nextcloud installation.

2

Thanks to this forum post I was able to find the error. The complete correct configurations can be found in the post

changes on apache at server 1 (reverse Proxy)

Old version

.
.
.
       ProxyPass / https://Server2.IP.*.*/nextcloud
       ProxyPassReverse / https://Server2.IP.*.*/nextcloud
.
.
.

new version

.
.
.
        ProxyPass / https://Server2.IP.*.*/
        ProxyPassReverse / https://Server2.IP.*.*/
.
.
.
changes on apache at server 2.

Old version

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName *.*.*.eu
ServerAlias Server1.IP.*.*
        DocumentRoot /var/www/

.
.
.

new version

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName *.*.*.eu
ServerAlias Server1.IP.*.*
        DocumentRoot /var/www/nextcloud/

.
.
.
changes in config.php

old

.
.
.
  'overwrite.cli.url' => 'https://localhost/',
  'htaccess.RewriteBase' => '/nextcloud',
  'overwritewebroot' => '/',
.
.
.

.
.
.
  'overwrite.cli.url' => 'https://localhost/',
  'htaccess.RewriteBase' => '/',
  'overwritewebroot' => '/',
.
.
.
2 Likes
3

Hello @Janon, Hallo all
I have a similar setup. Nextcloud (NCP) behind an Apache Reverse Proxy. Both servers are running on Proxmox. The Proxy in a CT (IPv6 capable) and NCP on a VM. My vHost and config.php look pretty much the same, because I used the same settings linked by @janon in the previous post as solution. Everything is running and I’m able to reach my cloud with every browser out of every network via domain. This works in my private network for my Windows desktop machine and my mobile phone with Android. Even when the phone is connected with the mobile network I can reach my cloud via browser. The only thing which is not working is the Android app when the phone is connected with the mobile network. When the phone is connected to my home network it works.

A big difference to @Janon solution here is that I have only SSL encryption up to the proxy. The communication in my private network between the proxy and the NC runs over http (unencrypted). This is similar to the linked settings in the as solution marked post. Could this be the problem? Does the Android app require continuous SSL encryption (also behind the proxy) when accessing from the mobile network (ipv6)?

Edit:

  1. The Nextcloud could be reached with an iPhone / iOS NC App without problems. So it must be a problem of the Android App.
  2. This thread IPv6 und Android App seems to be the same issue. It’s linked with an open issue on github ipv6 not reachable, app not fallback ipv4. The A and AAAA record for my (sub)domain are set. I can ping6 the proxy out of the mobile network. So according to my understanding a fallback should NOT be necessary. Am I right?

SOLUTION:
------------------
The solution was to delete the AAAA record of the subdomain for the cloud. This means that the provider only offers one path to the cloud, which is via ipv4, and a fallback is no longer necessary.

4

Sorry, but this has not worked for me.

My nextcloud installation is sitting behind a reverse proxy and the two internal servers communicate using SSL.

I have tried all recommendations in the post but I cannot get the Talk app to work either in Android or iOS.

There is a valid public SSL certificate on the reverse proxy (i.e. not a self signed, letsencrypt certificate).

5

@sanctimon
Please open an own thread with details, screenshots, logs, …