search

nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
27.23k stars 4.05k forks source link

nginx add header issue #11989

Closed AIrSkycc closed 6 years ago

AIrSkycc commented 6 years ago
### Steps to reproduce 1. login to admin "settings" page 2. open "overview" page 3. ![1](https://user-images.githubusercontent.com/8086189/47341778-82c29080-d6d4-11e8-93f3-f36d59f29563.png) this is my NGINX Config: `limit_conn_zone $server_name zone=appnode_sitemgr_site_conn_airsky.space:100k; limit_req_zone $server_name zone=appnode_sitemgr_site_req_airsky.space:100k rate=10000r/m; server { listen 80; listen 443 ssl http2; server_name airsky.space; ssl_certificate /data/GvwlwGXS/sites/airsky.space/ssl/site.crt; ssl_certificate_key /data/GvwlwGXS/sites/airsky.space/ssl/site.key; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL:5m; ssl_session_timeout 5m; keepalive_timeout 75s; keepalive_requests 100; access_log /data/GvwlwGXS/sites/airsky.space/log/nginx/access.log; error_log /data/GvwlwGXS/sites/airsky.space/log/nginx/error.log; root /data/GvwlwGXS/sites/airsky.space/www; if ($scheme = http) { return 301 https://$host$request_uri; } gzip on; gzip_comp_level 6; gzip_min_length 1k; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; brotli on; brotli_comp_level 6; brotli_min_length 1k; brotli_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; client_max_body_size 1024M; limit_conn appnode_sitemgr_site_conn_airsky.space 1000; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection '1; mode=block'; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy no-referrer; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains' always; fastcgi_hide_header X-Powered-By; fastcgi_buffers 64 4K; location / { index index.html index.htm index.php; rewrite ^ /index.php$request_uri; } location = /robots.txt { allow all; log_not_found off; access_log off; } location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } location ~ ^/.+\.php(/|$) { include conf.sitemgr.d/global/conf/fastcgi_params; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/GvwlwGXS/sites/airsky.space/www$fastcgi_script_name; fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param HOSTNAME $HOSTNAME; fastcgi_param PATH /usr/local/bin:/usr/bin:/bin; fastcgi_param TMP /tmp; fastcgi_param TMPDIR /tmp; fastcgi_param TEMP /tmp; fastcgi_read_timeout 300s; fastcgi_pass unix:/data/GvwlwGXS/sites/airsky.space/php-pool/php-fpm.sock; limit_req zone=appnode_sitemgr_site_req_airsky.space burst=1000 nodelay; } location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; } location ~ \.(?:css|js|woff|svg|gif)$ { try_files $uri /index.php$request_uri; add_header Cache-Control 'public, max-age=15778463'; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection '1; mode=block'; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy no-referrer; access_log off; } location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { try_files $uri /index.php$request_uri; access_log off; } }` ### Expected behaviour I have added add_header to the nginx configuration, but the detection is still not added. ### Actual behaviour Should check out my configured http header ### Server configuration **Operating system:CentOS7** **Web server:NGINX 1.15.3** **Database:MySQL 5.7.21** **PHP version: 7.2.8** **Nextcloud version:14.0.3** (see Nextcloud admin page) **Updated from an older Nextcloud/ownCloud or fresh install: Fresh Install** **Where did you install Nextcloud from: The NextCloud Website** **Signing status:**
No errors have been found. ``` Login as admin user into your Nextcloud and access http://example.com/index.php/settings/integrity/failed paste the results here. ```
**List of activated apps:**
Accessibility Activity Auditing / Logging Collaborative tags Comments Deleted files Federation File sharing Files automated tagging First run wizard Gallery Log Reader Monitoring Nextcloud announcements Notifications Password policy PDF viewer Share by mail Support Text editor Theming Update notification Usage survey Versions Video player Default encryption module External storage support External user support LDAP user and group backend ``` If you have access to your command line run e.g.: sudo -u www-data php occ app:list from within your Nextcloud installation folder ```
**Nextcloud configuration:**
'XXX', 'passwordsalt' => 'XXX', 'secret' => 'XXX', 'trusted_domains' => array ( 0 => 'XXX', ), 'datadirectory' => 'XXX', 'dbtype' => 'mysql', 'version' => '14.0.3.0', 'overwrite.cli.url' => 'XXX', 'dbname' => 'nextcloud', 'dbhost' => 'localhost', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'XXX', 'dbpassword' => 'XXX', 'installed' => true, 'mail_smtpmode' => 'smtp', 'mail_smtphost' => 'in.mailjet.com', 'mail_smtpport' => '2525', 'mail_smtpauthtype' => 'LOGIN', 'mail_smtpauth' => 1, 'mail_smtpname' => 'XXX', 'mail_smtppassword' => 'XXX', 'mail_domain' => 'XXX', 'mail_from_address' => 'system', 'filelocking.enabled' => true, 'memcache.local' => '\OC\Memcache\Redis', 'memcache.locking' => '\OC\Memcache\Redis', 'redis' => array( 'host' => 'localhost', 'port' => 6379, 'timeout' => 0.0, 'password' => 'XXX', ), ); ``` If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your Nextcloud installation folder or Insert your config.php content here. Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …) ```
**Are you using external storage, if yes which one: LOCAL** local/smb/sftp/... **Are you using encryption: NO** yes/no **Are you using an external user-backend, if yes which one: NO** LDAP/ActiveDirectory/Webdav/... ### Client configuration **Browser: Chrome 70.0.3538.67** **Operating system: Windows10 18262.1000** ### Logs #### Web server error log
[error.log](https://github.com/nextcloud/server/files/2504908/error.log) ``` Insert your webserver log here ```
#### Nextcloud log (data/nextcloud.log)
[nextcloud.log](https://github.com/nextcloud/server/files/2504904/nextcloud.log) ``` Insert your Nextcloud log here ```
#### Browser log
Error parsing header X-XSS-Protection: 1; mode=block, 1; mode=block: expected semicolon at character position 13. The default protections will be applied. core.js?v=6124ab1d-2:7 JQMIGRATE: Migrate is installed, version 1.4.0 DevTools failed to parse SourceMap: https://airsky.space/apps/updatenotification/js/updatenotification.js.map DevTools failed to parse SourceMap: https://airsky.space/apps/notifications/js/notifications.js.map ``` Insert your browser log here, this could for example include: a) The javascript console log b) The network log c) ... ```
nextcloud-bot commented 6 years ago

GitMate.io thinks possibly related issues are https://github.com/nextcloud/server/issues/6673 (Issue because enforcing security header), https://github.com/nextcloud/server/issues/9316 (Add Support for Link headers), https://github.com/nextcloud/server/issues/2898 (Upgrade Issue), https://github.com/nextcloud/server/issues/3225 (Header layout issue on narrow screens), and https://github.com/nextcloud/server/issues/6035 (HSTS - nginx).

MorrisJobke commented 6 years ago

As this seems to be a setup issue I would like to ask you to raise your question in the forums: https://help.nextcloud.com

If you wish support with setup issues from Nextcloud GmbH we offer this as part of the Nextcloud subscription. Learn more about this at https://nextcloud.com/enterprise/