Desktop Client 403 Forbidden - web/ios/android are working

Calle · September 13, 2024, 10:09am

Steps to reproduce

Start desktop client
Add new account
Insert selfhosted address (tested both IP and hostname)
Click on open browser to login

Expected behaviour

Should be directed to login screen.

Actual behaviour

Browser opens page with “403 Forbidden openresty”.

Server configuration

Operating system: Ubuntu server 22

Web server: 8.0.5

Database:

PHP version:

ownCloud version: 5.0.7

Updated from an older ownCloud or fresh install:

Where did you install ownCloud from: Official link

The content of config/config.php:
OCIS_URL=https://ocis.my.domain
PROXY_HTTP_ADDR=192.168.1.206:9200
PROXY_TLS=false
OCIS_INSECURE=false

Are you using external storage, if yes which one: local/smb/sftp/…
No.

Are you using encryption: yes/no
No

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…
No

Client configuration

Browser:
Chrome/Firefox/Edge, tested them all.

Operating system:
Windows 11 Pro

Logs

ownCloud log (data/owncloud.log)

{"level":"debug","service":"gateway","service":{"name":"com.owncloud.api.gateway","version":"5.0.7","metadata":null,"endpoints":[],"nodes":[{"metadata":{"protocol":"grpc","registry":"cache","server":"grpc","t>{"level":"debug","service":"storage-users","service":{"name":"com.owncloud.api.storage-users","version":"5.0.7","metadata":null,"endpoints":[],"nodes":[{"metadata":{"protocol":"grpc","registry":"cache","serve>{"level":"debug","service":"storage-publiclink","service":{"name":"com.owncloud.api.storage-publiclink","version":"5.0.7","metadata":null,"endpoints":[],"nodes":[{"metadata":{"protocol":"grpc","registry":"cac>{"level":"debug","service":"auth-machine","service":{"name":"com.owncloud.api.auth-machine","version":"5.0.7","metadata":null,"endpoints":[],"nodes":[{"metadata":{"protocol":"grpc","registry":"cache","server">{"level":"debug","service":"app-provider","service":{"name":"com.owncloud.api.app-provider","version":"5.0.7","metadata":null,"endpoints":[],"nodes":[{"metadata":{"protocol":"grpc","registry":"cache","server">{"level":"debug","service":"groups","service":{"name":"com.owncloud.api.groups","version":"5.0.7","metadata":null,"endpoints":[],"nodes":[{"metadata":{"protocol":"grpc","registry":"cache","server":"grpc","tra>{"level":"debug","service":"auth-service","service":{"name":"com.owncloud.api.auth-service","version":"5.0.7","metadata":null,"endpoints":[],"nodes":[{"metadata":{"protocol":"grpc","registry":"cache","server">{"level":"debug","service":"sharing","service":{"name":"com.owncloud.api.sharing","version":"5.0.7","metadata":null,"endpoints":[],"nodes":[{"metadata":{"protocol":"grpc","registry":"cache","server":"grpc","t>{"level":"debug","service":"app-registry","service":{"name":"com.owncloud.api.app-registry","version":"5.0.7","metadata":null,"endpoints":[],"nodes":[{"metadata":{"protocol":"grpc","registry":"cache","server">{"level":"debug","service":"ocm","service":{"name":"com.owncloud.api.ocm","version":"5.0.7","metadata":null,"endpoints":[],"nodes":[{"metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport>{"level":"debug","service":"users","service":{"name":"com.owncloud.api.users","version":"5.0.7","metadata":null,"endpoints":[],"nodes":[{"metadata":{"protocol":"grpc","registry":"cache","server":"grpc","trans>{"level":"debug","service":"storage-system","service":{"name":"com.owncloud.api.storage-system","version":"5.0.7","metadata":null,"endpoints":[],"nodes":[{"metadata":{"protocol":"grpc","registry":"cache","ser>{"level":"debug","service":"storage-shares","service":{"name":"com.owncloud.api.storage-shares","version":"5.0.7","metadata":null,"endpoints