Nextcloud behind Nginx Proxy Manager and Safari (iOS/macOS) no access

michuvon · July 15, 2022, 6:55am

I recently moved my NextCloudPi instance behind a Nginx Proxy Manager, so that I could run other services on port 80 and 443. After I did this my friends who use iOS and macOS where unable to access my NC instance.

The issue is clearly with the Proxy Manager and so with a quick Brave Search i found the solution.

Here is what you have to do to solve the issue

Login to your Nginx Proxy Manager.
Open the [3 dots] settings menu of the NextCloud(Pi) host and select “Edit”

In the tab menu at the top of the window that has just opened select “Advanced” and insert the following in the “Custom Nginx Configuration” box:

proxy_hide_header Upgrade;

Click “Save” and it should work.

In my case it was working right away, but you might want to try and re-boot if it does not work.

NaXal · July 15, 2022, 4:19pm

Hello,

I have similar setup, NextCloud (Snap installation on 80/443) running behind Nginx Proxy manager.

I beg to differ.

My setup is accessible from iOS / MacOS via Safari without any extra config argument in the advance settings.

My setup has it’s own issue (specifically speaking upload speed) but that’s a genera one and present on every platform. Regarding this, I just checked again, its working fine with latest Safari iOS / MacOS and iPadOS

Thanks.

SysKeeper · July 15, 2022, 4:31pm

The issue @michuvon is refering to happens when HTTP 2 is enabled. I guess you don’t have H2 enabled then?

Graham88 · November 6, 2022, 8:50am

I can also confirm that the custom nginx configuration is needed for iOS access with HTTP2 enabled. I found this out some time back. My other services don’t need it.

smailpouri · November 19, 2022, 6:25pm

That did not do the trick.

On IOS 16 Nextcloud 25.0.1 and 2FA enabled.

I can access the login page, and enter the credentials, then nothing.
Domain:

Namecheap

nginx proxy manager setup:

Cache Assets
Block Common Exploits
Force SSL
HTTP/2 Support
HSTS Enabled
HSTS Subdomains

nginx proxy manager advanced config:

proxy_hide_header Upgrade;
client_max_body_size 0;
proxy_request_buffering off;
location /.well-known/carddav {
  return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav 
{ 
  return 301 $scheme://$host/remote.php/dav; 
}
location /.well-known/webdav 
{
 return 301 $scheme://$host/remote.php/dav; 
}

Log:
GET /login?redirect_url=/apps/dashboard/ HTTP/1.1" 200 5719 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/107.0.5304.101 Mobile/15E148 Safari/604.1"

I do have access through the IOS app and Chrome on macOS Ventura, I wonder if its related to 2FA.

Two-Factor TOTP Provider by Christoph Wurst AGPL-licensed v7

Witzker · January 4, 2023, 8:08pm

Any news Pls.?

Same here

michuvon · January 24, 2023, 1:52pm

as I don’t have any iOS 16 devices in house I can not test this. But thanks for the post, I will ask friends to test my setup to see if I have the same issue.

Witzker · February 24, 2023, 8:54pm

Any news

Viko1690 · May 1, 2023, 4:29pm

I don‘t know if this is still an interesting point for someone, but I want to share it anyway

I had a similar issue with iOS 16 Safari and the login page at my Nextcloud (26) instance behind a NGinx reverse proxy. No login was possible. After I had inserted the credentials I was redirected to the login page. Sometimes the login worked for a few minutes and then I have to log in again. Nothing from the written extra configs could solve the issue.

After a long time of trial and error I found the config that I added to the reverse proxy setting and could solve my problems:


proxy_cookie_path / /;
proxy_set_header Cookie $http_cookie;

My conclusion is that Safari on iOS have maybe some problems to deal with cookies for the session lifetime behind a reverse proxy, but this is just a guess…

Maybe it will help someone else…

Greetings

reisueber · May 19, 2023, 4:48am

Thanks! It works for me. You saved my day.

Azlan · January 13, 2024, 11:38am

Thank you so much! finally i fixed this issues.

Witzker · January 14, 2024, 9:31am

Lucky You

I still have problem: ( iPhone IOS 15.8)

Safari cannot open the site.
Error: “Parsing of response not possible”

Here are my NPM settings:

Any Idea how to solve?

Viko1690 · January 14, 2024, 11:27am

Hi,

I don’t know your setup of Nextcloud (docker or bare metal installation or something else) but your npm setting looks little bit confusing to me.

Why do you forward with https scheme to port 443 and use a custom location with http scheme and port 80? Have you tried to delete your custom location and forward directly with http scheme to port 80?

Here are my complete advanced settings you can also try:


proxy_cookie_path / /;
proxy_set_header Cookie $http_cookie;
proxy_hide_header Upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;


location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}

location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}

Witzker · April 16, 2024, 8:14pm

Yes tried but site not reachable
but what I did is delete custom location HTTP to port 80
still working!
I also put in your advanced settings
I now see the site - no login, but a link to the URL to Nextcloud.URL and slogan is shown.
When I click the link
same site loads again.

Joern_Kenntnisreich · April 18, 2024, 6:49am

I got to the Same issue,than everybody else Here. So after checking www and searching myself.for a solution with npm and nextcloud, i found a pretty easy solution.
First i thought, If i hide the Upgrade via advance Config in npm it should Work. But Here comes the Twist, the header was redirected to my nextcloud Webserver (apache2) which tried to answer.
So after a few Tests, i also Neef to ad unset header for Upgrade.
After an restart of my nextcloud Webserver → tada it works! A friend of my ist now able to Access the Web Page and also nextcloud App ist now working again.

Witzker · April 18, 2024, 8:29am

Many THX for posting your solutiom

BUT
As I’m not clever enough to understand what exactly To-Do
Pls. be so kind and Post what you have in Advanced Tab now.

I have now:
Details:

Custom Location: = empy

SSL certificate:

Advanced:

proxy_cookie_path / /;
proxy_set_header Cookie $http_cookie;
proxy_hide_header Upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}

When i go to Nextcloud.URL on my iPhone (Local Wi-Fi & also External)
I see the color of my login page.
BUT - no login ,
A link to the Nextcloud.URL is shown and the slogan as I put into the Nextcloud
When I click the link
same site loads again.

Joern_Kenntnisreich · April 18, 2024, 9:28am

You need to add a Line in the Config of the Webserver you direct to, in your Case 192.168.178.105 - System.
I don’t know what Webserver ist working there Apache / nginx (???), but there you need to unset the Upgrade, See comments above

Witzker · April 18, 2024, 9:57am

Ahh… I have to learn allot!!
Is this the correct file?

Can someone pls. confirm the solution of
Joern_Kenntnisreich
Pls. with detailed instruction, What exactly to put where (for dummie)

Witzker · May 1, 2024, 11:10pm

No answer?
Do we have Fake Solutions here?

Witzker · May 15, 2024, 6:35pm

Still no solution☹️
Can someone pls… tell me How-To solve🤔