Topbar not appearing

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can.

The Basics

• Nextcloud Server version (e.g., 29.x.x):
  • replace me
• Operating system and version (e.g., Ubuntu 24.04):
  • Ubuntu 24.04
• Web server and version (e.g, Apache 2.4.25):
  • Traefik 3.16.3
• Reverse proxy and version _(e.g. nginx 1.27.2)
  • Traefik 3.16.3
• PHP version (e.g, 8.3):
  • Unsure since I use Docker
• Is this the first time you’ve seen this error? (Yes / No):
  • Yes
• When did this problem seem to first start?
  • Upon installation
• Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
  • AIO
• Are you using CloudfIare, mod_security, or similar? (Yes / No)
  • I am using Cloudflare, and I have a traefik CSP

Summary of the issue you are facing:

Hello. I am trying to install Nextcloud AIO on my machine, that is behind a traefik reverse proxy. Now, the domain I am using is on the HSTS preload list, and uses a CSP. However, for some reason, if I disable the CSP, the login page does not show up:

image1902×1018 119 KB

image1918×394 111 KB

Upon enabling the CSP, this seemingly fixes itself, however, upon logging in with the initial admin password, there is absolutely no topbar. Sadly, there are also no errors in the console:

image1918×993 324 KB

For context, my CSP in traefik is this:

http:
  middlewares:
    security-headers:
      headers:
        frameDeny: true
        contentSecurityPolicy: "base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report;"

Steps to replicate it (hint: details matter!)

I myself only started nextcloud AIO and did what I described earlier.

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

N/A

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

N/A

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/____:

2026-04-21T15:26:42Z INF | ClientAddr=172.69.150.111:11054 ClientHost=91.99.54.86 ClientPort=11054 DownstreamContentSize=41 DownstreamStatus=200 Duration=3029648 OriginContentSize=41 OriginDuration=2677283 OriginStatus=200 Overhead=352365 RequestAddr=sentry.pathos.gg RequestContentSize=12034 RequestCount=352 RequestHost=sentry.pathos.gg RequestMethod=POST RequestPath=/api/4/envelope/?sentry_version=7&sentry_key=7fc86a173dac234c83a554c2404fb070&sentry_client=sentry.javascript.node%2F10.49.0 RequestPort=- RequestProtocol=HTTP/2.0 RequestScheme=https RetryAttempts=0 RouterName=websecure-sentry-ingest@file ServiceAddr=sentry-self-hosted-nginx-1:80 ServiceName=sentry@file ServiceURL=http://sentry-self-hosted-nginx-1:80 SpanId=d2cdaf13bd13b4d3 StartLocal=2026-04-21T15:26:42.029012877Z StartUTC=2026-04-21T15:26:42.029012877Z TLSCipher=TLS_AES_128_GCM_SHA256 TLSVersion=1.3 TraceId=a58b88559bd7708494cbf2763ed6fcb7 downstream_Access-Control-Allow-Origin=* downstream_Access-Control-Expose-Headers=x-sentry-error,x-sentry-rate-limits,retry-after downstream_Accesscontrolallowcredentials=false downstream_Accesscontrolallowheaders=║24║sentry-trace║baggage downstream_Accesscontrolallowmethods=║24║GET║POST║PUT downstream_Accesscontrolalloworiginlist=║24║* downstream_Accesscontrolexposeheaders=║24║sentry-trace║baggage downstream_Addvaryheader=true downstream_Content-Length=41 downstream_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; downstream_Content-Type=application/json downstream_Cross-Origin-Resource-Policy=cross-origin downstream_Date=Tue, 21 Apr 2026 15:26:42 GMT downstream_Server=nginx downstream_Vary=origin, access-control-request-method, access-control-request-headers downstream_X-Frame-Options=DENY entryPointName=websecure msg= origin_Access-Control-Allow-Origin=* origin_Access-Control-Expose-Headers=x-sentry-error,x-sentry-rate-limits,retry-after origin_Accesscontrolallowcredentials=false origin_Accesscontrolallowheaders=║24║sentry-trace║baggage origin_Accesscontrolallowmethods=║24║GET║POST║PUT origin_Accesscontrolalloworiginlist=║24║* origin_Accesscontrolexposeheaders=║24║sentry-trace║baggage origin_Addvaryheader=true origin_Content-Length=41 origin_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; origin_Content-Type=application/json origin_Cross-Origin-Resource-Policy=cross-origin origin_Date=Tue, 21 Apr 2026 15:26:42 GMT origin_Server=nginx origin_Vary=origin, access-control-request-method, access-control-request-headers origin_X-Frame-Options=DENY request_Accept-Encoding=gzip, br request_Cdn-Loop=cloudflare; loops=1 request_Cf-Connecting-Ip=91.99.54.86 request_Cf-Ipcountry=DE request_Cf-Ray=9efd68986e865d72-FRA request_Cf-Visitor={"scheme":"https"} request_Content-Length=12034 request_User-Agent=REDACTED request_X-Forwarded-For=91.99.54.86 request_X-Forwarded-Host=sentry.pathos.gg request_X-Forwarded-Port=443 request_X-Forwarded-Proto=https request_X-Forwarded-Server=bd735b926dec request_X-Real-Ip=172.69.150.111 span_id=d2cdaf13bd13b4d3 trace_id=a58b88559bd7708494cbf2763ed6fcb7 

2026-04-21T15:26:42Z ERR Failed to list services for docker swarm mode error="Error response from daemon: This node is not a swarm manager. Use \"docker swarm init\" or \"docker swarm join\" to connect this node to swarm and try again." providerName=swarm

2026-04-21T15:26:42Z ERR Provider error, retrying in 3.372387103s error="Error response from daemon: This node is not a swarm manager. Use \"docker swarm init\" or \"docker swarm join\" to connect this node to swarm and try again." providerName=swarm

