OWNCLOUD_TRUSTED_DOMAINS docker configuration results in invalid access. #41086
Description
Setting the OWNCLOUD_TRUSTED_DOMAINS environment variables results in a 'You are accessing the server through an untrusted domain." error when accessing the site through a local network.
Steps to reproduce
- Create a 'barebones' docker-compose configuration with the following values on sever @
192.168.1.101:
version: "3"
services:
owncloud:
image: owncloud/server:latest
container_name: owncloud
restart: always
ports:
- 9090:8080
environment:
- OWNCLOUD_TRUSTED_DOMAINS=localhost,192.168.1.2 # ip of client browser
- OWNCLOUD_DB_TYPE=sqlite
- OWNCLOUD_DB_NAME=owncloud
- OWNCLOUD_DB_USERNAME=owncloud
- OWNCLOUD_DB_PASSWORD=owncloud
- OWNCLOUD_ADMIN_USERNAME=${ADMIN_USERNAME}
- OWNCLOUD_ADMIN_PASSWORD=${ADMIN_PASSWORD}
- Run the configuration using
docker-compose up. (omitting the-dto observe logs)
[+] Running 1/1
✔ owncloud Pulled 0.5s
[+] Running 1/1
✔ Container owncloud Created 0.1s
Attaching to owncloud
owncloud | Creating volume folders...
owncloud | Creating hook folders...
owncloud | Removing custom folder...
owncloud | Linking custom folder...
owncloud | Removing config folder...
owncloud | Linking config folder...
owncloud | Writing config file...
owncloud | Fixing base perms...
owncloud | Fixing data perms...
owncloud | Fixing hook perms...
owncloud | Installing server database...
owncloud | creating sqlite db
owncloud | ownCloud was successfully installed
owncloud | ownCloud is already latest version
owncloud | Writing objectstore config...
owncloud | Writing php config...
owncloud | Updating htaccess config...
owncloud | .htaccess has been updated
owncloud | Writing apache config...
owncloud | Enabling cron background...
owncloud | Set mode for background jobs to 'cron'
owncloud | Writing crontab file...
owncloud | Touching cron configs...
owncloud | Starting cron daemon...
owncloud | Starting apache daemon...
owncloud | [Fri Nov 10 16:28:30.925419 2023] [mpm_prefork:notice] [pid 139] AH00163: Apache/2.4.41 (Ubuntu) configured -- resuming normal operations
owncloud | [Fri Nov 10 16:28:30.925635 2023] [core:notice] [pid 139] AH00094: Command line: '/usr/sbin/apache2 -f /etc/apache2/apache2.conf -D FOREGROUND'
- From a client with ip
192.168.1.2on the same local network, open a browser and visithttp://192.168.1.101:9090
Console output:
owncloud | 192.168.1.2 - - [10/Nov/2023:16:28:35 +0000] "GET / HTTP/1.1" 400 7782 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
owncloud | 192.168.1.2 - - [10/Nov/2023:16:28:35 +0000] "GET /core/js/oc.js?v=d26e4726a50a6991f8682df45a5296cd HTTP/1.1" 400 7694 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
Expected behaviour
I should see the owncloud server home page, presumably a login or administration/setup page.
Actual behaviour
I see an error page with the message 'You are accessing the server through an untrusted domain'. I've verified that the configuration file from within the docker container at config/config.php contains the appropriate values:
'trusted_domains' =>
array (
0 => 'localhost',
1 => '192.168.1.2',
),
But I sill receive the error message and the owncloud logs also confirm that while the request is coming from the correct IP, it's still being rejected. All other docker containers on the same server perform as expected.
Server configuration
See docker-compose above. Owncloud server evaluates to version 10.13.2 as of this post.
Updated from an older ownCloud or fresh install:
Tested using fresh installs with a docker-compose down --rmi all --volumes between runs.
Where did you install ownCloud from:
docker
integrity/failed output
Unable to access this endpoint.
The content of config/config.php:
owncloud-config-list.txt
List of activated apps:
owncloud-apps-list.txt
Are you using external storage, if yes which one: No
Are you using encryption: No
Are you using an external user-backend, if yes which one: No
Client configuration
Browser:
- Firefox Version 119.0.6045.105 (Official Build) (64-bit)
- Chromium Version 119.0.6045.105 (Official Build) (64-bit)
- Chrome Version 119.0.6045.105 (Official Build) unknown (64-bit)
Operating system:
- Ubuntu 20.04.5 LTS
- Docker version 20.10.22 build 3a3c30b
Logs
Web server error log
N/A, not sure of the location for this info from within the docker container.
ownCloud log (data/owncloud.log)
{"reqId":"kmKBI3bWEIcbE89XllXe","level":2,"time":"2023-11-10T16:28:35+00:00","remoteAddr":"192.168.1.2","user":"--","app":"core","method":"GET","url":"\/","message":"Trusted domain error. \"192.168.1.2\" tried to access using \"192.168.1.101:9090\" as host."}
{"reqId":"Uv2zIibJSkqtjn7HoaJW","level":2,"time":"2023-11-10T16:28:35+00:00","remoteAddr":"192.168.1.2","user":"--","app":"core","method":"GET","url":"\/core\/js\/oc.js?v=d26e4726a50a6991f8682df45a5296cd","message":"Trusted domain error. \"192.168.1.2\" tried to access using \"192.168.1.101:9090\" as host."}
{"reqId":"JwtUhSPfd0fKwYXVVSlw","level":2,"time":"2023-11-10T16:43:21+00:00","remoteAddr":"192.168.1.2","user":"--","app":"core","method":"GET","url":"\/index.php\/settings\/integrity\/failed","message":"Trusted domain error. \"192.168.1.2\" tried to access using \"192.168.1.101:9090\" as host."}
{"reqId":"MxxiYKUGpzmjmZT6UzEn","level":2,"time":"2023-11-10T16:43:21+00:00","remoteAddr":"192.168.1.2","user":"--","app":"core","method":"GET","url":"\/core\/js\/oc.js?v=d26e4726a50a6991f8682df45a5296cd","message":"Trusted domain error. \"192.168.1.2\" tried to access using \"192.168.1.101:9090\" as host."}
Browser log
N/A