Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Redirecting bug since 15.0.2 #13713

Closed
mrzapp opened this issue Jan 21, 2019 · 23 comments

Comments

Projects
None yet
9 participants
@mrzapp
Copy link

commented Jan 21, 2019

Whenever a redirect happens, like from the /apps/ to the /apps/files/ path, NextCloud now redirects using the server provided hostname and port instead of the one requested by the client.

For instance, if running via Docker on localhost:8000 and using a proxy pass with cloud.example.com, the address cloud.example.com/apps/ will redirect to localhost:8000/apps/files/.

This happens with the / to /login redirect as well, so this bug completely prevents access to the instance from the web interface, unless you manually correct the URL afterwards.

Also discussed here: https://help.nextcloud.com/t/nextcloud-15-redirect-to-local-ip/45352

@mrzapp

This comment has been minimized.

Copy link
Author

commented Jan 21, 2019

Related to #13710

@RandomMetalhead

This comment has been minimized.

Copy link

commented Jan 21, 2019

Same problem and same setup:
Apache Proxy -> Docker -> Nexcloud and always redirecting to https://127.0.0.1:8080/login. With 15.0 it worked fine, update to 15.0.2 broke

@kesselb

This comment has been minimized.

Copy link
Contributor

commented Jan 21, 2019

@RandomMetalhead

This comment has been minimized.

Copy link

commented Jan 21, 2019

Provided links did not help.
What helped is changing:
'overwrite.cli.url' => 'https://XXXX.de',
to
'overwritehost' => 'XXXX.de', 'overwriteprotocol' => 'https',

It seems for me 'overwrite.cli.url' in config.php is broken

@mrzapp

This comment has been minimized.

Copy link
Author

commented Jan 21, 2019

Yep, @RandomMetalhead's solution works

@kesselb

This comment has been minimized.

Copy link
Contributor

commented Jan 21, 2019

Great 🎉

image

Provided links did not help.

I guess we could improve the documentation here. It's not obvious that the bold text are configuration parameters.

@RandomMetalhead you also need overwrite.cli.url (https://github.com/nextcloud/server/blob/stable15/config/config.sample.php#L477-L485)

@RandomMetalhead

This comment has been minimized.

Copy link

commented Jan 21, 2019

The main issue was, that in 15.0.0 only having 'overwrite.cli.url' and 'overwriteprotocol' was sufficient for Nextcloud. It seems, that for 15.0.2 'overwritehost' is necessary. At least in docker version with Apache-Proxy. I have readded 'overwrite.cli.url', too. So my config looks like this now and is working perfectly:

'overwritehost' => 'XXX.de', 'overwriteprotocol' => 'https', 'overwrite.cli.url' => 'https://XXX.de',

@kesselb

This comment has been minimized.

Copy link
Contributor

commented Jan 21, 2019

The main issue was, that in 15.0.0 only having 'overwrite.cli.url' and 'overwriteprotocol' was sufficient for Nextcloud. It seems, that for 15.0.2 'overwritehost' is necessary.

Thank you for pointing this out 👍

@MorrisJobke @rullzer @J0WI they were many reports within the last days about this. I suppose this is related to #13116 because the docker network is not trusted by default. In this case HTTP_FORWARDED_HOST is not longer trusted. What do you suggest? Is it possible to add this for the official docker image? 🏓

@kesselb

This comment has been minimized.

Copy link
Contributor

commented Jan 21, 2019

CIDR is possible for trusted_network since nextcloud 15. Something like 172.0.0.0/8 as trusted proxy would work (not sure if docker uses 172.x all the time).

@kyrofa @enoch85 (not sure if snap or vm is running into the same. just in case)

@enoch85

This comment has been minimized.

Copy link
Member

commented Jan 21, 2019

Thanks for the heads up @danielkesselberg Nothing reported, and nothing I've experienced myself.

@J0WI

This comment has been minimized.

Copy link
Contributor

commented Jan 21, 2019

@kesselb

This comment has been minimized.

Copy link
Contributor

commented Jan 22, 2019

nextcloud/docker#527 makes it easier to configure these parameters 👍

  • Nextcloud 15.0.0: Nextcloud accept HTTP_FORWARDED_HOST from Nginx (or any other proxy).
  • Nextcloud 15.0.2: Nextcloud does not accept HTTP_FORWARDED_HOST from Nginx (or any other proxy).

