search

nextcloud / nextcloudpi

📦 Build code for NextcloudPi: Raspberry Pi, Odroid, Rock64, curl installer...
https://nextcloudpi.com
2.53k stars 296 forks source link

"Access though untrusted domain" configuration trouble #441

Closed Amolith closed 6 years ago

Amolith commented 6 years ago

PROBLEM

I have spent the entire day setting up NCPi and I finally get most things working except for my domain name. I am using the domain name ****.ddns.net and when I got to that URL, NC says that the URL isn't trusted. Clicking the button takes me to an invalid address. I have looked around for the past few hours for config/config.php that the error mentions: edit the "trusted_domains" setting in config/config.php like the example in config.sample.php. and I cannot find it anywhere.

Output of sudo ncp-report

NextCloudPi diagnostics ``` NextCloudPi version v0.47.1 NextCloudPi image NextCloudPi_02-06-18 distribution Raspbian GNU/Linux 9 \n \l automount no USB devices none datadir /var/www/nextcloud/data data in SD yes data filesystem ext2/ext3 data disk usage 1.9G/15G rootfs usage 1.9G/15G swapfile /var/swap Nextcloud check ok Nextcloud version 13.0.0.14 HTTPD service up PHP service up MariaDB service up Redis service up Postfix service up internet check ok port check 80 open port check 443 open IP 192.168.1.7 gateway 192.168.1.1 interface eth0 certificates none certs due none NAT loopback no uptime 1:05 ```
Nextcloud configuration ``` { "system": { "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": { "0": "localhost", "5": "nextcloudpi.local", "1": "192.168.1.7" }, "datadirectory": "***REMOVED SENSITIVE VALUE***", "overwrite.cli.url": "http:\/\/localhost", "dbtype": "mysql", "version": "13.0.0.14", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "mysql.utf8mb4": true, "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "instanceid": "***REMOVED SENSITIVE VALUE***", "memcache.local": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": 0, "timeout": 0, "password": "***REMOVED SENSITIVE VALUE***" }, "mail_smtpmode": "php", "mail_smtpauthtype": "LOGIN", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_domain": "***REMOVED SENSITIVE VALUE***", "overwriteprotocol": "https" } } ```
HTTPd logs ``` [Tue Feb 06 16:14:33.365556 2018] [core:notice] [pid 558:tid 3069192208] AH00094: Command line: '/usr/sbin/apache2' [Tue Feb 06 16:24:00.350807 2018] [mpm_event:notice] [pid 558:tid 3069192208] AH00491: caught SIGTERM, shutting down [Tue Feb 06 16:27:41.148800 2018] [ssl:warn] [pid 480:tid 3069357152] AH01909: localhost:4443:0 server certificate does NOT include an ID which matches the server name [Tue Feb 06 16:27:47.229796 2018] [ssl:warn] [pid 563:tid 3069357152] AH01909: localhost:4443:0 server certificate does NOT include an ID which matches the server name [Tue Feb 06 16:27:48.183066 2018] [mpm_event:notice] [pid 563:tid 3069357152] AH00489: Apache/2.4.25 (Raspbian) OpenSSL/1.0.2l configured -- resuming normal operations [Tue Feb 06 16:27:48.221867 2018] [core:notice] [pid 563:tid 3069357152] AH00094: Command line: '/usr/sbin/apache2' [Tue Feb 06 16:34:06.676640 2018] [mpm_event:notice] [pid 563:tid 3069357152] AH00491: caught SIGTERM, shutting down [Tue Feb 06 16:34:40.123692 2018] [ssl:warn] [pid 623:tid 1992441856] AH01909: localhost:4443:0 server certificate does NOT include an ID which matches the server name [Tue Feb 06 16:34:41.045271 2018] [ssl:warn] [pid 906:tid 1992441856] AH01909: localhost:4443:0 server certificate does NOT include an ID which matches the server name [Tue Feb 06 16:34:42.004957 2018] [mpm_event:notice] [pid 906:tid 1992441856] AH00489: Apache/2.4.25 (Raspbian) OpenSSL/1.0.2l configured -- resuming normal