Nextcloud version : 28.0.2
Operating system and version : TrueNAS-SCALE-23.10.1.3
Nginx version: 1.25.3
PHP version: 8.2.15
Truecharts nextcloud chart version: 28.1.40
Google Chrome version: 121.0.6167.161
Firefox version: 123.0b9
Firefox Multi-Account Containers plugin version: 8.1.3
Traefik version: 2.10.7
The issue you are facing:
I go to the nx web page and get a 401 response status in the console and Error text on the page without any description. All this happens before even attempting to log in. Basically I go to the login form at “/login” and get a 401 in response instead of the credential form.
If you use http basic auth from Traefik you get 401 status on any requests. In this case work through the plugin (Multi-Account Containers) hangs forever, i.e. nextcloud returns 401 and further, despite any ways of clearing data in the browser.
Is this the first time you’ve seen this error? : Y
Steps to replicate it:
- Enable in traefik http basic auth middlewave for nextcloud
- Open Firefox
- Create and select any container in Firefox Multi-Account Containers
- Delete all data and cookies of your web version of nx
- Enter your NX domain url in the browser bar
- Pass http basic auth (from Traefik)
After http authorization the request goes to nextcloud server and is expected to receive nextcloud authorization form, but in response I get 401 and nextcloud page with error “Error” without description.
- Open Google Chroom
- Delete all data and cookies of your web version of nx
- Enter your NX domain url in the browser bar
- Pass http basic auth (from Traefik) and get the same result as in step 6.
- Disable in traefik http basic auth middlewave for nextcloud
- Open Google Chroom
- Delete all data and cookies of your web version of nx
- Enter your NX domain url in the browser bar - and you get a page with an authorization form - Successful, working.
- Open Firefox
- Select container in Firefox Multi-Account Containers from step 3
- Delete all data and cookies of your web version of nx
- Enter your NX domain url in the browser bar - Fail, get the same result as step 6.
- Disable Multi-Account Containers plugin or don’t use it
- Delete all data and cookies of your web version of nx
- Enter your NX domain url in the browser bar - and you get a page with an authorization form - Successful, working.
The output of your Nextcloud log in Admin > Logging:
{"reqId":"PKPirQQ0lLnB6gbXfaiW","level":2,"time":"2024-02-10T17:48:07+06:00","remoteAddr":"192.168.1.1","user":"--","app":"core","method":"GET","url":"/login?clear=1","message":"Login failed: 'aleksei' (Remote IP: '192.168.1.1')","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0","version":"28.0.2.5","data":{"app":"core"},"id":"65c7afc0a113c"}
Nextcloud logs for kubernets pod
2024-02-10 23:25:12.695641+06:00172.16.1.238 - aleksei 10/Feb/2024:23:24:47 +0600 "GET /index.php" 401
Http request log
Request:
GET /login HTTP/2
Host: *sensored*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
DNT: 1
Authorization: Basic YWxla3NlaTpwbWZTIzUkaXVTVDNCdSYqUyZQMjhNKiplI1N4SnNKJWVIMlE2NjdzYkR2eG5LMlJZa05DRipwQm1uOCp0b3heWF4mN0NK
Connection: keep-alive
Cookie: oc_sessionPassphrase=AS0NjZxt5%2Fl%2Bfp6ecNb6gnOkk%2FU2H13jvE2rBgbGaujWm1amiGA50aKAl7AMQkFVH%2FsoY0qp24MXb%2B5tSOSsENHetRAlszd%2BNgZAe%2BWSlq2HKlHk3Tqpc7sqw1AMt3Nh; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; occbqevzek7l=1783e89351dc4dde8a40ddb998597ed3
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Sec-GPC: 1
Response:
HTTP/2 401
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-security-policy: default-src 'self'; script-src 'self' 'nonce-U1c0ZjZKa1J4b3JYdW5ydmJHQmtCV2x3OTROVC9XajBvUDNSZ3RpL3F2dz06TVFvMHZ2NStpT3lGM3lpQ0FqTlVaZ0Fmei9BVXFRV2l3ZGJsMkxudm1MOD0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
content-type: text/html; charset=UTF-8
date: Sat, 10 Feb 2024 17:25:12 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
referrer-policy: same-origin
set-cookie: occbqevzek7l=de51a1a362348b03db67d718a4481798; path=/; secure; HttpOnly; SameSite=Lax
strict-transport-security: max-age=63072000
vary: Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2