":[],"nodes":[{"metadata":{"protocol":"grpc","registry":"cache","ser>{"level":"debug","service":"auth-basic","service":{"name":"com.owncloud.api.auth-basic","version":"5.0.7","metadata":null,"endpoints":[],"nodes":[{"metadata":{"protocol":"grpc","registry":"cache","server":"gr>{"level":"debug","service":"storage-system","service":{"name":"com.owncloud.web.storage-system","version":"5.0.7","metadata":null,"endpoints":[],"nodes":[{"metadata":{"protocol":"http","registry":"cache","ser>{"level":"debug","service":"ocm","service":{"name":"com.owncloud.web.ocm","version":"5.0.7","metadata":null,"endpoints":[],"nodes":[{"metadata":{"protocol":"http","registry":"cache","server":"http","transport>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"68c36b9ee3132ace018e78ed2909020f","method":"/cs3.gateway.v1beta1.GatewayAPI/Authenticate","time":"2024-09-13T12:03:07+02:00","line":"github>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"68c36b9ee3132ace018e78ed2909020f","method":"/cs3.auth.registry.v1beta1.RegistryAPI/GetAuthProviders","time":"2024-09-13T12:03:07+02:00","li>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"68c36b9ee3132ace018e78ed2909020f","user-agent":"grpc-go/1.62.0","from":"tcp://127.0.0.1:35614","uri":"/cs3.auth.registry.v1beta1.RegistryAP>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"68c36b9ee3132ace018e78ed2909020f","method":"/cs3.auth.provider.v1beta1.ProviderAPI/Authenticate","time":"2024-09-13T12:03:07+02:00","line":>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"68c36b9ee3132ace018e78ed2909020f","method":"/cs3.gateway.v1beta1.GatewayAPI/GetUserByClaim","time":"2024-09-13T12:03:07+02:00","line":"gith>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"68c36b9ee3132ace018e78ed2909020f","method":"/cs3.identity.user.v1beta1.UserAPI/GetUserByClaim","time":"2024-09-13T12:03:07+02:00","line":"g>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"68c36b9ee3132ace018e78ed2909020f","user-agent":"grpc-go/1.62.0","from":"tcp://127.0.0.1:35628","uri":"/cs3.identity.user.v1beta1.UserAPI/Ge>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"68c36b9ee3132ace018e78ed2909020f","user-agent":"grpc-go/1.62.0","from":"tcp://127.0.0.1:35604","uri":"/cs3.gateway.v1beta1.GatewayAPI/GetUs>{"level":"info","service":"storage-system","pkg":"rgrpc","traceid":"68c36b9ee3132ace018e78ed2909020f","time":"2024-09-13T12:03:07+02:00","line":"github.com/cs3org/reva/v2@v2.19.7/internal/grpc/services/authpr>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"68c36b9ee3132ace018e78ed2909020f","user-agent":"grpc-go/1.62.0","from":"tcp://127.0.0.1:35624","uri":"/cs3.auth.provider.v1beta1.ProviderAP>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"68c36b9ee3132ace018e78ed2909020f","user-agent":"grpc-go/1.62.0","from":"tcp://127.0.0.1:35604","uri":"/cs3.gateway.v1beta1.GatewayAPI/Authe>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"68c36b9ee3132ace018e78ed2909020f","user-agent":"grpc-go/1.62.0","from":"tcp://127.0.0.1:35632","uri":"/cs3.permissions.v1beta1.PermissionsA>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"68c36b9ee3132ace018e78ed2909020f","user-agent":"grpc-go/1.62.0","from":"tcp://127.0.0.1:35598","uri":"/cs3.storage.provider.v1beta1.Provide>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"e85258ac2c24d8cb6ba5e5d62397063a","method":"/cs3.gateway.v1beta1.GatewayAPI/Authenticate","time":"2024-09-13T12:03:07+02:00","line":"github>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"e85258ac2c24d8cb6ba5e5d62397063a","method":"/cs3.auth.registry.v1beta1.RegistryAPI/GetAuthProviders","time":"2024-09-13T12:03:07+02:00","li>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"e85258