operations [Tue Feb 06 16:34:42.005195 2018] [core:notice] [pid 906:tid 1992441856] AH00094: Command line: '/usr/sbin/apache2' [Sat Mar 10 20:39:36.547571 2018] [mpm_event:notice] [pid 906:tid 1992441856] AH00491: caught SIGTERM, shutting down [Sat Mar 10 20:39:36.814662 2018] [ssl:warn] [pid 1971:tid 1992769536] AH01909: localhost:4443:0 server certificate does NOT include an ID which matches the server name [Sat Mar 10 20:39:37.489456 2018] [ssl:warn] [pid 2068:tid 1992769536] AH01909: localhost:4443:0 server certificate does NOT include an ID which matches the server name [Sat Mar 10 20:39:38.002967 2018] [mpm_event:notice] [pid 2068:tid 1992769536] AH00489: Apache/2.4.25 (Raspbian) OpenSSL/1.0.2l configured -- resuming normal operations [Sat Mar 10 20:39:38.003116 2018] [core:notice] [pid 2068:tid 1992769536] AH00094: Command line: '/usr/sbin/apache2' [Sun Mar 11 04:17:11.931242 2018] [ssl:warn] [pid 559:tid 1992609792] AH01909: localhost:4443:0 server certificate does NOT include an ID which matches the server name [Sun Mar 11 04:17:12.057998 2018] [ssl:warn] [pid 664:tid 1992609792] AH01909: localhost:4443:0 server certificate does NOT include an ID which matches the server name [Sun Mar 11 04:17:13.003527 2018] [mpm_event:notice] [pid 664:tid 1992609792] AH00489: Apache/2.4.25 (Raspbian) OpenSSL/1.0.2l configured -- resuming normal operations [Sun Mar 11 04:17:13.003670 2018] [core:notice] [pid 664:tid 1992609792] AH00094: Command line: '/usr/sbin/apache2' ```
Database logs ``` 2018-03-11 4:17:23 1989103616 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier 2018-03-11 4:17:23 1989103616 [Note] InnoDB: Compressed tables use zlib 1.2.8 2018-03-11 4:17:23 1989103616 [Note] InnoDB: Using Linux native AIO 2018-03-11 4:17:23 1989103616 [Note] InnoDB: Using generic crc32 instructions 2018-03-11 4:17:23 1989103616 [Note] InnoDB: Initializing buffer pool, size = 128.0M 2018-03-11 4:17:23 1989103616 [Note] InnoDB: Completed initialization of buffer pool 2018-03-11 4:17:23 1989103616 [Note] InnoDB: Highest supported file format is Barracuda. 2018-03-11 4:17:23 1989103616 [Note] InnoDB: The log sequence numbers 3331185 and 3331185 in ibdata files do not match the log sequence number 5844026 in the ib_logfiles! 2018-03-11 4:17:23 1989103616 [Note] InnoDB: Restoring possible half-written data pages from the doublewrite buffer... 2018-03-11 4:17:24 1989103616 [Note] InnoDB: 128 rollback segment(s) are active. 2018-03-11 4:17:24 1989103616 [Note] InnoDB: Waiting for purge to start 2018-03-11 4:17:24 1989103616 [Note] InnoDB: Percona XtraDB (http://www.percona.com) 5.6.35-80.0 started; log sequence number 5844026 2018-03-11 4:17:25 1442837312 [Note] InnoDB: Dumping buffer pool(s) not yet started 2018-03-11 4:17:25 1989103616 [Note] Plugin 'FEEDBACK' is disabled. 2018-03-11 4:17:25 1989103616 [Note] Recovering after a crash using tc.log 2018-03-11 4:17:25 1989103616 [Note] Starting crash recovery... 2018-03-11 4:17:25 1989103616 [Note] Crash recovery finished. 2018-03-11 4:17:25 1989103616 [Note] Server socket created on IP: '127.0.0.1'. 2018-03-11 4:17:25 1989103616 [Note] /usr/sbin/mysqld: ready for connections. Version: '10.1.23-MariaDB-9+deb9u1' socket: '/var/run/mysqld/mysqld.sock' port: 3306 Raspbian 9.0 ```
