NextCloud 30.0.4 trusted domain issue despite IP in list (ElectricEel-24.10.1)

Dear TrueNas Community,

I recently installed NextCloud from the official TrueNAS App Store on my local TrueNAS Scale installation (version and installation settings below). Once I try to access the WebUI I get the “untrusted domain” error with the prompt to reconfigure my trusted domain list within config.php, however the IP that I try to access Nextcloud with is already in that list (see screenshot).

One important thing: Previously on the same day I accidentaly installed NextCloud with the same settings but with disabled Certificate ID (= 'truenas_default' certificate) and the whole installation worked absolutely fine. However, because NextCloud gave me the “no https” warning within its UI and the website was accessed with http and not https by default, I decided to reinstall the whole app with the certificate enabled and am now stuck with the afore mentioned issue.

Things I already tried:

  • added the exact URL of the IP address (with and without port, e.g. https://147.139.0.143:30027) to the trusted domain list inside config.php through shell. The issue persists even after restart of the application (config.php still had my changes, I checked)
  • changed 'overwriteprotocol' from 'https' to 'http' in config.php as mentioned in another forum post. This did not fix the issue and this value was automatically reset to 'https' upon retart of the app
  • completely uninstalled and reinstalled the app from the store with same installation settings

Installation:
All settings were left as default apart from the following:

  • Host: IP Address of my local TrueNAS installation, e.g. 147.139.0.143
  • Cron enabled
  • Certificate ID: 'truenas_default' certificate

I’ve read that there are other ways to install Nextcloud (AIO container with dockge or using YAML aso.) but I would love to stick with the “official” app method for now since I am not very profound with Linux, Docker and everything around it and I am quite afraid to mess something up what I would be unable to fix at all in the future.

I would greatly appreciate any help! If someone needs more information, please let me know. Thank you in advance!

Cheers!

TrueNAS Scale:
ElectricEel-24.10.1
NextCloud:
App Version: 30.0.4
Version 1.5.8

PS: Sorry for the whole redacting. I am not sure what I can/should share from those config files.

In the trusted_proxies list I have only one IP - IP of the reverse proxy itself (it is hosted on the same server), and inside the trusted_domains list all IPs (without ports) and NS records (private and public). Of course the certificate is handled by the reverse proxy. That config worked for me without any warnings (browser or the nextcloud itself).

I think I have the exact same problem as you OP.
Have the same settings regarding certificate and cron.

'trusted_proxies' => 
  array (
    0 => '127.0.0.1',
    1 => '192.168.0.0/16',
    2 => '172.16.0.0/12',
    3 => '10.0.0.0/8',
  ),
  'trusted_domains' => 
  array (
    0 => '127.0.0.1',
    1 => 'localhost',
    2 => 'nextcloud',
  ),

my config looks like this, with this I get the access through untrusted domain error. If I add the local IP of my NAS in the trusted domain array I can’t even access the Web UI of next cloud with the error, since the browser somehow always opens the landing page of my True NAS scale then.

my trusted domain value is “cloud.mydomain.com” not just “nextcloud”
Edit: heres my config file

<?php
$CONFIG = array (
  'datadirectory' => '/data',
  'instanceid' => 'supersecretpassword',
  'passwordsalt' => 'supersecretpassword',
  'secret' => 'supersecretpassword',
  'default_phone_region' => 'DE',
  'trusted_proxies' => 
  array (
    0 => '172.64.0.0/13',
    1 => '173.245.48.0/20',
    2 => '103.21.244.0/22',
    3 => '103.22.200.0/22',
    4 => '103.31.4.0/22',
    5 => '141.101.64.0/18',
    6 => '108.162.192.0/18',
    7 => '190.93.240.0/20',
    8 => '188.114.96.0/20',
    9 => '197.234.240.0/22',
    10 => '198.41.128.0/17',
    11 => '162.158.0.0/15',
    12 => '104.16.0.0/13',
    13 => '104.24.0.0/14',
    14 => '131.0.72.0/22',
  ),
  'trusted_domains' => 
  array (
    0 => '192.168.2.9:11080',
    1 => 'cloud.mydomain.com',
  ),
  'dbtype' => 'mysql',
  'version' => '30.0.4.1',
  'overwrite.cli.url' => 'https://cloud.mydomain.com',
  'overwriteprotocol' => 'https',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.2.9:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'supersecretpassword',
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'filelocking.enabled' => true,
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '192.168.2.9',
    'port' => 6380,
    'timeout' => 0.0,
    'password' => 'supersecretpassword',
  ),
  'upgrade.disable-web' => true,
  'mail_from_address' => 'mail.user',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'web.de',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'smtp.web.de',
  'mail_smtpport' => '587',
  'mail_smtpname' => 'mail@mail.de',
  'mail_smtppassword' => 'supersecretpassword',
  'maintanance_window_start' => 1,
  'loglevel' => 2,
  'maintenance' => false,
  'memories.exiftool' => '/config/www/nextcloud/apps/memories/bin-ext/exiftool-amd64-musl',
  'memories.vod.path' => '/config/www/nextcloud/apps/memories/bin-ext/go-vod-amd64',
  'memories.vod.ffmpeg' => '/usr/bin/ffmpeg',
  'memories.vod.ffprobe' => '/usr/bin/ffprobe',
  'maintenance_window_start' => 1,
  'enable_previews' => true,
  'enabledPreviewProviders' => 
  array (
    0 => 'OC\\Preview\\Movie',
    1 => 'OC\\Preview\\PNG',
    2 => 'OC\\Preview\\JPEG',
    3 => 'OC\\Preview\\GIF',
    4 => 'OC\\Preview\\BMP',
    5 => 'OC\\Preview\\XBitmap',
    6 => 'OC\\Preview\\MP3',
    7 => 'OC\\Preview\\MP4',
    8 => 'OC\\Preview\\TXT',
    9 => 'OC\\Preview\\MarkDown',
    10 => 'OC\\Preview\\PDF',
  ),
);

is a reverse proxy needed to make nextcloud work?