In #13116 we did some security hardening (trust HTTP_FORWARDED_HOST only if proxy is trusted proxy). Nextcloud behind nginx worked well for most people without setting overwritehost. @J0WI do you think we could set trusted_network to 172.0.0.0/8 by default (and make it configurable) for the docker image?

@J0WI

This comment has been minimized.

Copy link
Contributor

commented Jan 22, 2019

172.0.0.0/8 would be a bad idea, only 172.16.0.0/12 is private. If we trust them by default, we should probably trust all RFC 1918 (and RFC 4193?) networks?
However, you can use any other IP for Docker, so I think we need nextcloud/docker#527 anyway.

@neeral85

This comment has been minimized.

Copy link

commented Jan 23, 2019

I'm running https://www.hanssonit.se/nextcloud-vm/

my ip is 172.18.1.10 and
'overwritehost' => 'XXX.de', 'overwriteprotocol' => 'https', 'overwrite.cli.url' => 'https://XXX.de',
was not working for me.

@enoch85

This comment has been minimized.

Copy link
Member

commented Jan 23, 2019

@neeral85 So you have issues on the Nextcloud VM as described in this issue?

@neeral85

This comment has been minimized.

Copy link

commented Jan 23, 2019

actually only lockout-link and webdav-link are using local IP within the url. everything else works fine.

@J0WI

This comment has been minimized.

Copy link
Contributor

commented Feb 10, 2019

We have many reports like this (likely duplicates):
#8244 (no regression of 15.0.2)
#14132
#13450
#13310
#13710
#13700
nextcloud/docker#644
nextcloud/docker#527
nextcloud/docker#635
nextcloud/docker#577
nextcloud/docker#528
nextcloud/docker#628

We really need to fix this for our Docker setup.
@danielkesselberg is this something we can expect to be fixed here or should we investigate in the docker config/documentation? Should this be fixed in the configuration of the proxies, NextCloud or webserver?

@kesselb

This comment has been minimized.

Copy link
Contributor

commented Feb 10, 2019

Looks like many people do not set trusted_proxies. I know so far:

If you add trusted_proxies as env to docker images and set a sensible default (for nextcloud 15 you can whiteliste the whole docker default network, not possible for < nextcloud 15) the situation should relax. Some hint in the readme may help: "you need to tell nextcloud that it runs behind a reverse proxy."

Let's 🏓 @MorrisJobke @rullzer they will know what to do ;-)

@nesnera

This comment has been minimized.

Copy link

commented Feb 16, 2019

NC 15.0.4
For only "Log out" menu entry is necessary to set ‘overwritehost’ config.php parameter. All other are correct.
Have a look at attached picture.
nc_wrong_logout_url

@jmrapin

This comment has been minimized.

Copy link

commented Mar 26, 2019

Hi All,

New to NC (currently using v15.0.5). I am having the same issue using a reverse proxy as nesnera above. All my links are rewritten properly when setting the overwrite values (overwritehost, overwriteprotocol, ...) in the config file except the logout link which, in my case. does not use the correct protocol (HTTP instead of HTTPS).
Looks like the issues were dismissed as being a duplicate of another bug report, but I disagree (at least for nesnera above). So I did some digging and found out that in file:

user.php (/nextcloud/lib/private/legacy) line 272:
$logoutUrl = $urlGenerator->linkToRouteAbsolute(
{etc.,..}

should be changed to
$logoutUrl = $urlGenerator->linkToRoute(
{etc.,..}

Since all the links in the navigationManager.php use linkToRoute and display properly. So now my logout link has the proper value and works: https://domain.com/index.php/logout?...

Can someone advise what is the reason for the linkToRouteAbsolute vs linkToRoute in user.php line 272?
If not, can this be fixed please?

Thanks guys for the amazing cloud software.

@kesselb

This comment has been minimized.

Copy link
Contributor

commented Apr 2, 2019

If you run nextcloud behind a reverse proxy usually some headers (like X-Forwarded-For) are present. You should see a setup warning (nextcloud 16) for such cases: #14261

@kesselb

This comment has been minimized.

Copy link
Contributor

commented Apr 2, 2019

To be done: A warning if some required parameters not present (e.g. apache2 does not forward x-forwarded-proto while nginx and traefik does => overwriteproto is required for apache2).

@MorrisJobke

This comment has been minimized.

Copy link
Member

commented May 7, 2019

Fix is in #15430

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.