Update the server URL on server address change #4157
Comments
|
This is also an issue for me, i was able to happily update the URL defined in the nextcloud.cfg file in appdata on windows but android i could not find wher ethe cfg file is |
|
Hey i would work on this issue. I would extend the dotmenu within manage account with an option to edit the server credentials. |
AndyScherzinger
added
the
needs info
|
@AlexNi245 thanks for offering to pick this one up. We do need some feedback from @tobiasKaminsky first though since:
so the only part that is likely up for discussion:
which would require a completely different approach and is also unclear to me if this should be implemented. |
We indeed should not do this.
I am not entirely sure, but if we get 301, we do follow this. |
|
Why are you so inconsistent in the manual configuration for desktop and mobile clients? Are desktop clients more secure than mobile clients and why? Changing a server address on a desktop client is not an issue via the |
|
I just would like to confirm that many users like myself would have loved such a feature (as it still exits in the OC client btw.), given sometimes even big providers like Hetzner need to change their server names — affecting hundreds if not thousands of users. https://wiki.hetzner.de/index.php/Storage_Share/en#Renaming Hetzner recommends creating a new profile, but then the average would have to download everything again, right? (Which might be even worse if you have lot of files in different folders that you do not want to sync, meaning that you had to click on every single file you want to be synced to your phone. This could take ages…) |
|
Okay, I have now read #3877 again, and from this statement it seems that this will not be fixed. #3877 (comment) So the files stay on the smartphone and the app will know which one to sync and which one not? |
|
Unfortunatly the app does not even follow the the moved permanently. Android app tells in in notifications: Hochladen fehlgeschlagen, Moved Permanently. In app: "Server nicht verfügbar".
In my case old url will be available as long as I want., |
|
@fafische Very similar issue here! Because of changes on ISP's side I've recently had to jump between IPv6 and IPv4 addresses and then to a DNS name. And every time it's not only just transfer of lots of data, but also all kinds of metadata updates related to it I hope this issue can be prioritized |
|
From what I understand, this is a "feature" and will not be fixed (which means others decide for us what is good or right). The only solution I could find so far is to create a new profile, to stop syncing, and then to move all the synced files locally. Worked for me at least… |
|
Please, this is very needed feature. If I move now nextcloud from host subfolder to e.g. cloud.domain.com, then all users needs to resetup they Mobile clients. Desktop respects Redirects and did not cause any error by test, but for Android it does not fully work. Client will fetch files List by following redirect, but will not be able to create/change/upload new files, will not be able to fetch activity etc. It's always goes to the old URL and simply stops when redirected. |
|
I'd like to vote for this as well, I have my nextcloud running at home, and was using my ISP provided domain for my house (username.ispname.net), but I have just moved hosue to a location where my previous ISP is no longer available. I have set up my nextcloud at the new house under a proper domain name, and currently have a raspberypi sitting at my old flat with an SSH forwarding rule to tunnel any traffic to the old URL to my new house. This let's the cloud work (slowly) until I terminate my ISP ocntract and sell the old flat. We have two accounts on mobile phones which use the nextcloud as an automatic photo backup, and I would like to migrate both phones (since the desktop clients you can edit the config file) without the phones getting confused over the 10s of GBs of photos (one phone also has a 30GB holiday photo folder synced from the nextcloud, I don't want to resync this in either direction!) I can set a 301 permenantly moved on the pi instead of the ssh tunnel, but from what I read here the Android client doesn't respect this and move anyway. I will have to give up the old domain in a few weeks. From a security perspective, can't you have the option to "migrate URL" and have the client check the identify of the nextcloud server as a security step? If you're paranoid about someone pointing it to their own cloud, this should address the problem. You used the example of migrating google accounts, but this is more like if microsoft moves the mail server from mail.hotmail.com to mail.live.com (made up examples), but with the same accounts, you dont' want to have to re-sync your whole mailbox. |
Good example, but then all users would have to re-setup all their mail clients, which is the same you would have to do on Android Files. With some proper check, as you mentioned, this indeed might work and be transparent to user. |
|
