Nextcloud config.php automatically overwritten

neibeck · December 5, 2024, 1:04pm

The Basics

Nextcloud Server version (e.g., 29.x.x):
[Nextcloud Hub 8] (29.0.4)
NextcloudPi V1.55.3
Web server and version (e.g, Apache 2.4.25):
Apache/2.4.62 (Debian)
PHP version (e.g, 8.3):
8.3.12
Is this the first time you’ve seen this error? (Yes / No):
No, it happened already several times before, but not recently
When did this problem seem to first start?
First time it was directly after installation
Installation method (e.g. AIO, NCP, Bare Metal/Archive, etc.)
Docker
Are you using Cloudflare, mod_security, or similar? (Yes / No)
No
No relevant entries in logs

Summary of the issue you are facing:

trusted_domains, overwrite_cli_url and trusted_proxies overwritten by ? in config.php automatically from time to time. Strange comments in trusted_proxies, see below.

Configuration

Nextcloud

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": {
            "0": "localhost",
            "7": "cloud.rollstuhlaktiv.dnsaddr.com",
            "5": "nextcloudpi.local",
            "8": "nextcloudpi.lan",
            "3": "nextcloudpi",
            "11": "178.251.71.119",
            "1": "192.168.1.160",
            "14": "nextcloudpi",
            "2": "neibeck.ddns.net"
        },
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "29.0.4.1",
        "overwrite.cli.url": "https:\/\/cloud.rollstuhlaktiv.dnsaddr.com\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "timeout": 0,
            "password": "***REMOVED SENSITIVE VALUE***"
        },
        "tempdirectory": "\/media\/NcDrive\/ncdata\/data\/tmp",
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "preview_max_x": "2048",
        "preview_max_y": "2048",
        "jpeg_quality": "60",
        "overwriteprotocol": "https",
        "maintenance": false,
        "logfile": "\/media\/NcDrive\/ncdata\/data\/nextcloud.log",
        "maintenance_window_start": 1,
        "default_phone_region": "at",
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
'**;; communications error to 1.0.0.1#53: timed out**
**;; communications error to 1.0.0.1#53: timed out**
**;; communications error to 1.0.0.1#53: timed out**

        "app_install_overwrite": [
            "groupfolder_filesystem_snapshots"
        ],
        "mail_sendmailmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***"
    }
}

Output of ls -l:

total 84
-rw-r----- 1 www-data www-data  2019 Dec  5 12:48 config.php

Relevant output of less /etc/group for www-data:

sudo:x:27:ncpadmin
www-data:x:33:ncpadmin

Does anybody have an idea, how this can happen?

tflidd · December 8, 2024, 11:02pm

This is from a script or web interface? What is in the actual file, does it put a ? and the proxy information there as well?

The file itself seems to be the same. For me it looks more like the “secured” output to remove credentials does a few more checks that fail???

neibeck · December 9, 2024, 8:38am

It the file I am showing here, I already made a correction:
The line

"7": "cloud.rollstuhlaktiv.dnsaddr.com"

had been automatically replaced by

"7": "nextcloudpi"

as in “3”. Thats why the date was already changed in config.php.
I just kept the comments in trusted_proxies, as this worries me most.

I am not sure, what you are meaning with that. The configuration is an output of

sudo -u www-data php occ config:list system

I just inserted those strange lines again to show the behaviour.
Nextcloud did not startup again after those strange changes.
Could it be, that this was triggered by a power failure.

tflidd · December 9, 2024, 8:58am

just check the file itself:

cat config/config.php

it prints the actual file (including passwords and everything, in case you post something here, make sure to redact this manually).

neibeck · December 9, 2024, 11:55am

I already corrected the file, as I need the Nextcloud to be running. But I don’t know, which difference it should make, except that “Sensitive values” are not removed?! Everything else is/was exactly the content of config.php
But anyway, this is the actual file output:

<?php
$CONFIG = array (
  'passwordsalt' => *,
  'secret' =>*,
  'trusted_domains' =>
  array (
    0 => 'localhost',
    7 => 'cloud.rollstuhlaktiv.dnsaddr.com',  <- this was replaced by 'nextcloudpi'
    5 => 'nextcloudpi.local',
    8 => 'nextcloudpi.lan',
    3 => 'nextcloudpi',
    11 => '178.251.71.119',
    1 => '192.168.1.160',
    14 => 'nextcloudpi',
    2 => 'neibeck.ddns.net',
  ),
  'datadirectory' => '/media/NcDrive/ncdata/data',
  'dbtype' => 'mysql',
  'version' => '29.0.4.1',
  'overwrite.cli.url' => 'https://cloud.rollstuhlaktiv.dnsaddr.com/', <- this was replaced by 'nextcloudpi'
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => *,
  'dbpassword' => *,
  'installed' => true,
  'instanceid' => '*,
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => *,
    'port' => 0,
    'timeout' => 0.0,
    'password' => *,
  ),
  'tempdirectory' => '/media/NcDrive/ncdata/data/tmp',
  'mail_smtpmode' => 'smtp',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_from_address' => 'admin',
  'mail_domain' => 'rollstuhl-aktiv.at',
  'preview_max_x' => '2048',
  'preview_max_y' => '2048',
  'jpeg_quality' => '60',
  'overwriteprotocol' => 'https',
  'maintenance' => false,
  'logfile' => '/media/NcDrive/ncdata/data/nextcloud.log',
  'maintenance_window_start' => 1,
  'default_phone_region' => 'at',
  'trusted_proxies' =>
  array (
    11 => '127.0.0.1',
    12 => '::1',
    14 => '192.168.1.160', <- those, except no 11, were replaced by those strange "communicatios error" lines
  ),
  'app_install_overwrite' =>
  array (
    0 => 'groupfolder_filesystem_snapshots',
  ),
  'mail_sendmailmode' => 'smtp',
  'mail_smtphost' => 'smtp.akis.at',
  'mail_smtpport' => '587',
  'mail_smtpauth' => 1,
  'mail_smtpname' => *,
  'mail_smtppassword' => *,
);

jtr · December 9, 2024, 3:19pm

Looks related to NCP’s automatic setup stuff - e.g.

github.com

nextcloud/nextcloudpi/blob/77763af71d57540bdc7edb3a67a7ba5634438f98/etc/library.sh#L157-L162


      
            if is_ncp_activated && is_app_enabled notify_push; then
              ncc config:system:set trusted_proxies 11 --value="127.0.0.1"
              ncc config:system:set trusted_proxies 12 --value="::1"
          #    ncc config:system:set trusted_proxies 13 --value="${domain}"
              local domain_ip="$(dig +short "${domain}")"
              [[ -z "$domain_ip" ]] || ncc config:system:set trusted_proxies 14 --value="$(dig +short "${domain}")"