Unable to login with Reverse Proxy

Ben_Murphy · March 26, 2020, 2:24am

Nextcloud version 17.0.5: docker apache
Operating system and version Ubuntu 18.04:
Apache or nginx version Apache:
PHP version 7.3:

Reverse Proxy IP: 10.1.3.112
Ubuntu 18.04 Server running Nextcloud docker IP: 10.1.3.114

The issue you are facing:
I have a Nginx reverse proxy running on another virtual server. Nginx 1.17.7, Ubuntu 18.04, and Certbot/LetsEncrypt for SSL. I can enter my custom domain into any browser and I get a https://my.domain.com/login screen. I type my user name and password and click Log in. nothing happens. I can then refresh the web page and I am taken into Nextcloud. If I enter http://10.1.3.114:80 on my local network, I get to the same Nextcloud login. I enter the username and password, click log in and I am taken directly to the file screen. My guess is that the issue lies somewhere is the reverse proxy redirect.

Is this the first time you’ve seen this error? (Y/N): N I tried it under Nextcloud 18.0.3 docker w/ Ubuntu 18.04 and the issue still happened. So I ran Nextcloud 17.0.5 to see if the issue was just the newer 18.0.3 version it happen on both 17.0.5 and 18.0.3. This was a fresh install on both I am I testing this before setting up on my main server.

Steps to replicate it:

Open my custom url
Enter username and password.
Click Log in
The spinner on the log in button keeps going around and around. The page never redirects to the files screen.
I can then press F5 or COMMAND + R to reload the page and I get to the file pages.
This also affects the Andorid and iOS apps. Both the Nextcloud app and the Talk app. Neither will login.

The output of your Nextcloud docker output before refreshing the Log in page. The IP is my local lan IP of the computer I am on.

nextcloud | 10.1.3.112 - - [26/Mar/2020:01:43:39 +0000] "POST /login HTTP/1.0" 303 1140 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'instanceid' => 'ID',
  'passwordsalt' => 'SALT',
  'secret' => 'SECRET',
  'trusted_domains' => 
  array (
    0 => '10.1.3.114',
    1 => 'my.domain.com',
  ),
  'trusted_proxies' => '10.1.3.112',
  'overwriteprotcol' => 'https',
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '17.0.5.0',
  'overwrite.cli.url' => 'http://10.1.3.114',
  'dbname' => 'nextcloud',
  'dbhost' => 'db',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'USER',
  'dbpassword' => 'PASSWORD',
  'installed' => true,
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
);

Nginx conf file on the reverse proxy.

server {

server_name my.domain.com;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;

 location / {
  proxy_pass http://10.1.3.114:80/;
  proxy_set_header Host $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_buffering off;
  proxy_request_buffering off;
  proxy_set_header X-Real-IP $remote_addr;
  client_max_body_size 10G; 
 }
	
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/my.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/my.domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = my.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

server_name my.domain.com;
    listen 80;
    return 404; # managed by Certbot
}

kevdog · March 26, 2020, 3:46am

Do you have any log files that contain relevant information both on the revere proxy side of the equation and on the nextcloud side of the equation?

You have have another proxy infront of your nexcloud – I get the nginx is a terminating SSL proxy however is there apache installed somewhere in the mix?

I also use the following headers for nginx to reverse proxy:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_http_version 1.1;

Ben_Murphy · March 26, 2020, 6:17pm

The IP is from an outside site I was working at.

Also upon further testing I found that all Chromium based browsers had this issue.
Chrome - Version 80.0.3987.149 (Official Build) (64-bit)
Brave - Version 1.5.115 Chromium: 80.0.3987.149 (Official Build) (64-bit)
Edge - Version 80.0.361.69 (Official build) (64-bit)

Apps that do not work
Both iPadOS and Android Nextcloud app
Both iPadOS and Android Nextcloud Talk app

Browsers that did work
Safari - latest version
Microsoft Edge (Non Chromium) 44.18362.449.0/Microsoft EdgeHTML 18.18363
Firefox - 74.0 (64-bit)

I have entered my access.log for the proxy but not the error.log as there were no errors in this time frame.

Also the /var/www/html/data/nextcloud.log does not contain any logs during my testing. I think this is the correct log that Apache is writing to from the docker container of Nextcloud

Here is the Nginx reverse proxy access.log during the login that does not work.