2026-04-21T15:26:43Z INF | ClientAddr=108.162.221.93:13697 ClientHost=94.250.175.27 ClientPort=13697 DownstreamContentSize=0 DownstreamStatus=0 Duration=12487918672 OriginContentSize=0 OriginDuration=12487665425 OriginStatus=0 Overhead=253247 RequestAddr=cloud.pathos.gg RequestContentSize=0 RequestCount=351 RequestHost=cloud.pathos.gg RequestMethod=GET RequestPath=/push/ws RequestPort=- RequestProtocol=HTTP/1.1 RequestScheme=https RetryAttempts=0 RouterName=nextcloud@file ServiceAddr=nextcloud-aio-apache:11000 ServiceName=nextcloud@file ServiceURL=http://nextcloud-aio-apache:11000 SpanId=cb1fe968a8556af5 StartLocal=2026-04-21T15:26:30.993841467Z StartUTC=2026-04-21T15:26:30.993841467Z TLSCipher=TLS_AES_128_GCM_SHA256 TLSVersion=1.3 TraceId=41a3bca2b8135337da298ebaabb0383b downstream_Access-Control-Allow-Origin=https://cloud.pathos.gg downstream_Connection=upgrade downstream_Content-Type= downstream_Date=Tue, 21 Apr 2026 15:26:30 GMT downstream_Sec-Websocket-Accept=JmIJgjqj3jN99JeeDd8mMtT8QJA= downstream_Upgrade=websocket entryPointName=websecure msg= origin_Access-Control-Allow-Origin=https://cloud.pathos.gg origin_Connection=upgrade origin_Content-Type= origin_Date=Tue, 21 Apr 2026 15:26:30 GMT origin_Sec-Websocket-Accept=JmIJgjqj3jN99JeeDd8mMtT8QJA= origin_Upgrade=websocket request_Accept=*/* request_Accept-Encoding=gzip, br request_Accept-Language=en-US,en;q=0.9 request_Cache-Control=no-cache request_Cdn-Loop=cloudflare; loops=1 request_Cf-Connecting-Ip=94.250.175.27 request_Cf-Ipcountry=HR request_Cf-Ray=9efd68529cab5acb-VIE request_Cf-Visitor={"scheme":"https"} request_Connection=Upgrade request_Cookie=oc_sessionPassphrase=Ib0Hlr4CE5tcPwLtTwEEaj6%2BQ3nWrk%2Fh4eKyGIQ0mGpvlU3ggucLiUWcH4VTNfyKQF%2FmowHbdqRHclec4bVm%2Ffamt%2B%2FOIbsfYXrclL1LgZBP8RZF5rdJz4twA5HgjXu%2B; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; ocgfttvzmfu3=54e31e690ffd0cd6fdfcf705e4776b62; nc_username=admin; nc_token=SCkZxDlupVOdWffsfmPhwxoTYPwHL7yM; nc_session_id=54e31e690ffd0cd6fdfcf705e4776b62 request_Origin=https://cloud.pathos.gg request_Pragma=no-cache request_Sec-Fetch-Dest=empty request_Sec-Fetch-Mode=websocket request_Sec-Fetch-Site=same-origin request_Sec-Websocket-Extensions=permessage-deflate request_Sec-Websocket-Key=xkODRpCQxjEdRCCuGtwqMQ== request_Sec-Websocket-Version=13 request_Upgrade=websocket request_User-Agent=REDACTED request_X-Forwarded-For=94.250.175.27 request_X-Forwarded-Host=cloud.pathos.gg request_X-Forwarded-Port=443 request_X-Forwarded-Proto=https request_X-Forwarded-Server=bd735b926dec request_X-Real-Ip=108.162.221.93 span_id=cb1fe968a8556af5 trace_id=41a3bca2b8135337da298ebaabb0383b 

2026-04-21T15:26:43Z INF | ClientAddr=104.23.162.152:12568 ClientHost=94.250.175.27 ClientPort=12568 DownstreamContentSize=14686 DownstreamStatus=200 Duration=176879645 OriginContentSize=14686 OriginDuration=176574208 OriginStatus=200 Overhead=305437 RequestAddr=cloud.pathos.gg RequestContentSize=0 RequestCount=353 RequestHost=cloud.pathos.gg RequestMethod=GET RequestPath=/apps/dashboard/ RequestPort=- RequestProtocol=HTTP/2.0 RequestScheme=https RetryAttempts=0 RouterName=nextcloud@file ServiceAddr=nextcloud-aio-apache:11000 ServiceName=nextcloud@file ServiceURL=http://nextcloud-aio-apache:11000 SpanId=6ca19576b1b65043 StartLocal=2026-04-21T15:26:43.479288915Z StartUTC=2026-04-21T15:26:43.479288915Z TLSCipher=TLS_AES_128_GCM_SHA256 TLSVersion=1.3 TraceId=91fb31d8083f1f3a44038b29b9563daa downstream_Cache-Control=no-cache, no-store, must-revalidate downstream_Content-Encoding=gzip downstream_Content-Length=14686 downstream_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; downstream_Content-Type=text/html; charset=UTF-8 downstream_Date=Tue, 21 Apr 2026 15:26:43 GMT downstream_Feature-Policy=autoplay 'self';camera 'self';fullscreen 'self' https://cloud.pathos.gg;geolocation 'self';microphone 'self';payment 'none' downstream_Referrer-Policy=same-origin downstream_Strict-Transport-Security=max-age=31536000; downstream_Via=1.1 Caddy downstream_X-Content-Type-Options=nosniff downstream_X-Frame-Options=DENY downstream_X-Permitted-Cross-Domain-Policies=none downstream_X-Request-Id=HgaSK3OwKJNKkY179oGZ downstream_X-Robots-Tag=noindex, nofollow downstream_X-User-Id=admin entryPointName=websecure msg= origin_Cache-Control=no-cache, no-store, must-revalidate origin_Content-Encoding=gzip origin_Content-Length=14686 origin_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; origin_Content-Type=text/html; charset=UTF-8 origin_Date=Tue, 21 Apr 2026 15:26:43 GMT origin_Feature-Policy=autoplay 'self';camera 'self';fullscreen 'self' https://cloud.pathos.gg;geolocation 'self';microphone 'self';payment 'none' origin_Referrer-Policy=same-origin origin_Strict-Transport-Security=max-age=31536000; origin_Via=1.1 Caddy origin_X-Content-Type-Options=nosniff origin_X-Frame-Options=DENY origin_X-Permitted-Cross-Domain-Policies=none origin_X-Request-Id=HgaSK3OwKJNKkY179oGZ origin_X-Robots-Tag=noindex, nofollow origin_X-User-Id=admin request_Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 request_Accept-Encoding=gzip, br request_Accept-Language=en-US,en;q=0.9 request_Cdn-Loop=cloudflare; loops=1 request_Cf-Connecting-Ip=94.250.175.27 request_Cf-Ipcountry=HR request_Cf-Ray=9efd68a18ec6de3b-VIE request_Cf-Visitor={"scheme":"https"} request_Cookie=oc_sessionPassphrase=Ib0Hlr4CE5tcPwLtTwEEaj6%2BQ3nWrk%2Fh4eKyGIQ0mGpvlU3ggucLiUWcH4VTNfyKQF%2FmowHbdqRHclec4bVm%2Ffamt%2B%2FOIbsfYXrclL1LgZBP8RZF5rdJz4twA5HgjXu%2B; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; ocgfttvzmfu3=54e31e690ffd0cd6fdfcf705e4776b62; nc_username=admin; nc_token=SCkZxDlupVOdWffsfmPhwxoTYPwHL7yM; nc_session_id=54e31e690ffd0cd6fdfcf705e4776b62 request_Priority=u=0, i request_Referer=https://cloud.pathos.gg/login?direct=1&user=admin request_Sec-Fetch-Dest=document request_Sec-Fetch-Mode=navigate request_Sec-Fetch-Site=same-origin request_Sec-Fetch-User=?1 request_Upgrade-Insecure-Requests=1 request_User-Agent=REDACTED request_X-Forwarded-For=94.250.175.27 request_X-Forwarded-Host=cloud.pathos.gg request_X-Forwarded-Port=443 request_X-Forwarded-Proto=https request_X-Forwarded-Server=bd735b926dec request_X-Real-Ip=104.23.162.152 span_id=6ca19576b1b65043 trace_id=91fb31d8083f1f3a44038b29b9563daa 

