search

nextcloud / helm

A community maintained helm chart for deploying Nextcloud on Kubernetes.
GNU Affero General Public License v3.0
337 stars 268 forks source link

Access through untrusted domain #533

Open arphillips06 opened 9 months ago

arphillips06 commented 9 months ago

Describe your Issue

Get "Access through untrusted domain"

Logs and Errors

Accessing the webpage from either the internal network or externally results in the above error.

Describe your Environment

nextcloud:
  host: nextcloud.mydomainname.co.uk
  username: admin
  password: password
  persistence:
    enabled: true
    existingClaim: nextcloud-ssd
    accessMode: ReadWriteOnce
    size: 100Gi

  configs:
    trusted_domains.config.php: |-
      <?php
      $CONFIG = [
        'trusted_domains' => [
          0 => 'localhost',
          1 => 'nextcloud.mydomainname.co.uk',
          2 => '192.168.0.200',
          3 => 'nextcloud',
          4 => '192.168.0.1'
        ]
      ];
    proxy.config.php: |-
      <?php
      $CONFIG = array (
        'trusted_proxies' => array(
          0 => '127.0.0.1',
          1 => '10.0.0.0/8',
          2 => '192.168.0.1'
        ),
        'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
      );

Additional context, if any

I'm using metalLB and I also am using NGINX-ingress that is deployed in this yml.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: nextcloud
  name: nextcloud-ingress
  annotations:
    cert-manager.io/cluster-issuer: my-ca-issuer
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - nextcloud.mydomainname.co.uk
      secretName: nextcloud-prod-tls
  rules:
    - host: nextcloud.mydomainname.co.uk
      http:
        paths:
          - pathType: Prefix
            path: /
            backend:
              service:
                name: nextcloud
                port:
                  number: 8080

I checked in the pod by running the below, it seems that the config.php files aren't being made? Though I'm extremely new to Kube in general so could be missing something! 

ubuntu@k3smaster:~/k3s/nextcloud $ kubectl exec -it -n nextcloud nextcloud-6d48dc68dd-n7j27 -- bash
root@nextcloud-6d48dc68dd-n7j27:/var/www/html# cd config/
root@nextcloud-6d48dc68dd-n7j27:/var/www/html/config# ls
CAN_INSTALL  apache-pretty-urls.config.php  apcu.config.php  apps.config.php  autoconfig.php  config.php  config.sample.php  redis.config.php  smtp.config.php
provokateurin commented 9 months ago

https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#trusted-domains is what you are missing.

arphillips06 commented 9 months ago

https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#trusted-domains is what you are missing.

How would I apply it? I thought I had done it correctly in my values.yml file? About halfway down the config above.

provokateurin commented 9 months ago

Ah you are right. Did you deploy again after making the config file changes? Other than that I don't see why the config files wouldn't be present,

arphillips06 commented 9 months ago

Yeah, I tried upgrading the helm install with the file (which I think should have done it) then uninstalled the deployment and chart. Same result both times.

zhangdeshuai1999 commented 7 months ago

I'm just like you. How's your situation

jessebot commented 4 months ago

To be sure this is being set, can you, @arphillips06 or @zhangdeshuai1999, please log into your pod and check the output of:

php occ config:system:get trusted_domains

I'd also be interested to see if trusted_domains.config.php actually made it into the config dir? I don't see it in the original post with the output listed there 🤔

jessebot commented 2 months ago

Also, semi-related, but we recently added a new nextcloud.trustedDomains helm parameter in 5.4.0: https://github.com/nextcloud/helm/releases/tag/nextcloud-5.4.0