Not required, but you don’t have to expose ports for each app you want to access via domain, only 80 and 443, rest is done by the reverse proxy and it redirecting the requests to each app.

I don’t really want to access next cloud via domain, just via IP but so far I’ve only gotten the blocked message because of trusted domain and when I add the trusted domain in the list I always get to the landing page of my true nas scale.
No idea what I could change.

is ‘overwriteprotocol’ => ‘https’ set in you config.php? if yes try to remove it.

One or more trusted domains can be set through environment variable, too. They will be added to the configuration after install.

NEXTCLOUD_TRUSTED_DOMAINS (not set by default) Optional space-separated list of domains

I removed the overwriteprotocol property that you mentioned and added the IP of my NAS to the config, still the same issue → always get to the landing page instead of the next cloud UI.

here’s my current config:

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'redis',
    'password' => 'j`JQb4(~Tg:4z]5_bra9jG.61[JpbrVW',
    'port' => 6379,
  ),
  'upgrade.disable-web' => true,
  'passwordsalt' => 'RHWUT3YpU370FO8v1fOWy+wjJQ+dKf',
  'secret' => 'IH9cFXKrQPx+Hc0VmFgRZoLyw5MndTJoTgtyGTULMPzmovuf',
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'pgsql',
  'version' => '30.0.4.1',
  'overwrite.cli.url' => 'http://localhost',
  'dbname' => 'nextcloud',
  'dbhost' => 'postgres:5432',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_timo',
  'dbpassword' => 'YROlqMOwdL2xBCRyU4jgA5WIt5PXcD',
  'installed' => true,
  'instanceid' => 'ocp7il282tb4',
  'trusted_proxies' => 
  array (
    0 => '127.0.0.1',
    1 => '192.168.0.0/16',
    2 => '172.16.0.0/12',
    3 => '10.0.0.0/8',
  ),
  'trusted_domains' => 
  array (
    0 => '127.0.0.1',
    1 => '192.168.1.186',
    2 => 'localhost',
    3 => 'nextcloud',
  ),
);

Thanks for sharing! I currently do not have a proxy installed (but I plan to do that in the future with Nginx). Forgive me if this is a naive question but what are those 'trusted_proxies' IP addresses exactly? Are those IPs of devices from which I am allowed to access my nextcloud from?

The weird thing is that it worked before when I installed it without a certificate. I

I am at the same state as @Timo right now and for me changing the overwrite protocol does not work (as described).

The trusted ips are ip ranges of cloudflare

same problem

nobody with a solution to this issue so far?

I have had this same issues for 5 days and tried everything I could think of Including: appending config file with 25 different IP address, installing atleast 15 times with different permissions. Search so many UTube vids for answers to no avail.
It doesn’t make sense why this worked but…
Here is how I finally got it to work:
Create datasets-
Nextcloud
-AppData
-PostGres
-UsrData
all with generic files
Try to new install of Nextcloud,
no Host name
no Certificate ID (NO Proxies)
Set install locations to above locations, ie Nextcloud/AppData, Nextcloud/UsrData, Nextcloud/Postgress
Set Permissions box checked
After install, go to apps, left column select Workloads-Nextcloud shell
login and type:
cd config
apt update
apt upgrade
apt install nano
nano config.php
This gives you direct access to modify the Config.php
Since it did not have proxies it should not be in there.
Add to the trusted domain list your IP address with the port you set it up for Nextcloud in the installation.
In my case it was 192.168.0.34:30027.
Save and close the file
Then click on the web UI button on the right and that should get you access.
My system is TrueNas Scale 24.10
Nextcloud App Version: 30.0.4, Version: 1.5.11.
I will see if I can post screen shots.
But It got me past the untrusted domains and able to login.

1 Like

Heres my config file, after edit. This is working on my system
Hope that helps

   'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'redis',
    'password' => 'winterSaleVBOGO',
    'port' => 6379,
  ),
  'upgrade.disable-web' => true,
  'passwordsalt' => 'LOadasalt',
  'secret' => XYZPDQ',
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'pgsql',
  'version' => '30.0.4.1',
  'overwrite.cli.url' => 'http://localhost',
  'dbname' => 'nextcloud',
  'dbhost' => 'postgres:5432',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'Computer-storage',
  'dbpassword' => 'baedsedchad',
  'installed' => true,
  'instanceid' => 'ocgrzr24256h',
  'trusted_domains' => 
  array (
    0 => '127.0.0.1',
    1 => '192.168.0.34:30027',
    2 => 'localhost',
    3 => 'nextcloud',

you’re the man!! It finally worked. Can’t thank you enough for this, took me forever and think I would have probably never figured that out.

did you by any chance also get collabora to work with next cloud? For me it can find collabora in the next cloud settings but when I try to open a document it just says document cant be loaded

Feel silly asking but I’m stuck at the step of logging into the NextCloud shell.
What login should I be using?

I’m stuck here too, Enter the credentials and … nothing.