2026-04-21T15:26:44Z INF | ClientAddr=104.23.162.152:12567 ClientHost=94.250.175.27 ClientPort=12567 DownstreamContentSize=853 DownstreamStatus=200 Duration=114641458 OriginContentSize=853 OriginDuration=114370767 OriginStatus=200 Overhead=270691 RequestAddr=cloud.pathos.gg RequestContentSize=0 RequestCount=354 RequestHost=cloud.pathos.gg RequestMethod=GET RequestPath=/ocs/v2.php/apps/dashboard/api/v1/widgets RequestPort=- RequestProtocol=HTTP/2.0 RequestScheme=https RetryAttempts=0 RouterName=nextcloud@file ServiceAddr=nextcloud-aio-apache:11000 ServiceName=nextcloud@file ServiceURL=http://nextcloud-aio-apache:11000 SpanId=7e6af10904e1033b StartLocal=2026-04-21T15:26:44.272889848Z StartUTC=2026-04-21T15:26:44.272889848Z TLSCipher=TLS_AES_128_GCM_SHA256 TLSVersion=1.3 TraceId=df7c22a3df57a27e366300ae71b2ed40 downstream_Cache-Control=no-cache, no-store, must-revalidate downstream_Content-Encoding=gzip downstream_Content-Length=853 downstream_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; downstream_Content-Type=application/json; charset=utf-8 downstream_Date=Tue, 21 Apr 2026 15:26:44 GMT downstream_Feature-Policy=autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' downstream_Referrer-Policy=same-origin downstream_Strict-Transport-Security=max-age=31536000; downstream_Via=1.1 Caddy downstream_X-Content-Type-Options=nosniff downstream_X-Frame-Options=DENY downstream_X-Permitted-Cross-Domain-Policies=none downstream_X-Request-Id=HdLcZIuwcAVIoUsoXDeS downstream_X-Robots-Tag=noindex, nofollow downstream_X-User-Id=admin entryPointName=websecure msg= origin_Cache-Control=no-cache, no-store, must-revalidate origin_Content-Encoding=gzip origin_Content-Length=853 origin_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; origin_Content-Type=application/json; charset=utf-8 origin_Date=Tue, 21 Apr 2026 15:26:44 GMT origin_Feature-Policy=autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' origin_Referrer-Policy=same-origin origin_Strict-Transport-Security=max-age=31536000; origin_Via=1.1 Caddy origin_X-Content-Type-Options=nosniff origin_X-Frame-Options=DENY origin_X-Permitted-Cross-Domain-Policies=none origin_X-Request-Id=HdLcZIuwcAVIoUsoXDeS origin_X-Robots-Tag=noindex, nofollow origin_X-User-Id=admin request_Accept=application/json, text/plain, */* request_Accept-Encoding=gzip, br request_Accept-Language=en-US,en;q=0.9 request_Cdn-Loop=cloudflare; loops=1 request_Cf-Connecting-Ip=94.250.175.27 request_Cf-Ipcountry=HR request_Cf-Ray=9efd68a68893de3b-VIE request_Cf-Visitor={"scheme":"https"} request_Cookie=oc_sessionPassphrase=Ib0Hlr4CE5tcPwLtTwEEaj6%2BQ3nWrk%2Fh4eKyGIQ0mGpvlU3ggucLiUWcH4VTNfyKQF%2FmowHbdqRHclec4bVm%2Ffamt%2B%2FOIbsfYXrclL1LgZBP8RZF5rdJz4twA5HgjXu%2B; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; ocgfttvzmfu3=54e31e690ffd0cd6fdfcf705e4776b62; nc_username=admin; nc_token=SCkZxDlupVOdWffsfmPhwxoTYPwHL7yM; nc_session_id=54e31e690ffd0cd6fdfcf705e4776b62 request_Referer=https://cloud.pathos.gg/apps/dashboard/ request_Requesttoken=3q2FzCsWKNfVRYDzvwxQ7BSv/dLbUUw4vNbsulOJmwo=:qMTCrkpmZOf+HMmA72I1ok3tmIGVZCBP5oGj9iHY/GE= request_Sec-Fetch-Dest=empty request_Sec-Fetch-Mode=cors request_Sec-Fetch-Site=same-origin request_User-Agent=REDACTED request_X-Forwarded-For=94.250.175.27 request_X-Forwarded-Host=cloud.pathos.gg request_X-Forwarded-Port=443 request_X-Forwarded-Proto=https request_X-Forwarded-Server=bd735b926dec request_X-Real-Ip=104.23.162.152 request_X-Requested-With=XMLHttpRequest span_id=7e6af10904e1033b trace_id=df7c22a3df57a27e366300ae71b2ed40 

