this post was submitted on 29 Nov 2023
14 points (93.8% liked)

Selfhosted

39980 readers
447 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I'm running OwnCloud in Docker and have setup NGinx as a reverse proxy. This works perfectly for all my other services, but OwnCloud keeps throwing the untrusted domain error. I've edited the config.php file to add my exampledemain.com but no dice. Does anybody know what I need to do?

all 23 comments
sorted by: hot top controversial new old
[–] [email protected] 8 points 11 months ago (2 children)
[–] [email protected] 4 points 11 months ago (1 children)

Yes please unless you want to fiddle with authentication services and their configuration sudoku I would recommend using a vpn or vpn service like tailscale (very user friendly) to access your services when not home.

If you want to continue with this id recommend looking into authelia or authentik to add an additional layer of security :)

[–] [email protected] 1 points 11 months ago (1 children)

That is very true. I've got Tailscale setup and I can get into it through that. Unfortunately I can't put Tailscale on my work machines, so having access via the web would be useful.

[–] [email protected] 1 points 11 months ago

Ah I see that is a good point I had not considered!

[–] [email protected] 2 points 11 months ago (1 children)

Oof. That's bad news. I don't have that bit of kit on my setup though. Luckily.

[–] [email protected] 1 points 11 months ago (1 children)

...I thought you just said you're running OwnCloud?

[–] [email protected] 3 points 11 months ago

Yeah but the report says the vulnerability is related to graphapi which doesn't seem to be a part of all OwnCloud installations. I can't see it on mine either.

[–] [email protected] 4 points 11 months ago (1 children)

in nginx:

server {
...
location / {
    ...
    proxy_pass https://redacted.......;
    proxy_pass_request_headers on;
    proxy_pass_header   Set-Cookie;
    proxy_set_header HOST $host;
    proxy_set_header Referer $http_referer;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
...
  }
}

I think the was a trusted proxy setting in owncloud itself that needed to be set too, or maybe I'm thinking of another service.

[–] [email protected] 2 points 11 months ago (3 children)

Thanks a lot. Whereabouts do I add it to Nginx? Do I need to do this through the dashboard for the proxy host or is there something in docker that I need to add?

[–] [email protected] 2 points 11 months ago (1 children)

Sounds like you're using nginx proxy Manager, a web based frontend for nginx. If so, you have to edit your existing host, change to custom locations, add one with "/" as the address and the same containername and port. Then click the cogwheel in this entry to open a text box for custom rules. You can paste the following lines into there:

proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
[–] [email protected] 1 points 11 months ago

Thanks a lot. I'm still getting trusted domain errors. Obviously need to have a dig around.

[–] [email protected] 2 points 11 months ago

proxy_pass https://

Thanks. I found it, but still borked. Need to do some digging. Strange things are afoot at the Circle K ...

[–] [email protected] 1 points 11 months ago

I configure nginx with text condig files.
No clue how or where that is in your setup, but presumably somewhere where you configure the proxypass and server names.

[–] [email protected] 2 points 11 months ago (2 children)

If you’re hosting via docker, I highly recommend deploying a Traefik container as it is a phenomenal reverse proxy to pair with containerized hosting

[–] [email protected] 1 points 11 months ago

Thanks for the rec. I've got all my stuff running through NPM and am loath to change it just for this one (annoying) thing!

[–] [email protected] 1 points 11 months ago

What are the advantages over Nginx Proxy Manager?

[–] [email protected] 2 points 11 months ago

What env vars are you using for the docker and what's in the config.php?

[–] [email protected] 1 points 11 months ago

You need to forward the real IP from nginx.
I'll upload an example when I get off work

[–] [email protected] 1 points 11 months ago

Not familiar with owncloud.

But can't you set something like "http://127.0.0.1" as domain?

[–] [email protected] 1 points 11 months ago* (last edited 11 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
HTTP Hypertext Transfer Protocol, the Web
IP Internet Protocol
nginx Popular HTTP server

2 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.

[Thread #312 for this sub, first seen 29th Nov 2023, 21:55] [FAQ] [Full list] [Contact] [Source code]

[–] [email protected] 0 points 11 months ago

Yeah see I'm not even sure what the env vars are. I'm running it with docker-compose and the only alterations I've made to anything are to add my IP address to the config file in the trusted domains array. That's definitely where it needs to go because if I take it out then it flops hard.

[–] [email protected] 0 points 11 months ago

Ah, thank-you so much!