Nextcloud logs ``` {"reqId":"xqd7cOWmjufe4qHr6orB","level":4,"time":"2018-02-06T15:15:11+00:00","remoteAddr":"","user":"--","app":"cron","method":"--","url":"--","message":"Not installed","userAgent":"--","version":""} {"reqId":"ocs2vLU1T0fJHiKfyzDd","level":4,"time":"2018-02-06T15:30:15+00:00","remoteAddr":"","user":"--","app":"cron","method":"--","url":"--","message":"Not installed","userAgent":"--","version":""} {"reqId":"YHLyROIq6wZypYxjIp5B","level":4,"time":"2018-02-06T15:45:22+00:00","remoteAddr":"","user":"--","app":"cron","method":"--","url":"--","message":"Not installed","userAgent":"--","version":""} {"reqId":"DWZHLutXQ63TJ5CcLTzk","level":4,"time":"2018-02-06T16:00:19+00:00","remoteAddr":"","user":"--","app":"cron","method":"--","url":"--","message":"Not installed","userAgent":"--","version":""} {"reqId":"rV8HXYLvJWl4tVSOXsYe","level":4,"time":"2018-02-06T16:15:28+00:00","remoteAddr":"","user":"--","app":"cron","method":"--","url":"--","message":"Not installed","userAgent":"--","version":""} {"reqId":"8MvQecXiEefmCKqxLtnX","level":3,"time":"2018-02-06T16:15:45+00:00","remoteAddr":"","user":"--","app":"PHP","method":"--","url":"--","message":"fileowner(): stat failed for \/var\/www\/nextcloud\/config\/config.php at \/var\/www\/nextcloud\/console.php#65","userAgent":"--","version":""} {"reqId":"WqRDAH8AAQEAAAhOKu0AAAEY","level":2,"time":"2018-03-10T20:41:37+00:00","remoteAddr":"192.168.1.2","user":"--","app":"core","method":"POST","url":"\/index.php\/login","message":"Login failed: 'amolithseregion@protonmail.com' (Remote IP: '192.168.1.2')","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:58.0) Gecko\/20100101 Firefox\/58.0","version":"13.0.0.14"} {"reqId":"WqRDEH8AAQEAAAhOKu8AAAIB","level":2,"time":"2018-03-10T20:41:52+00:00","remoteAddr":"192.168.1.2","user":"--","app":"core","method":"POST","url":"\/index.php\/login?user=amolithseregion%40protonmail.com","message":"Login failed: 'pi' (Remote IP: '192.168.1.2')","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:58.0) Gecko\/20100101 Firefox\/58.0","version":"13.0.0.14"} {"reqId":"WqRDGn8AAQEAAAhOKvEAAAMD","level":2,"time":"2018-03-10T20:42:02+00:00","remoteAddr":"192.168.1.2","user":"--","app":"core","method":"POST","url":"\/index.php\/login?user=pi","message":"Login failed: 'pi' (Remote IP: '192.168.1.2')","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:58.0) Gecko\/20100101 Firefox\/58.0","version":"13.0.0.14"} {"reqId":"WqRDhn8AAQEAAAhPLdcAAEMN","level":2,"time":"2018-03-10T20:43:51+00:00","remoteAddr":"192.168.1.2","user":"--","app":"core","method":"POST","url":"\/index.php\/login","message":"Login failed: 'admin' (Remote IP: '192.168.1.2')","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:58.0) Gecko\/20100101 Firefox\/58.0","version":"13.0.0.14"} {"reqId":"WqRDj38AAQEAAAhPLdkAAEQD","level":2,"time":"2018-03-10T20:44:01+00:00","remoteAddr":"192.168.1.2","user":"--","app":"core","method":"POST","url":"\/index.php\/login?user=admin","message":"Login failed: 'admin' (Remote IP: '192.168.1.2')","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:58.0) Gecko\/20100101 Firefox\/58.0","version":"13.0.0.14"} {"reqId":"WqRHyH8AAQEAAAhPLk8AAFQK","level":2,"time":"2018-03-10T21:02:01+00:00","remoteAddr":"192.168.1.2","user":"ncp","app":"core","method":"GET","url":"\/index.php\/settings\/admin","message":"Login failed: 'ncp' (Remote IP: '192.168.1.2')","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:58.0) Gecko\/20100101 Firefox\/58.0","version":"13.0.0.14"} {"reqId":"WqRfHH8AAQEAAAhPLtAAAE8K","level":2,"time":"2018-03-10T22:41:32+00:00","remoteAddr":"24.158.39.215","user":"--","app":"core","method":"GET","url":"\/","message":"Trusted domain error. \"24.158.39.215\" tried to access using \"amolithnextcloudpi.ddns.net\" as host.","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:58.0) Gecko\/20100101 Firefox\/58.0","version":"13.0.0.14"} {"reqId":"WqRfHn8AAQEAAAhPLtYAAFAP","level":2,"time":"2018-03-10T22:41:34+00:00","remoteAddr":"24.158.39.215","user":"--","app":"core","method":"GET","url":"\/index.php\/js\/core\/merged-template-prepend.js?v=83945674-0","message":"Trusted domain