Hi,
I want my instance of nextcloud to answer to 2 Url old.site and new.site
So I added to trusted domain in config.php the 2 url.
but when I got to new.site, I go back to old.url. Why?
Here ist what I have:
config.php:
'trusted_domains' =>
array (
0 => 'old.site',
1 => 'new.site',
),
'trusted_proxies' =>
array (
0 => '192.168.XXX.XXX',
1 => '2a01:XXXX:XXXX:XXXX:XXXX::XXXX',
),
docker-compose.yml
version: "3"
x-nc-common-lables: &nc-common-lables
# Middlewares nc force https and adds additional headers
traefik.http.middlewares.force-https.redirectscheme.scheme: https
traefik.http.middlewares.force-https.redirectscheme.permanent: true
traefik.http.middlewares.nc.headers.customrequestheaders.Forwarded-Proto: https
traefik.http.middlewares.nc.headers.customFrameOptionsValue: SAMEORIGIN
traefik.http.middlewares.nc.headers.framedeny: true
traefik.http.middlewares.nc.headers.stsincludesubdomains: true
traefik.http.middlewares.nc.headers.stspreload: true
traefik.http.middlewares.nc.headers.stsseconds: 15552000
traefik.http.middlewares.nc.headers.contentTypeNosniff: true
traefik.http.middlewares.nc.headers.browserXssFilter: true
services:
nc:
image: nextcloud:production-apache
container_name: nc
restart: unless-stopped
environment:
- MYSQL_DB=${MYSQL_DATABASE}
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_HOST=nc-mariadb
- NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
- NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
- NEXTCLOUD_TRUSTED_DOMAINS=old.site new.site
- REDIS_HOST=nc-redis
- REDIS_HOST_PORT=6379
- SMTP_HOST=${SMTP_HOST}
- SMTP_SECURE=ssl
- SMTP_PORT=465
- SMTP_AUTHTYPE=${SMTP_AUTHTYPE}
- SMTP_NAME=${SMTP_NAME}
- SMTP_PASSWORD=${SMTP_PASSWORD}
- MAIL_FROM_ADDRESS=noreply-nc
- MAIL_DOMAIN=old.site
- PHP_MEMORY_LIMIT=-1
- PHP_UPLOAD_LIMIT=10G
healthcheck:
test: curl --user ${HEALTH_CHECK_USER}:${HEALTH_CHECK_SECRET} localhost/ocs/v2.php/apps/serverinfo/api/v1/info?format=json | php -r 'exit(json_decode(file_get_contents("php://stdin"))->ocs->meta->statuscode == "200"?0:1);' || exit 1
interval: 40s
timeout: 30s
retries: 3
depends_on:
- nc-mariadb
- nc-redis
- nc-clamav
volumes:
- type: tmpfs
target: /tmp:exec
- nc_custom_apps:/var/www/html/custom_apps
- nc_config:/var/www/html/config
- nc_data:/var/www/html/data
- nc_log:/var/log/nc
- nc_www:/var/www/html
- nc_clamav:/run/clamav
devices:
# VAAPI Devices
- /dev/dri/card1:/dev/dri/card1
- /dev/dri/renderD128:/dev/dri/renderD128
labels:
<< : *nc-common-lables
traefik.enable: true
# Entrypoint and TLS
traefik.http.routers.site.entrypoints: "http,https"
traefik.http.routers.site.rule: "Host(`old.site`) || Host(`new.site`)"
traefik.http.routers.site.tls: true
traefik.http.routers.site.tls.certresolver: le
traefik.http.routers.site.service: site
# Middlewares
traefik.http.routers.site.middlewares: "force-https,nc,dav"
# Service
traefik.http.services.site.loadbalancer.server.port: 80
# Middleware nc-dav replaces .well-known paths for caldav and carddav with proper nextcloud path
traefik.http.middlewares.dav.replacepathregex.regex: "^/.well-known/(web|cal|card)dav"
traefik.http.middlewares.dav.replacepathregex.replacement: "/remote.php/dav/"
networks:
- front
- app
- db
nc-mariadb:
image: mariadb:10.7
container_name: nc-mariadb
