Server: Nextcloud tries HTTP instead of HTTPS connection for resources and for generating links (share by link)
I had multiple random problems with Nextcloud 15.0.5 involving logins from outside my LAN and some usability "hick ups". Maybe login problems are related to URL generation problem I will describe here. Read "Actual behaviour" for more details. I find it hard to describe the issue in the correct order.
Steps to reproduce
Actual issue.
- Share a file/directory "by link"
- Click "Copy link" button
- Link in clipboard is prefixed with http although entire page runs on https
Related issue: Download as zip fails on shared directory
- Open shared link, manually prefixed with https
- Click "Download All files" to download directory as zip
- Will redirect to http url instead of https url
More a symptom than an issue:
- Open main file page with developer console open
- Developer console will show something like
Refused to load the font 'http://***' because it violates the following Content Security Policy directive: "font-src 'self' data:"
--> Indicates http loading for resources instead of https
Expected behaviour
I would expect a https prefixed URL in all cases.
Actual behaviour
Nextcloud returns http prefixed urls. This works in my LAN because I have it behind a reverse proxy which redirects all http requests to https. However, outside my LAN only the https port to the reverse proxy is forwared. Thus, http (without the s!) requests will fail. Manually adding the s works.
Also I had some login problems (from outside LAN only) where the login page would not even come up. I cannot provide any detailed information on that, though. However, my theory is, that wrong http urls could be the issue here, too. Since some fonts are loaded using http (see above) instead of https, too, issues could happen on login page.
Server configuration
Operating system:
Ubuntu 18.04 but with Docker 18.09.1
Web server:
nginx/1.13.8 inside own Docker container
Database:
MariaDB 10.3.13 inside own Docker container
PHP version:
PHP-FPM 7.2.15 inside own Docker container
Nextcloud version: (see Nextcloud admin page)
Nextcloud 15.0.5
Updated from an older Nextcloud/ownCloud or fresh install:
Updated via docker pull from 15.something
Where did you install Nextcloud from:
Via Docker: nextcloud:15-fpm
Signing status:
Signing status
No errors have been found.
List of activated apps:
App list
Enabled:
- accessibility: 1.1.0
- bookmarks: 0.16.2
- bruteforcesettings: 1.3.0
- cloud_federation_api: 0.1.0
- dav: 1.8.1
- federatedfilesharing: 1.5.0
- files: 1.10.0
- files_external: 1.6.0
- files_pdfviewer: 1.4.0
- files_sharing: 1.7.0
- files_texteditor: 2.7.0
- files_trashbin: 1.5.0
- files_videoplayer: 1.4.0
- logreader: 2.0.0
- lookup_server_connector: 1.3.0
- mail: 0.11.0
- notifications: 2.3.0
- oauth2: 1.3.0
- password_policy: 1.5.0
- provisioning_api: 1.5.0
- serverinfo: 1.5.0
- support: 1.0.0
- systemtags: 1.5.0
- theming: 1.6.0
- twofactor_backupcodes: 1.4.1
- twofactor_totp: 2.1.1
- updatenotification: 1.5.0
- workflowengine: 1.5.0
Disabled:
- activity
- admin_audit
- calendar
- comments
- contacts
- deck
- encryption
- federation
- files_inotify
- files_versions
- firstrunwizard
- gallery
- nextcloud_announcements
- sharebymail
- survey_client
- user_ldap
Nextcloud configuration:
Config report
{
"system": {
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"cloud.xxxxx.de"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"overwrite.cli.url": "https:\/\/cloud.xxxxx.de",
"dbtype": "mysql",
"version": "15.0.5.3",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"maintenance": false,
"loglevel": 2,
"app.mail.imap.timeout": 30,
"app.mail.smtp.timeout": 30,
"ldapIgnoreNamingRules": false,
"ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory"
},
"apps": {
"accessibility": {
"enabled": "yes",
"installed_version": "1.1.0",
"types": ""
},
