permanend "You were automatically logged out for security reasons."

[StefanSa]

Hi there,
no matter which tutorial / installation i use, be it docker or binary, i get this warning immediately after login

currently i am a bit perplexed, because i strictly follow the installation instructions and yet i get this problem with the login.

The only thing i see is this error in the logfile.

{"level":"error","service":"proxy","error":"Get \"https://owncloud-01.xxxx.com/.well-known/openid-configuration\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)","time":"2023-01-14T13:39:41.600614914Z","message":"could not initialize oidcAuth provider"}
{"level":"error","service":"proxy","error":"Get \"https://owncloud-01xxxx.com/.well-known/openid-configuration\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)","time":"2023-01-14T13:39:51.63442739Z","message":"could not initialize oidcAuth provider"}
{"level":"error","service":"proxy","error":"Get \"https://owncloud-01xxxx.com/.well-known/openid-configuration\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)","time":"2023-01-14T13:40:01.661739847Z","message":"could not initialize oidcAuth provider"}

ocis latest version on opensuse leap 15.4 with rv proxy nginx
thx for any help

[StefanSa]

OK, i need to correct myself a bit.
Without rv nginx it goes with show these problems.

env:

OCIS_URL=https://owncloud-01.xxxxxxx.com
ROXY_HTTP_ADDR=0.0.0.0:9200
PROXY_TLS=false
OCIS_INSECURE=false

OCIS_LOG_LEVEL=warn
OCIS_LOG_FILE=/var/tmp/ocis_output.log

OCIS_CONFIG_DIR=/etc/ocis
OCIS_BASE_DATA_PATH=/data/ocis

nginx:

%
server {
        listen 80 ;
        listen [::]:80 ;

        server_name owncloud-01.xxxxxxx.com;

        # location to redirect to https
        location / {
            # add port if deviates via OCIS_URL
            return 301 https://$server_name$request_uri;
        }
}



server {
        # default 443 but can deviate if set in OCIS_URL
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        server_name owncloud-01.xxxxxx.com;

        # certificates managed by Certbot
        ssl_certificate /etc/letsencrypt/live/owncloud-01.xxx.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/owncloud-01.xxxxxx.com/privkey.pem; # managed by Certbot

        # options and dhparams managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

        location / {
            proxy_pass http://localhost:9200;
            proxy_set_header Host $host;
            client_max_body_size 0;
        }
}

Any idea ?

[StefanSa]

Also the test with rv apache showed the same problem.
Apparently there is a general problem with a reverse proxy.

[thanhtam4692]

I got the same problem. Auto logout after some time

[enbrnz]

proxy_set_header Host $host;

Doesn't this have to be:

proxy_set_header Host $http_host;

?

[etho201]

I'm experiencing the same issue using Traefik as my reverse proxy.

ocis ENV vars:

environment:
  - OCIS_INSECURE=false
  - PROXY_TLS=false
  - OCIS_URL=https://owncloud.${FQDN}
  - OCIS_LOG_LEVEL=info

[etho201]

In my case I believe the error is related to the warning, core access token not set. ocis logs me out from the web GUI and this seems to happen most often while in the middle of uploading large files and/or when I am streaming a video file.

I see the following errors and warnings in my logs when ocis logs me out:

{"level":"error","service":"frontend","pkg":"rhttp","traceid":"00000000000000000000000000000000","request-id":"796ecaa018a6/eDEjtVq3Tg-000382","error":"context canceled","time":"2023-03-22T14:18:14.286751985Z","line":"github.com/cs3org/reva/v2@v2.12.1-0.20230316154706-3c11349102b7/internal/http/services/datagateway/datagateway.go:263","message":"error writing body after headers were sent"}
{"level":"error","service":"ocdav","name":"com.owncloud.web.ocdav","traceid":"00000000000000000000000000000000","request-id":"796ecaa018a6/eDEjtVq3Tg-000380","path":"/Photos/REDACTED/20220326_122346.mp4","spaceid":"b04e787b-d911-4568-9c9e-584e55630318$f724c606-d0c4-407a-ac12-7960e17e524e","handler":"get","content-length":30858831,"transferred-bytes":1244565,"time":"2023-03-22T14:18:14.290224221Z","line":"github.com/cs3org/reva/v2@v2.12.1-0.20230316154706-3c11349102b7/internal/http/services/owncloud/ocdav/get.go:147","message":"content length vs transferred bytes mismatch"}
{"level":"warn","service":"frontend","pkg":"rhttp","traceid":"00000000000000000000000000000000","time":"2023-03-22T14:18:27.878645724Z","line":"github.com/cs3org/reva/v2@v2.12.1-0.20230316154706-3c11349102b7/internal/http/interceptors/auth/auth.go:234","message":"core access token not set"}

[kulmann]

Could you guys check if the access denied redirect issue is gone with the most recent ocis master? There has been a bug fix in web (see owncloud/web#8762 ) which landed in the ocis master late Friday last week. Would be happy if you could give it a try and report here if it helps with this particular issue.

[etho201]

I'm running on the latest tag which gets me 3.0.0-alpha.1+16f8c49de -- I have not been able to reproduce the issue lately. I'll continue testing and will report back.

[etho201]

I've tested under similar conditions that repeatedly failed before, and the problem appears to be resolved. I'm now running OCIS Version 3.0.0-alpha.2+0bad34dcd and Web Client Version 7.0.0-rc.29.

[tomjamescn]

I have the same problem when using docker with image owncloud/ocis:latest, please help.