Nextcloud problems when using with SWAG

I’m trying to setup lsio-Nextcloud with lsio-SWAG as a reverse proxy - running on different hosts.

When trying to access Nextcloud via the reverse proxy the login fields are not shown - just the Nextcloud logo and one-liner (see image below).

If I remove the reverse proxy settings in the Nextcloud config.php and use the host-URL, it works as expected - login fields are shown (see image below).

The error-logs from Nextcloud and SWAG don’t give me any pointers on what is missing or could be wrong.

Any suggestions?

Below the config details from the Docker containers and the Nextcloud-config.php. Nextcloud and SWAG are running on different hosts within the same subnet.

Please note that I can access Nextcloud only via the local URL if I leave the following 4 lines out of the config.php:

  /* Below is for SWAG - see also comments in proxy-conf */
  'trusted_proxies' => [gethostbyname('logos')],
  'overwrite.cli.url' => 'https://nc.itv360.net/',
  'overwritehost' => 'nc.itv360.net',
  'overwriteprotocol' => 'https',

=====

The Nextcloud-container is created via the CLI below:

#!/bin/sh
docker pull linuxserver/nextcloud:latest
docker stop nextcloud
docker rm nextcloud
docker run \
  --name nextcloud \
  --network bridge \
  --hostname nextcloud \
  -p 192.168.139.250:443:443 \
  -v /opt/docker/nextcloud/config/main:/config \
  -v /mnt/allData/nextcloud:/data \
  -e TZ=Europe/Amsterdam \
  -d \
  --restart unless-stopped \
  linuxserver/nextcloud

# Remove unused images
docker image prune --all --force

=====

De config.php from Nextcloud:

<?php
$CONFIG = array (
  'datadirectory' => '/data',
  'instanceid' => 'ocixkoruob14',
  'passwordsalt' => '<hash>',
  'secret' => '<hash>',
  'trusted_domains' =>
  array (
    0 => 'logos.tech.lan',
    1 => 'nc.itv360.net',
    2 => '192.168.139.250',
  ),
  'dbtype' => 'sqlite3',
  'version' => '29.0.4.1',
  'installed' => true,
  'mail_from_address' => 'nextcloud',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'itv360.net',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'mx2f38.netcup.net',
  'mail_smtpport' => '465',
  'mail_smtpname' => 'support@itv360.net',
  'mail_smtppassword' => '<wachtwoord>',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'filelocking.enabled' => false,
  'memcache.locking' => '\\OC\\Memcache\\APCu',
  'upgrade.disable-web' => true,
  'loglevel' => 1,
  'default_phone_region' => 'NL',
  'maintenance_window_start' => 1,
  /* Below is for SWAG - see also comments in proxy-conf */
  'trusted_proxies' => [gethostbyname('logos')],
  'overwrite.cli.url' => 'https://nc.itv360.net/',
  'overwritehost' => 'nc.itv360.net',
  'overwriteprotocol' => 'https',
);

=====

Below the proxy-conf-file in swag:

## Version 2024/07/16
# make sure that your nextcloud container is named nextcloud
# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => [gethostbyname('swag')],
#  'overwrite.cli.url' => 'https://nextcloud.example.com/',
#  'overwritehost' => 'nextcloud.example.com',
#  'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'nextcloud.example.com',
#  ),

server {
    listen 443 ssl;
#    listen [::]:443 ssl;

    server_name nc.itv360.net;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app logos.tech.lan;
        set $upstream_port 443;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        # Hide proxy response headers from Nextcloud that conflict with ssl.conf
        # Uncomment the Optional additional headers in SWAG's ssl.conf to pass Nextcloud's security scan
        proxy_hide_header Referrer-Policy;
        proxy_hide_header X-Content-Type-Options;
        proxy_hide_header X-Frame-Options;
        proxy_hide_header X-XSS-Protection;

        proxy_buffering off;
    }
}

=====

Sorry, did not see that nextcloud and SWAG they are on different hosts.

Hi,
I run swag on the same host as NC. I had problems with gethostbyname. The difference I see is that I put the local IP address of my server on trusted_proxies in config.php from Nextcloud:
‘trusted_proxies’ => [‘192.168.1.253’],
and in swag for nextcloud.subdomain.conf:
set $upstream_app 192.168.1.253;
Maybe this can fix your problem

This was indeed part of the solution => made a topy in the swag ssl.config file.
The other part was related to Cloudflare => when this is turned off, everything works as expected.