Nextcloud is displaying "Accessing Server From Untrusted Domain" on pages it shouldn't be displaying anything from

pard68 · December 2, 2017, 6:10pm

Nextcloud version: 12.03
Operating system and version: Ubuntu 16.04
nginx version: 1.10.3
PHP version: 7.1.12
Is this the first time you’ve seen this error?: Yes

Can you reliably replicate it?: Yes, access Nextcloud from domain example.com or any subdomain which isn’t cloud{.}example{.}com

The issue you are facing: Nextcloud is displaying on the main domain and on subdomains it should not be displaying on. It is only supposed to be displaying on ‘cloud.example.com’. On all other addresses is shows an “Untrusted Domain” page and asks for me to login as root to add it as a trusted domain, except it’s not a trusted domain because I do not want Nextcloud being accessed from these domains. My other domains were displaying properly until I installed Nextcloud, which has no hijacked everything.

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'nugget',
  'passwordsalt' => 'hotdog',
  'secret' => 'pizza',
  'trusted_domains' => 
  array (
    0 => 'cloud{.}example{.}com',
  ),
  'datadirectory' => '/var/nc_data',
  'dbtype' => 'mysql',
  'version' => '12.0.3.3',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'xyz',
  'dbpassword' => '123',
  'installed' => true,
  'htaccess.RewriteBase' => '/',
  'overwriteprotocol' => 'https',
  'loglevel' => 1,
  'logtimezone' => 'Europe/Berlin',
  'logfile' => '/var/nc_data/nextcloud.log',
  'log_rotate_size' => 104857600,
  'cron_log' => true,
  'filesystem_check_changes' => 1,
  'quota_include_external_storage' => false,
  'knowledgebaseenabled' => false,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'filelocking.enabled' => 'true',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '/var/run/redis/redis.sock',
    'port' => 0,
    'timeout' => 0.0,
  ),
  'maintenance' => false,
  'theme' => '',
  'enable_previews' => true,
  'enabledPreviewProviders' => 
  array (
    0 => 'OC\\Preview\\PNG',
    1 => 'OC\\Preview\\JPEG',
    2 => 'OC\\Preview\\GIF',
    3 => 'OC\\Preview\\BMP',
    4 => 'OC\\Preview\\XBitmap',
    5 => 'OC\\Preview\\Movie',
    6 => 'OC\\Preview\\PDF',
    7 => 'OC\\Preview\\MP3',
    8 => 'OC\\Preview\\TXT',
    9 => 'OC\\Preview\\MarkDown',
  ),
  'preview_max_x' => 512,
  'preview_max_y' => 512,
  'preview_max_scale_factor' => 1,
  'auth.bruteforce.protection.enabled' => true,
  'trashbin_retention_obligation' => 'auto, 7',
  'overwrite.cli.url' => 'https://cloud{.}example{.}com',
);

The output of your nextcloud.conf:

fastcgi_cache_path /usr/local/tmp/cache levels=1:2 keys_zone=NEXTCLOUD:100m inactive=60m;
    map $request_uri $skip_cache {
    default 1;
    ~*/thumbnail.php 0;
    ~*/apps/galleryplus/ 0;
    ~*/apps/gallery/ 0;
    }
    server {
    listen 80;
    server_name cloud{.}example{.}com;
    location ^~ /.well-known/acme-challenge {
    proxy_pass http://127.0.0.1:81;
    }
    location / {
    return 301 https://$host$request_uri;
    }
    }
    server {
    listen 443 ssl http2;
    server_name cloud{.}example{.}com;
    root /var/www/nextcloud/;
    access_log /var/log/nginx/nextcloud.access.log main;
    error_log /var/log/nginx/nextcloud.error.log warn;
    location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
    }
    location = /.well-known/carddav {
    return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
    return 301 $scheme://$host/remote.php/dav;
    }
    client_max_body_size 10240M;
    location / {
    rewrite ^ /index.php$uri;
    }
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
    }
    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    include fastcgi_params;
    include php_optimization.conf;
    fastcgi_pass php-handler;
    fastcgi_param HTTPS on;
    fastcgi_cache_bypass $skip_cache;
    fastcgi_no_cache $skip_cache;
    fastcgi_cache NEXTCLOUD;
    }
    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
    try_files $uri/ =404;
    index index.php;
    }
    location ~ \.(?:css|js|woff|svg|gif)$ {
    try_files $uri /index.php$uri$is_args$args;
    add_header Cache-Control "public, max-age=15778463";
    access_log off;
    expires 30d;
    }
    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
    try_files $uri /index.php$uri$is_args$args;
    access_log off;
    expires 30d;
    }
    }

tflidd · December 2, 2017, 7:02pm

So why don’t you redirect all the other domains to cloud.example.com?

pard68 · December 2, 2017, 7:11pm

Well, because I want them to direct to their respective server blocks. “blog.example.com” should show a wordpress blog, but since installing nextcloud it just shows the Untrusted Domain screen, courtesy of Nextcloud.

Also, thanks for formatting my post there. I couldn’t figure it out. The editor is so small on my screen

tflidd · December 2, 2017, 8:04pm

If you have different domains, it’s probably the best to use a different virtual hosts for each domain:
https://www.nginx.com/resources/wiki/start/topics/examples/server_blocks/

pard68 · December 2, 2017, 10:08pm

Solved the problem. For some reason nginx wasn’t reading edits to conf.d when I told it to reload or restart. I hard killed and rebooted nginx and now everything is working.