Reverse Proxy, PHP cache, custom logo, CSS bug (does http instead of https) #5527
Description
Steps to reproduce
- Have Nextcloud sent through a reverse proxy that performs SSL on it's behalf
- Set PHP cache settings that Nextcloud recommends (not sure if this is necessary, but it seemed to be one of the things that triggered it to start)
- Setup a custom logo (not sure if this is necessary, but it seemed to be one of the things that triggered it to start)
- Login to Nextcloud
Expected behaviour
PHP generated server.css should have https in the image path so the images load properly.
(under the "#header .logo-icon" and "#header .logo" sections of the css)
Actual behaviour
Tell us what happens instead
PHP generated server.css has http in the image path and therefore won't load on https connections.
(under the "#header .logo-icon" and "#header .logo" sections of the css)
Server configuration
Operating system:
Ubuntu 16.04.2 LTS
Web server:
Apache 2
Database:
MySQL
PHP version:
7.0
Nextcloud version: (see Nextcloud admin page)
12.0.0
Updated from an older Nextcloud/ownCloud or fresh install:
Updated from older versions (initially from ownCloud)
Where did you install Nextcloud from:
Built-in updater.
Signing status:
Signing status
No errors have been found.
List of activated apps:
App list
Enabled:
- activity: 2.5.2
- bruteforcesettings: 1.0.2
- comments: 1.2.0
- dav: 1.3.0
- federatedfilesharing: 1.2.0
- federation: 1.2.0
- files: 1.7.2
- files_external: 1.3.0
- files_pdfviewer: 1.1.1
- files_sharing: 1.4.0
- files_texteditor: 2.4.1
- files_trashbin: 1.2.0
- files_versions: 1.5.0
- files_videoplayer: 1.1.0
- firstrunwizard: 2.1
- gallery: 17.0.0
- logreader: 2.0.0
- lookup_server_connector: 1.0.0
- nextcloud_announcements: 1.1
- notifications: 2.0.0
- oauth2: 1.0.5
- password_policy: 1.2.2
- provisioning_api: 1.2.0
- serverinfo: 1.2.0
- sharebymail: 1.2.0
- survey_client: 1.0.0
- systemtags: 1.2.0
- theming: 1.3.0
- twofactor_backupcodes: 1.1.1
- updatenotification: 1.2.0
- user_ldap: 1.2.1
- workflowengine: 1.2.0
Disabled: - admin_audit
- encryption
- user_external
Nextcloud configuration:
Config report
{
"system": {
"updatechecker": false,
"instanceid": "ocq035yq2rd7",
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"cloud.example.com"
],
"trusted_proxies": [
"192.168.0.203"
],
"overwritehost": "cloud.example.com",
"overwriteprotocol": "https",
"overwritecondaddr": "^192\.168\.0\.207$",
"datadirectory": "/var/www/nextcloud/data",
"overwrite.cli.url": "https://cloud.example.com",
"dbtype": "mysql",
"version": "12.0.0.29",
"dbname": "owncloud",
"dbhost": "localhost",
"dbtableprefix": "oc_",
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"logtimezone": "UTC",
"installed": true,
"preview_libreoffice_path": "/usr/bin/libreoffice",
"ldapIgnoreNamingRules": false,
"appstore.experimental.enabled": true,
"maintenance": false,
"loglevel": 2,
"ldapProviderFactory": "\OCA\User_LDAP\LDAPProviderFactory",
"updater.secret": "REMOVED SENSITIVE VALUE",
"updater.release.channel": "stable",
"mail_smtpmode": "php"
}
}
Are you using external storage, if yes which one: local/smb/sftp/...
no
Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
LDAP
LDAP configuration (delete this part if not used)
LDAP config
+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Configuration | |
+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | CN=Progam Access,CN=Users,DC=example,DC=com |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | DC=example,DC=com |
| ldapBaseGroups | DC=example,DC=com |
| ldapBaseUsers | DC=example,DC=com |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | REMOVED SENSITIVE VALUE |
| ldapGroupFilterGroups | REMOVED SENSITIVE VALUE |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | member |
| ldapHost | 192.168.0.201 |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(|(objectclass=user))(|(|(memberof=CN=Cloud_Access,CN=Users,DC=example,DC=com)(primaryGroupID=2182))))(|(samaccountname=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid)))) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 1 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(|(objectclass=user))(|(|(memberof=CN=Cloud_Access,CN=Users,DC=example,DC=com)(primaryGroupID=2182)))) |
| ldapUserFilterGroups | Cloud_Access |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | user |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Client configuration
Browser:
Firefox 54.0 and Google Chrome 59.0.3071.109
Operating system:
Windows 10 Version 1703 (OS Build 15063.332)
Logs
Web server error log
Web server error log
Error PHP Invalid argument supplied for foreach() at /var/www/nextcloud/lib/private/Template/SCSSCacher.php#145
Nextcloud log (data/nextcloud.log)
Nextcloud log
{"reqId":"yLDgESR6H2A6Wr09D9p1","level":3,"time":"2017-06-23T22:49:25+00:00","remoteAddr":"192.168.0.203","user":"A3BCC5DF-9148-4BC8-BBF2-7AC56F723B5E","app":"PHP","method":"GET","url":"/index.php/apps/files/","message":"Invalid argument supplied for foreach() at /var/www/nextcloud/lib/private/Template/SCSSCacher.php#145","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0","version":"12.0.0.29"}
