Nextcloud desktop client gets 403 reply from server; Android client works just fine

Nextcloud version (eg, 29.0.5): Version 29.0.4
Operating system and version (eg, Ubuntu 24.04): Debian 12 (bookworm), Raspberry Pi OS Lite (64-bit) on my host machine
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.61
PHP version (eg, 8.3): 8.2.23

The issue you are facing:
The web ui works just fine, along with the android app. The problem occurs when I try to connect the desktop app, I enter the domain pointing to my host, and it just says:

Failed to connect to Nextcloud at https://nextcloud.mydomain.com:
Server replied "403 Forbidden" to "GET https://nextcloud.mydomain.com/status.php"

(domain name changed, cuz, you know - home instance :>)

Is this the first time you’ve seen this error? (Y/N):
Y

Steps to replicate it:
I don’t know that you mean by replicate it, do I need to detail my entire install process? I used docker compose to setup nextcloud (not AIO) with nginx proxymanager.
The issue occurs when:

  1. I open the nextcloud desktop app, on either my linux laptop or windows desktop
  2. I type in my domain
  3. It responds with the aforementioned `403 Forbidden’ to the GET request

I’m guessing it’s something with the apache server or npm, but I’ve been surfing around for solutions on this forum for so long and I haven’t found something that works for me :frowning:
I should also mention that I’ve set my nameservers to Cloudflare’s, and that I have an A record pointing at my static WAN IP for my domain, with the Cloudflare “Proxy” switch toggled on in their DNS control panel. HSTS is also enabled, both on npm and the cloudflare web dashboard.

The output of your Nextcloud log in Admin > Logging:
https://pastebin.com/KWmVwkYU
I don’t think it is relevant, since it doesn’t mention the failed attempts, but…

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'upgrade.disable-web' => true,
  'passwordsalt' => 'shhhhh',
  'secret' => 'secretssss',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => 'nextcloud.mydomain.com',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '29.0.5.1',
  'overwrite.cli.url' => 'https://nextcloud.mydomain.com',
  'overwriteprotocol' => 'https',
  'dbname' => 'nextcloud',
  'dbhost' => 'nextcloud-db',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'it definitely is not this',
  'installed' => true,
  'instanceid' => 'ocu2zf021ek4',
  'defaultapp' => '',
  'maintenance_window_start' => 1,
  'maintenance' => false,
  'default_phone_region' => '+45',
);

The output of your Apache/nginx/system log in /var/log/____:
I tried to tail -f the access log and error log, but nothing showed up when I tried to connect at the same time. I don’t know if this is what is meant by this section.

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.
I already added this one (unfiltered) but it’s so short it should be fine:

Ask for any more information and I shall provide! I hope anybody has any idea what’s wrong…

hi @Amari welcome to the forum :handshake:

for Docker setup please always post you docker run commands or docker compose file.

your posted logs complains about

	"user": "admin",
	"message": "Failed addUser attempt with hint exception.",
	"version": "29.0.5.1",
	"exception": {
		"Exception": "OC\\HintException",
		"Message": "Password needs to contain at least one lower and one upper case character.",

I’m wondering if it is the same with the browser. Please report how the browser login works (from the same machine where desktop client fails) post F12 logs if it fails. if your PW doesn’t meet the requirements please change and retry with the desktop client.

The other message

"message": "fopen(/var/www/html/config/config.php): Failed to open stream: No such file or directory at /var/www/html/lib/private/Config.php#221",

might be related to

if this is a new installation.

Can you elaborate? I don’t see indications of redirects or anything in what you posted.

Anyhow, what happens when you visit https://nextcloud.mydomain.com/status.php in a private browser window? Do you perhaps have some sort of external authentication in front of Nextcloud?

Hi @wwe, thanks for the quick answer :slight_smile:

Here’s my docker compose file: https://pastebin.com/7v2XKkbA

As you can see, I have specified an Admin password for nextcloud, because I had the exact same “Internal Error” as the topic you mentioned - that’s why the log contains the “Failed to open stream” error message :slight_smile:

As for the failed addUser attempt, I know from the timestamps that it was my attempt at adding a test user (to see if the 403 Forbidden was user-specific) but I specified a password that was too simple for my password rules xD

That’s what I meant by “I don’t think my log is relevant” since I don’t think anything in there is related to my issue - just other problems I had, and fixed, earlier.

@jtr, when I say “domain name changed” I just mean that I censored it :slight_smile: I know it’s very easy to find out if a domain is hosting a nextcloud instance, but I thought it was maybe a bit too easy if my exact domainname was findable on the public internet in a nextcloud help topic :slight_smile:

My webui works just fine, visiting the status.php via a private window returns:

{"installed":true,"maintenance":false,"needsDbUpgrade":false,"version":"29.0.5.1","versionstring":"29.0.5","edition":"","productname":"Nextcloud","extendedSupport":false}

as expected. The nextcloud security scan-thingy also returns an “A” rating, only complaining about “__Host prefix”. (Which I guess is because of me hosting it at "nextcloud.mydomain.com" instead of just "mydomain.com"?)

Does the 403 forbidden appear in your reverse proxy (NPM) or web server (app container) access and error logs? Or do you have anything like Cloudflare in front?

I have the exact same problem, which started completely out of the blue. I don’t use docker. Just plain linux server. and the strange thing is that I host 2 nextcloud instances on the same server (different domains). the problematic is behind cloudflare, the other is direct. the app cannot connect with error forbidden https://domain/status.php... I did access this url from private window and from curl without a problem

1 Like

OK I am going to answer my own problem… it was caused by cloudflare… they put a new feature thingie under security → bots along the bot fight mode called “Block AI scrappers and crawlers” which got enabled by default… and was blocking the nextcloud (along other webservices of the domain… it was just that nextcloud was the first symptom)

2 Likes

Had to delete my other post answering @jtr, this fixed my problem as well! My nextcloud desktop app immediately allowed me to log in when I turned off this setting - thanks @Spyros_Vasileiadis!

And thanks @jtr and @wwe for taking the time to respond to my questions :slight_smile:

2 Likes