You have long running installs of nextcloud on nethserver.
You upgrade to 7.7 and cockpit.
You’re playing with reverse proxy.
You use the empty trusted domain entry field for the first time in the cockpit nextcloud settings to add a domain you created for letsencrypt testing.
You wait awhile until everyone starts complaining about none of their nextcloud services working because you wiped out the other 4 trusted domains from the original config.
Have a beer.
Do you refer to manually added trusted domain entries on nextcloud’s config.php file not being respected when using that field?
/cc. @alep@giacomo
EDIT: I could reproduce it. Manually created entries for trusted domains on config.php are overwritten sequentially with entries from the UI based on the index key number (higher index key numbers are preserved).
So, I just noted that config show nextcloud displays the same result as the Cockpit trusted domains field, even though there’re 6 entries. The only way to reliably adjust the trusted domains is with vi…
I assume @fasttech edited /usr/share/nextcloud/config/config.php directly to add trusted domains or migrated a config.php from another Nextcloud instance. These manually added trusted domains are not reflected in Nethserver (UI) because they were not stored in config db.
Nextcloud’s config.php is not templated, instead occ (a Nextcloud configuration tool) is used to edit config.php.
localhost (0) and the FQDN (1) are set as the first entries followed by the interface IPs and the trusted domains from config db.
If you edit config.php manually and you use a higher index number for the trusted domains than Nethserver uses with it’s occ configuration, then they are preserved as @dnutan pointed out.
Now we could easily say, do not edit config.php directly but I tested deleting a trusted domain from cockpit and it does not work because we never delete all trusted domains before adding them with nethserver-nextcloud-occ-conf action.
Steps to reproduce:
Add two trusted domains via GUI and save.
Check if the change is reflected in /usr/share/nextcloud/config/config.php
Delete the second domain to keep one and save.
Check trusted domains in /usr/share/nextcloud/config/config.php and the second domain is still there.
Proposed solution:
Add occ config:system:delete trusted_domains to nethserver-nextcloud-occ-conf action.
I recognized this solution puts the trusted domains section to the end of the config.php. If this is a problem we could use occ config:system:delete trusted_domains $i and iterate through from 1 or do the delete with sed to preserve the trusted domains line in the config file.
I really liked to allow manual changes to Nextcloud config.php trusted domains but I think it’s not possible in a simple/clean/secure way.
The gist of what everyone’s is surmising seems true and to match what I’ve seen.
For example, if localhost and the fqdn are prewritten to config.php during the NC install, why are those not listed when config show nextcloud is run or the Cockpit field?
It just seems to me that anything in trusted domains in config.php should also be displayed in the Cockpit field and when config show nextcloud is run, otherwise something’s broken.
Because Nextcloud is preconfigured to be accessible from localhost, the FQDN and the network interfaces by default. These default settings are used to make Nextcloud work out of the box and should therefore not be editable.
A recap for anyone landing here. From now on (nethserver-nextcloud-1.8.5-1.5 update) trusted domains will we handled by Nethserver. Any other trusted domain entry added manually to config.php will be deleted. Before this update the behavior introduced in cockpit was that some manual entries could have been overwritten.