NextCloud won't load any mixed content

I have an issue with the CSP of my freshly installed NextCloud. I followed this guide here to set it up: https://bayton.org/docs/nextcloud/installing-nextcloud-on-ubuntu-16-04-lts-with-redis-apcu-ssl-apache/
(I skipped the SSL configuration because I already have set up SSL on my nginx)
I access my server with https://cloud.myserver.com

Now I have the problem that various content (for example the logo and the background image) doesn’t load. When I open the Firefox console at cloud.myserver.com it shows theses 2 issues:

Content Security Policy: The page’s settings blocked the loading of a resource at http://cloud.myserver.com/core/img/background.jpg?v=20 (“img-src https://cloud.myserver.com data: blob:”).
Content Security Policy: The page’s settings blocked the loading of a resource at http://cloud.myserver.com/core/img/logo.svg?v=20 (“img-src https://cloud.myserver.com data: blob:”).

It think it’s weird that NextCloud wants to access content through plain HTTP on my server. If I open the browser and enter “http://cloud.myserver.com/core/img/background.jpg?v=20” I get the image.

Do you have any ideas how I can fix this issue?

My nginx config looks like this:
upstream cloud { server 10.0.0.2:80; } server { listen 443 ssl; listen [::]:443 ssl; ssl_protocols TLSv1.2; ssl_prefer_server_ciphers on; ssl_certificate /etc/letsencrypt/live/myserver.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/myserver.com/privkey.pem; ssl_ciphers "AES256+EECDH"; ssl_ecdh_curve secp384r1; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_session_timeout 5m; ssl_stapling on; ssl_stapling_verify on; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; gzip off; client_max_body_size 53248m; server_name cloud.myserver.com; location / { proxy_pass http://cloud; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_redirect off; proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }

Hi, I’m the author and also a proxy user like yourself. That guide doesn’t cover use behind a proxy, so here’s what you need to ensure is in your config.php file:

'overwrite.cli.url' => 'https://cloud.myserver.com',
'overwriteprotocol' => 'https',

This forces NC to use HTTPS despite not being configured that way.

What you’re experiencing there is totally normal behaviour as you’re proxying from an SSL connection to plain HTTP. Nextcloud will as such respond in plain HTTP unless you tell it otherwise.

Be aware, if you access internally via IP over HTTP, this will either a) give you SSL errors or b) not work at all (443 is not configured by default, so it may refuse to connect when it forces, due to that setting, the connection from http:// to https://)

3 Likes

For future searches:

3 Likes