Nextcloud with SWAG 400 Bad Request

LSIO Discussion Container Support
,
1

Hello all,

I have the following problem with Nextcloud when used behind SWAG. No matter what I tried I always get 400 Bad Request Request Header Or Cookie Too Large.

Here is my config:

Nextcloud:

services:
  nextcloud:
    image: docker.io/linuxserver/nextcloud:31.0.2
    container_name: nextcloud
    networks:
        - home
    environment:
      - PUID=1000
      - PGID=100
      - TZ=Etc/UTC
    volumes:
      - ./config:/config
      - ./data:/data
    ports:
      - 5000:443
    restart: unless-stopped
networks:
    home:
        name: "home"
        external: true

SWAG nextcloud config:

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name nextcloud.*;

    include /config/nginx/ssl.conf;
    
    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        
        set $upstream_app nextcloud;
        set $upstream_port 5000;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

		# Disable SSL certificate validation
        proxy_ssl_verify off;

        # Hide proxy response headers from Nextcloud that conflict with ssl.conf
        # Uncomment the Optional additional headers in SWAG's ssl.conf to pass Nextcloud's security scan
        proxy_hide_header Referrer-Policy;
        proxy_hide_header X-Content-Type-Options;
        proxy_hide_header X-Frame-Options;
        proxy_hide_header X-XSS-Protection;

        # Disable proxy buffering
        proxy_buffering off;
    }
}

config.php:

<?php
$CONFIG = array (
  'datadirectory' => '/data',
  'instanceid' => 'instanceID',
  'passwordsalt' => 'SALT',
  'secret' => 'SECRET',
  'trusted_proxies' => 
  array (
    0 => 'swag',
  ),
  'trusted_domains' => 
  array (
    0 => '192.168.1.60:5000',
    1 => 'nextcloud.MYDOMAIN.COM',
  ),
  'dbtype' => 'sqlite3', // only temp
  'version' => '31.0.2.1',
  'overwritehost' => 'nextcloud.MYDOMAIN.COM',
  'overwriteprotocol' => 'https',
  'overwrite.cli.url' => 'https://nextcloud.MYDOMAIN.COM/',
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'filelocking.enabled' => true,
  'memcache.locking' => '\\OC\\Memcache\\APCu',
  'upgrade.disable-web' => true,
);

I’ve tried different browsers and also cleared cookies. I’m pretty sure the problem has something to do with SWAG (nginx) not Nextcloud itself.

2

The subdomain.conf port is wrong, which forces you to double Nat. I don’t think that is THE issue, but is an issue. We would need nginx logs to provide any other thoughts

3

I did docker logs -f swag but nothing is printed there.
But I found the access.log

MY IP - - [31/Mar/2025:17:53:06 +0300] "GET /favicon.ico HTTP/2.0" 400 226 "https://nextcloud.MYDOMAIN.COM/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:136.0) Gecko/20100101 Firefox/136.0"

But it doesn’t provide much info. And there is nothing in the error.log.

Do you have a specific file in mind?

4

Hello again,

Completely forgot my login credentials :sweat_smile: thus my new account.

So I finally figured the problem. The nextcloud.subdomain.conf was present in both proxy-confs and site-confs. And it was causing the above error. I don’t really know how exactly or why, cause both the headers and the cookies didn’t seem large.

Anyways, I deleted the on in proxy-confs and kept the one in site-confs and I don’t have the issue anymore!

Edit: forgot to mention, if we can, lets mark it as resolved