Nextcloud v10.0.2 Does not log out

Fresh install on Ubuntu 14.04 LTS, MariaDB v10.1, PHP v7.0.14

The above link shown while browsing (HTTPS) but at log out turns to the below one (HTTP)!

Platform is behind Pound Proxy v2.6 with the following configs,

User "www-data"
Group "www-data"
LogLevel 2
Alive 30
IgnoreCase 1
Control "/var/run/pound/poundctl.socket"
Port 443
AddHeader "“X-Forwarded-Proto: https”"
HeadRemove "“X-Forwarded-Proto”"
HeadRemove "“X-Forwarded-For”"
Cert “/etc/pound/MyDomainCRT.PEM”

avoid poodle security attack

#Disable SSLv3
#Disable SSLv2
SSLAllowClientRenegotiation 0
SSLHonorCipherOrder 1
HeadRequire "Host:"
Port 46147

Security & setup warnings shows that, All checks passed.
The above configurations are working fine with Nextcloud v10.0.1

Please advice

How does your config.php file look?

In particular the overwrite.cli and overwriteprotocol lines.

Below is config.php contents,

$CONFIG = array (
‘instanceid’ => ‘oczaz0rhk0za’,
‘passwordsalt’ => ‘XXXXX’,
‘secret’ => ‘XXXXX’,
‘memcache.local’ => ‘\OC\Memcache\APCu’,
‘preview_libreoffice_path’ => ‘/usr/bin/libreoffice’,
‘trusted_domains’ =>
array (
0 => ‘localhost’,
1 => ‘’,
2 => ‘’,
‘datadirectory’ => ‘/home/nextcloud/data’,
‘overwrite.cli.url’ => ‘http://localhost/nextcloud’, Apache document root changed to /var/www/nextcloud so that http://localhost can access normally
’dbtype’ => ‘mysql’,
‘version’ => ‘’,
‘dbname’ => ‘nextcloud’,
‘dbhost’ => ‘localhost’,
‘dbport’ => ‘’,
‘dbtableprefix’ => ‘oc_’,
‘dbuser’ => ‘nextcloud’,
‘dbpassword’ => ‘PasswordSQL’,
‘logtimezone’ => ‘UTC’,
‘installed’ => true,

Overwrite URL should be external unless you always access from the machine it’s installed on -

Here’s mine:

‘overwrite.cli.url’ => ‘’,
‘overwriteprotocol’ => ‘https’,

Also if you’ve changed the root to nextcloud then you wouldn’t have /nextcloud on the end of the overwrite URL.

:slight_smile: Fixed!
Yes no /nextcloud in address, just facing localhost:port
Thanks Jason for your kind and quick support!

1 Like

You can edit out your password salt and secret.

Just to clarify, in case someone else is about to make the stupid mistake I almost made: I’m pretty sure @JasonBayton meant @vCentre should edit their message (above) which contains the salt and secret, not that they should edit those out of their live config.php on the server, as that would cause the loss of all existing passwords.

I’ve removed the sensitive data from the posted config.

So I know to be clearer in the future :slight_smile: - Edited that out of the solution as @LukasReschke has edited the post.

1 Like