[SOLVED] Trusted hosts not working - NC 19.0.3 from Docker official image

ā„¹ļø Support šŸ“¦ Appliances (Docker, Snappy, VM, NCP, AIO)
1

Hi everyone,

Iā€™m turning crazy with my fresh Nextcloud Docker instanceā€¦

Iā€™ve setup everything like i did times before, thatā€™s not my first OC/NC ! Anywayā€¦ iā€™m here for that basic ā€˜trusted hostsā€™ thingā€¦
My NC container is deployed following the NC documentation, i access it thru a nginx reverse proxy, where https is configured.

So, if i access my NC from https://docker@IP:container_port, it works
the /var/www/html folder is mounted as volume on my host filesystem, same thing for the data directory. Iā€™ve configured the config.php like thatā€¦

  'trusted_domains' =>
  array (
    1 => '192.168.0.100:8080',
    2 => 'cloud.mydomain.com',
   ),

tried from the array config.sample.php syntax as well:

'trusted_domains' => 
[
    1 => '192.168.0.100:8080',
    2 => 'cloud.mydomain.com',
],

tried with that settingā€¦

'overwrite.cli.url' => 'https://cloud.mydomain.com'

restarted web service, containers, doesnā€™t work.

-> Iā€™ve tried with the php occ commands as well, the file is correlty editedā€¦

 docker exec --user www-data nextcloud_app_1 php occ config:system:set trusted_domains 1 --value=cloud.mydomain.com

-> Iā€™ve tried with the NEXTCLOUD_TRUSTED_DOMAINS environment variable in docker compose file as well, same thing !

[...]
environment:
  - NEXTCLOUD_TRUSTED_DOMAINS='cloud.mydomain.com 192.168.0.100:8080'

Tried to reverse the @ip and domain name, tried to remove the @ip adress and let only the domain name : doesnā€™t work, and i canā€™t access by the ip no more. (so itā€™s seems that i edit the correct fileā€¦ !)

you guys have others ideasā€¦ ?
Thanks in advance !
Arnaud

2

iā€™ve found something, i think itā€™s more an nginx problem, as i use it as reverse proxy on my docker server. If i try to access cloud.mydomain.com:8080 (docker container NAT), it works !
I donā€™t have a clue of whatā€™s wrong.

SO: If i access the vhost without specifying the port, iā€™m correctly redirected on the container, but got that ā€˜trusted_domainā€™ error. If i add the port, iā€™m redirected as well and it worksā€¦

Still searching!

EDIT: it seems that iā€™m not the only one who gets crazy on that kind of simple configuration -_- ā€¦
here is my nginx server block configuration ā€¦

upstream nextcloud {
  server       myserver:8080;
}

server {
  listen        443 ssl;
  server_name  cloud.mydomain.com;

  location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        add_header Front-End-Https on;
        proxy_pass  https://nextcloud;
  }
  # TLS
  ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers RC4:HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;
  keepalive_timeout    70;
  ssl_session_cache    shared:SSL:10m;
  ssl_session_timeout  10m;
  ssl_certificate /etc/letsencrypt/live/cloud.mydomain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/cloud.mydomain.com/privkey.pem; 
}

server {
  listen 80;
  server_name cloud.mydomain.com;
 # force https
  return 301 https://$server_name$request_uri;
}

is there someone which has experimented this configuration?
donā€™t tell me that you access your docker NCā€™s with the URL:port ?!

3

Ok, iā€™ve finally achieved it.
Iā€™ve removed everything that concerns the proxy in nginx server block, here is what remains:

upstream nextcloud {
  server       dockerserver.local:8080;
}

server {
  listen        443 ssl;
  server_name   cloud.mydomain.com;

  location / {
        proxy_pass  http://nextcloud;
  }
  # TLS
  ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers RC4:HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;
  keepalive_timeout    70;
  ssl_session_cache    shared:SSL:10m;
  ssl_session_timeout  10m;
  ssl_certificate /etc/letsencrypt/live/cloud.mydomain.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/cloud.mydomain.com/privkey.pem; # managed by Certbot
}

server {
  listen 80;
  server_name cloud.mydomain.com
  return 301 https://$server_name$request_uri;
}