OwnCloud and NGinx = untrusted domain = sadface - eviltoast

I’m running OwnCloud in Docker and have setup NGinx as a reverse proxy. This works perfectly for all my other services, but OwnCloud keeps throwing the untrusted domain error. I’ve edited the config.php file to add my exampledemain.com but no dice. Does anybody know what I need to do?

    • ckeph@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Yes please unless you want to fiddle with authentication services and their configuration sudoku I would recommend using a vpn or vpn service like tailscale (very user friendly) to access your services when not home.

      If you want to continue with this id recommend looking into authelia or authentik to add an additional layer of security :)

      • fiddlestix@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        That is very true. I’ve got Tailscale setup and I can get into it through that. Unfortunately I can’t put Tailscale on my work machines, so having access via the web would be useful.

        • fiddlestix@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          3
          ·
          11 months ago

          Yeah but the report says the vulnerability is related to graphapi which doesn’t seem to be a part of all OwnCloud installations. I can’t see it on mine either.

  • in nginx:

    server {
    ...
    location / {
        ...
        proxy_pass https://redacted.......;
        proxy_pass_request_headers on;
        proxy_pass_header   Set-Cookie;
        proxy_set_header HOST $host;
        proxy_set_header Referer $http_referer;
        proxy_set_header X-Forwarded-Proto $scheme;
    
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    ...
      }
    }
    

    I think the was a trusted proxy setting in owncloud itself that needed to be set too, or maybe I’m thinking of another service.

    • fiddlestix@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Thanks a lot. Whereabouts do I add it to Nginx? Do I need to do this through the dashboard for the proxy host or is there something in docker that I need to add?

      • 7Sea_Sailor@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Sounds like you’re using nginx proxy Manager, a web based frontend for nginx. If so, you have to edit your existing host, change to custom locations, add one with “/” as the address and the same containername and port. Then click the cogwheel in this entry to open a text box for custom rules. You can paste the following lines into there:

        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        
        • fiddlestix@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Thanks a lot. I’m still getting trusted domain errors. Obviously need to have a dig around.

      • fiddlestix@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        proxy_pass https://

        Thanks. I found it, but still borked. Need to do some digging. Strange things are afoot at the Circle K …

  • nate3d@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    If you’re hosting via docker, I highly recommend deploying a Traefik container as it is a phenomenal reverse proxy to pair with containerized hosting

    • fiddlestix@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Thanks for the rec. I’ve got all my stuff running through NPM and am loath to change it just for this one (annoying) thing!

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    11 months ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    HTTP Hypertext Transfer Protocol, the Web
    IP Internet Protocol
    nginx Popular HTTP server

    2 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.

    [Thread #312 for this sub, first seen 29th Nov 2023, 21:55] [FAQ] [Full list] [Contact] [Source code]

  • fiddlestix@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    1 year ago

    Yeah see I’m not even sure what the env vars are. I’m running it with docker-compose and the only alterations I’ve made to anything are to add my IP address to the config file in the trusted domains array. That’s definitely where it needs to go because if I take it out then it flops hard.