Nextcloud not working with a domain it should

dandrea · March 9, 2025, 4:42pm

Hello all!

I have a local network with a mesh 192.168.68.1/24 cabled to a modem 192.168.15.1/24, and a TrueNAS Scale 24.10, Tailscale, NPM, and NextCloud on ip 192.168.68.68 named ada. No SSL involved for this while.

I recently tried to make a weird setup with SSL that pretty much didn’t work, so I decided to step back to a stage where things work with ports alone and no SSL (so NPM is actually doing nothing and has empty config).

I got Tailscale properly config’d for no HTTPS, so I can properly access both through 192.168.68.68, ada and ada.alpha-centauri.ts.net almost everything: webadmin on :80, nginx admin on :30020, NextCloud on :30027 and even my weird subversion setup on :3690.

Except for one thing: NextCloud won’t accept login through ada.alpha-centauri.ts.net. It won’t give “not trusted domain” messages or else. It will just for half second and I’ll be still on the login page. If I login through 192.168.68.68, tailscale’s ip, ada, it will work perfectly.

NextCloud docker log for the event is this:

2025-03-09 16:34:20.658522+00:00172.16.2.1 - - [09/Mar/2025:16:34:20 +0000] "POST /login HTTP/1.1" 303 1910 "http://ada.alpha-centauri.ts.net:30027/login?direct=1&user=dandrea" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Edg/134.0.0.0"
2025-03-09 16:34:20.720773+00:00172.16.2.1 - - [09/Mar/2025:16:34:20 +0000] "GET /login?direct=1&user=dandrea HTTP/1.1" 200 8488 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Edg/134.0.0.0"
2025-03-09 16:34:21.530861+00:00127.0.0.1 - - [09/Mar/2025:16:34:21 +0000] "GET /status.php HTTP/1.1" 200 1068 "-" "curl/7.88.1"

Relevant info on ./config/config.php (I erased some critical lines):

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'overwrite.cli.url' => 'http://ada.alpha-centauri.ts.net/nextcloud',
  'preview_imaginary_url' => 'http://imaginary:9000',
  'overwriteprotocol' => 'http',
  'trusted_proxies' =>
  array (
    0 => '127.0.0.1',
    1 => '192.168.68.68',
    2 => '192.168.0.0/16',
    3 => '172.16.0.0/12',
    4 => '10.0.0.0/8',
  ),
  'trusted_domains' =>
  array (
    0 => '127.0.0.1',
    1 => '192.168.68.68',
    2 => 'ada',
    3 => 'ada.alpha-centauri.ts.net',
    4 => 'ada.local',
    5 => 'localhost',
    6 => 'nextcloud',
  ),
);

I got no idea on how to debug this.

Captain_Morgan · March 10, 2025, 6:53am

No experience on my side…

Docs indicate the trusted domain is about where the Nextcloud is being accessed from.

What is the domain of the client?

dandrea · March 11, 2025, 7:11pm

It is in the same domain the client is, as the domain alpha-centauri.ts.net is only available when Tailscale is running with my credentials here.

Captain_Morgan · March 12, 2025, 6:23am

Can you test with a local client and no tailscale… it just eliminates an abnormal variable.

dandrea · March 15, 2025, 8:54pm

No, I can’t. It works with other domains and the faulty domain disappears if tailscale is removed.

Captain_Morgan · March 15, 2025, 10:49pm

So, can you summarize that it is just an issue with tailscale domains??
(put tailscale in the title if that is the case)

Perhaps tailscale should be set-up independently of the domains.??
Has anyone else configured a similar system?