Exposing Nextcloud to the web results in a local ip redirection

[gabbla]

Hello all,

I recently installed a TrueNAS Scale box (TrueNAS-SCALE-22.02-RC.2) on which I have installed the official Nextcloud plugin (23_1.3.11). The instance is available at my box IP at the suggested port (192.168.1.225:9001) and works flawlessly. Since I want to access such instance from outside my home network I have added a sub domain attached to a DynDNS service and configured my router to do the port forwarding. I have also generated the right certificates in order to use https without warning. When I browse to

https://cloud.mydomain.tld

I got redirected to

https://192.168.1.225:9001

and the Nextcloud homepage shows up. That is, obviously, a problem. Checking the Nextcloud "Mobile & Desktop" tab in the admin section shows that the server address is my local one:

I tried messing around with the configuration (via UI) and the only parameter that has some relevant effect is the Nextcloud host, which defaults to the server IP. I tried setting my subdomain (cloud.mydomain.tld) and the server address in the settings actually change, but I still get the port wrong:

Now, if I browse to

https://cloud.mydomain.tld

I got redirected to https://cloud.mydomain.tld:9001/login which is not reachable. I'd like to serve the interface to the port 443 and not the 9001.

Anyone faced the same issue?

Thanks!
Gab

 

[sretalla]

You need to edit the config file in the jail... mine was here: /usr/local/www/nextcloud/config/config.php

You need to make sure that it contains something like this:

'overwrite.cli.url' => 'https://cloud.mydomain.tld',

and

'overwriteprotocol' => 'https',

 

[gabbla]

You need to edit the config file in the jail... mine was here: /usr/local/www/nextcloud/config/config.php

You need to make sure that it contains something like this:

'overwrite.cli.url' => 'https://cloud.mydomain.tld',

and

'overwriteprotocol' => 'https',

Thank you sretalla, I tried what you suggested but nothing changes (I still got the redirection to the local IP). Anyway I am not using jails but Docker. Aren't jails a TrueNAS Core feature?

Gab

 

[sretalla]

tried what you suggested but nothing changes (I still got the redirection to the local IP). Anyway I am not using jails but Docker. Aren't jails a TrueNAS Core feature?

Whatever it is, it will be resolved in the config file. You may have some conflicting settings already in the file that are causing the redirect.

Also your reverse proxy may be contributing/at fault, so look at the config of that too.

Indeed Jails are a thing of CORE/FreeBSD... my mistake for not looking at the section you posted in. The advice applies just the same in the end.

 

[truecharts]

In case someone wonders:
Our setup does not have this issue by design, as we correctly set server addresses based on Ingress configuration

 

[gabbla]

In case someone wonders:
Our setup does not have this issue by design, as we correctly set server addresses based on Ingress configuration

Hello,

I installed the plugin from TrueCharts and it is up and running. I set up the ingress as shown below:

When I try to reach the service at https://cloud.mydomain.tld I get the following error:

Via `openssl s_client -connect cloud.mydomain.tld:443`:

Code:

CONNECTED(00000003)
140505115256128:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 308 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

I am definitely missing something (stupid I guess) but can't figure it out. Any idea?

Thank you!
Gab

 

[truecharts]

Hello,

I installed the plugin from TrueCharts and it is up and running. I set up the ingress as shown below:

View attachment 52401

When I try to reach the service at https://cloud.mydomain.tld I get the following error:
View attachment 52402

Via `openssl s_client -connect cloud.mydomain.tld:443`:

Code:

CONNECTED(00000003)
140505115256128:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 308 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

I am definitely missing something (stupid I guess) but can't figure it out. Any idea?

Thank you!
Gab

We are just here to "nudge" in the right direction.
If you need actual help with our Apps you would need to file a support ticket on our support discord so our staff can look into it.

 

[gabbla]

Hello,

I went for the turecharts Nextcloud app and traefik and now everything works as expected!

Thank you all both here and on discord.

Gab

 

[dominik0711]

With Nextcloud 25 I was able to set overwrite.cli.url to FQDN and overwriteprotocol to https. With that, I was capable to reach out the server through a Cloudflare tunnel. With Nextcloud 27 it is not possible anymore. Is there a reason for that? What is the proper way to expose my Nextcloud app to the internet? Currently, my server is: TrueNAS-SCALE-22.12.4.2