error. \"24.158.39.215\" tried to access using \"amolithnextcloudpi.ddns.net\" as host.","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:58.0) Gecko\/20100101 Firefox\/58.0","version":"13.0.0.14"} {"reqId":"WqRgJn8AAQEAAAhPLv0AAEAS","level":2,"time":"2018-03-10T22:45:59+00:00","remoteAddr":"24.158.39.215","user":"--","app":"core","method":"GET","url":"\/","message":"Trusted domain error. \"24.158.39.215\" tried to access using \"amolithnextcloudpi.ddns.net\" as host.","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:58.0) Gecko\/20100101 Firefox\/58.0","version":"13.0.0.14"} {"reqId":"WqRgKH8AAQEAAAhPLv4AAEEP","level":2,"time":"2018-03-10T22:46:00+00:00","remoteAddr":"24.158.39.215","user":"--","app":"core","method":"GET","url":"\/index.php\/js\/core\/merged-template-prepend.js?v=83945674-0","message":"Trusted domain error. \"24.158.39.215\" tried to access using \"amolithnextcloudpi.ddns.net\" as host.","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:58.0) Gecko\/20100101 Firefox\/58.0","version":"13.0.0.14"} {"reqId":"WqSt3H8AAQEAAANQO-QAAAAD","level":2,"time":"2018-03-11T04:17:32+00:00","remoteAddr":"24.158.39.215","user":"--","app":"core","method":"GET","url":"\/","message":"Trusted domain error. \"24.158.39.215\" tried to access using \"amolithnextcloudpi.ddns.net\" as host.","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:58.0) Gecko\/20100101 Firefox\/58.0","version":"13.0.0.14"} {"reqId":"WqSyEX8AAQEAAANQO-UAAAEB","level":2,"time":"2018-03-11T04:35:29+00:00","remoteAddr":"24.158.39.215","user":"--","app":"core","method":"GET","url":"\/index.php\/js\/core\/merged-template-prepend.js?v=83945674-0","message":"Trusted domain error. \"24.158.39.215\" tried to access using \"amolithnextcloudpi.ddns.net\" as host.","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:58.0) Gecko\/20100101 Firefox\/58.0","version":"13.0.0.14"} {"reqId":"WqTAqn8AAQEAAANQPCUAABYG","level":2,"time":"2018-03-11T05:37:46+00:00","remoteAddr":"24.158.39.215","user":"--","app":"core","method":"GET","url":"\/","message":"Trusted domain error. \"24.158.39.215\" tried to access using \"amolithnextcloudpi.ddns.net\" as host.","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:58.0) Gecko\/20100101 Firefox\/58.0","version":"13.0.0.14"} {"reqId":"WqTAq38AAQEAAANQPCYAABcK","level":2,"time":"2018-03-11T05:37:47+00:00","remoteAddr":"24.158.39.215","user":"--","app":"core","method":"GET","url":"\/index.php\/js\/core\/merged-template-prepend.js?v=83945674-0","message":"Trusted domain error. \"24.158.39.215\" tried to access using \"amolithnextcloudpi.ddns.net\" as host.","userAgent":"Mozilla\/5.0 (X11; Linux x86_64; rv:58.0) Gecko\/20100101 Firefox\/58.0","version":"13.0.0.14"} ```
ovpc commented 6 years ago

Hi there,

Edit your config file were it is set to

"trusted_domains": {
            "0": "localhost",
            "5": "nextcloudpi.local",
            "1": "192.168.1.7"
]

To look like 

 "trusted_domains": {
            "0": "yoursubdomain.ddns.net",
            "5": "nextcloudpi.local",
            "1": "192.168.1.7"
 }

To edit I use the command sudo nano /var/www/nextcloud/config/config.php

ro-76 commented 6 years ago

Apologies for hijacking this thread, but I'm having the same issue, but with a small difference.

I'm trying to access my home NCP from a work LAN. If I use the DDNS option, it's blocked by a webfilter. If I use the actual IP of my home network, I get blocked by the untrusted domain error. I can ping the IP no problem.

If I add my home public IP to the config, can I access it by typing it into a browser? Can I add another line ? what number should I start with?

Obviously, I understand that the IP may change over time.

Thx!