restart: unless-stopped
volumes:
- nc_mariadb:/var/lib/mysql
healthcheck:
test: "/usr/bin/mysql --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} --execute \"SHOW DATABASES;\""
interval: 3s
timeout: 1s
retries: 5
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_DATABASE=${MYSQL_DATABASE}
- MYSQL_USER=${MYSQL_USER}
#- MYSQL_ROOT_HOST=%
# command: --skip-grant-tables
command: mysqld --innodb-buffer-pool-size=2048M
networks:
- db
nc-cron:
image: nextcloud:production-apache
container_name: nc-cron
restart: unless-stopped
entrypoint: /cron.sh
environment:
- PHP_MEMORY_LIMIT=1024M
volumes:
- nc_custom_apps:/var/www/html/custom_apps
- nc_config:/var/www/html/config
- nc_data:/var/www/html/data
- nc_log:/var/log/nc
- nc_www:/var/www/html
# - nc_php_ini:/var/www/html/.user.ini
depends_on:
- nc-mariadb
- nc-redis
- nc-clamav
- nc
networks:
- app
- db
labels:
- "traefik.enable=false"
nc-cron-previewgenerator:
image: nextcloud:production-apache
container_name: nc-cron-previewgenerator
restart: unless-stopped
entrypoint: /cron.sh
environment:
- PHP_MEMORY_LIMIT=1024M
volumes:
- nc_cron_previewgenerator:/var/spool/cron/crontabs
- nc_custom_apps:/var/www/html/custom_apps
- nc_config:/var/www/html/config
- nc_data:/var/www/html/data
- nc_log:/var/log/nc
- nc_www:/var/www/html
# - nc_php_ini:/var/www/html/.user.ini
depends_on:
- nc-mariadb
- nc-redis
- nc-clamav
- nc
networks:
- app
- db
labels:
- "traefik.enable=false"
nc-adminer:
image: adminer
restart: always
container_name: nc-adminer
labels:
<< : *nc-common-lables
traefik.enable: true
traefik.docker.network: 01_front
# Entrypoint and TLS
traefik.http.routers.nc-adminer-site.entrypoints: "http,https"
traefik.http.routers.nc-adminer-site.rule: "(Host(`old.site`) || Host(`new.site`)) && PathPrefix(`/adminer`)"
traefik.http.routers.nc-adminer-site.tls: true
traefik.http.routers.nc-adminer-site.tls.certresolver: le
traefik.http.routers.nc-adminer-site.service: nc-adminer-site
# Middlewares
traefik.http.routers.nc-adminer-site.middlewares: "force-https,nc-known-ip,nc,nc-adminer-chain"
# service
traefik.http.services.nc-adminer-site.loadbalancer.server.port: 8080
# Middlewares nc force https and adds additional headers
traefik.http.middlewares.nc-adminer-chain.chain.middlewares: "force-https,nc-known-ip,nc"
traefik.http.middlewares.nc-known-ip.ipwhitelist.sourcerange: "192.168.xxx.xxx/24, 2a01:xxxx:xxxx:xxxx::/64"
networks:
- front
- db
depends_on:
- nc-mariadb
- nc
nc-redis:
image: redis:alpine
mem_limit: 50M
mem_reservation: 20M
container_name: nc-redis
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
interval: 1s
timeout: 3s
retries: 5
volumes:
- nc_redis:/data
networks:
- db
nc-clamav:
image: clamav/clamav:stable_base
container_name: nc-clamav
restart: unless-stopped
mem_limit: 4G
volumes:
# - nc_clamav:/run/clamav/
- nc_clamav:/tmp/
- nc_clamav_db:/var/lib/clamav
environment:
- CLAMAV_NO_CLAMD=false
- CLAMAV_NO_FRESHCLAMD=false
- CLAMAV_NO_MILTERD=true
# - CLAMD_STARTUP_TIMEOUT=1800
ports:
- 3310
healthcheck:
test: ["CMD", "clamdcheck.sh"]
interval: 60s
retries: 3
start_period: 120s
networks:
- front
networks:
front:
name: 01_front
external: true
app:
db:
volumes:
nc_www:
nc_custom_apps:
driver: local
driver_opts:
type: none
o: bind
device: /nextcloud/nc/custom_apps
nc_config:
driver: local
driver_opts:
type: none
o: bind
device: /nextcloud/nc/config
nc_data:
driver: local
driver_opts:
type: none
o: bind
device: /nextcloud/data
nc_log:
driver: local
driver_opts:
type: none
o: bind
device: /nextcloud/nc/log
nc_php_ini:
driver: local
driver_opts:
type: none
o: bind
device: /nextcloud/nc/user.ini
nc_redis:
driver: local
driver_opts:
type: none
o: bind
device: database/nc_redis
nc_mariadb:
driver: local
driver_opts:
type: none
o: bind
device: database/nc/mariadb/10.7
nc_clamav:
driver: local
driver_opts:
type: none
o: bind
device: /nextcloud/clamav/clamsoket
nc_clamav_db:
driver: local
driver_opts:
type: none
o: bind
device: /nextcloud/clamav/clamdb
nc_cron_previewgenerator:
driver: local
driver_opts:
type: none
o: bind
device: /nextcloud/nc-cron-previewgenerator
curl on new.site
curl -v https://new.site
* Trying xxx.xxx.xxx.xxx:443...
* Trying [2a01:xxxx:xxxx:xxxx:xxxx::xxxx]:443...
* Immediate connect fail for 2a01:xxxx:xxxx:xxxx:xxxx::xxxx: Le réseau n'est pas accessible
* Connected to new.site (xxx.xxx.xxx.xxx) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: CN=new.site
* start date: Nov 4 07:53:46 2023 GMT
* expire date: Feb 2 07:53:45 2024 GMT
* subjectAltName: host "new.site" matched cert's "new.site"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://new.site/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: new.site]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.4.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: new.site
> User-Agent: curl/8.4.0
> Accept: */*
>
< HTTP/2 302
< cache-control: no-store, no-cache, must-revalidate
< content-security-policy: default-src 'self'; script-src 'self' 'nonce-by81Q2ZlM091Yy8zRVU4ckwxRUNOVTFMdWI2N2JJNnVlZzNzR3RkdUhXVT06NElzUVA0V2YrbzZZY0J0L1RScEhmUjA0Z01mWEZzemVUbTZqVTdRRVpTcz0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
< content-type: text/html; charset=UTF-8
< date: Wed, 29 Nov 2023 09:45:35 GMT
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< location: https://old.site/login
< pragma: no-cache
< referrer-policy: no-referrer
< server: Apache/2.4.57 (Debian)
< set-cookie: ocl9oeiu0nxi=6f71db64378d81408b5f57e698464671; path=/; secure; HttpOnly; SameSite=Lax
< set-cookie: oc_sessionPassphrase=YPbOp0D5mriVIaf7WICKVVpzr92OqwmmB3V4NsR11ecXsX%2BelswLnkK3W9cCgltMD25YHqi6DObwMpepTeGTgHDXR8hGnmVuU7oVIv3eKlWJc%2Bj9Tg34AHdgVUZ4Viok; path=/; secure; HttpOnly; SameSite=Lax
< set-cookie: ocl9oeiu0nxi=cae83b256fa48b8beca261bbdc0262e0; path=/; secure; HttpOnly; SameSite=Lax
< set-cookie: ocl9oeiu0nxi=cae83b256fa48b8beca261bbdc0262e0; path=/; secure; HttpOnly; SameSite=Lax
< set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
< set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
< set-cookie: ocl9oeiu0nxi=cae83b256fa48b8beca261bbdc0262e0; path=/; secure; HttpOnly; SameSite=Lax
< strict-transport-security: max-age=15552000; includeSubDomains; preload
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-permitted-cross-domain-policies: none
< x-powered-by: PHP/8.2.13
< x-robots-tag: noindex, nofollow
< x-xss-protection: 1; mode=block
< content-length: 0
<
* Connection #0 to host new.site left intact
I use Traefik as front proxy.
Thanks for the help
Pierre