"activity": {
"enabled": "no",
"installed_version": "2.7.0",
"types": "filesystem"
},
"backgroundjob": {
"lastjob": "53"
},
"bookmarks": {
"enabled": "yes",
"installed_version": "0.16.2",
"types": ""
},
"bruteforcesettings": {
"enabled": "yes",
"installed_version": "1.3.0",
"types": ""
},
"calendar": {
"enabled": "no",
"installed_version": "1.6.4",
"types": ""
},
"cloud_federation_api": {
"enabled": "yes",
"installed_version": "0.1.0",
"types": "filesystem"
},
"comments": {
"enabled": "no",
"installed_version": "1.4.0",
"types": "logging"
},
"contacts": {
"enabled": "no",
"installed_version": "3.0.3",
"types": ""
},
"core": {
"installed.bundles": "[\"CoreBundle\"]",
"installedat": "1516905486.9155",
"lastcron": "1551869023",
"lastupdateResult": "[]",
"lastupdatedat": "1551867747",
"moveavatarsdone": "yes",
"oc.integritycheck.checker": "[]",
"previewsCleanedUp": "1",
"public_files": "files_sharing\/public.php",
"public_webdav": "dav\/appinfo\/v1\/publicwebdav.php",
"scss.variables": "xxxx",
"shareapi_enforce_links_password": "no",
"updater.secret.created": "xxxx",
"vendor": "nextcloud"
},
"dav": {
"buildCalendarSearchIndex": "yes",
"enabled": "yes",
"installed_version": "1.8.1",
"types": "filesystem"
},
"deck": {
"enabled": "no",
"installed_version": "0.5.2",
"types": "logging"
},
"federatedfilesharing": {
"enabled": "yes",
"installed_version": "1.5.0",
"types": ""
},
"federation": {
"enabled": "no",
"installed_version": "1.2.0",
"types": "authentication"
},
"files": {
"cronjob_scan_files": "500",
"enabled": "yes",
"installed_version": "1.10.0",
"types": "filesystem"
},
"files_external": {
"enabled": "yes",
"installed_version": "1.6.0",
"types": "filesystem"
},
"files_inotify": {
"installed_version": "0.1.3",
"types": "filesystem"
},
"files_pdfviewer": {
"enabled": "yes",
"installed_version": "1.4.0",
"types": ""
},
"files_sharing": {
"enabled": "yes",
"incoming_server2server_share_enabled": "no",
"installed_version": "1.7.0",
"lookupServerUploadEnabled": "no",
"outgoing_server2server_share_enabled": "no",
"types": "filesystem"
},
"files_snapshots": {
"enabled": "no",
"installed_version": "0.1.2",
"types": ""
},
"files_texteditor": {
"enabled": "yes",
"installed_version": "2.7.0",
"types": ""
},
"files_trashbin": {
"enabled": "yes",
"installed_version": "1.5.0",
"types": "filesystem,dav"
},
"files_versions": {
"enabled": "no",
"installed_version": "1.5.0",
"types": "filesystem"
},
"files_videoplayer": {
"enabled": "yes",
"installed_version": "1.4.0",
"types": ""
},
"firstrunwizard": {
"enabled": "no",
"installed_version": "2.1",
"types": "logging"
},
"gallery": {
"enabled": "no",
"installed_version": "18.1.0",
"types": ""
},
"logreader": {
"enabled": "yes",
"installed_version": "2.0.0",
"ocsid": "170871",
"types": ""
},
"lookup_server_connector": {
"enabled": "yes",
"installed_version": "1.3.0",
"types": "authentication"
},
"mail": {
"enabled": "yes",
"installed_version": "0.11.0",
"types": ""
},
"nextcloud_announcements": {
"enabled": "no",
"installed_version": "1.1",
"pub_date": "Sat, 10 Dec 2016 00:00:00 +0100",
"types": "logging"
},
"notifications": {
"enabled": "yes",
"installed_version": "2.3.0",
"types": "logging"
},
"oauth2": {
"enabled": "yes",
"installed_version": "1.3.0",
"types": "authentication"
},
"password_policy": {
"enabled": "yes",
"installed_version": "1.5.0",
"types": ""
},
"provisioning_api": {
"enabled": "yes",
"installed_version": "1.5.0",
"types": "prevent_group_restriction"
},
"serverinfo": {
"enabled": "yes",
"installed_version": "1.5.0",
"types": ""
},
"sharebymail": {
"enabled": "no",
"installed_version": "1.4.0",
"types": "filesystem"
},
"support": {
"enabled": "yes",
"installed_version": "1.0.0",
"types": ""
},
"survey_client": {
"enabled": "no",
"installed_version": "1.0.0",
"types": ""
},
"systemtags": {
"enabled": "yes",
"installed_version": "1.5.0",
"types": "logging"
},
"theming": {
