Server: [NC 15.0.2]Theming not proxy-safe
Just noticed that our adjustments to theming are not visible for clients accessing NC from external. They see the default Slogan, Logo, Login image, ... There are no errors in NC log, proxy log or browser log.
This issue first happened after the update to 15.0.2. Was working fine with 15.0.0 and earlier.
herrmannsdorfer
All 7 comments
could you please explain what you mean?
also, please fill in the issue template, if you want us to take a look at your issue... otherwise it's quite impossible to reproduce if it's not happening on every setup...
violoncelloCH
on 23 Jan 2019
Short story:
We are running NC behind a web proxy. We adjusted some details in the theming app (Slogan, Logo, Login image, ...). With release 15.0.0 and earlier these were visible from external as well as from inside the LAN.
Starting with release 15.0.2 theming is reverted to default values when NC is accessed from external.
We do not see any errors logged (NC, proxy, client).
Long version:
Steps to reproduce
- Access a proxified NC from outside.
Expected behaviour
Login page and other NC pages including public shares should show changed theming details like logo, slogan, login image, favicon etc.
Actual behaviour
Theming details shown are default values.
Server configuration
Operating system:
Ubuntu 16.04.4
Web server:
Apache 2.4.18
Database:
mysql 10.0.36
PHP version:
7.0.32
Nextcloud version: (see Nextcloud admin page)
15.0.2.0
List of activated apps:
App list
Enabled:
- accessibility: 1.1.0
- activity: 2.8.2
- admin_audit: 1.5.0
- announcementcenter: 3.4.1
- bruteforcesettings: 1.3.0
- cloud_federation_api: 0.1.0
- comments: 1.5.0
- dav: 1.8.1
- deck: 0.5.2
- federatedfilesharing: 1.5.0
- federation: 1.5.0
- files: 1.10.0
- files_accesscontrol: 1.5.0
- files_automatedtagging: 1.5.0
- files_pdfviewer: 1.4.0
- files_retention: 1.4.0
- files_sharing: 1.7.0
- files_texteditor: 2.7.0
- files_trashbin: 1.5.0
- files_versions: 1.8.0
- files_videoplayer: 1.4.0
- firstrunwizard: 2.4.0
- gallery: 18.2.0
- groupfolders: 2.0.2
- jsloader: 1.0.2
- logreader: 2.0.0
- lookup_server_connector: 1.3.0
- metadata: 0.8.0
- nextcloud_announcements: 1.4.0
- notifications: 2.3.0
- oauth2: 1.3.0
- password_policy: 1.5.0
- polls: 0.9.4
- provisioning_api: 1.5.0
- quota_warning: 1.4.0
- richdocuments: 3.1.1
- serverinfo: 1.5.0
- sharebymail: 1.5.0
- sharerenamer: 2.3.0
- spreed: 5.0.1
- systemtags: 1.5.0
- theming: 1.6.0
- twofactor_admin: 0.2.0
- twofactor_backupcodes: 1.4.1
- twofactor_gateway: 0.11.0
- updatenotification: 1.5.0
- user_ldap: 1.5.0
- workflowengine: 1.5.0
Disabled:
- encryption
- files_external
- socialsharing_email
- support
- survey_client
- user_saml
Nextcloud configuration:
Config report
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"files.herrmannsdorfer.de"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"overwrite.cli.url": "https:\/\/files.herrmannsdorfer.de\/nextcloud",
"overwritehost": "files.herrmannsdorfer.de",
"overwriteprotocol": "https",
"overwritewebroot": "\/nextcloud",
"htaccess.RewriteBase": "\/nextcloud",
"dbtype": "mysql",
"version": "15.0.2.0",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"mail_smtpmode": "smtp",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"ldapIgnoreNamingRules": false,
"ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
"memcache.local": "\\OC\\Memcache\\APCu",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"maintenance": false,
"theme": "",
"loglevel": 2,
"updater.release.channel": "stable",
"mysql.utf8mb4": true,
"updater.secret": "***REMOVED SENSITIVE VALUE***"
}
}
Are you using external storage, if yes which one: local/smb/sftp/...
