search

nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
26.16k stars 3.94k forks source link

[Bug]: trusted domain on IPv6 URL not working #41400

Open ralle2k opened 7 months ago

ralle2k commented 7 months ago

⚠️ This issue respects the following points: ⚠️

Bug description

I want to connect to my nextcloud server directly via the ipv6 URL. Doing so, i get a error message, that this URL is not trusted. After updating config.php trusted domain section, the error message still appears.

Steps to reproduce

  1. reaccess the URL

Expected behavior

IPv6 domain should be trusted as configures in config.php

Installation method

Community Manual installation with Archive

Nextcloud Server version

26

Operating system

Debian/Ubuntu

PHP engine version

PHP 7.4

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "osw_cloud",
            "***REMOVED SENSITIVE VALUE***.synology.me",
            "[2a02:***REMOVED SENSITIVE VALUE***:9d07]",
            "192.168.***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "25.0.13.2",
        "overwrite.cli.url": "https:\/\/oswcloud.synology.me\/nextcloud",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "maintenance": false,
        "theme": "",
        "loglevel": 2,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpsecure": "tls",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "app_install_overwrite": [
            "bruteforcesettings"
        ]
    }
}

List of activated Apps

Enabled:
  - activity: 2.17.0
  - calendar: 4.5.2
  - circles: 25.0.0
  - cloud_federation_api: 1.8.0
  - comments: 1.15.0
  - contacts: 5.4.2
  - contactsinteraction: 1.6.0
  - dashboard: 7.5.0
  - dav: 1.24.0
  - federatedfilesharing: 1.15.0
  - federation: 1.15.0
  - files: 1.20.1
  - files_pdfviewer: 2.6.0
  - files_photospheres: 1.25.3
  - files_rightclick: 1.4.0
  - files_sharing: 1.17.0
  - files_trashbin: 1.15.0
  - files_versions: 1.18.0
  - firstrunwizard: 2.14.0
  - logreader: 2.10.0
  - lookup_server_connector: 1.13.0
  - nextcloud_announcements: 1.14.0
  - notifications: 2.13.1
  - oauth2: 1.13.1
  - password_policy: 1.15.0
  - photos: 2.0.1
  - privacy: 1.9.0
  - provisioning_api: 1.15.0
  - recommendations: 1.4.0
  - related_resources: 1.0.4
  - serverinfo: 1.15.0
  - settings: 1.7.0
  - sharebymail: 1.15.0
  - support: 1.8.0
  - survey_client: 1.13.0
  - systemtags: 1.15.0
  - text: 3.6.0
  - theming: 2.0.1
  - twofactor_backupcodes: 1.14.0
  - updatenotification: 1.15.0
  - user_status: 1.5.0
  - viewer: 1.9.0
  - weather_status: 1.5.0
  - workflowengine: 2.7.0
Disabled:
  - admin_audit
  - breezedark: 24.0.2
  - bruteforcesettings: 2.4.0
  - checksum: 1.2.0
  - drawio: 2.0.2
  - encryption
  - files_external
  - suspicious_login
  - twofactor_totp
  - user_ldap

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

{"reqId":"afRO0UhU0cZtLQayIvSn","level":2,"time":"2020-07-03T19:24:08+00:00","remoteAddr":"2a02:8109:a0c0:88c:bc4a:e070:bdff:6990","user":"--","app":"no app in context","method":"GET","url":"/nextcloud/","message":"Could not detect any host in http:///nextcloud/data/htaccesstest.txt","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Firefox/68.0","version":""}
{"reqId":"afRO0UhU0cZtLQayIvSn","level":2,"time":"2020-07-03T19:24:08+00:00","remoteAddr":"2a02:8109:a0c0:88c:bc4a:e070:bdff:6990","user":"--","app":"no app in context","method":"GET","url":"/nextcloud/","message":"Could not detect any host in https:///nextcloud/data/htaccesstest.txt","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Firefox/68.0","version":""}
{"reqId":"afRO0UhU0cZtLQayIvSn","level":3,"time":"2020-07-03T19:24:08+00:00","remoteAddr":"2a02:8109:a0c0:88c:bc4a:e070:bdff:6990","user":"--","app":"jsresourceloader","method":"GET","url":"/nextcloud/","message":"Could not find resource js/setup.js to load","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Firefox/68.0","version":""}
{"reqId":"afRO0UhU0cZtLQayIvSn","level":3,"time":"2020-07-03T19:24:08+00:00","remoteAddr":"2a02:8109:a0c0:88c:bc4a:e070:bdff:6990","user":"--","app":"PHP","method":"GET","url":"/nextcloud/","message":"chmod(): No such file or directory at /volume1/web/nextcloud/lib/private/Log/File.php#86","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Firefox/68.0","version":""}
{"reqId":"F9UNOWzWMHzLOiFwhYyi","level":3,"time":"2020-07-03T19:27:00+00:00","remoteAddr":"2a02:8109:a0c0:88c:bc4a:e070:bdff:6990","user":"--","app":"PHP","method":"POST","url":"/nextcloud/index.php","message":"session_start(): A session had already been started - ignoring at /volume1/web/nextcloud/lib/private/Session/Internal.php#209","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Firefox/68.0","version":""}
{"reqId":"F9UNOWzWMHzLOiFwhYyi","level":2,"time":"2020-07-03T19:27:00+00:00","remoteAddr":"2a02:8109:a0c0:88c:bc4a:e070:bdff:6990","user":"--","app":"no app in context","method":"POST","url":"/nextcloud/index.php","message":"Could not detect any host in http:///nextcloud/data/htaccesstest.txt","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Firefox/68.0","version":""}
{"reqId":"F9UNOWzWMHzLOiFwhYyi","level":2,"time":"2020-07-03T19:27:00+00:00","remoteAddr":"2a02:8109:a0c0:88c:bc4a:e070:bdff:6990","user":"--","app":"no app in context","method":"POST","url":"/nextcloud/index.php","message":"Could not detect any host in https:///nextcloud/data/htaccesstest.txt","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Firefox/68.0","version":""}
{"reqId":"F9UNOWzWMHzLOiFwhYyi","level":3,"time":"2020-07-03T19:27:00+00:00","remoteAddr":"2a02:8109:a0c0:88c:bc4a:e070:bdff:6990","user":"--","app":"jsresourceloader","method":"POST","url":"/nextcloud/index.php","message":"Could not find resource js/setup.js to load","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Firefox/68.0","version":"19.0.0.12"}
{"reqId":"J3sK2hmLbuawYYekgsCL","level":3,"time":"2020-07-03T19:27:26+00:00","remoteAddr":"2a02:8109:a0c0:88c:bc4a:e070:bdff:6990","user":"--","app":"PHP","method":"POST","url":"/nextcloud/index.php","message":"session_start(): A session had already been started - ignoring at /volume1/web/nextcloud/lib/private/Session/Internal.php#209","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Firefox/68.0","version":"19.0.0.12"}
{"reqId":"J3sK2hmLbuawYYekgsCL","level":2,"time":"2020-07-03T19:27:26+00:00","remoteAddr":"2a02:8109:a0c0:88c:bc4a:e070:bdff:6990","user":"--","app":"no app in context","method":"POST","url":"/nextcloud/index.php","message":"Host osw_cloud was not connected to because it violates local access rules","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Firefox/68.0","version":"19.0.0.12"}
{"reqId":"J3sK2hmLbuawYYekgsCL","level":2,"time":"2020-07-03T19:27:26+00:00","remoteAddr":"2a02:8109:a0c0:88c:bc4a:e070:bdff:6990","user":"--","app":"no app in context","method":"POST","url":"/nextcloud/index.php","message":"Host osw_cloud was not connected to because it violates local access rules","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Firefox/68.0","version":"19.0.0.12"}
{"reqId":"J3sK2hmLbuawYYekgsCL","level":3,"time":"2020-07-03T19:27:26+00:00","remoteAddr":"2a02:8109:a0c0:88c:bc4a:e070:bdff:6990","user":"--","app":"jsresourceloader","method":"POST","url":"/nextcloud/index.php","message":"Could not find resource js/setup.js to load","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Firefox/68.0","version":"19.0.0.12"}

Additional info

No response

laama1 commented 1 month ago

I have this issue on Nextcloud Hub 8 (29.0.1). Also the wildcard '[::/0]' is not working.

laama1 commented 1 month ago

TBH I will take that back. Might be I have misunderstood the meaning of this setting. One would think it is the allowed ip list. I debugged this setting a bit and added the domain of my nextcloud installation (eg mynextcloud.example.com) to the trusted domains and it allowed me to connect. IF this is not the "allowed clients ip list" then i would definitely want one.

joshtrichards commented 4 weeks ago

@ralle2k We test these variations and they all consistently pass:

https://github.com/nextcloud/server/blob/1a6440c353d3c797140215e4ab885544f1ac3741/tests/lib/Security/TrustedDomainHelperTest.php#L66-L136

Any chance the config change didn't take effect? This might happen if PHP caching is a factor. Restarting mod_php/FPM should eliminate that possibility.

@laama1https://docs.nextcloud.com/server/latest/admin_manual/installation/installation_wizard.html#trusted-domains