@tobiasKaminsky : You proposed, that the use case to switch the url where the the nextcloud server is to be reached, was an edge case. So let me add our (family home server raspi nextcloud) scenario as one more data point that this missing feature is really annoying. I started with one raspi at one fixed IP, just reachable in our local network. Some phone was setup with the local IP, some with the pure unix host name ("raspberrypi"), and now I try to do the next step and make the server reachable from the wide wide web using a dynamic DNS entry. Sorry that I've not thought about all the implications in the first place and just started to use nextcloud because I thought that it was flexible and customizable. At the other hand I read the complete discussion and there was just no argument at all, that that clearly explains why modifying the url of an existing account is a security issue. Backup is going to some server at dont.givea.where via ssh. And now for one out of a gazillion reasons it is reachable on another URL. And in analogy to this app my rsync would prompt me with an error: sorry, but you have sworn an oath to always use dont.givea.where as home base, so to move somewhere else you have to disguise your old identity, start over fresh at the new url (and don't think about making an incremental backup there it could all fall back on you later). @AlexNi245 have you considered forking the app? If so, please let me know. |
|
For me this feature certainly isn't a deal breaker. I'm very happy with both, Nextcloud and the Android app. But this feature would make changing the server URL much easier. Especially when you have users, who are not that good at configuring such things. That being said, I had a very pleasant experience with Thunderbird and its calendar feature. I recently changed my server URL and at the old URL I created a |
|
The UX @zroug mentioned seems to be a nice middle way:
|
|
I am another user wanting to update the server URL. I have just created a nextcloud server inside a NAT. with port forwarding. When I connect to my nextcloud locally, it's with a 192.168.* address. When I connect remotely, it's with a fqdn URL. What I really want is to have multiple URL's for the same server in the app and have the app intelligently try both. However, I'm willing to re-enter the URL once or twice a day when I'm at home or remote. How else is the home user supposed to use a home nextcloud? BTW, since you are OK with people editing the URL in the desktop app, you should accept editing it on the phone apps. Phones are much more secure than desktops: With physical access, a bad actor can edit the locked desktop's nextcloud cfg file by mounting the hard drive on another computer. Physical access to a phone still doesn't let them edit anything until the phone is unlocked. The phone apps need less protection against bad actors than the desktops, not more. |
|
+1 My girlfriend and I got married and she changed her domain from FirstName-OldLastName.co.uk to FirstName-NewLastName.co.uk - but not being able to change this in the app is a real PITA :( |
|
As a workaround, why not delete the app and re-install it and configure it
for the new domain name?
…On Sun, Mar 14, 2021 at 4:36 PM add1989 ***@***.***> wrote:
+1
My girlfriend and I got married and she changed her domain from
FirstName-OldLastName.co.uk to FirstName-NewLastName.co.uk - but not
being able to change this in the app is a real PITA :(
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#4157 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALQW4R5HGQ2SVYEB6X6NSIDTDVCAPANCNFSM4HYRRETA>
.
|
|
@RubinXnibu Unfortunately, in cases where you have synced lot of data this is no workaround. 😕 |
|
I don't think proposing a config change in case of an 301 solves the issue. I have a Nextcloud instance with is reachable using multiple Domains (blame Hetzner), so there is no old and new one. This works without problems, apart from the fact that OnlyOffice only works on one of those domains (which sometimes changes; blame my setup). Since there is no option in the Nextcloud mobile app to change the URL of the server, the only way is to delete the old account and add the same account with the new URL. Since this involves moving the synced files and re-configuring of the auto-uploads every time, this is annoying. :/ (As noted before, this is not a problem with other apps that use my nextcloud shares, for example my password manager. 😅) |
|
Given your security concerns, could it be an option that the server also authenticates with the app, so that the app could detect if it is talking to the same server or a new (potentially malicious) server? |
I hope this could be done via HTTP Public Key Pinning (HPKP) by add hash of server 1 key and hash of server 2 key in both server configurations. |
|
@GAS85 "Public Key Pinning mechanism was deprecated in favor of Certificate Transparency and Expect-CT header." |
|
I have changed the Port where Nextcloud is running at. Previously I had it running on Port 8080 and now migrated it to Port 443. I noticed after a few days that my Instant Upload was not working anymore. I had a 301 Redirect on Port 8080. Now I removed the redirect and simply run Nextcloud on both ports. That seems to work fine, however it would be nice to add the possibility to change the Server URL in the Nextcloud app so at some point in time I can close port 8080. |
|
I am with most of the people here:
|
|
tl;dr: Implement a server fingerprint, allow the server URL to be changed as long as the fingerprint remains the same. I just ran into this issue and it's definitely going to be a headache. Not everyone is hosting Nextcloud on a public domain. IP addresses change, Dynamic DNS providers come and go, and the idea that a malicious actor with physical access to your phone could change the domain in the settings, but somehow not just recreate the account like we're being told to do, is a stretch. There are ways to ensure the authenticity of a remote server, but DNS certainly isn't one of them. From a security standpoint the DNS response should be considered untrusted anyway, and the authenticity of the server should be verified via HTTPS or some type of server fingerprint instead. What threat vector this is trying to protect against? Problems with current "solution" (New account setup):
Problems with proposed solution (301 Redirect):
That being said, I do believe a (properly verified) 301 would be the appropriate way to go for a production system at scale with lots of users if possible. It's just not necessarily feasible for every deployment or in every situation. Possible solutions: (I vote for option 2)
|
|
Hey. Anything new about this? This is a very unpleasant experience even with 1 device. Can't really imagine having these issues with tens of devices at the same time. :/ |
|
I had to do the change as well recently, and it is a cumbersome task to get everything ready again, in particular with 20+ upload folders. Therefore I wondered if there is a solution that would satisfy all requirements. The proposal: When the URL is changed, have a permanent red warning sign for the next 14 days in the app that tells about the change and that you cannot get rid off, in combination with a permanently open, sticky, android notification. About the 14 days: If somebody else has control over the phone for 14 days or more, I think a changed nextcloud URL is the least problem the owner of the phone has, With this time one could e.g. easily remove the old account in the app and add a new fake account, including copying all the files. Does this make sense? |
AlvaroBrey
removed
the
needs info
|
+1 it's a very common issue. I changed my subdomain from dev. to cloud. for example |
|
This must be enabled in the Android client. The security solution must be an actually working one, like the described above. |
This comment was marked as duplicate.
This comment was marked as duplicate.
|
The Linux client allows this by editing a simple text file ($HOME/.config/Nextcloud/nextcloud.cfg). Why is it so hard for Android to manage this, at least as an handy fallback ? |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
|
Any news about this issue? Basically, if you change your FQDN, you have to re-upload all your content? |
|
On Windows, this solution is working : https://cocoalopez.com/blog/?p=2859 User\AppData\Roaming\Nextcloud\nextcloud.cfg Close nextcloud client |
joshtrichards
added
the
connectivity
This comment was marked as duplicate.
This comment was marked as duplicate.
|
I'm also having this problem, I'm stuck maintaining 2 dns because I don't want to re-setup my auto upload. |
|
I would also like this feature. I recently moved and now my nextcloud has a new IP |
|
I am also looking for this feature to be implemented. Recently switched from a public facing server to a local only server and need to change the server address in my Android app. |
This comment was marked as duplicate.
This comment was marked as duplicate.
|
I would like to be able to change the Nextcloud server URL in the Android app, too. I recently changed the URL of my server and was able to change the config of my Nextcloud Ubuntu client, but couldn't find a way to do this inside the Android app. |
|
It has been several years and several requests with varying issue numbers. Honestly I don't mind signing in and out again if there was a way to back up my settings. Having to setup instant upload folders again, and then uploading all over again doesn't seem like the right thing to do when it's just a server address change. Wonder if just being able to confirm a device via nextcould server would be better. Store settings there, and when signing in offer to restore or even require a confirmation on the server for which "device" is being restored. I've tried tracking down options and so far can't find any viable solution when server address changes. |
joshtrichards
added
the
feature: authentication
|
It is clearly a bug that 301 redirects aren't followed properly. Reproducible with 3.30.4 |
and others
Is your feature request related to a problem? Please describe.
Hi, I've changed the address of my NC server and set up a redirect to the new address. I was unable to change the URL in the app and had to re-add the account instead.
Describe the solution you'd like
Since changing the URL from the app might be considered a security issue (#3877), I'd like to propose the app changing the URL automatically, when receiving "301 Moved Permanently" response from the server.
Describe alternatives you've considered
Changing the URL manually via settings, but that is not available either.
Additional context
It seems that the Desktop client has this functionality and has updated the URL on its own after my changes.
The text was updated successfully, but these errors were encountered: