Hi, I have a docker-compose setup very similar to what is described in this blogpost.
Now I want to setup the picoCMS app. It recommends to proxy /sites/ to example.org/index.php/apps/cms_pico/pico/. Now this is where my problems begin.
(I replaced my domain with “example.org” in this post for security reasons.)
I created a ProxyPass rule for this in the apache config, and i can now access example.org/sites/test in the browser. But instead of showing me the picoCMS page, it shows me the following error message:
I already tried to add the ip the container has inside the docker network to trusted_proxies, but it didn’t help.
Steps to reproduce
- install picoCMS app
- create a test website in the backend: example.org/settings/personal?sectionid=cms_pico
- enable the proxy modules in the container:
a2enmod proxy_http proxy_connect proxy_ajp proxy_wstunnel proxy_balancer ssl - add the following lines to /etc/templates/apache.conf:
ProxyPass /sites/ https://example.org//index.php/apps/cms_pico/pico/
ProxyPassReverse /sites/ https://example.org//index.php/apps/cms_pico/pico/
SSLProxyEngine on
- restart the container:
docker-compose stop && docker-compose start - access the test website in the browser through the proxy shortcut: example.org/sites/test
(optional:) - add the following line to the docker-compose.yml:
- OWNCLOUD_TRUSTED_PROXIES=172.18.0.2 - rebuild the container with the trusted proxy setting:
docker-compose down
docker-compose up -d
sleep 15
docker-compose exec owncloud_owncloud_1 a2enmod proxy_http proxy_connect proxy_ajp proxy_wstunnel proxy_balancer ssl # you have to reactivate the apache modules for it to work
docker cp apache.conf owncloud_owncloud:/etc/templates/ # that's how you have to change the apache config
docker-compose stop # restart the container this way, because you can't restart only apache2
docker-compose start
Expected behaviour
It displays the test website at example.org/sites/test.
Actual behaviour
It shows the following error:
"You are accessing the server from an untrusted domain.
Please contact your administrator. If you are an administrator of this instance, configure the “trusted_domains” setting in config/config.php. An example configuration is provided in config/config.sample.php or at the documentation."
Server configuration
Operating system: Debian GNU/Linux 9.8 (stretch)
Web server: Apache2 2.4.29
Database: mysql Ver 15.1 Distrib 10.3.13-MariaDB, for Linux (x86_64) using readline 5.1
PHP version: 7.2.10
ownCloud version: 10.0.10
Updated from an older ownCloud or fresh install: fresh install
Where did you install ownCloud from: docker-hub: owncloud/server:latest
Signing status (ownCloud 9.0 and above):
- cms_pico
- FILE_MISSING
- vendor/ezyang/htmlpurifier/maintenance/.htaccess
- vendor/picocms/pico/.htaccess
- EXTRA_FILE
- vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/URI/4.9.3,3478238e680361cd87bf880f5b3cc50a1e7abc6c,1.ser
- vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/HTML/4.9.3,42d2529d2d2aa4f137a4d6d6292a92e3ee82eb86,1.ser
- vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer/CSS/4.9.3,4114918a13a428a8482a8a449792a5a8747582b5,1.ser
The content of config/config.php:
{
"basic": {
"license key": "***REMOVED SENSITIVE VALUE***",
"date": "Thu, 09 May 2019 17:05:06 +0000",
"ownCloud version": "10.0.10.4",
"ownCloud version string": "10.0.10",
"ownCloud edition": "Community",
"server OS": "Linux",
"server OS version": "Linux f45effbbb176 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64",
"server SAPI": "apache2handler",
"webserver version": "Apache",
"hostname": "example.org",
"logged-in user": "admin"
},
"stats": {
"users": {
"Database": {
"count": 28,
"seen": 17,
"logged in (30 days)": 7
}
},
"groups": {
"OC\\Group\\Database": 3
}
},
"config": {
"apps_paths": [
{
"path": "\/var\/www\/owncloud\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/owncloud\/custom",
"url": "\/custom",
"writable": true
}
],
"trusted_domains": [
"example.org"
],
"trusted_proxies": [
"172.18.0.2"
],
"datadirectory": "\/mnt\/data\/files",
"dbtype": "mysql",
"dbhost": "db:3306",
"dbname": "owncloud",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"dbtableprefix": "oc_",
"log_type": "owncloud",
"supportedDatabases": [
"sqlite",
"mysql",
"pgsql"
],
"upgrade.disable-web": true,
"default_language": "en",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": 25,
"mail_smtpsecure": "tls",
"mail_smtpauth": true,
"mail_smtpauthtype": "LOGIN",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"overwrite.cli.url": "http:\/\/example.org\/",
"htaccess.RewriteBase": "\/",
"logfile": "\/mnt\/data\/files\/owncloud.log",
"loglevel": 2,
"memcache.local": "\\OC\\Memcache\\APCu",
"mysql.utf8mb4": "true",
"filelocking.enabled": true,
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "redis",
"port": "6379"
},
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"version": "10.0.10.4",
"logtimezone": "UTC",
"installed": true,
"instanceid": "ocyjcpub7drj",
"maintenance": false,
"singleuser": false
},
[...]
List of activated apps:
Enabled:
- cms_pico: 0.9.7
- comments: 0.3.0
- configreport: 0.1.1
- contacts: 1.5.5
- dav: 0.4.0
- federatedfilesharing: 0.3.1
- federation: 0.1.0
- files: 1.5.1
- files_external: 0.7.1
- files_pdfviewer: 0.10.0
- files_sharing: 0.11.0
- files_texteditor: 2.3.0
- files_trashbin: 0.9.1
- files_versions: 1.3.0
- files_videoplayer: 0.9.8
- firstrunwizard: 1.1
- gallery: 16.1.1
- market: 0.2.5
- notifications: 0.3.5
- provisioning_api: 0.5.0
- systemtags: 0.3.0
- updatenotification: 0.2.1
Disabled:
- encryption
- external
- user_external
- user_ldap
Are you using external storage, if yes which one: no
Are you using encryption: no
Are you using an external user-backend, if yes which one: no
Client configuration
Browser: Firefox 66.0.4
Operating system: Ubuntu 18.04
Logs
owncloud_1_2c50e71a2fd4 | 2019-05-09T17:12:18.561978999Z 172.18.0.2 - - [09/May/2019:17:12:18 +0000] "GET //index.php/apps/cms_pico/pico/copyleft HTTP/1.1" 400 7495 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0"
owncloud_1_2c50e71a2fd4 | 2019-05-09T17:12:18.562420815Z 172.18.0.2 - - [09/May/2019:17:12:18 +0000] "GET /sites/copyleft HTTP/1.1" 400 7495 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0"