2026-04-21T15:26:44Z INF | ClientAddr=104.23.162.153:13481 ClientHost=94.250.175.27 ClientPort=13481 DownstreamContentSize=528 DownstreamStatus=207 Duration=99183662 OriginContentSize=528 OriginDuration=98882776 OriginStatus=207 Overhead=300886 RequestAddr=cloud.pathos.gg RequestContentSize=566 RequestCount=355 RequestHost=cloud.pathos.gg RequestMethod=PROPFIND RequestPath=/remote.php/dav/files/admin/ RequestPort=- RequestProtocol=HTTP/2.0 RequestScheme=https RetryAttempts=0 RouterName=nextcloud@file ServiceAddr=nextcloud-aio-apache:11000 ServiceName=nextcloud@file ServiceURL=http://nextcloud-aio-apache:11000 SpanId=cd346948bdf7d807 StartLocal=2026-04-21T15:26:44.43177491Z StartUTC=2026-04-21T15:26:44.43177491Z TLSCipher=TLS_AES_128_GCM_SHA256 TLSVersion=1.3 TraceId=9a793eba8e0c52b2442b87c5d3506f98 downstream_Content-Encoding=gzip downstream_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; downstream_Content-Type=application/xml; charset=utf-8 downstream_Date=Tue, 21 Apr 2026 15:26:44 GMT downstream_Dav=1, 3, extended-mkcol, access-control, calendarserver-principal-property-search, nc-paginate, nextcloud-checksum-update, nc-calendar-search, nc-enable-birthday-calendar downstream_Referrer-Policy=same-origin downstream_Strict-Transport-Security=max-age=31536000; downstream_Vary=Brief,Prefer downstream_Via=1.1 Caddy downstream_X-Content-Type-Options=nosniff downstream_X-Debug-Token=XuYmwjDSryYi2wF0D8LS downstream_X-Frame-Options=DENY downstream_X-Permitted-Cross-Domain-Policies=none downstream_X-Request-Id=XuYmwjDSryYi2wF0D8LS downstream_X-Robots-Tag=noindex, nofollow downstream_X-User-Id=admin entryPointName=websecure msg= origin_Content-Encoding=gzip origin_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; origin_Content-Type=application/xml; charset=utf-8 origin_Date=Tue, 21 Apr 2026 15:26:44 GMT origin_Dav=1, 3, extended-mkcol, access-control, calendarserver-principal-property-search, nc-paginate, nextcloud-checksum-update, nc-calendar-search, nc-enable-birthday-calendar origin_Referrer-Policy=same-origin origin_Strict-Transport-Security=max-age=31536000; origin_Vary=Brief,Prefer origin_Via=1.1 Caddy origin_X-Content-Type-Options=nosniff origin_X-Debug-Token=XuYmwjDSryYi2wF0D8LS origin_X-Frame-Options=DENY origin_X-Permitted-Cross-Domain-Policies=none origin_X-Request-Id=XuYmwjDSryYi2wF0D8LS origin_X-Robots-Tag=noindex, nofollow origin_X-User-Id=admin request_Accept=text/plain,application/xml request_Accept-Encoding=gzip, br request_Accept-Language=en-US,en;q=0.9 request_Cdn-Loop=cloudflare; loops=1 request_Cf-Connecting-Ip=94.250.175.27 request_Cf-Ipcountry=HR request_Cf-Ray=9efd68a78c4ade3b-VIE request_Cf-Visitor={"scheme":"https"} request_Content-Length=566 request_Content-Type=text/plain;charset=UTF-8 request_Cookie=oc_sessionPassphrase=Ib0Hlr4CE5tcPwLtTwEEaj6%2BQ3nWrk%2Fh4eKyGIQ0mGpvlU3ggucLiUWcH4VTNfyKQF%2FmowHbdqRHclec4bVm%2Ffamt%2B%2FOIbsfYXrclL1LgZBP8RZF5rdJz4twA5HgjXu%2B; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; ocgfttvzmfu3=54e31e690ffd0cd6fdfcf705e4776b62; nc_username=admin; nc_token=SCkZxDlupVOdWffsfmPhwxoTYPwHL7yM; nc_session_id=54e31e690ffd0cd6fdfcf705e4776b62 request_Depth=0 request_Origin=https://cloud.pathos.gg request_Priority=u=4 request_Referer=https://cloud.pathos.gg/apps/dashboard/ request_Requesttoken=3q2FzCsWKNfVRYDzvwxQ7BSv/dLbUUw4vNbsulOJmwo=:qMTCrkpmZOf+HMmA72I1ok3tmIGVZCBP5oGj9iHY/GE= request_Sec-Fetch-Dest=empty request_Sec-Fetch-Mode=cors request_Sec-Fetch-Site=same-origin request_User-Agent=REDACTED request_X-Forwarded-For=94.250.175.27 request_X-Forwarded-Host=cloud.pathos.gg request_X-Forwarded-Port=443 request_X-Forwarded-Proto=https request_X-Forwarded-Server=bd735b926dec request_X-Real-Ip=104.23.162.153 request_X-Recognize-Api-Key= request_X-Requested-With=XMLHttpRequest span_id=cd346948bdf7d807 trace_id=9a793eba8e0c52b2442b87c5d3506f98 

