Comments (9)
thanks @joshtrichards it looks it's a default application, setup by nextcloud at install since v25 as explained in https://github.com/nextcloud/suspicious_login
I deactivated it.
from docker.
What proxy do you use ?
from docker.
I'm using an apache2 proxy and its setup is:
Define NCInternalURI http://<my internal IP>:8081
<VirtualHost *:443>
SSLProxyEngine on
ServerName nextcloud.<my domain>
DocumentRoot /var/none
ServerAdmin <my email>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/<my domain>/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<my domain>/privkey.pem
# enable HTTP/2, if available
Protocols h2 http/1.1
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000"
CustomLog ${APACHE_LOG_DIR}/nextcloud-access.log combined
ErrorLog ${APACHE_LOG_DIR}/nextcloud-error.log
LogLevel error ssl:warn
ProxyPreserveHost On
# no proxy for letsencrypt challenges
ProxyPass "/.well-known/acme-challenge" !
# special proxy for carddav/caldav
ProxyPass "/.well-known/carddav" "${NCInternalURI}/remote.php/dav"
ProxyPass "/.well-known/caldav" "${NCInternalURI}/remote.php/dav"
ProxyPass "/.well-known/webfinger" "${NCInternalURI}/index.php/.well-known/webfinger"
ProxyPass "/.well-known/nodeinfo" "${NCInternalURI}/index.php/.well-known/nodeinfo"
ProxyPass "/" "${NCInternalURI}/"
ProxyPassReverse "/" "${NCInternalURI}/"
RequestHeader set X-Forwarded-Proto "https"
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
</VirtualHost>
from docker.
'trusted_proxies' =>
array (
0 => '192.168.1.254',
1 => '192.168.1.8',
),
What is 192.168.1.254
? Is it, by chance, your nearest NAT router and not really your proxy (i.e. it doesn't belong there)?
from docker.
This is my IP set top box address (so my gateway) but it also serves as a NAT router. If you are speaking of the reverse proxy address, it's on the 192.158.1.2 (actually, the same raspberrypi as the one running nextcloud).
I had to add 192.168.1.254 several years ago but I don't remember exactly why (and it used to work with previous versions).
I will try to remove the gateway from the list and see if it works...
from docker.
I tested removing the gateway from the list, leaving only:
'trusted_proxies' =>
array (
0 => '192.168.1.8',
),
and the error disappeared, and it looks that I can login from both my internal network and from my smartphone on 5G.
But, I still don't get why it used to work and it doesn't anymore.
Is it a breaking change in nextcloud server 28 or in the image, I don't know...
Anyway, thanks a lot @joshtrichards
from docker.
But, I still don't get why it used to work and it doesn't anymore.
Is it a breaking change in nextcloud server 28 or in the image, I don't know...
The checks may have gotten better. They were migrated to a newer API recently and I haven't reviewed the latest iteration in-depth. The configuration situation you just described technically would have always been an issue, but maybe just wasn't detected previously. Glad it's working cleanly for you!
from docker.
Here is the reason why I added the gateway in the list of trusted proxies:
How can I get rid of this issue w/o doing this way?
from docker.
@leolivier It looks like you have the optional suspicious_login
app enabled. Maybe you simply disable it if not using it? Otherwise it's theoretically just doing what it's supposed to: https://github.com/nextcloud/suspicious_login I suggest following up there or the Nextcloud Help Forum - https://help.nextcloud.com
from docker.
Related Issues (20)
- Easy way to change cron frequency HOT 1
- occ Warning: Failed to set memory limit to 0 bytes HOT 1
- How to protect Nextclouds datadir and html dir HOT 2
- Enhancement wish to the image HOT 1
- Cronjob do nothing HOT 2
- Error Unable to write to the “config” directory! HOT 1
- Error cd occUnable to write to the “config” directory! HOT 1
- warning: The OPcache buffer is nearly full HOT 5
- Missing python dependencies HOT 5
- Using the fpm image in a subdirectory of the proxy
- How to reindex when connected to the HOT 1
- Nextcloud fpm fails to initialize database on clean install HOT 1
- Missing image 28.0.4 HOT 1
- Cannot enable apps through UI in 28.0.4 HOT 3
- WARN[0000] docker-compose.yml: `version` is obsolete HOT 1
- docker-compose command deprecated, docker-compose up -d fails for Redis container; must first use docker-compose down HOT 1
- Add static, or immutable, image tags that always point to the same image build HOT 15
- new env for auto configuration via environment variables for ldapUserCleanupInterval HOT 1
- Error occurred while checking server setup HOT 2
- Docs and examples update, again HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker.