New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple issues when using a reverse proxy #18483
Comments
Thanks for debugging this. This needs to be fixed. |
@LukasReschke proxy stuff |
Reverse Proxies do work fine if they are properly configured. In fact, I do host multiple such environments on my own. That said:
In fact, you do not need to do any magic configuration on your reverse proxy. You just need a plain dumb redirect and then proper settings within your config.php. In fact, something like the following works fine: <VirtualHost *:443>
ServerName cloud.smartworksg.ch
ServerAlias cloud.smartworksg.ch
ProxyPreserveHost On
SSLEngine On
SSLCertificateFile /etc/ssl/certs/cloud.smartworksg.ch.crt
SSLCertificateKeyFile /etc/ssl/private/cloud.smartworksg.ch.key
SSLCertificateChainFile /etc/ssl/certs/sub.class1.server.ca.pem
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
ProxyPass / http://10.0.2.5/
ProxyPassReverse / http://10.0.2.5/
</VirtualHost> That said, yes, it might fail if you have ownCloud installed in My sum-up: Not a bug but configuration error. |
Subdomain solution (in reference to the originally posted configuration)
ConclusionIf owncloud reverse proxy will only work with subdomains, I think that this point should be noted in the documentation. I'm wary to close this issue until it becomes "official" to not use a subfolder when using a reverse proxy (e.g., documentation updated), or otherwise noted (e.g., someone wants to tackle the issue as to why reverse proxy will not work with a subfolder). Regardless of the outcome, thank you all for the input so far. |
Note: https://doc.owncloud.org/server/8.1/admin_manual/configuration_server/harden_server.html#use-a-dedicated-domain-for-owncloud does recommend to use a subdomain for good reason, but not for our purpose. @LukasReschke a question that's somewhat on-topic: https works well but, when I login, I'm redirected to http://owncloud.external.tld/index.php?redirect_url=%2Findex.php%2Fapps%2Ffiles%2F. Adding 'overwriteprotocol' => 'https', solves the redirect but them I always have to use https to login which is not conducive to the environment that I'm working in (https is optional as it is on a private network). In other words: is it possible to not be redirected from https to http without having to use 'overwriteprotocol' => 'https' and if so, how is one able to achieve this via the config (if at all)? Other apps that I'm running maintain the https with ease, so I'm somewhat certain that this is an owncloud issue. |
Can anyone help answer my question, please? I'll open a new feature request ticket if you think it should go in that direction, but I know there are many open tickets as it is. |
Are you still having issues with this in 8.2.2 ? |
Hi @PVince81, I've stopped using owncloud since 8.1 so I cannot confirm. I can try to reproduce next week if no one else is able to reproduce. |
Hello everyone,
The intent of this ticket is to elaborate on some issues that are possibly admin-related (not sure at this point) and to encourage the opening of a new ticket which will aim to provide better (if any at all) documentation regarding the preparation and implementation of a successful reverse proxy configuration when using owncloud. I hope that this ticket will save hours of troubleshooting for future Apache reverse proxy users.
I can say with at least some assurance that the issues presented may be simply a matter of extended mapping (and lack thereof). Reading https://doc.owncloud.org/server/7.0/admin_manual/configuration/reverse_proxy_configuration.html was not helpful, even after applying appropriate parameters. I could not find any other specific literature related to preparing a reverse proxy for owncloud (with Apache, a simple
ProxyPass* /
does not work at this point in time).Steps to reproduce
internet <=> http://external.tld/owncloud/ <=> http://internal.owncloud.server/
also Alias'd:
internet <=> http://external.tld/owncloud/ <=> http://internal.owncloud.server/owncloud/
Expected behaviour
Identical functionality to a non-reverse-proxy'd owncloud instance.
Actual behaviour
w/Firefox 40.0.2
w/Firefox 38.2.0 (Tor Browser 5.0.1)
Files (direct connection)
Files (reverse proxy)
Bookmarks (direct connection)
Bookmarks (reverse proxy)
Server configuration
Operating system:
Arch
Web server:
Apache 2.4.16
Relevant modules enabled (in addition to those required by owncloud):
Apache vhost configuration excerpt for http://external.tld/
Apache vhost configuration excerpt for http://internal.owncloud.server/
Note: removing any one or more of the previous
ProxyPass*
rules in http://external.tld/ reduces owncloud's functionality or renders certain aspects of owncloud to be non-functional (see the end of the ticket). This was discovered only after hours of troubleshooting.Database:
MariaDB 10.0.21
PHP version:
5.6.12
ownCloud version: (see ownCloud admin page)
8.1.1.3
Updated from an older ownCloud or fresh install:
Fresh
List of activated apps:
The content of config/config.php:
Default
Are you using external storage, if yes which one: local/smb/sftp/...
No
Are you using encryption: yes/no
No
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
No
Client configuration
Browsers tested:
Firefox 40.0.2
Firefox 38.2.0 (Tor Browser 5.0.1)
Operating system:
Arch
Logs
Web server error log
ownCloud log (data/owncloud.log)
Browser log
w/Firefox 40.0.2
w/Firefox 38.2.0 (Tor Browser 5.0.1)
When
/core/
/apps/
and/index.php/
are not ProxyPass*'d and ProxyHTMLURLMap'dw/Firefox 40.0.2
w/Firefox 38.2.0 (Tor Browser 5.0.1)
And in web console when clicking on "Documents" app:
And eternal spinners of death for "Documents" and "Gallery" "Contacts" apps.
Web server error log (when
/core/
/apps/
and/index.php/
are not ProxyPass*'d and ProxyHTMLURLMap'd)Notable error in http://internal.owncloud.server logs:
Notes
These results are also returned with an HTTPS reverse proxy, even though SSL Apache rules are omitted above.
Current Conclusions
The text was updated successfully, but these errors were encountered: