Nextcloud version (eg, 20.0.5): 22.2.3
Operating system and version (eg, Ubuntu 20.04): debian 11
Apache or nginx version (eg, Apache 2.4.25): Apache (as per
PHP version (eg, 7.4): 8.0.14
The issue you are facing:
I have been running Nextcloud in my home lab behind haproxy (on pfSense) for a few months now and it is working perfectly fine.
Now I am trying to combine it with Keycloak for the login process. I have just set up Keycloak and am running it in production mode.
On Nextcloud I installed the social login app and configured it to use Keycloak. In Keycloak I set up a realm, a client and a test user for Nextcloud.
When I go to the login page of Nextcloud, I am presented with a Keycloak login button and when I click it, I am redirected to Keycloak where I can enter the credentials of the test user. But after authentication, the redirection back to Nextcloud does not work: I get a 504 Timeout error from haproxy.
Is this the first time you’ve seen this error? (Y/N):
Steps to replicate it:
- Set up haproxy
- set up Nextcloud with Social Login
- set up Keycloak
The output of your Nextcloud log in Admin > Logging:
(Nothing with respect to the login attempt)
The output of your config.php file in /path/to/nextcloud
(make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'htaccess.RewriteBase' => '/',
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'instanceid' => 'xxx',
'passwordsalt' => 'xxx',
'secret' => 'xxx',
'trusted_domains' =>
array (
0 => 'xxx',
1 => 'xxx',
),
'datadirectory' => '/mnt/nextcloud-data',
'dbtype' => 'mysql',
'version' => '22.2.3.0',
'overwrite.cli.url' => 'https://xxx',
'dbname' => 'nextcloud',
'dbhost' => 'db',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'xxx',
'dbpassword' => 'xxx',
'installed' => true,
'overwritehost' => 'xxx',
'overwriteprotocol' => 'https',
'twofactor_enforced' => 'true',
'twofactor_enforced_groups' =>
array (
0 => 'admin',
),
'twofactor_enforced_excluded_groups' =>
array (
),
'mail_smtpmode' => 'smtp',
'mail_sendmailmode' => 'smtp',
'mail_from_address' => 'nextcloud',
'mail_domain' => 'xxx',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpauth' => 1,
'mail_smtphost' => 'xxx',
'mail_smtpname' => 'xxxg',
'mail_smtppassword' => 'xxx',
'mail_smtpport' => 'xx',
'mail_smtpstreamoptions' =>
array (
'ssl' =>
array (
'allow_self_signed' => 'true',
'verify_peer' => 'false',
'verify_peer_name' => 'false',
),
),
'updater.secret' => 'xxx',
'loglevel' => 2,
'maintenance' => false,
'theme' => '',
);
Maybe the config of the social login app is more relevant here:
Authorize url: https://login.example.com/realms/example/protocol/openid-connect/auth
Token url: https://login.example.com/realms/example/protocol/openid-connect/token
Display name claim: empty
User info url: empty
Logout url: empty
Client Id: nextcloud
Client Secret xxxxx
Scope openid
Groups claim (optional) roles
Button style Keycloak
Default group None
The output of your Apache/nginx/system log in /var/log/____
:
Can't find anything of relevance.