NextCloudPi Panel behind HAProxy: Invalid origin error

When I connect to the NextCloudPi Panel that is set up behind HAProxy (on pfsense), I receive an “Invalid origin” error in the dialogue box when a command is run (nc-backup, nc-update, etc.) through the GUI. The command itself does run but the details box does not populate, and only states invalid origin. Everything else works fine using the proxy for both NCP and NextCloud. When I connect directly through IP:port the details box does populate.

These two images above show the error when connected via HAProxy

This image above shows the result when connected directly via IP:port.

More details:

  • Separate self signed certificates for NCP panel and NextCloud authenticated at HAProxy.
  • Separate fqdn for nextcloud and nextcloudpi configured and working through HAProxy
  • Wildcard let’s encrypt cert for FQDN on HAProxy
  • config:
  • I tried adding the HAProxy virtual IP and nextcloudpi fqdn here but this didn’t work.

I could not find much through research. I noted a post here, where @nachoparker mentions:

some protection in ncp-web that verifies the origin

However the resolution doesn’t seem to apply for me.

Any help at all would be greatly appreciated!

I assumed this was some kind of config error on my part and I don’t really know enough to fully diagnose this issue. But it appears in ncp.js the details-box fills in the port number (github) so when going through the proxy it doesn’t work. I might put in an issue on github if its looking like not my config issue :sweat_smile:

yes, that’s a check for the backend sending the command output to the browser for the authenticity of the connection.

Feel free to propose a better solution in a PR :wink:

I wish I had the knowledge to contribute a solution. I am glad to have helped identify an issue, all be it low priority. Perhaps there could be an option in the NCP config to add a domain as an alternative. Thank you for your hard work on this much appreciated project.