Setup:
Official docker image + official nginx image as reverse proxy/TLS terminator
Nextcloud version: 18.0.2 (from official Docker image)
Operating system and version: Ubuntu 16.04
Apache: whatever is in the official Docker image
Nginx version: 1.17.9
PHP version: whatever is in the official Docker image
The issue:
Some HTTP links not rewritten to HTTPS.
The first point where I am experiencing this are the contact images that should be shown in the list when clicking on the contact icon in the top right:
Content Security Policy: The page’s settings blocked the loading of a resource at http://cloud.example.com/remote.php/dav/addressbooks/system/system/system/Database:name.vcf?photo&size=32 (“img-src”).
The second one is the OnlyOffice document server:
-
Install as described in [1]
-
OnlyOffice settings field Document Editing Service Location is prepopulated with https://cloud.example.com/apps/documentserver_community/ and opening docs gets me a popup “ONLYOFFICE not reachable. Contact your Administrator.” (similar to what someones describes in this Github issue [2])
-
If I change the prefix to https it loads more of OnlyOffice but then is stuck at
Content Security Policy: The page’s settings blocked the loading of a resource at http://cloud.example.com/apps/documentserver_community/open/1234567890/Editor.bin (“connect-src”).
Similar to this issue [3] but unlike the reporter who seems to be experiencing this for CSVs only I have it for any docfiles I try.
I already have
'overwrite.cli.url' => 'https://cloud.example.com',
'overwriteprotocol' => 'https',
in my config.php as well
proxy_set_header X-Forwarded-Proto $scheme;
in my nginx.conf
So now I’m kinda clueless; these are the only two sources of error for other people that I have found on Github or in this forum.
Is this the first time you’ve seen this error? (Y/N):
Contacts: no, but I kinda lived with it. OnlyOffice: yes, and now it annoys be enough to ask here.
The output of your Nextcloud log in Admin > Logging:
OMITTED FOR NOW
config.php:
'overwrite.cli.url' => 'https://cloud.example.com',
'overwriteprotocol' => 'https',
The output of your Apache/nginx/system log in /var/log/
:
OMITTED FOR NOW
Reverse proxy nginx config:
server {
listen 80;
listen [::]:80;
server_name cloud.example.com;
server_name_in_redirect off;
access_log /var/log/nginx/nextcloud.access.log main;
location /.well-known {
root /usr/share/nginx/html;
allow all;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cloud.example.com;
ssl_certificate /etc/letsencrypt/live/cloud.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.example.com/privkey.pem;
include /etc/nginx/conf.d/ssl.conf;
location /robots.txt {
root /usr/share/nginx/html;
try_files $uri 404.html;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# Raise file upload size
client_max_body_size 512m;
# Limit download size
proxy_max_temp_file_size 4096m;
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location / {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass_request_headers on;
proxy_pass http://nextcloud;
}
}
[1] https://nextcloud.com/blog/how-to-install-onlyoffice-in-nextcloud-hub-and-new-integration-feature/
[2] https://github.com/nextcloud/documentserver_community/issues/35
[3] https://github.com/nextcloud/documentserver_community/issues/70