2026-04-21T15:26:44Z INF | ClientAddr=104.23.162.153:13481 ClientHost=94.250.175.27 ClientPort=13481 DownstreamContentSize=436 DownstreamStatus=200 Duration=139068731 OriginContentSize=436 OriginDuration=138688513 OriginStatus=200 Overhead=380218 RequestAddr=cloud.pathos.gg RequestContentSize=0 RequestCount=356 RequestHost=cloud.pathos.gg RequestMethod=GET RequestPath=/ocs/v2.php/apps/recommendations/api/v1/recommendations/always RequestPort=- RequestProtocol=HTTP/2.0 RequestScheme=https RetryAttempts=0 RouterName=nextcloud@file ServiceAddr=nextcloud-aio-apache:11000 ServiceName=nextcloud@file ServiceURL=http://nextcloud-aio-apache:11000 SpanId=69912da794ee8e32 StartLocal=2026-04-21T15:26:44.472854871Z StartUTC=2026-04-21T15:26:44.472854871Z TLSCipher=TLS_AES_128_GCM_SHA256 TLSVersion=1.3 TraceId=30b56c130dbbb62aadddd1b9d6a98f05 downstream_Cache-Control=no-cache, no-store, must-revalidate downstream_Content-Encoding=gzip downstream_Content-Length=436 downstream_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; downstream_Content-Type=application/json; charset=utf-8 downstream_Date=Tue, 21 Apr 2026 15:26:44 GMT downstream_Feature-Policy=autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' downstream_Referrer-Policy=same-origin downstream_Strict-Transport-Security=max-age=31536000; downstream_Via=1.1 Caddy downstream_X-Content-Type-Options=nosniff downstream_X-Frame-Options=DENY downstream_X-Permitted-Cross-Domain-Policies=none downstream_X-Request-Id=YE8CpQM7u1EJpQVTbKDl downstream_X-Robots-Tag=noindex, nofollow downstream_X-User-Id=admin entryPointName=websecure msg= origin_Cache-Control=no-cache, no-store, must-revalidate origin_Content-Encoding=gzip origin_Content-Length=436 origin_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; origin_Content-Type=application/json; charset=utf-8 origin_Date=Tue, 21 Apr 2026 15:26:44 GMT origin_Feature-Policy=autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' origin_Referrer-Policy=same-origin origin_Strict-Transport-Security=max-age=31536000; origin_Via=1.1 Caddy origin_X-Content-Type-Options=nosniff origin_X-Frame-Options=DENY origin_X-Permitted-Cross-Domain-Policies=none origin_X-Request-Id=YE8CpQM7u1EJpQVTbKDl origin_X-Robots-Tag=noindex, nofollow origin_X-User-Id=admin request_Accept=application/json, text/plain, */* request_Accept-Encoding=gzip, br request_Accept-Language=en-US,en;q=0.9 request_Cdn-Loop=cloudflare; loops=1 request_Cf-Connecting-Ip=94.250.175.27 request_Cf-Ipcountry=HR request_Cf-Ray=9efd68a7cd3bde3b-VIE request_Cf-Visitor={"scheme":"https"} request_Cookie=oc_sessionPassphrase=Ib0Hlr4CE5tcPwLtTwEEaj6%2BQ3nWrk%2Fh4eKyGIQ0mGpvlU3ggucLiUWcH4VTNfyKQF%2FmowHbdqRHclec4bVm%2Ffamt%2B%2FOIbsfYXrclL1LgZBP8RZF5rdJz4twA5HgjXu%2B; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; ocgfttvzmfu3=54e31e690ffd0cd6fdfcf705e4776b62; nc_username=admin; nc_token=SCkZxDlupVOdWffsfmPhwxoTYPwHL7yM; nc_session_id=54e31e690ffd0cd6fdfcf705e4776b62 request_Referer=https://cloud.pathos.gg/apps/dashboard/ request_Requesttoken=3q2FzCsWKNfVRYDzvwxQ7BSv/dLbUUw4vNbsulOJmwo=:qMTCrkpmZOf+HMmA72I1ok3tmIGVZCBP5oGj9iHY/GE= request_Sec-Fetch-Dest=empty request_Sec-Fetch-Mode=cors request_Sec-Fetch-Site=same-origin request_User-Agent=REDACTED request_X-Forwarded-For=94.250.175.27 request_X-Forwarded-Host=cloud.pathos.gg request_X-Forwarded-Port=443 request_X-Forwarded-Proto=https request_X-Forwarded-Server=bd735b926dec request_X-Real-Ip=104.23.162.153 request_X-Requested-With=XMLHttpRequest span_id=69912da794ee8e32 trace_id=30b56c130dbbb62aadddd1b9d6a98f05 

2026-04-21T15:26:44Z INF | ClientAddr=104.23.162.153:13481 ClientHost=94.250.175.27 ClientPort=13481 DownstreamContentSize=316 DownstreamStatus=200 Duration=87792224 OriginContentSize=316 OriginDuration=87476148 OriginStatus=200 Overhead=316076 RequestAddr=cloud.pathos.gg RequestContentSize=0 RequestCount=357 RequestHost=cloud.pathos.gg RequestMethod=GET RequestPath=/ocs/v2.php/apps/dashboard/api/v2/widget-items?widgets%5B%5D=calendar RequestPort=- RequestProtocol=HTTP/2.0 RequestScheme=https RetryAttempts=0 RouterName=nextcloud@file ServiceAddr=nextcloud-aio-apache:11000 ServiceName=nextcloud@file ServiceURL=http://nextcloud-aio-apache:11000 SpanId=c1d125d819173147 StartLocal=2026-04-21T15:26:44.529580472Z StartUTC=2026-04-21T15:26:44.529580472Z TLSCipher=TLS_AES_128_GCM_SHA256 TLSVersion=1.3 TraceId=8d316bf2c9013749c4b7a0b7c464fb09 downstream_Cache-Control=no-cache, no-store, must-revalidate downstream_Content-Encoding=gzip downstream_Content-Length=316 downstream_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; downstream_Content-Type=application/json; charset=utf-8 downstream_Date=Tue, 21 Apr 2026 15:26:44 GMT downstream_Feature-Policy=autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' downstream_Referrer-Policy=same-origin downstream_Strict-Transport-Security=max-age=31536000; downstream_Via=1.1 Caddy downstream_X-Content-Type-Options=nosniff downstream_X-Frame-Options=DENY downstream_X-Permitted-Cross-Domain-Policies=none downstream_X-Request-Id=F3NhnZUJfCroBe6hVwf0 downstream_X-Robots-Tag=noindex, nofollow downstream_X-User-Id=admin entryPointName=websecure msg= origin_Cache-Control=no-cache, no-store, must-revalidate origin_Content-Encoding=gzip origin_Content-Length=316 origin_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; origin_Content-Type=application/json; charset=utf-8 origin_Date=Tue, 21 Apr 2026 15:26:44 GMT origin_Feature-Policy=autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' origin_Referrer-Policy=same-origin origin_Strict-Transport-Security=max-age=31536000; origin_Via=1.1 Caddy origin_X-Content-Type-Options=nosniff origin_X-Frame-Options=DENY origin_X-Permitted-Cross-Domain-Policies=none origin_X-Request-Id=F3NhnZUJfCroBe6hVwf0 origin_X-Robots-Tag=noindex, nofollow origin_X-User-Id=admin request_Accept=application/json, text/plain, */* request_Accept-Encoding=gzip, br request_Accept-Language=en-US,en;q=0.9 request_Cdn-Loop=cloudflare; loops=1 request_Cf-Connecting-Ip=94.250.175.27 request_Cf-Ipcountry=HR request_Cf-Ray=9efd68a82e7dde3b-VIE request_Cf-Visitor={"scheme":"https"} request_Cookie=oc_sessionPassphrase=Ib0Hlr4CE5tcPwLtTwEEaj6%2BQ3nWrk%2Fh4eKyGIQ0mGpvlU3ggucLiUWcH4VTNfyKQF%2FmowHbdqRHclec4bVm%2Ffamt%2B%2FOIbsfYXrclL1LgZBP8RZF5rdJz4twA5HgjXu%2B; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; ocgfttvzmfu3=54e31e690ffd0cd6fdfcf705e4776b62; nc_username=admin; nc_token=SCkZxDlupVOdWffsfmPhwxoTYPwHL7yM; nc_session_id=54e31e690ffd0cd6fdfcf705e4776b62 request_Referer=https://cloud.pathos.gg/apps/dashboard/ request_Requesttoken=3q2FzCsWKNfVRYDzvwxQ7BSv/dLbUUw4vNbsulOJmwo=:qMTCrkpmZOf+HMmA72I1ok3tmIGVZCBP5oGj9iHY/GE= request_Sec-Fetch-Dest=empty request_Sec-Fetch-Mode=cors request_Sec-Fetch-Site=same-origin request_User-Agent=REDACTED request_X-Forwarded-For=94.250.175.27 request_X-Forwarded-Host=cloud.pathos.gg request_X-Forwarded-Port=443 request_X-Forwarded-Proto=https request_X-Forwarded-Server=bd735b926dec request_X-Real-Ip=104.23.162.153 request_X-Requested-With=XMLHttpRequest span_id=c1d125d819173147 trace_id=8d316bf2c9013749c4b7a0b7c464fb09 

