Issues with Nextcloud manual Jail configuration

egghog

Dabbler
Joined
Sep 17, 2022
Messages
23
Hey everyone! I previously had the official Nextcloud plugin running on my Truenas Core box, but upon updating it seems to have broken the whole instance (apparently a common occurrence with the official plugin).

Rather than trying to troubleshoot the poorly supported and seemingly largely abandoned plugin, I'm taking the opportunity to go through Samuel Dowling's fantastic guide on a manual jail installation and configuration, to start up a new Nextcloud from scratch, and hopefully gain a better understanding.

There were some hiccups, but now it's nearly there and working nicely. I have two main problems so far:


Problem 1 - DNS redirecting to IP

When I attempt to visit my domain name:
cloud.example.com

It reverts to the local IP of the jail:
https://192.168.0.10/login

I'm using a reverse proxy, so this results in a timeout. To access the site without a timeout, I have to specifically use a URL with a nextcloud page.

For instance:
cloud.example.com/login or cloud.example.com/apps

In my NC Security overview, I have this message which could be related;
The reverse proxy header configuration is incorrect, or you are accessing Nextcloud from a trusted proxy. If not, this is a security issue and can allow an attacker to spoof their IP address as visible to the Nextcloud

I've checked my config file again and again, going over every option and possibility I can imagine (with my limited experience). But as far as I can tell, the config is ok.

<?php $CONFIG = array ( 'instanceid' => 'redacted', 'passwordsalt' => 'redacted', 'secret' => 'redacted', 'trusted_domains' => array ( 0 => '192.168.0.10', 1 => 'cloud.example.com', ), 'datadirectory' => '/mnt/data', 'dbtype' => 'mysql', 'version' => '26.0.2.1', 'overwrite.cli.url' => 'https://cloud.example.com', 'htaccess.RewriteBase' => '/', 'dbname' => 'nextcloud', 'dbhost' => 'localhost:/tmp/mysql.sock', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'nextcloud_admin', 'dbpassword' => 'redacted', 'installed' => true, 'default_phone_region' => 'US', 'trusted_proxies' => array ( 0 => '192.168.0.11', ), 'overwriteprotocol' => 'https', 'redis' => array ( 'host' => '/var/run/redis/redis.sock', 'port' => 0, ), 'memcache.local' => '\\OC\\Memcache\\APCu', 'memcache.locking' => '\\OC\\Memcache\\Redis',

The only possibility I can think of are these settings
'overwrite.cli.url' => 'https://cloud.example.com', 'htaccess.RewriteBase' => '/',
Which I've added to enable the "Pretty URLs" feature to remove the ugly index.php/ on all the URLs. But I'm not sure if this is the cause or not.


Problem 2 - unable to access from the LAN

This is not necessarily related to the new jail install, but it's an annoying problem that's just popped up.

I recently got a new modem at the behest of my ISP, and upon installing it I found I could no longer access NC from my desktop, which is connected to the Truenas via a 10g switch.

I was pretty confident that it’s a NAT loopback/hairpin routing issue. But the weird thing is that I can access Nextcloud from every device except my desktop when on Ethernet (I've tried laptop and phone and they both connect).

I'm not super familiar with this so I'm not sure if this is expected behavior. If it's a hairpinning thing I would've thought being on wifi would make no difference as long as it's on the same internal network, but lo and behold, disabling my nic and enabling wifi allows the desktop to connect just fine (also the ethernet works when I turn my VPN on).

What's the deal with this?



Thanks for sticking with the long post. If anyone has thoughts or suggestions I'd be super grateful. Thanks!
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,737
I suggest trying the Nextcloud forum for answers. None of your questions relate to TrueNAS in particular.
 

Apollo

Wizard
Joined
Jun 13, 2013
Messages
1,449
I'm not super familiar with this so I'm not sure if this is expected behavior. If it's a hairpinning thing I would've thought being on wifi would make no difference as long as it's on the same internal network, but lo and behold, disabling my nic and enabling wifi allows the desktop to connect just fine (also the ethernet works when I turn my VPN on).

What's the deal with this?
Just a thought, but maybe the issue is related to your PC such as having the "hosts" file in Windows (assuming you are running Windows) that would force it to redirect to a different domain or IP address.
PS: "hosts" file can be found here"
C:\Windows\System32\drivers\etc
 

adrianwi

Guru
Joined
Oct 15, 2013
Messages
1,231
It reverts to the local IP of the jail:
https://192.168.0.10/login

I'm using a reverse proxy, so this results in a timeout. To access the site without a timeout, I have to specifically use a URL with a nextcloud page.
Have you tried to include the IP address of your reverse proxy server in the config.php file?

Something like:

Code:
  'trusted_proxies' =>
  array (
    0 => 'XXX.XXX.XXX.XXX',
  ),
 

egghog

Dabbler
Joined
Sep 17, 2022
Messages
23
Have you tried to include the IP address of your reverse proxy server in the config.php file?

Something like:

Code:
  'trusted_proxies' =>
  array (
    0 => 'XXX.XXX.XXX.XXX',
  ),
Yeah I have the trusted proxy. I was actually able to partially solve the problem by adding the 'overwritehost' => 'cloud.example.com', setting. I'm still getting the proxy error in the nextcloud interface, but at least it's not redirecting to the IP!

Just a thought, but maybe the issue is related to your PC such as having the "hosts" file in Windows (assuming you are running Windows) that would force it to redirect to a different domain or IP address.
PS: "hosts" file can be found here"
This is interesting, I'll have to look into it. Thanks!
 

victort

Guru
Joined
Dec 31, 2021
Messages
951
Yeah I have the trusted proxy. I was actually able to partially solve the problem by adding the 'overwritehost' => 'cloud.example.com', setting. I'm still getting the proxy error in the nextcloud interface, but at least it's not redirecting to the IP!
The proxy error will always be there. It's a bug. See https://help.nextcloud.com/t/the-re...cessing-nextcloud-from-a-trusted-proxy/139286

I would recommend this script btw. It does everything that you did manually, automatically. With automatic cert management.
 

egghog

Dabbler
Joined
Sep 17, 2022
Messages
23
The proxy error will always be there. It's a bug. See https://help.nextcloud.com/t/the-re...cessing-nextcloud-from-a-trusted-proxy/139286

I would recommend this script btw. It does everything that you did manually, automatically. With automatic cert management.
Ah great that's good to know, thanks! The manual installation was partially an educational exercise so I can get a sense of all the different components, but I'll definitely bookmark the script for next time.
 

egghog

Dabbler
Joined
Sep 17, 2022
Messages
23
Just a thought, but maybe the issue is related to your PC such as having the "hosts" file in Windows (assuming you are running Windows) that would force it to redirect to a different domain or IP address.
PS: "hosts" file can be found here"
This worked perfectly! Thanks for the help!
 
Top