Docker: Several security and compatibility issues

Created on 1 Feb 2019 · 8Comments · Source: nextcloud/docker

The __Host Prefix of the cookies isn't set properly -> leads to bad rating in security scan -> cant't influence this as the setting comes from the container
Nextcloud reports that the webserver isn't correctly configured to resolve
/.well-known/caldav
/.well-known/carddav
(using this Image with traefik reverse proxy)

question

Source

bd8392

Most helpful comment

I was able to resolve the __Host prefix issue with this guide: https://docs.nextcloud.com/server/13/admin_manual/configuration_server/reverse_proxy_configuration.html
but the resolve issue still persits

bd8392 on 1 Feb 2019

👍3

All 8 comments

Duplicate of #632?

J0WI on 1 Feb 2019

bd8392 on 1 Feb 2019

👍3

This seems to be an issue with your traefik configuration. The latest default image passes all checks.

J0WI on 1 Feb 2019

See #527 for the .well-known issue, you have to change the .htaccess file.

marceljd on 2 Feb 2019

See #644 for Apache, the .well-known and HSTS errors will be gone. When you run Nextcloud behind a proxy you also need a trusted proxy entry in the config.php, I will create a PR for this next week. Both can be added with environment variables.

marceljd on 9 Feb 2019

I was able to resolve the __Host prefix issue with this guide: https://docs.nextcloud.com/server/13/admin_manual/configuration_server/reverse_proxy_configuration.html

Have to admit you're right :-)
But adding only overwriteprotocol and overwritehost did the thing for me!

mherzhoff on 24 Apr 2019

@bd8392 The Nextcloud 16 documentation includes a solution for the resolve issue without touching the .htaccess file: click

Add the following labels to your nextcloud container:

traefik.frontend.redirect.permanent: 'true'
traefik.frontend.redirect.regex: https://(.*)/.well-known/(card|cal)dav
traefik.frontend.redirect.replacement: https://$$1/remote.php/dav/