Nextcloud version (eg, 20.0.5): 28.0.1
Operating system and version (eg, Ubuntu 20.04): Rocky Linux 9
Apache or nginx version (eg, Apache 2.4.25): nginx 1.20.1
PHP version (eg, 7.4): 8.2.14
The issue you are facing:
My nextcloud instance has restricted access from the internet. I’d like to allow access to shared links to anyone with basic auth in nginx. So I set up auth in nginx server section
server {
listen 443 ssl http2;
server_name mymegacloud.example.com;
satisfy any;
allow x.x.x.x/x;
deny all;
auth_basic "Restricted Area";
auth_basic_user_file htpasswd;
}
With IPs this works fine, but when external user goes through shared links and auth in nginx it’s got an error.
In the end, it doesn’t matter where the user goes, whether it’s / or /login.
In nextcloud log:
{"reqId":"plhawHgA14HElT40V2bY","level":2,"time":"2024-01-31T16:43:00+00:00","remoteAddr":"10.10.4.4","user":"--","app":"core","method":"GET","url":"/login","message":"Login failed: 'alex' (Remote IP: '10.10.4.4')","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0","version":"28.0.1.1","data":{"app":"core"}}
alex
is the user from nginx htpasswd.
Is there any way to fix this?
Is this the first time you’ve seen this error? yes
:
Steps to replicate it:
- Install nginx
- setup nginx basic auth
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'memcache.local' => '\\OC\\Memcache\\APCu',
'default_phone_region' => 'US',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'redis',
'password' => '',
'port' => 6379,
),
'instanceid' => 'xxxxxx',
'passwordsalt' => 'xxxxx',
'secret' => 'xxxxxxxxx',
'trusted_domains' =>
array (
0 => 'mymegacloud.example.com',
),
'datadirectory' => '/var/www/html/data',
'dbtype' => 'pgsql',
'version' => '28.0.1.1',
'overwrite.cli.url' => 'https://mymegacloud.example.com',
'dbname' => 'nextcloud',
'dbhost' => 'db',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'xxxxxx',
'dbpassword' => 'xxxxx',
'installed' => true,
'maintenance' => false,
'enable_previews' => true,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\BMP',
4 => 'OC\\Preview\\XBitmap',
5 => 'OC\\Preview\\MP3',
6 => 'OC\\Preview\\TXT',
7 => 'OC\\Preview\\MarkDown',
8 => 'OC\\Preview\\OpenDocument',
9 => 'OC\\Preview\\HEIC',
10 => 'OC\\Preview\\Movie',
),
'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
'loglevel' => 2,
);
The output of your Apache/nginx/system log in /var/log/____
:
10.10.4.4 - alex [31/Jan/2024:16:40:57 +0000] "GET /login HTTP/2.0" 401 1916 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0"
10.10.4.4 - alex [31/Jan/2024:16:40:57 +0000] "GET /login HTTP/2.0" 401 1916 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0"
10.10.4.4 - alex [31/Jan/2024:16:40:58 +0000] "GET /apps/theming/icon?v=fe5dbbce HTTP/2.0" 401 14 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0"
10.10.4.4 - alex [31/Jan/2024:16:40:58 +0000] "GET /apps/theming/favicon?v=fe5dbbce HTTP/2.0" 401 14 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0"