vauvenal5 / yaga

Nextcloud Yaga - A Nextcloud first gallery app for Android.
https://vauvenal5.github.io/yaga-docs/
GNU General Public License v3.0
137 stars 10 forks source link

Improve sign-in usablility when working with self signed certs. #100

Closed vauvenal5 closed 3 years ago

loveisfoss commented 3 years ago

Just a heads-up. Using Nextcloud on Docker and https through apache2 reverse proxy with letsencrypt certificates.

ksapp-dell commented 3 years ago

Hi,

same problem here. I have my Nextcloud available in local network and I can't log in using 192.168.178.xx/nextcloud.(Just a blank page appears). I only can log in from outside my home network with the DNS name.

Oliver

vauvenal5 commented 3 years ago

@ksapp-dell are you using a properly signed certificate? Which version are you using? Why not login from within the network with the dns name?

vauvenal5 commented 3 years ago

@loveisfoss when TLSv1.2 is enabled do you still have to accept the certificate? To really test this you will need to reset the app data. It is a bit strange though that the app asks you to accept the certificate if it is truly a signed let's encrypt certificate.

I myself am using let's encrypt through a reverse proxy. Certificate validation is done at the proxy.

loveisfoss commented 3 years ago

@vauvenal5 Yes, it asks for a certificate validation and it really seems strange.

Other examples:

It may be something with my apache reverse proxy configuration. I'll look into it and come back.

vauvenal5 commented 3 years ago

@loveisfoss a few thoughts on this:

vauvenal5 commented 3 years ago

The problem this issue is actually describing was about the bad user experience when having to login with a self-signed certificate. This is fixed in v0.23.1 since #34 was closed.

ksapp-dell commented 3 years ago

Hi, F-droid had an update and now I am at Version 0.23.2. The behaviour changed:

What do you need from me to troubleshoot this ?

vauvenal5 commented 3 years ago

@ksapp-dell do you have a properly signed certificate?

loveisfoss commented 3 years ago

@vauvenal5 I think you are right. Asking for confirmation when using letsencrypt is strange, but it doesn't have to do with Nextcloud Yaga. The TLSv1.2 requirement seems to have to do with the app, though, right?

ksapp-dell commented 3 years ago

Hi, I am using letsencrypt to get signed certificates.

vauvenal5 commented 3 years ago

@loveisfoss

@ksapp-dell Actually same issue as with @loveisfoss, if you really have a properly signed certificate then Yaga will not ask you to accept the certificate. Are you really trying to login with your certificate hostname or with your local ip?

loveisfoss commented 3 years ago

@vauvenal5

Is it possible that you are still in lets encrypt test mode?

I am just using swag on Docker to get certificates for duckdns domain with dns validation method. I don't know what testing mode of letsencrypt is, hmm...

Edit: I had a configuration error. I was using cert.pem instead of fullchain.pem in my apache configuration. After changing to fullchain.pem no further confirmation is needed. It fixed also my log in problem to Nextcloud bookmarks (Android app). BIG thanks for this, even if it was an indirect and kind of off-topic problem! :)

vauvenal5 commented 3 years ago

@loveisfoss glad you could resolve it :)

vauvenal5 commented 3 years ago

This was fixed in v0.23.1.