Untrusted domain when accessing from local network

ℹ️ Support
1

Hello there,

I’m facing problems reaching my nextcloud instance through my local network. The nextcloud folder is located at /var/www/example.com/public/nextcloud and reachable through cloud.example.com.
Now when I’m trying to reach my instance through the local IP 192.168.188.22/nextcloud I’m getting the “Untrusted Domains” message.

I tried adding the local IP in the config.php, which now looks like this:

<?php
$CONFIG = array (
'passwordsalt' => 'XXX',
'secret' => 'XXX',
'trusted_domains' => 
array (
  0 => '192.168.188.22/nextcloud/',
  1 => 'example.com',
  2 => 'cloud.example.com',
  3 => 'example.info',
  4 => 'localhost'
),
'datadirectory' => '/mnt/user/nextcloud_data',
'dbtype' => 'mysql',
'version' => '19.0.4.2',
'memcache.local' => '\\OC\\Memcache\\APCu',
'filelocking.enabled' => true,
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => 
array (
  'host' => '/var/run/redis/redis-server.sock',
  'port' => 0,
),
'overwrite.cli.url' => '',
'htaccess.RewriteBase' => '/',
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'oc_admin',
'dbpassword' => 'XXX',
'installed' => true,
'instanceid' => 'ocpofaewdg0n',
'maintenance' => false,
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'ssl',
'mail_sendmailmode' => 'smtp',
'mail_from_address' => 'cloud',
'mail_domain' => 'example.com',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpauth' => 1,
'mail_smtphost' => 'mail.example.com',
'mail_smtpport' => '465',
'mail_smtpname' => 'cloud@example.com',
'mail_smtppassword' => 'XXX',
'theme' => '',
'loglevel' => 2,
'logfile' => '/var/log/nextcloud.log',

);

So as you can see the local IP is added in the trusted domains array but still I’m getting the Untrusted Domains message.

The VirtualHost file for cloud.example.com looks like this, if this is any help:

<VirtualHost *:80>
DocumentRoot "/var/www/example.com/public/nextcloud/"
ServerName cloud.example.com

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
2

Can you test or have you tested:

0 => '192.168.188.22',

3

Yes, tested that. But 192.168.188.22 just gives me my regular webpage not the nextcloud.

What is interesting is, when I set 0 => '192.168.188.22', and then navigate to 192.168.188.22/nextcloud/ in my browser I don’t get the untrusted domains message but instead a “Not Found” message:

Not Found
The requested URL was not found on this server.

Apache/2.4.25 (Debian) Server at 192.168.188.22 Port 443
4

Do you need 192.168.188.22 (not 192.168.188.22/nextcloud) for other services?
Do you use with accessing from the internet /nextcloud or not?

5

at 192.168.188.22 a static site is hosted so in var/www/example.com/public/ there is a index.html which is served when visiting 192.168.188.22 and then in the same directory there is my nextcloud folder at /var/www/example.com/public/nextcloud/.

6

I guess it has something to do with port 443

have you enabled the ssl site?

7

In the config.php you must not include https or Port 443.

Please post your “Untrusted Domains” message (screenshot).
Is it a Nextcloud message or a browser message?
Also posts logs from webserver and nextcloud.

8

Thats a good suggestion @moboter although I don’t think it has anything to do with the solution. The Apache “Not Found” message changes to port 80 if I type http:// instead of https://.

@devnull I’ve tried adding 192.168.188.42:443 and/or 192.168.188.42:443/nextcloud to the trusted domain array, without success.

This is the page I get when I visit 192.168.188.42/nextcloud in my browser:

Screenshot_2020-11-05 Nextcloud
Screenshot_2020-11-05 Nextcloud1560×879 218 KB

9

22 or 42 ???
Also i think /nextcloud is not needed. Test both.

10

I agree just tested it and you dont need it
as your vhost is pointing to the root

11

I found no hint in the documentation that there is a need for configure subdir. It is a “trusted domain” and not a “trusted folder”. @eikes delete /nextcloud .

12

The trusted_domains array is to contain a list of trusted domains. Not URLs or ports. Just the domain portion of what you may put in the address bar when accessing the site.

You should remove the junk entries also.

13

22 or 42 ???

22, I’m sorry I mistyped. Its 22. :smiley:

It is a “trusted domain” and not a “trusted folder”

That actually makes sense, yeah.
So I deleted /nextcloud, then the trusted domains array looks like this:

$CONFIG = array (
'passwordsalt' => 'XXX',
'secret' => 'XXX',
'trusted_domains' => 
array (
  0 => '192.168.188.22',
  1 => 'example.com',
  2 => 'cloud.example.com',
  3 => 'example.info',
  4 => 'localhost',
),

Now it issue is that when I type 192.168.188.22/nextcloud into my browser I get redirected to https://192.168.188.22/nextcloud/login and this error/message comes up.

Screenshot_2020-11-05 404 Not Found
Screenshot_2020-11-05 404 Not Found1560×879 15.4 KB

If I manually change https to http the same message comes up except its port 80 instead of 443 in at the bottom.

EDIT:
When trying from my phone at 192.168.188.22/nextcloud I dont get redirected to https:// but still get the same “Not Found” message

14

In your first post you write about a virtual host.
Please post all virtual hosts and the configuration. E.g. DocumentRoot

For your ip 192.168.188.22 it must maped to
/var/www/example.com/public
not
/var/www/example.com/public/nextcloud

15

and the configuration. E.g. DocumentRoot

Not really sure what you mean by this.

I looked into /etc/apache2/sites-enabled and realized that that the issue might be there.

I found a 000-default.conf file enabled which points to the web root at /var/www/example.info/public_html/ (nextcloud is in /var/www/example.info/public_html/nextcloud/) :

<VirtualHost *:80>
ServerName www.example.info
ServerAdmin webmaster@localhost
ServerAlias example.info
DocumentRoot /var/www/example.info/public_html

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.info [OR]
RewriteCond %{SERVER_NAME} =www.example.info
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Also there is another Virtual Host I set up for application stuff :smiley: at /etc/apache2/sites-enabled/application.example.com.conf:

<VirtualHost *:80>
    ServerName application.example.com
    RedirectPermanent / https://example.com/nextcloud/index.php/s/WXcW3wKpKMsKxXQ
</VirtualHost>

and my main site at /etc/apache2/sites-enabled/example.com.conf:

<VirtualHost *:80>
    ServerName www.example.com
    ServerAdmin webmaster@localhost
    ServerAlias example.info
    DocumentRoot /var/www/example.info/public_html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<Directory /var/www/example.info/public_html>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

I did an a2dissite for the 000-default.conf and the application.example.com.conf so they don’t stand get served first when accessing the local IP (because they are starting with a 000 and an A) and now I’m able to see my nextcloud and login.

So to be clear: When typing the IP 192.168.188.22 I get redirected to https://192.168.188.22/login and the login window appears :+1:

This is good but not quite perfect, as I’m not not able to access the static page (/var/www/example.com/public_html/index.html) anymore when typing the local IP.

16

Why have you set this?

17

It’s a share I’ve set up to provide potential employers with easy access to some work samples of mine.
So instead of providing the entire link I could tell them to visit application.example.com

18

Perhaps you create all configs new from a tutorial. First internal and then external and then other. Use for each virtual host two configs (http and https).