12.177.x.x - - [26/Mar/2020:16:53:01 +0000] "GET /core/img/logo/logo.svg?v=1 HTTP/2.0" 200 321 "https://my.domain.com/core/css/guest.css?v=6a26f9ea-0" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
12.177.x.x - - [26/Mar/2020:16:53:01 +0000] "GET /core/img/loading-dark.gif HTTP/2.0" 200 4683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
12.177.x.x - - [26/Mar/2020:16:53:01 +0000] "GET /core/img/actions/confirm-white.svg?v=2 HTTP/2.0" 200 405 "https://my.domain.com/core/css/guest.css?v=6a26f9ea-0" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
12.177.x.x - - [26/Mar/2020:16:53:01 +0000] "GET /svg/core/logo/logo?color=fff&v=1 HTTP/2.0" 200 321 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
12.177.x.x - - [26/Mar/2020:16:53:01 +0000] "GET /core/img/favicon.ico HTTP/2.0" 200 3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
12.177.x.x - - [26/Mar/2020:16:53:01 +0000] "GET /cron.php HTTP/2.0" 200 20 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
#####
I typed the username and password and then clicked log in
12.177.x.x - - [26/Mar/2020:16:57:24 +0000] "POST /login HTTP/2.0" 303 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
The screen did not redirect to the files screen so I pressed F5 to refesh the page. I waited a little bit to show the time waiting
#####
12.177.x.x - - [26/Mar/2020:17:00:15 +0000] "GET /login HTTP/2.0" 303 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
12.177.x.x - - [26/Mar/2020:17:00:15 +0000] "GET /apps/files/ HTTP/2.0" 200 7692 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
12.177.x.x - - [26/Mar/2020:17:00:15 +0000] "GET /custom_apps/files_rightclick/css/app.css?v=a4e778c3-0 HTTP/2.0" 200 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
12.177.x.x - - [26/Mar/2020:17:00:15 +0000] "GET /apps/gallery/css/gallerybutton.css?v=e2aed90d-0 HTTP/2.0" 200 793 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"

Access log of Firefox login that works

12.177.x.x - - [26/Mar/2020:17:25:42 +0000] "GET /core/img/actions/toggle.svg HTTP/2.0" 200 308 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
12.177.x.x - - [26/Mar/2020:17:25:42 +0000] "GET /core/img/actions/confirm-white.svg?v=2 HTTP/2.0" 200 405 "https://my.domain.com/core/css/guest.css?v=6a26f9ea-0" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
12.177.x.x - - [26/Mar/2020:17:25:42 +0000] "GET /core/img/favicon.ico HTTP/2.0" 200 3262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
12.177.x.x - - [26/Mar/2020:17:25:42 +0000] "GET /cron.php HTTP/2.0" 200 20 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
12.177.x.x - - [26/Mar/2020:17:26:44 +0000] "GET /login HTTP/2.0" 200 3590 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"
12.177.x.x - - [26/Mar/2020:17:26:45 +0000] "GET /core/img/background.png?v=2 HTTP/2.0" 200 102736 "https://my.domain.com/core/css/guest.css?v=6a26f9ea-0" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"
12.177.x.x - - [26/Mar/2020:17:26:45 +0000] "GET /core/img/actions/confirm-white.svg?v=2 HTTP/2.0" 200 405 "https://my.domain.com/core/css/guest.css?v=6a26f9ea-0" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"
12.177.x.x - - [26/Mar/2020:17:26:45 +0000] "GET /core/img/actions/toggle.svg HTTP/2.0" 200 308 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"
12.177.x.x - - [26/Mar/2020:17:26:45 +0000] "GET /core/img/loading-dark.gif HTTP/2.0" 200 4683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"
12.177.x.x - - [26/Mar/2020:17:26:45 +0000] "GET /cron.php HTTP/2.0" 200 20 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"
####
I typed the username and password
12.177.x.x - - [26/Mar/2020:17:27:07 +0000] "POST /login HTTP/2.0" 303 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"
I clicked login and went right to the file screen
####
12.177.x.x - - [26/Mar/2020:17:27:07 +0000] "GET /apps/files/ HTTP/2.0" 200 7716 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"
12.177.x.x - - [26/Mar/2020:17:27:07 +0000] "GET /custom_apps/files_rightclick/css/app.css?v=a4e778c3-0 HTTP/2.0" 200 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"
12.177.x.x - - [26/Mar/2020:17:27:07 +0000] "GET /apps/gallery/css/slideshow.css?v=e2aed90d-0 HTTP/2.0" 200 1311 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"

Ben_Murphy · March 27, 2020, 12:12am

Ok found out my issue. Note-to-self check your spelling. I found out that I spelled the variable in config.php ‘overwriteprotcol’ when it should have been ‘overwriteprotocol’.

Thanks for the help.

roemhildtg · April 23, 2021, 2:39am

This helped me solve the issue too - I’m using nextcloud + docker. As referenced in the docker docs - there’s a env variable you can set OVERWRITEPROTOCOL = https.