Nextcloud warining about `trusted_domains` or the `overwrite.cli.url`

LSIO Discussion Container Support
1

when I open admin page of nextcloud I get several errors / warinings that trusted_domains or the overwrite.cli.url is not configured properly.

I did check config.php and everything looks ok.

here is part of my config:

'trusted_domains' => 
array (
  0 => 'subdomain.mydomain.com',
),
'overwrite.cli.url' => 'https://subdomain.mydomain.com',
'overwritehost' => 'subdomain.mydomain.com',
'overwriteprotocol' => 'https',
'trusted_proxies' => [gethostbyname('swag')],

any tip how to pass those warnings?
thanks

2

here is output at admin page

  • Your web server is not yet properly set up to allow file synchronisation, because the WebDAV interface seems to be broken. To allow this check to run you have to make sure that your webserver can connect to itself. Therefor it must be able to resolve and connect to at least one its trusted_domains or the overwrite.cli.url.

  • Your webserver is not set up to serve .js.map files. Without these files, JavaScript Source Maps won’t function properly, making it more challenging to troubleshoot and debug any issues that may arise.

  • Could not check for JavaScript support via any of your trusted_domains nor overwrite.cli.url. This may be the result of a server-side DNS mismatch or outbound firewall rule. Please check manually if your webserver serves .mjs files using the JavaScript MIME type. To allow this check to run you have to make sure that your webserver can connect to itself. Therefor it must be able to resolve and connect to at least one its trusted_domains or the overwrite.cli.url.

  • Your web server is not properly set up to resolve “/ocm-provider/”, “/ocs-provider/”. This is most likely related to a web server configuration that was not updated to deliver this folder directly. Please compare your configuration against the shipped rewrite rules in “.htaccess” for Apache or the provided one in the documentation for Nginx. On Nginx those are typically the lines starting with “location ~” that need an update. For more details see the documentation :arrow_upper_right:.

  • Your web server is not properly set up to resolve .well-known URLs, failed on: /.well-known/webfinger For more details see the documentation :arrow_upper_right:.

  • 3 errors in the logs since 26. apríla 2024, 7:40:52

  • Could not check that your web server serves security headers correctly, unable to query `` For more details see the documentation :arrow_upper_right:.

  • Could not check for WOFF2 loading support. Please check manually if your webserver serves .woff2 files. To allow this check to run you have to make sure that your webserver can connect to itself. Therefor it must be able to resolve and connect to at least one its trusted_domains or the overwrite.cli.url. For more details see the documentation :arrow_upper_right:.

3

check your container logs for nextcloud and if you’re using swag, check those too

4

well, I did not find anything problematic, everything looks ok

5

I did add following lines into nextcloud swag proxy conf because I want allow nextcloud only from my network, some other subdomains are allowed publicly.

allow 192.168.34.0/24;   # lan
allow 192.168.87.0/24;   # vpn
deny all;

and I did find out that fail2ban did deny docker IP 172.18.0.1

it was working before update nextcloud container. After update I did correct 'trusted_proxies' => [gethostbyname('swag')], in config. Do you think it can be problem? I am not sure.

6

I did leave nextcloud conf as it is and add docker subnet into swag proxy conf and it is working now.

allow 192.168.34.0/24;   # lan
allow 192.168.87.0/24;   # vpn
allow 172.17.0.1/16;       # docker
deny all;

question: what about another containers? some subdomains are allowed from public net but some only from local, should I allow docker subnets in those for local net only?