2026-04-21T15:26:44Z INF | ClientAddr=104.23.162.153:13481 ClientHost=94.250.175.27 ClientPort=13481 DownstreamContentSize=607 DownstreamStatus=200 Duration=100796628 OriginContentSize=607 OriginDuration=100485731 OriginStatus=200 Overhead=310897 RequestAddr=cloud.pathos.gg RequestContentSize=0 RequestCount=358 RequestHost=cloud.pathos.gg RequestMethod=GET RequestPath=/ocs/v2.php/apps/dashboard/api/v2/widget-items?widgets%5B%5D=spreed RequestPort=- RequestProtocol=HTTP/2.0 RequestScheme=https RetryAttempts=0 RouterName=nextcloud@file ServiceAddr=nextcloud-aio-apache:11000 ServiceName=nextcloud@file ServiceURL=http://nextcloud-aio-apache:11000 SpanId=7e0cf22ee3664888 StartLocal=2026-04-21T15:26:44.530417381Z StartUTC=2026-04-21T15:26:44.530417381Z TLSCipher=TLS_AES_128_GCM_SHA256 TLSVersion=1.3 TraceId=bcc0232a9f8c86e5c6a353b3d97b48d3 downstream_Cache-Control=no-cache, no-store, must-revalidate downstream_Content-Encoding=gzip downstream_Content-Length=607 downstream_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; downstream_Content-Type=application/json; charset=utf-8 downstream_Date=Tue, 21 Apr 2026 15:26:44 GMT downstream_Feature-Policy=autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' downstream_Referrer-Policy=same-origin downstream_Strict-Transport-Security=max-age=31536000; downstream_Via=1.1 Caddy downstream_X-Content-Type-Options=nosniff downstream_X-Frame-Options=DENY downstream_X-Permitted-Cross-Domain-Policies=none downstream_X-Request-Id=quxhB25AhaZVyMaCvMwk downstream_X-Robots-Tag=noindex, nofollow downstream_X-User-Id=admin entryPointName=websecure msg= origin_Cache-Control=no-cache, no-store, must-revalidate origin_Content-Encoding=gzip origin_Content-Length=607 origin_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; origin_Content-Type=application/json; charset=utf-8 origin_Date=Tue, 21 Apr 2026 15:26:44 GMT origin_Feature-Policy=autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' origin_Referrer-Policy=same-origin origin_Strict-Transport-Security=max-age=31536000; origin_Via=1.1 Caddy origin_X-Content-Type-Options=nosniff origin_X-Frame-Options=DENY origin_X-Permitted-Cross-Domain-Policies=none origin_X-Request-Id=quxhB25AhaZVyMaCvMwk origin_X-Robots-Tag=noindex, nofollow origin_X-User-Id=admin request_Accept=application/json, text/plain, */* request_Accept-Encoding=gzip, br request_Accept-Language=en-US,en;q=0.9 request_Cdn-Loop=cloudflare; loops=1 request_Cf-Connecting-Ip=94.250.175.27 request_Cf-Ipcountry=HR request_Cf-Ray=9efd68a82e82de3b-VIE request_Cf-Visitor={"scheme":"https"} request_Cookie=oc_sessionPassphrase=Ib0Hlr4CE5tcPwLtTwEEaj6%2BQ3nWrk%2Fh4eKyGIQ0mGpvlU3ggucLiUWcH4VTNfyKQF%2FmowHbdqRHclec4bVm%2Ffamt%2B%2FOIbsfYXrclL1LgZBP8RZF5rdJz4twA5HgjXu%2B; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; ocgfttvzmfu3=54e31e690ffd0cd6fdfcf705e4776b62; nc_username=admin; nc_token=SCkZxDlupVOdWffsfmPhwxoTYPwHL7yM; nc_session_id=54e31e690ffd0cd6fdfcf705e4776b62 request_Referer=https://cloud.pathos.gg/apps/dashboard/ request_Requesttoken=3q2FzCsWKNfVRYDzvwxQ7BSv/dLbUUw4vNbsulOJmwo=:qMTCrkpmZOf+HMmA72I1ok3tmIGVZCBP5oGj9iHY/GE= request_Sec-Fetch-Dest=empty request_Sec-Fetch-Mode=cors request_Sec-Fetch-Site=same-origin request_User-Agent=REDACTED request_X-Forwarded-For=94.250.175.27 request_X-Forwarded-Host=cloud.pathos.gg request_X-Forwarded-Port=443 request_X-Forwarded-Proto=https request_X-Forwarded-Server=bd735b926dec request_X-Real-Ip=104.23.162.153 request_X-Requested-With=XMLHttpRequest span_id=7e0cf22ee3664888 trace_id=bcc0232a9f8c86e5c6a353b3d97b48d3 

2026-04-21T15:26:44Z INF | ClientAddr=104.23.162.152:12575 ClientHost=94.250.175.27 ClientPort=12575 DownstreamContentSize=32 DownstreamStatus=200 Duration=75745498 OriginContentSize=32 OriginDuration=75259620 OriginStatus=200 Overhead=485878 RequestAddr=cloud.pathos.gg RequestContentSize=0 RequestCount=360 RequestHost=cloud.pathos.gg RequestMethod=POST RequestPath=/apps/notify_push/pre_auth RequestPort=- RequestProtocol=HTTP/2.0 RequestScheme=https RetryAttempts=0 RouterName=nextcloud@file ServiceAddr=nextcloud-aio-apache:11000 ServiceName=nextcloud@file ServiceURL=http://nextcloud-aio-apache:11000 SpanId=b6ac93ca581b620d StartLocal=2026-04-21T15:26:44.803488631Z StartUTC=2026-04-21T15:26:44.803488631Z TLSCipher=TLS_AES_128_GCM_SHA256 TLSVersion=1.3 TraceId=49ca121a6e5ba65e817772508d714543 downstream_Cache-Control=no-cache, no-store, must-revalidate downstream_Content-Disposition=inline; filename="" downstream_Content-Length=32 downstream_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; downstream_Content-Type=text/html; charset=UTF-8 downstream_Date=Tue, 21 Apr 2026 15:26:44 GMT downstream_Feature-Policy=autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' downstream_Referrer-Policy=same-origin downstream_Strict-Transport-Security=max-age=31536000; downstream_Via=1.1 Caddy downstream_X-Content-Type-Options=nosniff downstream_X-Frame-Options=DENY downstream_X-Permitted-Cross-Domain-Policies=none downstream_X-Request-Id=MVcDylbdcDvVYM6lFVQm downstream_X-Robots-Tag=noindex, nofollow downstream_X-User-Id=admin entryPointName=websecure msg= origin_Cache-Control=no-cache, no-store, must-revalidate origin_Content-Disposition=inline; filename="" origin_Content-Length=32 origin_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; origin_Content-Type=text/html; charset=UTF-8 origin_Date=Tue, 21 Apr 2026 15:26:44 GMT origin_Feature-Policy=autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' origin_Referrer-Policy=same-origin origin_Strict-Transport-Security=max-age=31536000; origin_Via=1.1 Caddy origin_X-Content-Type-Options=nosniff origin_X-Frame-Options=DENY origin_X-Permitted-Cross-Domain-Policies=none origin_X-Request-Id=MVcDylbdcDvVYM6lFVQm origin_X-Robots-Tag=noindex, nofollow origin_X-User-Id=admin request_Accept=application/json, text/plain, */* request_Accept-Encoding=gzip, br request_Accept-Language=en-US,en;q=0.9 request_Cdn-Loop=cloudflare; loops=1 request_Cf-Connecting-Ip=94.250.175.27 request_Cf-Ipcountry=HR request_Cf-Ray=9efd68a9dcfcde3b-VIE request_Cf-Visitor={"scheme":"https"} request_Content-Length=0 request_Cookie=oc_sessionPassphrase=Ib0Hlr4CE5tcPwLtTwEEaj6%2BQ3nWrk%2Fh4eKyGIQ0mGpvlU3ggucLiUWcH4VTNfyKQF%2FmowHbdqRHclec4bVm%2Ffamt%2B%2FOIbsfYXrclL1LgZBP8RZF5rdJz4twA5HgjXu%2B; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; ocgfttvzmfu3=54e31e690ffd0cd6fdfcf705e4776b62; nc_username=admin; nc_token=SCkZxDlupVOdWffsfmPhwxoTYPwHL7yM; nc_session_id=54e31e690ffd0cd6fdfcf705e4776b62 request_Origin=https://cloud.pathos.gg request_Referer=https://cloud.pathos.gg/apps/dashboard/ request_Requesttoken=3q2FzCsWKNfVRYDzvwxQ7BSv/dLbUUw4vNbsulOJmwo=:qMTCrkpmZOf+HMmA72I1ok3tmIGVZCBP5oGj9iHY/GE= request_Sec-Fetch-Dest=empty request_Sec-Fetch-Mode=cors request_Sec-Fetch-Site=same-origin request_User-Agent=REDACTED request_X-Forwarded-For=94.250.175.27 request_X-Forwarded-Host=cloud.pathos.gg request_X-Forwarded-Port=443 request_X-Forwarded-Proto=https request_X-Forwarded-Server=bd735b926dec request_X-Real-Ip=104.23.162.152 request_X-Requested-With=XMLHttpRequest span_id=b6ac93ca581b620d trace_id=49ca121a6e5ba65e817772508d714543 

2026-04-21T15:26:44Z INF | ClientAddr=104.23.162.152:12575 ClientHost=94.250.175.27 ClientPort=12575 DownstreamContentSize=626 DownstreamStatus=200 Duration=121961713 OriginContentSize=626 OriginDuration=121643223 OriginStatus=200 Overhead=318490 RequestAddr=cloud.pathos.gg RequestContentSize=0 RequestCount=359 RequestHost=cloud.pathos.gg RequestMethod=GET RequestPath=/ocs/v2.php/apps/notifications/api/v2/notifications RequestPort=- RequestProtocol=HTTP/2.0 RequestScheme=https RetryAttempts=0 RouterName=nextcloud@file ServiceAddr=nextcloud-aio-apache:11000 ServiceName=nextcloud@file ServiceURL=http://nextcloud-aio-apache:11000 SpanId=1911a6ee5be44c85 StartLocal=2026-04-21T15:26:44.800473772Z StartUTC=2026-04-21T15:26:44.800473772Z TLSCipher=TLS_AES_128_GCM_SHA256 TLSVersion=1.3 TraceId=a4073f41804a0d975d98f4d0ff567431 downstream_Cache-Control=no-cache, no-store, must-revalidate downstream_Content-Encoding=gzip downstream_Content-Length=626 downstream_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; downstream_Content-Type=application/json; charset=utf-8 downstream_Date=Tue, 21 Apr 2026 15:26:44 GMT downstream_Etag="29358220e22c8eaf455151ed6ab3e4d7" downstream_Feature-Policy=autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' downstream_Referrer-Policy=same-origin downstream_Strict-Transport-Security=max-age=31536000; downstream_Via=1.1 Caddy downstream_X-Content-Type-Options=nosniff downstream_X-Frame-Options=DENY downstream_X-Nextcloud-User-Status=online downstream_X-Permitted-Cross-Domain-Policies=none downstream_X-Request-Id=VYiOOUvAQC8dXiCCKCaz downstream_X-Robots-Tag=noindex, nofollow downstream_X-User-Id=admin entryPointName=websecure msg= origin_Cache-Control=no-cache, no-store, must-revalidate origin_Content-Encoding=gzip origin_Content-Length=626 origin_Content-Security-Policy=base-uri 'self'; default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src * data:; media-src *; font-src * data:; connect-src *; worker-src *; frame-src *; form-action *; report-uri https://pathos.gg/report; origin_Content-Type=application/json; charset=utf-8 origin_Date=Tue, 21 Apr 2026 15:26:44 GMT origin_Etag="29358220e22c8eaf455151ed6ab3e4d7" origin_Feature-Policy=autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' origin_Referrer-Policy=same-origin origin_Strict-Transport-Security=max-age=31536000; origin_Via=1.1 Caddy origin_X-Content-Type-Options=nosniff origin_X-Frame-Options=DENY origin_X-Nextcloud-User-Status=online origin_X-Permitted-Cross-Domain-Policies=none origin_X-Request-Id=VYiOOUvAQC8dXiCCKCaz origin_X-Robots-Tag=noindex, nofollow origin_X-User-Id=admin request_Accept=application/json, text/plain, */* request_Accept-Encoding=gzip, br request_Accept-Language=en-US,en;q=0.9 request_Cdn-Loop=cloudflare; loops=1 request_Cf-Connecting-Ip=94.250.175.27 request_Cf-Ipcountry=HR request_Cf-Ray=9efd68a9dcf8de3b-VIE request_Cf-Visitor={"scheme":"https"} request_Cookie=oc_sessionPassphrase=Ib0Hlr4CE5tcPwLtTwEEaj6%2BQ3nWrk%2Fh4eKyGIQ0mGpvlU3ggucLiUWcH4VTNfyKQF%2FmowHbdqRHclec4bVm%2Ffamt%2B%2FOIbsfYXrclL1LgZBP8RZF5rdJz4twA5HgjXu%2B; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; ocgfttvzmfu3=54e31e690ffd0cd6fdfcf705e4776b62; nc_username=admin; nc_token=SCkZxDlupVOdWffsfmPhwxoTYPwHL7yM; nc_session_id=54e31e690ffd0cd6fdfcf705e4776b62 request_Referer=https://cloud.pathos.gg/apps/dashboard/ request_Requesttoken=3q2FzCsWKNfVRYDzvwxQ7BSv/dLbUUw4vNbsulOJmwo=:qMTCrkpmZOf+HMmA72I1ok3tmIGVZCBP5oGj9iHY/GE= request_Sec-Fetch-Dest=empty request_Sec-Fetch-Mode=cors request_Sec-Fetch-Site=same-origin request_User-Agent=REDACTED request_X-Forwarded-For=94.250.175.27 request_X-Forwarded-Host=cloud.pathos.gg request_X-Forwarded-Port=443 request_X-Forwarded-Proto=https request_X-Forwarded-Server=bd735b926dec request_X-Real-Ip=104.23.162.152 request_X-Requested-With=XMLHttpRequest span_id=1911a6ee5be44c85 trace_id=a4073f41804a0d975d98f4d0ff567431 

Yes, I am aware there are sensitive data logged here. This domain has been purged and the docker volumes have been deleted prior to this being posted.

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

N/A

Hi,

looking at your screenshots and CSP config, I think I can see what’s going on here — though I’d be curious if this matches what you’re seeing after testing.

In screenshot 2, the error is actually coming from Nextcloud’s own CSP, not your Traefik one. Nextcloud generates a strict nonce-based policy (script-src-elem 'strict-dynamic' 'nonce-...') and it’s blocking rocket_loader.min.js — a script injected by Cloudflare’s Rocket Loader feature. Since Rocket Loader is responsible for loading all other scripts on the page, blocking it causes the entire login UI to silently fail to initialize. No Rocket Loader → no scripts → blank page.

Your Traefik CSP uses script-src *, which allows Rocket Loader to run. But Rocket Loader works by intercepting all <script> tags and re-executing them asynchronously and out of order. Nextcloud’s frontend (including the topbar) is a Vue.js application that depends on a specific script initialization order. When Rocket Loader shuffles that order, the topbar components simply never initialize — and because nothing is actually blocked, no console errors appear.

So you’re not really switching between “broken” and “working” — you’re switching between two different failure modes caused by the same thing.

There’s also a secondary concern: your Traefik middleware is replacing Nextcloud’s nonce-based CSP entirely. That nonce mechanism is specifically designed to prevent XSS by only allowing scripts that Nextcloud itself generated. Replacing it with script-src * removes that protection.

What I’d suggest trying

1. Disable Cloudflare Rocket Loader for your Nextcloud domain. You can do this via a Cloudflare Page Rule or Configuration Rule targeting cloud.pathos.gg/* and setting Rocket Loader to Off.
2. Remove the contentSecurityPolicy directive from your Traefik middleware for the Nextcloud router specifically. Nextcloud handles its own CSP — your other security headers (HSTS etc.) can stay.

Happy to be corrected if I’m missing something about your setup!

h.t.h.

ernolf

Hey, thanks for the help.

Disabling rocket loader in CF fixed the issue.