{"reqId":"ItfttoG98PLKLFwzTD8N","level":3,"time":"2017-06-23T23:26:01+00:00","remoteAddr":"192.168.0.203","user":"A3BCC5DF-9148-4BC8-BBF2-7AC56F723B5E","app":"internet_connection_check","method":"GET","url":"/index.php/settings/ajax/checksetup","message":"Exception: {"Exception":"GuzzleHttp\\Exception\\RequestException","Message":"cURL error 18: transfer closed with 24536 bytes remaining to read","Code":0,"Trace":"#0 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/RequestFsm.php(103): GuzzleHttp\\Exception\\RequestException::wrapException(Object(GuzzleHttp\\Message\\Request), Object(GuzzleHttp\\Ring\\Exception\\RingException))\n#1 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/RequestFsm.php(132): GuzzleHttp\\RequestFsm->__invoke(Object(GuzzleHttp\\Transaction))\n#2 \/var\/www\/nextcloud\/3rdparty\/react\/promise\/src\/FulfilledPromise.php(25): GuzzleHttp\\RequestFsm->GuzzleHttp\\{closure}(Array)\n#3 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/ringphp\/src\/Future\/CompletedFutureValue.php(55): React\\Promise\\FulfilledPromise->then(Object(Closure), NULL, NULL)\n#4 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/Message\/FutureResponse.php(43): GuzzleHttp\\Ring\\Future\\CompletedFutureValue->then(Object(Closure), NULL, NULL)\n#5 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/RequestFsm.php(134): GuzzleHttp\\Message\\FutureResponse::proxy(Object(GuzzleHttp\\Ring\\Future\\CompletedFutureArray), Object(Closure))\n#6 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/RequestFsm.php(132): GuzzleHttp\\RequestFsm->__invoke(Object(GuzzleHttp\\Transaction))\n#7 \/var\/www\/nextcloud\/3rdparty\/react\/promise\/src\/FulfilledPromise.php(25): GuzzleHttp\\RequestFsm->GuzzleHttp\\{closure}(Array)\n#8 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/ringphp\/src\/Future\/CompletedFutureValue.php(55): React\\Promise\\FulfilledPromise->then(Object(Closure), NULL, NULL)\n#9 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/Message\/FutureResponse.php(43): GuzzleHttp\\Ring\\Future\\CompletedFutureValue->then(Object(Closure), NULL, NULL)\n#10 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/RequestFsm.php(134): GuzzleHttp\\Message\\FutureResponse::proxy(Object(GuzzleHttp\\Ring\\Future\\CompletedFutureArray), Object(Closure))\n#11 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/Client.php(165): GuzzleHttp\\RequestFsm->__invoke(Object(GuzzleHttp\\Transaction))\n#12 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/Client.php(125): GuzzleHttp\\Client->send(Object(GuzzleHttp\\Message\\Request))\n#13 \/var\/www\/nextcloud\/lib\/private\/Http\/Client\/Client.php(138): GuzzleHttp\\Client->get('http:\/\/www.next...', Array)\n#14 \/var\/www\/nextcloud\/settings\/Controller\/CheckSetupController.php(125): OC\\Http\\Client\\Client->get('http:\/\/www.next...')\n#15 \/var\/www\/nextcloud\/settings\/Controller\/CheckSetupController.php(108): OC\\Settings\\Controller\\CheckSetupController->isSiteReachable('www.nextcloud.c...')\n#16 \/var\/www\/nextcloud\/settings\/Controller\/CheckSetupController.php(414): OC\\Settings\\Controller\\CheckSetupController->isInternetConnectionWorking()\n#17 [internal function]: OC\\Settings\\Controller\\CheckSetupController->check()\n#18 \/var\/www\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(160): call_user_func_array(Array, Array)\n#19 \/var\/www\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(90): OC\\AppFramework\\Http\\Dispatcher->executeController(Object(OC\\Settings\\Controller\\CheckSetupController), 'check')\n#20 \/var\/www\/nextcloud\/lib\/private\/AppFramework\/App.php(114): OC\\AppFramework\\Http\\Dispatcher->dispatch(Object(OC\\Settings\\Controller\\CheckSetupController), 'check')\n#21 \/var\/www\/nextcloud\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php(47): OC\\AppFramework\\App::main('OC\\\\Settings\\\\Con...', 'check', Object(OC\\AppFramework\\DependencyInjection\\DIContainer), Array)\n#22 [internal function]: OC\\AppFramework\\Routing\\RouteActionHandler->__invoke(Array)\n#23 \/var\/www\/nextcloud\/lib\/private\/Route\/Router.php(299): call_user_func(Object(OC\\AppFramework\\Routing\\RouteActionHandler), Array)\n#24 \/var\/www\/nextcloud\/lib\/base.php(1000): OC\\Route\\Router->match('\/settings\/ajax\/...')\n#25 \/var\/www\/nextcloud\/index.php(40): OC::handleRequest()\n#26 {main}","File":"\/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/Exception\/RequestException.php","Line":51}","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0","version":"12.0.0.29"}
Browser log
Browser log
Content Security Policy: The page’s settings blocked the loading of a resource at http://cloud.example.com/index.php/apps/theming/logo?v=13 (“img-src https://cloud.example.com data: blob:”).