Access through untrusted domain

[arphillips06]

Describe your Issue

Get "Access through untrusted domain"

Logs and Errors

Accessing the webpage from either the internal network or externally results in the above error.

Describe your Environment

• Kubernetes distribution: k3s

• Helm Version (or App that manages helm): 3.14

• Helm Chart Version: 4.6.2

• values.yaml:

nextcloud:
  host: nextcloud.mydomainname.co.uk
  username: admin
  password: password
  persistence:
    enabled: true
    existingClaim: nextcloud-ssd
    accessMode: ReadWriteOnce
    size: 100Gi

  configs:
    trusted_domains.config.php: |-
      <?php
      $CONFIG = [
        'trusted_domains' => [
          0 => 'localhost',
          1 => 'nextcloud.mydomainname.co.uk',
          2 => '192.168.0.200',
          3 => 'nextcloud',
          4 => '192.168.0.1'
        ]
      ];
    proxy.config.php: |-
      <?php
      $CONFIG = array (
        'trusted_proxies' => array(
          0 => '127.0.0.1',
          1 => '10.0.0.0/8',
          2 => '192.168.0.1'
        ),
        'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
      );

Additional context, if any

I'm using metalLB and I also am using NGINX-ingress that is deployed in this yml.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: nextcloud
  name: nextcloud-ingress
  annotations:
    cert-manager.io/cluster-issuer: my-ca-issuer
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - nextcloud.mydomainname.co.uk
      secretName: nextcloud-prod-tls
  rules:
    - host: nextcloud.mydomainname.co.uk
      http:
        paths:
          - pathType: Prefix
            path: /
            backend:
              service:
                name: nextcloud
                port:
                  number: 8080

I checked in the pod by running the below, it seems that the config.php files aren't being made? Though I'm extremely new to Kube in general so could be missing something!

ubuntu@k3smaster:~/k3s/nextcloud $ kubectl exec -it -n nextcloud nextcloud-6d48dc68dd-n7j27 -- bash
root@nextcloud-6d48dc68dd-n7j27:/var/www/html# cd config/
root@nextcloud-6d48dc68dd-n7j27:/var/www/html/config# ls
CAN_INSTALL  apache-pretty-urls.config.php  apcu.config.php  apps.config.php  autoconfig.php  config.php  config.sample.php  redis.config.php  smtp.config.php

[provokateurin]

https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#trusted-domains is what you are missing.

[arphillips06]

https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#trusted-domains is what you are missing.

How would I apply it? I thought I had done it correctly in my values.yml file? About halfway down the config above.

[provokateurin]

Ah you are right. Did you deploy again after making the config file changes? Other than that I don't see why the config files wouldn't be present,

[arphillips06]

Yeah, I tried upgrading the helm install with the file (which I think should have done it) then uninstalled the deployment and chart. Same result both times.

[zhangdeshuai1999]

I'm just like you. How's your situation

[jessebot]

To be sure this is being set, can you, @arphillips06 or @zhangdeshuai1999, please log into your pod and check the output of:

php occ config:system:get trusted_domains

I'd also be interested to see if trusted_domains.config.php actually made it into the config dir? I don't see it in the original post with the output listed there 🤔

[jessebot]

Also, semi-related, but we recently added a new nextcloud.trustedDomains helm parameter in 5.4.0:
https://github.com/nextcloud/helm/releases/tag/nextcloud-5.4.0