ac2c24d8cb6ba5e5d62397063a","user-agent":"grpc-go/1.62.0","from":"tcp://127.0.0.1:35614","uri":"/cs3.auth.registry.v1beta1.RegistryAP>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"e85258ac2c24d8cb6ba5e5d62397063a","method":"/cs3.auth.provider.v1beta1.ProviderAPI/Authenticate","time":"2024-09-13T12:03:07+02:00","line":>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"e85258ac2c24d8cb6ba5e5d62397063a","method":"/cs3.gateway.v1beta1.GatewayAPI/GetUserByClaim","time":"2024-09-13T12:03:07+02:00","line":"gith>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"e85258ac2c24d8cb6ba5e5d62397063a","method":"/cs3.identity.user.v1beta1.UserAPI/GetUserByClaim","time":"2024-09-13T12:03:07+02:00","line":"g>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"e85258ac2c24d8cb6ba5e5d62397063a","user-agent":"grpc-go/1.62.0","from":"tcp://127.0.0.1:35628","uri":"/cs3.identity.user.v1beta1.UserAPI/Ge>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"e85258ac2c24d8cb6ba5e5d62397063a","user-agent":"grpc-go/1.62.0","from":"tcp://127.0.0.1:35604","uri":"/cs3.gateway.v1beta1.GatewayAPI/GetUs>{"level":"info","service":"storage-system","pkg":"rgrpc","traceid":"e85258ac2c24d8cb6ba5e5d62397063a","time":"2024-09-13T12:03:07+02:00","line":"github.com/cs3org/reva/v2@v2.19.7/internal/grpc/services/authpr>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"e85258ac2c24d8cb6ba5e5d62397063a","user-agent":"grpc-go/1.62.0","from":"tcp://127.0.0.1:35624","uri":"/cs3.auth.provider.v1beta1.ProviderAP>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"e85258ac2c24d8cb6ba5e5d62397063a","user-agent":"grpc-go/1.62.0","from":"tcp://127.0.0.1:35604","uri":"/cs3.gateway.v1beta1.GatewayAPI/Authe>{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"e85258ac2c24d8cb6ba5e5d62397063a","user-agent":"grpc-go/1.62.0","from":"tcp://127.0.0.1:35598","uri":"/cs3.storage.provider.v1beta1.Provide>{"level":"debug","service":"frontend","service":{"name":"com.owncloud.web.frontend","version":"5.0.7","metadata":null,"endpoints":[],"nodes":[{"metadata":{"protocol":"http","registry":"cache","server":"http",>{"level":"debug","service":"gateway","pkg":"rgrpc","traceid":"7a8c1791a7d3a3416ddcce6b7b30ffef","method":"/cs3.gateway.v1beta1.GatewayAPI/AddAppProvider","time":"2024-09-13T12:03:09+02:00","line":"github.com/>{"level":"debug","service":"app-registry","pkg":"rgrpc","traceid":"7a8c1791a7d3a3416ddcce6b7b30ffef","method":"/cs3.app.registry.v1beta1.RegistryAPI/AddAppProvider","time":"2024-09-13T12:03:09+02:00","line":">{"level":"debug","service":"app-registry","pkg":"rgrpc","traceid":"7a8c1791a7d3a3416ddcce6b7b30ffef","user-agent":"grpc-go/1.62.0","from":"tcp://127.0.0.1:39890","uri":"/cs3.app.registry.v1beta1.RegistryAPI/A>{"level":"debug","service":"gateway","pkg":"rgrpc","traceid":"7a8c1791a7d3a3416ddcce6b7b30ffef","user-agent":"grpc-go/1.62.0","from":"tcp://127.0.0.1:48910","uri":"/cs3.gateway.v1beta1.GatewayAPI/AddAppProvid>

I’ve found this topic (Desktop Client 403 Forbidden - Web and mobile are working) but their solution with adding “proxy_set_header Host $host;” to Nginx Proxy Manager’s Custom Nginx Configuration doesn’t work for me.

Calle · September 14, 2024, 1:15pm

I guess the problem is that ‘PROXY_HTTP_ADDR=192.168.1.206:9200’ is not set to localhost but local IP (I can’t get it to work with localhost) and that the desktop client is redirecting to 127.0.0.1? Is it possible to change the redirect url within the config-file?

zino · October 28, 2024, 8:31pm

@Calle Did you ever manage to fix this issue?

Calle · October 28, 2024, 9:36pm

No, I didn’t spend more time trying to fix it but I think it’s more of an nginx problem and not ocis.