Docker reverse proxy http/https issue

Summary

I have several servers behind a single Apache2 server that I use as a reverse proxy making a central place for SSL termination, then everything behind the proxy uses http. OwnCloud lives behind this proxy. My ISP blocks port 80, so Apache only listens on 443/https. Any http requests to me hang as the packets are dropped

Basically what happens is owncloud’s login page links to http://owncloud.XYZ.org/apps/files/ because the docker container itself is configured without SSL. When setting up a reverse proxy, the guide assumes that port 80 is open and is able to redirect HTTP traffic to HTTPS, so when it links to an HTTP page then it will automatically redirect to HTTPS. Unfortunately for me that isnt true because my ISP drops packets on port 80.

If the login button simply redirected to /apps/files/ or apps/files/ then the user would not leave the HTTPS environment and people who’s ISPs block port 80 would not see any problem like this.

Steps to reproduce

  1. Set up http owncloud server in docker
  2. Create reverse proxy that terminates SSL and forwards http traffic from proxy to owncloud container
  3. Log in
  4. The log in page sends you to http://owncloud.XYZ.org/apps/files/ rather than https://owncloud.XYZ.org/apps/files/
    (if you had port 80 closed then the login page would hang)

Expected behaviour

Login sends the user to /apps/files/ would end up at https://owncloud.XYZ.org/apps/files/ and would allow me to keep port 80 closed

Actual behaviour

Login sends the user to http://owncloud.XYZ.org/apps/files/, and since my ISP drops packets on port 80, it hangs

Server configuration

Operating system:
Ubuntu 20.04 w/ docker

Web server:
Default from docker-compose project

Database:
Default from docker-compose project

PHP version:
Default from docker-compose project

ownCloud version: (see ownCloud admin page)
ownCloud 10.8.0 (stable)

Updated from an older ownCloud or fresh install:
I’ve been noticing this for a while (ie some previous versions too) but only diagnosed the issue today

Where did you install ownCloud from:
The docker-compose guide

Signing status (ownCloud 9.0 and above):
N/A

Hi duffyevan,

you can override the protocol in config.php with
'overwriteprotocol' => 'https',

see Config.php Parameters :: ownCloud Documentation

This tells ownCloud to create links with https protocol instead of http

Edit: You can set this value with occ as well, so for docker this would be
docker exec --user www-data <owncloud-container-name> php occ config:system:set overwriteprotocol --value=https

Thanks cortho, thats exactly what I am looking for! One last thing though, do you know if there is a way to specify config.php settings without having to shell into the docker container? ie, is there a way I could do it from the docker-compose.yml?

I could definitely create my own docker image with an extra step that enables that setting but if there is a way to do that it would make the update path easier

Of course this is possible as well, you’ll have to set the OWNCLOUD_OVERWRITE_PROTOCOL variable. A complete list of available variables is available at https://github.com/owncloud-docker/base

Keep in mind, when working with docker variables, those values cannot be changed at runtime, so you’ll have to re-create your docker (e.g. when you want to cahnge mailserver credentials or whatever config)

Perfect, thank you. I have my docker-compose.yml set up so that files and data map to a real directory on the host, so I can spin the container up and down without losing any files, so that is perfect, I can change the config then docker-compose down and docker-compose up

1 Like