I was getting the error message [EINVAL] values.ingress.main.tls: Item#0 is not valid per list types: [EINVAL] tlsEntry.scaleCert: Invalid choice: 3 when I was on nextcloud 25.0.2_19.0.51 (truecharts) and was not able to upgrade so I deleted nextcloud and installed 25.0.4_1.6.18 (standard truenas scale apps).
I manually added my web address to config.php add cloud.myweb.mycom as trusted domain, and am able to access nextcloud fine using a browser. But fails when using the windows web app with the error untrusted certificate - The host name did not match any of the valid hosts for this certificate for windows and iOS "web login not available, use the old login method."
So after reading a number of posts, changed the owner (chown) to the directory - in my case /mnt/Main/vmStorage/nextcloud to www-data with the same results.
I would prefer using the latest version of nextcloud, but the posts I’m finding on various sites have somewhat conflicting information. I do have webDAV installed at the server level but don’t have any webDAV shares set up (some posts indicated adding webDAV username to the config file).
In looking at the log in Administration/Overview in the web interface I see:
You are accessing your instance over a secure connection, however your instance is generating insecure URLs. This most likely means that you are behind a reverse proxy and the overwrite config variables are not set correctly. Please read the documentation page about this .
Although i think this only applies to the direct web access I’m using I did find an article related to access, so I added the following in config.php:
‘overwritehost’ => ‘custom.domain.com’,
‘overwriteprotocol’ => ‘https’,
‘overwritewebroot’ => ‘/’,
‘overwrite.cli.url’ => ‘https://custom.domain.com/’,
‘htaccess.RewriteBase’ => ‘/’,
With no change in behavior. Spinning my wheels now trying to find the appropriate documentation to follow.
Two good points @KarlF12 , thanks. I had thought that the cloudflared app in Truenas was handling the certificate. And, yes I am using reverse proxy. I tried using the overwriteprotocol as HTTPS, but I’ll try HTTP? I’ll see if I can find better documentation on the parameters like overwriteprotocol.
I deleted everything, re-installed the certificates, double checked cloudflare tunnel configuration it is working using the web again using cloud.mydomain.com, but not the app. cloud.mydomain.com is added to the trusted domains. I don’t understand why it would work with the web page and not the app.
Still working on it. In the logs I see "failed to create fsnotify watcher: too many open files (nextcloud-postgresql log, nextcloud-redis log, hpb log, etc.). I increased the inotify ( sudo sysctl fs.inotify.max_user_watches=262144) but not helping and not certain it’s related.
Thanks again @KarlF12
I re-installed again making sure to configure ingress on initial installation in truenas scale. Again, cloud.mydomain.com works fine using a browser (phone, pc, etc.). I’ve added the external IP address to the trusted domains in the config.php; added a port forward for nextcloud (10020) to the server in the router and the app message is - “connection error Could not connect to server”. On a PC web browser using the external IP & port I get:
** Access through untrusted domain
Please contact your administrator. If you are an administrator, edit the “trusted_domains” setting in config/config.php like the example in config.sample.php.
Further information how to configure this can be found in the documentation.**
both of these make sense because I’m trying to https into a web site that is http only. I use the tunnel to create my https connection.
With the re-install I am getting “Error Web Login not available, use the old login method”. What’s the old login method?
FYI Web access on iOS works fine - including uploading and viewing files; just the app has issues. Also, added ‘overwriteprotocol’ => ‘https’, to the config file when I re-installed.
Here’s my redacted config.php: config.odt (25.9 KB)
In one post above, you said you had the external IP in trusted_hosts, and in another you said cloud.mydomain.com. Ultimately to resolve this error, whatever IP or FQDN you are putting in the address bar of your browser (or server address of the app) needs to be included in trusted_domains. The error means it is not finding an entry that matches.
This should be cloud.mydomain.com along with a matching certificate if the goal is to have valid HTTPS. And then ideally you should always use the valid URL to access it, never the IP.
That’s fine, and possibly necessary to make it work with the tunnel. But also understand that this means you MUST use HTTPS when connecting because it will always redirect you to HTTPS URLs.
This may mean that you need to connect over the tunnel even when coming from your LAN in order for all the moving parts to line up.