Docker-compose multiple trusted domains issue

Server
1

Bit of advance info - I’ve been using Owncloud via docker-compose now for over 12 months, able to access it locally via LAN (IP:port) and remotely with a reverse proxy on my domain. I updated the owncloud/server:latest image today after it was pushed, and I started having trusted domain issues.

Steps to reproduce

  1. Update image to latest
  2. Attempt access locally on LAN - get the ‘You are accessing the server from an untrusted domain’ page
  3. Attempt to access remotely via domain - get the same ‘You are accessing the server from an untrusted domain’ page
  4. Modify config.php in files/config/config.php to add server IP and domain, still get the same untrusted page response on both
  5. Add - OWNCLOUD_TRUSTED_DOMAINS=[IP] [domain] (actual IP and domain used) to environment in docker-compose.yml
  6. Still no access
  7. Change syntax of - OWNCLOUD_TRUSTED_DOMAINS= to add " marks around the two different domain
  8. Still no access
  9. Try separating the domains with commas, with and without " marks
  10. Still no access
  11. Making changes to config.php doesn’t seem to do anything
  12. Attempt single domain as server IP
  13. Can access locally but not remotely
  14. Change domain to personal subdomain
  15. Can access remotely but not locally

Expected behaviour

Access is possible both locally and remotely based on either docker-compose env variable or because they’re included in config.php

Actual behaviour

Changes to trusted-domains array in config.php doesn’t seem to have any effect, and only one entry in the docker-compose OWNCLOUD_TRUSTED_DOMAINS seems possible

Server configuration

Operating system:
Synology DSM

Web server:
nginx

Database:
MariaDB:10.5

PHP version:
7.4.3 (as per php -v once bashed into the container)

ownCloud version: (see ownCloud admin page)
10.11.0

Updated from an older ownCloud or fresh install:
Update

Where did you install ownCloud from:
docker image owncloud/server:latest

Signing status (ownCloud 9.0 and above):
No errors have been found

The content of config/config.php: (fyi this is over 10k lines, not sure what to remove here though)
gist=BackedUpBooty/5429d2f2f7094bac71e6a96b748d4044 (this is only from when I had local access, I can’t access it when I add more than one domain to the trusted domains variable in docker-compose)

Are you using external storage, if yes which one: local/smb/sftp/…
No

Are you using encryption: yes/no
No

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…
No

Client configuration

Browser:
Chrome

Operating system:
Win11

Logs

Web server error log

gist=BackedUpBooty/14cba95720e0922c00de3d46d3bf4047 (for today)

ownCloud log (data/owncloud.log)

gist=BackedUpBooty/e988541afe423f743c6cc4e1ca5b4d73 (public IPs and domain name redacted)

2

I am having the exact same problem since this afternoon and also an similar setup.

3

Hi, how have you tried to add multiple entries to OWNCLOUD_TRUSTED_DOMAINS? This need to be a comma-separated list without whitespace.

Modify config.php in files/config/config.php to add server IP and domain, still get the same untrusted page response on both

You would have to replace the line 'trusted_domains' => explode(',', getenv('OWNCLOUD_TRUSTED_DOMAINS')), from the config/overwrite.config.php file, but this should only be used for testing.

How does your reverse proxy/compose deployment look like? Is your reverse proxy part of the compose stack or external running on the same host or on a remote host?

Example:

This starts a basic container and expose it to my local machine. Multiple trusted domains are configured using the env var, and I’m able to access the container via localhost:8000 and 10.168.64.122:8000

docker run -p 8000:8080 -e OWNCLOUD_TRUSTED_DOMAINS=10.168.64.122,localhost -it owncloud/server

Check applied config from occ config report:

docker exec -it heuristic_golick occ config:system:get trusted_domains --output json
["10.168.64.122","localhost"]

If your reverse proxy is part of the compose stack and is doing something like this proxy_pass <container_name>:8080; you have to add <container_name> to the trusted domain list as well.

2 Likes
4

Thanks @rkaussow for your answer. Indeed, I added my domains to the env var OWNCLOUD_TRUSTED_DOMAINS, after seeing the explode function. But only adding the container to OWNCLOUD_TRUSTED_DOMAINS did not work, although my reverse proxy is part of my compose stack.

5

Correct, all components somehow access the ownCloud container need to be added. If the reverse proxy is part of the compose stack, and it is using the oC container name for the proxy pass, this needs to be added in any case. But as you will access oC via an external domain configured in the vhost of your reverse proxy, this domain need to be added as well.

1 Like
6

Of course this was the only option I neglected to try. Thanks for the quick reply, comma separated without whitespace (in the docker-compose.yml) works now both locally and remotely. I did try and see if there was guidance for this in the documentation but wasn’t able to find any, the only mention of multiple trusted domains was in the config.php.

As you asked about reverse proxy, no it’s not part of the same container stack, I have SWAG running in a separate stack with all required containers connected on a dedicated ‘proxy’ docker network.

7

Good point, will try to improve it :+1:

1 Like
8

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.