I’m running OwnCloud in Docker and have setup NGinx as a reverse proxy. This works perfectly for all my other services, but OwnCloud keeps throwing the untrusted domain error. I’ve edited the config.php file to add my exampledemain.com but no dice. Does anybody know what I need to do?
Yes please unless you want to fiddle with authentication services and their configuration sudoku I would recommend using a vpn or vpn service like tailscale (very user friendly) to access your services when not home.
If you want to continue with this id recommend looking into authelia or authentik to add an additional layer of security :)
That is very true. I’ve got Tailscale setup and I can get into it through that. Unfortunately I can’t put Tailscale on my work machines, so having access via the web would be useful.
Ah I see that is a good point I had not considered!
Oof. That’s bad news. I don’t have that bit of kit on my setup though. Luckily.
…I thought you just said you’re running OwnCloud?
Yeah but the report says the vulnerability is related to graphapi which doesn’t seem to be a part of all OwnCloud installations. I can’t see it on mine either.
in nginx:
server { ... location / { ... proxy_pass https://redacted.......; proxy_pass_request_headers on; proxy_pass_header Set-Cookie; proxy_set_header HOST $host; proxy_set_header Referer $http_referer; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ... } }
I think the was a trusted proxy setting in owncloud itself that needed to be set too, or maybe I’m thinking of another service.
Thanks a lot. Whereabouts do I add it to Nginx? Do I need to do this through the dashboard for the proxy host or is there something in docker that I need to add?
Sounds like you’re using nginx proxy Manager, a web based frontend for nginx. If so, you have to edit your existing host, change to custom locations, add one with “/” as the address and the same containername and port. Then click the cogwheel in this entry to open a text box for custom rules. You can paste the following lines into there:
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Thanks a lot. I’m still getting trusted domain errors. Obviously need to have a dig around.
proxy_pass https://
Thanks. I found it, but still borked. Need to do some digging. Strange things are afoot at the Circle K …
I configure nginx with text condig files.
No clue how or where that is in your setup, but presumably somewhere where you configure the proxypass and server names.
What env vars are you using for the docker and what’s in the config.php?
If you’re hosting via docker, I highly recommend deploying a Traefik container as it is a phenomenal reverse proxy to pair with containerized hosting
What are the advantages over Nginx Proxy Manager?
Thanks for the rec. I’ve got all my stuff running through NPM and am loath to change it just for this one (annoying) thing!
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol nginx Popular HTTP server
2 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.
[Thread #312 for this sub, first seen 29th Nov 2023, 21:55] [FAQ] [Full list] [Contact] [Source code]
Not familiar with owncloud.
But can’t you set something like “http://127.0.0.1” as domain?
You need to forward the real IP from nginx.
I’ll upload an example when I get off workYeah see I’m not even sure what the env vars are. I’m running it with docker-compose and the only alterations I’ve made to anything are to add my IP address to the config file in the trusted domains array. That’s definitely where it needs to go because if I take it out then it flops hard.
Ah, thank-you so much!
deleted by creator