Open Tigerium opened 1 year ago
This is an old issue, but...
Lessons learned using nextcloud behind a cloudflare proxy:
trusted_domains
trusted_proxies
forwarded_for_headers
Comments specific to this issue:
trusted_proxies
might need to be "127.0.0.1" instead of 192.168.xx.yyWorking Config For reference, here is the config that works for me with TOTP behind a cloudflare proxy
trusted_proxies
because it still serves as a WAF/Proxy if cloudflare is disabled or bypassed.forwarded-for-headers
section may not be required if the proxy uses only X-Forwarded-For
'trusted_domains' =>
array (
0 => '192.168.1.7',
1 => 'nextcloud.redacted.tld',
2 => 'redacted.dyndns.org',
3 => '192.168.1.89',
),
'trusted_proxies' =>
array (
0 => '192.168.1.1',
1 => '173.245.48.0/20',
2 => '103.21.244.0/22',
3 => '103.22.200.0/22',
4 => '103.31.4.0/22',
5 => '141.101.64.0/18',
6 => '108.162.192.0/18',
7 => '190.93.240.0/20',
8 => '188.114.96.0/20',
9 => '197.234.240.0/22',
10 => '198.41.128.0/17',
11 => '162.158.0.0/15',
12 => '104.16.0.0/13',
13 => '104.24.0.0/14',
14 => '172.64.0.0/13',
15 => '131.0.72.0/22',
16 => '2400:cb00::/32',
17 => '2606:4700::/32',
18 => '2803:f800::/32',
19 => '2405:b500::/32',
20 => '2405:8100::/32',
21 => '2a06:98c0::/29',
),
'forwarded-for-headers' =>
array (
0 => 'HTTP_X_FORWARDED_FOR',
1 => 'HTTP_CF-Connecting-IP',
),
Hi, don't know whether this is the exact best spot to report this issue, because the same issue happens when using the backup-codes.
Steps to reproduce
Expected behaviour
Successful sign in to my account
Actual behaviour
I get the following error:
The operation couldn't be completed. (actual domain replaced with my.domain and parameters after login/flow/grant? removed) (NSURLErrorDomain error -999.)_WKRecoveryAttempterErrorKey <WKReloadFrameErrorRecoveryAttemp ter: 0x28348f300> NSErrorFailingURLStringKey https:// cloud.my.domain/login/challenge/ totp?redirect_url=/login/flow/grant?[...] NSErrorFailingURLKey https:// cloud.my.domain/login/challenge/ totp?redirect_url=/login/flow/grant?[...]
The weird thing is, that after I click on "ok", it displays nextcloud as a logged in website, it just doesn't actually link it to the app.
Sign in for non 2FA accounts works fine
Security Setups and Warnings says "all checks passed"
Server configuration
Unraid with nextcloud docker and Nginx Proxy manager
https://cloud.my.domain --> Nginx Proxy Manager (with letsencrypt certificate, force https, http/2, HSTS, netfinger etc. specified according to nextcloud documentation) --> http://192.168.xx.yy:httpport
Version: (see admin page) 25.0.3
Updated from an older version or fresh install: fresh install, restored from previous server running on Ubuntu, also version 25.0.3 though
The content of config/config.php: