Proxy address leaking in some links

izzyb · March 25, 2021, 11:19pm

I’ve been running nextcloud on a dedicated port but am moving to a reverse proxy configuration. For the most part, everything is working, but I’ve noticed the internal address is appearing on the links for the application update notices and the talk link in the menu. Is this a configuration issue on my side or a bug? I’m running version 19.0.9.1

Apache2 using mod_proxy on the proxy is configured as so:

        <Location /nextcloud/>
            Order allow,deny
            Allow from all
            ProxyPass http://10.90.8.150/nextcloud/ flushpackets=on
            ProxyPassReverse http://10.90.8.150/nextcloud/
        </Location>

In config.php I have

  'trusted_proxies' => 
  array (
    0 => '10.90.3.122',
  ),
  'trusted_domains' =>
  array (
    0 => 'cloud.mydomain.com',
    1 => '10.90.8.150',
  ),

The full and correct url should include the https:// part as it does for most of the links, but the effected links start with the internal address of the nextcloud server without the protocol portion. ie, the talk link is as follows:

                10.90.8.150/nextcloud/index.php/apps/spread/

The expected address should be:

                 https://cloud.mydomain.com/nextcloud/index.php.apps/spread/

This seems like a bug. What am I missing?

…Izzy

izzyb · March 26, 2021, 5:10am

Problem resolved. I found and copied the following section from the config.sample.php file into my config.php and filled in the first two options. Already had the correct value set for the last option. Didn’t need to modify my root values. After that everything worked as expected.

/**
 * Proxy Configurations
 */

/**
 * The automatic hostname detection of Nextcloud can fail in certain reverse
 * proxy and CLI/cron situations. This option allows you to manually override
 * the automatic detection; for example ``www.example.com``, or specify the port
 * ``www.example.com:8080``.
 */
'overwritehost' => '',

/**
 * When generating URLs, Nextcloud attempts to detect whether the server is
 * accessed via ``https`` or ``http``. However, if Nextcloud is behind a proxy
 * and the proxy handles the ``https`` calls, Nextcloud would not know that
 * ``ssl`` is in use, which would result in incorrect URLs being generated.
 * Valid values are ``http`` and ``https``.
 */
'overwriteprotocol' => '',

/**
 * Nextcloud attempts to detect the webroot for generating URLs automatically.
 * For example, if ``www.example.com/nextcloud`` is the URL pointing to the
 * Nextcloud instance, the webroot is ``/nextcloud``. When proxies are in use,
 * it may be difficult for Nextcloud to detect this parameter, resulting in
 * invalid URLs.
 */
'overwritewebroot' => '',

/**
 * This option allows you to define a manual override condition as a regular
 * expression for the remote IP address. For example, defining a range of IP
 * addresses starting with ``10.0.0.`` and ending with 1 to 3:
 * ``^10\.0\.0\.[1-3]$``
 *
 * Defaults to ``''`` (empty string)
 */
'overwritecondaddr' => '',

/**
 * Use this configuration parameter to specify the base URL for any URLs which
 * are generated within Nextcloud using any kind of command line tools (cron or
 * occ). The value should contain the full base URL:
 * ``https://www.example.com/nextcloud``
 *
 * Defaults to ``''`` (empty string)
 */
'overwrite.cli.url' => '',