no
Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
LDAP configuration (delete this part if not used)
LDAP config
+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Configuration | |
+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | ***REMOVED SENSITIVE VALUE*** |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | displayName;mail |
| ldapBackupHost | ***REMOVED SENSITIVE VALUE*** |
| ldapBackupPort | 389 |
| ldapBase | ***REMOVED SENSITIVE VALUE*** |
| ldapBaseGroups | ***REMOVED SENSITIVE VALUE*** |
| ldapBaseUsers | ***REMOVED SENSITIVE VALUE*** |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | uniqueMember |
| ldapHost | ***REMOVED SENSITIVE VALUE*** |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | ***REMOVED SENSITIVE VALUE***
| ldapLoginFilterAttributes | sAMAccountName |
| ldapLoginFilterEmail | 1 |
| ldapLoginFilterMode | 1 |
| ldapLoginFilterUsername | 0 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserAvatarRule | default |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | ***REMOVED SENSITIVE VALUE***
| ldapUserFilterGroups | ***REMOVED SENSITIVE VALUE*** |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | person |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Client configuration
Browser:
independent, tested with IE11, FF, Safari, Chrome, cache cleared during tests
Operating system:
independent, tested on Win, macOS, iOS
Logs
no errors written
herrmannsdorfer
on 23 Jan 2019
@herrmannsdorfer thank you for the details!
the proxy config could probably be interesting here... nothing has changed there in between?
@nextcloud/theming any idea why the theming doesn't survive the proxying? anything relevant that changed between 15.0.0 and 15.0.2?
violoncelloCH
on 23 Jan 2019
Works here behind a nginx reverse proxy.
@herrmannsdorfer what kind of proxy do you have? Any errors in the nc logs? In the browser's log?
skjnldsv
on 24 Jan 2019
@violoncelloCH Proxy config hasn't changed between NC updates. To make 15.0.2 work we had to add overwrite-host, overwriteprotocol and overwritewebroot to config.php. Otherwise the login from external would stuck in a trusted_domains warning, logoff would redirect to local ip (and fail therefore) and some apps like polls would redirect to local ip to fetch content (open a specific poll).
There are already some issues regarding proxy and 15.0.2 and similar discussions on help.nextcloud.com. Obviously proxy handling has changed between 15.0.0 and 15.0.2.
@skjnldsv Proxy is Sophos UTM 9.6. No errors written in NC logs, proxy logs or browser logs.
One detail that might be a hint:
img src of the logo on login page when pulled from WAN through proxy (default theming)
<img src="/nextcloud/core/img/logo/logo.svg?v=a6f6d02f8c1abf5d2abb88de4149b1a71c4c9af9">
or pulled from inside LAN (changed logo in theming):
<img src="/nextcloud/apps/theming/image/logo?useSvg=1&v=12">
herrmannsdorfer
on 24 Jan 2019
Ref #13713 https://github.com/nextcloud/server/issues/13700
I suggested to set trusted_proxies instead of overwritehost here https://github.com/nextcloud/server/issues/13700#issuecomment-456863838. Maybe it works for you too.
Obviously proxy handling has changed between 15.0.0 and 15.0.2.
https://github.com/nextcloud/server/issues/13713#issuecomment-456189152
kesselb
on 24 Jan 2019
@danielkesselberg trusted_proxies was needed in config.php. Issue is resolved for us.
herrmannsdorfer
on 24 Jan 2019
Related issues
MorrisJobke
路
3Comments
Django-BOfH
路
3Comments
mfechner
路
3Comments
juliushaertl
路
3Comments
rullzer
路
3Comments
Most helpful comment
@danielkesselberg
trusted_proxieswas needed in config.php. Issue is resolved for us.