[SOLVED] Trusted hosts not working - NC 19.0.3 from Docker official image

Hi everyone,

I’m turning crazy with my fresh Nextcloud Docker instance…

I’ve setup everything like i did times before, that’s not my first OC/NC ! Anyway… i’m here for that basic ‘trusted hosts’ thing…
My NC container is deployed following the NC documentation, i access it thru a nginx reverse proxy, where https is configured.

So, if i access my NC from https://docker@IP:container_port, it works
the /var/www/html folder is mounted as volume on my host filesystem, same thing for the data directory. I’ve configured the config.php like that…

  'trusted_domains' =>
  array (
    1 => '192.168.0.100:8080',
    2 => 'cloud.mydomain.com',
   ),

tried from the array config.sample.php syntax as well:

'trusted_domains' => 
[
    1 => '192.168.0.100:8080',
    2 => 'cloud.mydomain.com',
],

tried with that setting…

'overwrite.cli.url' => 'https://cloud.mydomain.com'

restarted web service, containers, doesn’t work.

-> I’ve tried with the php occ commands as well, the file is correlty edited…

 docker exec --user www-data nextcloud_app_1 php occ config:system:set trusted_domains 1 --value=cloud.mydomain.com

-> I’ve tried with the NEXTCLOUD_TRUSTED_DOMAINS environment variable in docker compose file as well, same thing !

[...]
environment:
  - NEXTCLOUD_TRUSTED_DOMAINS='cloud.mydomain.com 192.168.0.100:8080'

Tried to reverse the @ip and domain name, tried to remove the @ip adress and let only the domain name : doesn’t work, and i can’t access by the ip no more. (so it’s seems that i edit the correct file… !)

you guys have others ideas… ?
Thanks in advance !
Arnaud

i’ve found something, i think it’s more an nginx problem, as i use it as reverse proxy on my docker server. If i try to access cloud.mydomain.com:8080 (docker container NAT), it works !
I don’t have a clue of what’s wrong.

SO: If i access the vhost without specifying the port, i’m correctly redirected on the container, but got that ‘trusted_domain’ error. If i add the port, i’m redirected as well and it works…

Still searching!

EDIT: it seems that i’m not the only one who gets crazy on that kind of simple configuration -_- …
here is my nginx server block configuration …

upstream nextcloud {
  server       myserver:8080;
}

server {
  listen        443 ssl;
  server_name  cloud.mydomain.com;

  location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        add_header Front-End-Https on;
        proxy_pass  https://nextcloud;
  }
  # TLS
  ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers RC4:HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;
  keepalive_timeout    70;
  ssl_session_cache    shared:SSL:10m;
  ssl_session_timeout  10m;
  ssl_certificate /etc/letsencrypt/live/cloud.mydomain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/cloud.mydomain.com/privkey.pem; 
}

server {
  listen 80;
  server_name cloud.mydomain.com;
 # force https
  return 301 https://$server_name$request_uri;
}

is there someone which has experimented this configuration?
don’t tell me that you access your docker NC’s with the URL:port ?!

Ok, i’ve finally achieved it.
I’ve removed everything that concerns the proxy in nginx server block, here is what remains:

upstream nextcloud {
  server       dockerserver.local:8080;
}

server {
  listen        443 ssl;
  server_name   cloud.mydomain.com;

  location / {
        proxy_pass  http://nextcloud;
  }
  # TLS
  ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers RC4:HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;
  keepalive_timeout    70;
  ssl_session_cache    shared:SSL:10m;
  ssl_session_timeout  10m;
  ssl_certificate /etc/letsencrypt/live/cloud.mydomain.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/cloud.mydomain.com/privkey.pem; # managed by Certbot
}

server {
  listen 80;
  server_name cloud.mydomain.com
  return 301 https://$server_name$request_uri;
}