Mental note, re nextcloud trusted domains and cockpit

NethServer Version: 7.7
Module: cockpit, nextcloud

You have long running installs of nextcloud on nethserver.
You upgrade to 7.7 and cockpit.
You’re playing with reverse proxy.
You use the empty trusted domain entry field for the first time in the cockpit nextcloud settings to add a domain you created for letsencrypt testing.
You wait awhile until everyone starts complaining about none of their nextcloud services working because you wiped out the other 4 trusted domains from the original config.
Have a beer.

Do you refer to manually added trusted domain entries on nextcloud’s config.php file not being respected when using that field?
/cc. @alep @giacomo

EDIT: I could reproduce it. Manually created entries for trusted domains on config.php are overwritten sequentially with entries from the UI based on the index key number (higher index key numbers are preserved).

3 Likes

So, I just noted that config show nextcloud displays the same result as the Cockpit trusted domains field, even though there’re 6 entries. The only way to reliably adjust the trusted domains is with vi…

Sorry, I totally lost this one.
I’ve tried to re-read the whole thread but I didn’t understand well.

Could you please describe again the problem and a step-by-step guide to how to reproduce?
Thanks

1 Like

@giacomo

Yes thanks, I’ve already read it but still I didn’t understand.

1 Like

I assume @fasttech edited /usr/share/nextcloud/config/config.php directly to add trusted domains or migrated a config.php from another Nextcloud instance. These manually added trusted domains are not reflected in Nethserver (UI) because they were not stored in config db.

Nextcloud’s config.php is not templated, instead occ (a Nextcloud configuration tool) is used to edit config.php.

localhost (0) and the FQDN (1) are set as the first entries followed by the interface IPs and the trusted domains from config db.

If you edit config.php manually and you use a higher index number for the trusted domains than Nethserver uses with it’s occ configuration, then they are preserved as @dnutan pointed out.

Now we could easily say, do not edit config.php directly but I tested deleting a trusted domain from cockpit and it does not work because we never delete all trusted domains before adding them with nethserver-nextcloud-occ-conf action.

Steps to reproduce:

  1. Add two trusted domains via GUI and save.
  2. Check if the change is reflected in /usr/share/nextcloud/config/config.php
  3. Delete the second domain to keep one and save.
  4. Check trusted domains in /usr/share/nextcloud/config/config.php and the second domain is still there.

Proposed solution:

Add occ config:system:delete trusted_domains to nethserver-nextcloud-occ-conf action.
I recognized this solution puts the trusted domains section to the end of the config.php. If this is a problem we could use occ config:system:delete trusted_domains $i and iterate through from 1 or do the delete with sed to preserve the trusted domains line in the config file.

I really liked to allow manual changes to Nextcloud config.php trusted domains but I think it’s not possible in a simple/clean/secure way.

Source:

3 Likes

Thank you @mrmarkuz!

I agree with you: do not edit config.php.

I like also the proposed solution!
I will try it next days. In the meanwhile, if you would like to open a PR, it would be wonderful :smiley:

Thank you again :wink:

1 Like

Sorry I haven’t had time to get back here.

The gist of what everyone’s is surmising seems true and to match what I’ve seen.

For example, if localhost and the fqdn are prewritten to config.php during the NC install, why are those not listed when config show nextcloud is run or the Cockpit field?

It just seems to me that anything in trusted domains in config.php should also be displayed in the Cockpit field and when config show nextcloud is run, otherwise something’s broken.

Because Nextcloud is preconfigured to be accessible from localhost, the FQDN and the network interfaces by default. These default settings are used to make Nextcloud work out of the box and should therefore not be editable.

1 Like

A recap for anyone landing here. From now on (nethserver-nextcloud-1.8.5-1.5 update) trusted domains will we handled by Nethserver. Any other trusted domain entry added manually to config.php will be deleted. Before this update the behavior introduced in cockpit was that some manual entries could have been overwritten.

The advice for anyone facing the same problem as described in the opening post is to add the trusted domains to the Trusted domains field of Nethserver’s server-manager.

1 Like

@mrmarkuz did a great job: he opened the bug and fixed it! :clap:

Everything is ready to be tested https://github.com/NethServer/dev/issues/6067

2 Likes

A post was split to a new topic: Nextcloud: Your web server is not properly set up to resolve “/ocm-provider/” “/ocs-provider/”