Trusted domains issue after image switching

Guys please help as I am pulling hair out of my head after almost sleepless night.

I did have a working nextcloud fpm 26 configured with nginx that I have built myself so I could use elasticsearch and have working OCR in 3 languages.
everything was fine, but I was having many logs entries with oracle complainign about more than 1000 files.
I have read that this issue was resolved in nextcloud update so I decided to give it a try.
The only thing I did was switch images for my app: and cron: from my custom image to nextcloud:fpm-alpine.
When i started the new image I got the blue nextcloud screen with trusted domains issue and information to configure the config/config.php
It was ocnfigured and workding before with my image and i didn’t change a thing.
Now, even after reverting to my previous custom image I cannot access my nextcloud - all the time i can see the trusted domains error. Sometimes, just after starting the image up I can see my login screen and I have even managed to login once using configured LDAP user (that I always use). Maybe this could be a hint that even when I manage to log in NC complains about not being able to get weather data.
I don’t know what to do or even when to look now.

my docker compose:

version: '2'

services:
nextcloud_db:
image: mariadb:10.5
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes:
- /Container/nextcloud/db2data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=XXPASSXX
- MYSQL_PASSWORD=XXPASSXX
- MYSQL_DATABASE=XXDBXX
- MYSQL_USER=XXUSERXX
networks:
- nginx-pm_default

redis:
image: redis:alpine
restart: always

app:
image: nextcloud-fpm-custom
THIS IS THE IMAGE I TRIED: # image: nextcloud:fpm-alpine
restart: always
links:
- nextcloud_db
volumes:
- /Container/nextcloud/app:/var/www/html
- /extshare/KROE:/KROE
- /Container/nextcloud/tweak.php:/usr/local/etc/php-fpm.d
environment:
- MYSQL_PASSWORD=XXPASSXX
- MYSQL_DATABASE=XXDATABASEXX
- MYSQL_USER=XXUSERXX
- MYSQL_HOST=XXDBHOSTXX
networks:
- nginx-pm_default

web:
image: nginx
restart: always
ports:
- XXXX:80
- YYYY:443
links:
- app
volumes:
- /Container/nextcloud/nginx.conf:/etc/nginx/nginx.conf:ro
volumes_from:
- app
networks:
- nginx-pm_default

cron:
image: nextcloud-fpm-custom
THIS IS THE IMAGE I TRIED: # image: nextcloud:fpm-alpine
restart: always
volumes:
- /Container/nextcloud/app:/var/www/html
- /Container/nextcloud/mycronfile:/var/spool/cron/crontabs/www-data
- /extshare/KROE:/KROE
entrypoint: /cron.sh
depends_on:
- nextcloud_db
- redis
environment:
- MYSQL_PASSWORD=XXPASSXX
- MYSQL_DATABASE=XXDATABASEXX
- MYSQL_USER=XXUSERXX
- MYSQL_HOST=XXDBHOSTXX
networks:
- nginx-pm_default

elasticsearch:
# DOCKER_TAG will be provided by the .env-file
image: r0wi/elasticsearch-nextcloud-docker:${DOCKER_TAG}
env_file: stack.env
container_name: elasticsearch_nc
restart: always
environment:
- cluster.name=docker-cluster
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms4g -Xmx4g"
- discovery.type=single-node
ulimits:
memlock:
soft: -1
hard: -1
volumes:
# Use named volume because of permission problems
- elasticsearch_data:/usr/share/elasticsearch/data
ports:
- 192.168.x.y:9200:9200
networks:
- nginx-pm_default

volumes:
elasticsearch_data:

networks:
nginx-pm_default:
external: true
'

occ config:list system

{
"system": {
"memcache.local": "\OC\Memcache\APCu",
"apps_paths": [
{
"path": "/var/www/html/apps",
"url": "/apps",
"writable": false
},
{
"path": "/var/www/html/custom_apps",
"url": "/custom_apps",
"writable": true
}
],
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"192.168.x.y", *EDITED*
"nc.mydomain.org" *EDITED*
],
"allow_local_remote_servers": true,
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "26.0.0.11",
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"overwrite.cli.url": "https://nc.mydomain.org", *EDITED*
"overwriteprotocol": "https",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"mail_smtpmode": "smtp",
"mail_smtpsecure": "ssl",
"mail_sendmailmode": "smtp",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"default_phone_region": "PL",
"ldapProviderFactory": "OCA\User_LDAP\LDAPProviderFactory",
"maintenance": false,
"theme": "",
"loglevel": 2,
"app_install_overwrite": [
"pdfdraw",
"ocjobs",
"files_fulltextsearch_tesseract",
"files_fulltextsearch",
"fulltextsearch",
"fulltextsearch_elasticsearch",
"richdocumentscode"
]
}
}

PLEASE HELP as I should have it working by monday and I really have no clue where to go…

hi @lukaszzyla welcome to the forum

I add code tags to you post for better readability.

first you should try to isolate the issue - it’s not easy to troubleshoot a complex system, try to find the root cause. start with an easy system and add complexity step by step

I would start consulting Docker upgrade procedure as from your description it sounds like you tried to upgrade nc26 to nc28 which is not supported.

hi @wwe
Thank you for your input.
This is what I am trying to do now.
I got rid of elasticsearch already.
All the containers start up fine within the stack and I cannot see any errors.
config.php looks fine and so does nginx.conf.
I have another stack of nexctloud running fine with the very same image.
What could be the problem?
What else could I do to diagnose?
I ran occ integrity:check-core but it finished without any output.
Are there any other commands or places to look for the issue?
I cannot find any logs other than available from within portainer.
Where should I look for some more detailed nc logs?

after I restart the stack I am able to access through setup domain name.
Whenever I click something and try to go to files or settings I get the untrusted domain screen.
How can i trace and where could I look in the logs for the reason for that?
the funny things is that even if i put 0.0.0.0 in the trusted domain and trusted proxies in config.php I still get the untrusted domain screen.
I have even tried to add my local ipv6 address of the interface which I am not even sure is accessible - ipv6 is a big mystery to me…
Maybe there is another solution to get my data back somehow?

ok. so I thought that since my problem started with switching images from 26-fpm custom built to 28 I should try going the supported route and upgraded to 27-fpm.
upgrade did go well but I still get untrusted domain screen and I am unable to move one step further.
I also tried to follow and upgrade 27 to 28 as I thought that maybe switching the image to 28 has made some irreversible changes but I still get untrusted domain ;-(
adding 0.0.0.0 to trusted proxies and trusted domains doesnt change a thing…

Do you call https or http?
http also creates a untrusted domain-message.

Two suggestions:

• Please post the last couple entries from your nextcloud.log
• Set your loglevel to ‘1’ (temporarily) then try to access to your Nextcloud. Post the actual untrusted domain message that appears in your nextcloud.log:

'loglevel' => 1

Try with preceeding “sudo”

Why is your proxy configured to change your https call to http? So the secure connection will be interrupted.

I have had many issues to configure nextcloud at all.
I was quite happy to be able to do it like this with nginx proxy manager.
This way all outside traffic was https to my nginx pm and only internal traffic within the same host (nginxpm to nextcloud) was via http.
It worked well…

This nextcloud is the one I upgraded 26->27 and gthen 27->28.
I also have a copy of original 26 that was running before I broke it yesterday.