"backgroundMime": "backgroundColor",
"cachebuster": "4",
"enabled": "yes",
"installed_version": "1.6.0",
"name": "PyCloud",
"slogan": "A cloud for me",
"types": "logging",
"url": "https:\/\/cloud.xxxxx.de"
},
"twofactor_backupcodes": {
"enabled": "yes",
"installed_version": "1.4.1",
"types": ""
},
"twofactor_totp": {
"enabled": "yes",
"installed_version": "2.1.1",
"types": ""
},
"updatenotification": {
"bookmarks": "0.16.2",
"bruteforcesettings": "1.2.0",
"calendar": "1.6.1",
"contacts": "2.1.5",
"core": "15.0.4.0",
"enabled": "yes",
"files_pdfviewer": "1.2.1",
"installed_version": "1.5.0",
"mail": "0.8.3",
"theming": "1.4.5",
"types": "",
"update_check_errors": "0"
},
"user_external": {
"enabled": "no",
"installed_version": "0.4",
"types": "authentication,prelogin"
},
"user_ldap": {
"enabled": "no",
"installed_version": "1.5.0",
"s01_lastChange": "1544692150",
"s01has_memberof_filter_support": "0",
"s01home_folder_naming_rule": "",
"s01last_jpegPhoto_lookup": "0",
"s01ldap_agent_password": "",
"s01ldap_attributes_for_group_search": "",
"s01ldap_attributes_for_user_search": "",
"s01ldap_backup_host": "",
"s01ldap_backup_port": "",
"s01ldap_base": "",
"s01ldap_base_groups": "",
"s01ldap_base_users": "",
"s01ldap_cache_ttl": "600",
"s01ldap_configuration_active": "0",
"s01ldap_default_ppolicy_dn": "",
"s01ldap_display_name": "displayName",
"s01ldap_dn": "",
"s01ldap_dynamic_group_member_url": "",
"s01ldap_email_attr": "",
"s01ldap_experienced_admin": "0",
"s01ldap_expert_username_attr": "",
"s01ldap_expert_uuid_group_attr": "",
"s01ldap_expert_uuid_user_attr": "",
"s01ldap_gid_number": "gidNumber",
"s01ldap_group_display_name": "cn",
"s01ldap_group_filter": "",
"s01ldap_group_filter_mode": "0",
"s01ldap_group_member_assoc_attribute": "uniqueMember",
"s01ldap_groupfilter_groups": "",
"s01ldap_groupfilter_objectclass": "",
"s01ldap_host": "",
"s01ldap_login_filter": "",
"s01ldap_login_filter_mode": "0",
"s01ldap_loginfilter_attributes": "",
"s01ldap_loginfilter_email": "0",
"s01ldap_loginfilter_username": "1",
"s01ldap_nested_groups": "0",
"s01ldap_override_main_server": "",
"s01ldap_paging_size": "500",
"s01ldap_port": "",
"s01ldap_quota_attr": "",
"s01ldap_quota_def": "",
"s01ldap_tls": "0",
"s01ldap_turn_off_cert_check": "0",
"s01ldap_turn_on_pwd_change": "0",
"s01ldap_user_avatar_rule": "default",
"s01ldap_user_display_name_2": "",
"s01ldap_user_filter_mode": "0",
"s01ldap_userfilter_groups": "",
"s01ldap_userfilter_objectclass": "",
"s01ldap_userlist_filter": "",
"s01use_memberof_to_detect_membership": "1",
"types": "authentication"
},
"workflowengine": {
"enabled": "yes",
"installed_version": "1.5.0",
"types": "filesystem"
}
}
}
Are you using external storage, if yes which one: local
Are you using encryption: no
Are you using an external user-backend, if yes which one: no (LDAP deactivated)
Client configuration
Browser:
Chrome
Operating system:
MacOS Mojave
maxiimilian
All 4 comments
My bet is you are behind a reverse proxy.
Try setting the overwriteprotocol in your config.php
rullzer
on 6 Mar 2019
You鈥檙e right. Everything works as expected now... thanks for pointing it out. It actually was a feature not a bug ;). Still strange, though, because everything was working with previous versions of Nextcloud and the same reverse proxy. Did the default behaviour maybe change?
maxiimilian
on 7 Mar 2019
Did the default behaviour maybe change?
Yes. Ensure that the ip of your reverse proxy is listed in trusted_proxies.
kesselb
on 7 Mar 2019
Looks like the same problem occurred on our deployment causing SAML login to stop working, because Entity Id changed to http instead of https
cloud-rocket
on 13 Mar 2019
Related issues
arno01
路
3Comments
blackcrack
路
3Comments
mfechner
路
3Comments
rullzer
路
3Comments
j-ed
路
3Comments
Most helpful comment
My bet is you are behind a reverse proxy.
Try setting the overwriteprotocol in your config.php