Nextcloud untrusted domain

Hi everyone,

I’m completely new to networking and server setups. Installed Truenas on an old PC and installed the Nextcloud App.

When accessing the Nextcloud web portal, I encounter the error: “Access through untrusted domain.” After reading through other threads, I tried adding my server’s IP address to the trusted_domains section in the configuration. However, when I attempt to access Nextcloud, it redirects me to the TrueNAS login page at http://192.168.0.18/ui/sessions/signin.

I also tried including the port in trusted_domains (e.g., http://192.168.0.18:PORT), but then I get the same “Access through untrusted domain” error again.

Does anyone have any ideas on how to resolve this?

Screenshot 2024-12-20 2040391300×569 52.5 KB

Disclaimer: I don’t run Nextcloud in TrueNAS (which basically is Docker nowadays) so I don’t know how the networking works.

I also assume you don’t use a reverse proxy so you don’t work with trusted proxies.

I also don’t know the IP of your client and the IP of TrueNAS, but my guess would be that you need to whitelist the IP of your client and not your TrueNAS IP.

I personally would just set trusted domains to
1912.168.1.0/24
that should work for all clients in you local network.

If you want to connect from the internet, I would change that to yourdomain.com

Same issue here on 24.10.

According to the documentation, the trusted domain settings in the config.php actually should be the IP or name of the server, not the client, so i think OP has set up the trusted domain section in config.php correctly.

On my side, I am also not using a domain name, just a local IP address in my private network, and the IP address I use to access Nextcloud is in my config.php and also listed when I use the occ config:system:get trusted_domains command on the nextcloud container.

I also observe like OP that when I add the port as given in the app config (30027), I get the “untrusted domain” issue, but when I remove it, I am redirected to the TrueNAS login page for some reason.
I can access nextcloud if I remove the truenas default certificate from the app setup and connect via http://:30027, but I need to use private mode in the browser to login, otherwise the login does not work. There is a message about this from TrueNAS when I use the WebUI button on the Apps screen, as somehow https is enforced, though I do not know why.

I played with several different port setting (30011, 9001) and combinations of entries in the app config (leave host empty, enter only host IP but no port). I’ve also added the IP addresses of the nextcloud and nginx containers as visible with hostname -I on the containers to the config.php, and added and removed again overwritehost, overwrite.cli.url etc. from the config.php. Somehow it looks to me like it is not in fact a nextcloud config issue but about the way the http(s) requests are routed by TrueNAS?

There seems to be no info about the issue in any log file I could find (from the app page in Truenas GUI, inside the nginx and nextcloud container…), but maybe I’m looking at the wrong path?

Any idea what can be done to solve or at least further investigate the problem?

correction: “http: // :30027” is supposed to be “http: // nextcloudIPAdress:30027”

Is that, because it does implement a reverse proxy in front of it?

I would at least set it temporary to 192.168.1.0/24 to rule out that problem.

Hi Sara, thanks for the quick reply! I am actually not sure if the trusted_domains setting has anything to do with a reverse proxy, my understanding of the documentation is that it is just a whitelist filter to limit the access to nextcloud. I suppose that if you do have a (reverse) proxy set up it will translate the IP addresses and/or the ports used, and that may be the cause of our issue, but I do not see how I can change the behavior - this would have to be some setting for nginx, I guess?
I’ll try the (adjusted) IP range you proposed - on my side the internal network is actually 192.168.178.x for all devices, so if there is no proxy stuff happening, it might help.

I unfortunately don’t know about the architecture of AIO.
Anyway, normally you would not have the server IP as trusted_domains, since you don’t access Nextcloud over your server IP, but you client IP.

So if Truenas has 192.168.1.2 and Nextcloud 192.168.1.3 and your Laptop 192.168.1.50, you would need 192.168.1.50 as trusted domains, since that is where the connection is coming from.

That is why suggest you just use 192.168.178.0/24 so that all devices from you local network are allowed to access nextcloud.

I seem to have stumbled on a solution. Was checking the content of the full installation guide https://forums.truenas.com/t/a-full-guide-for-installing-nextcloud-on-truenas-scale-with-collabora-integration-and-outside-access-through-nginx-proxy-manager/5874/1 and noticed that there is a statement that the content of the config.php is not used at all and all settings need to be made in the installer. So I tried to follow what they do and modified this in the Nextcloud configuration:

• removed entry in “Host”
• added “Additional Environment Variable” OVERWRITEHOST with Value 192.168.178.28:30027
• added “Additional Environment Variable” OVERWRITECLIURL with Value https://192.168.178.28:30027
• set Certificate ID to use the freenas_default Certificate.

192.168.178.28 is the IP address of my Truenas scale installation. 30027 is the port I’ve also set in WebUI Port.

For what it’s worth, the relevant part of my config.php looks like

  'overwriteprotocol' => 'https',
  'overwritehost' => '192.168.178.28:30027',
  'overwrite.cli.url' => 'https://192.168.178.28:30027',
  'trusted_domains' =>
  array (
    0 => '127.0.0.1',
    1 => '192.168.178.*',
    2 => 'localhost',
    3 => 'nextcloud',
  ),

and I think the overwrite statements were put there by the Nextcloud configuration edit.

Https access now seems fine, so maybe this also fixes your problem, adastra?