Owcloud docker behind apache proxy Login Loop

Steps to reproduce

  1. install Owncloud docker image on an internal server
  2. Setup proxy on apache server facing to internet
  3. Login work normal when accessing to the docker directly
  4. Loop on the login page when trying to access via apache proxy

Expected behaviour

Expect to go pass the login page and accessing to the page with files

Actual behaviour

After entering correct login information the system blank the name and login and loop on the login page

Server configuration

vm Docker on Ubuntu 20.04
vm Apache on Ubuntu 20.04
Owncloud image 10.11

Web server:
Apache 2.4.41 (proxy)

Database:
MySql

PHP version:
Php 7.4.3

ownCloud version: (see ownCloud admin page)
10.11.0.6

fresh install (fresh immage)

Where did you install ownCloud from:
docker pull owncloud/server

Are you using encryption: yes/no
Yes

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…
No

Client configuration

Browser:
firefox

Operating system:
ubuntu 20.04

As login directly on the docker work I suppose the issue is with the Apache 2 proxy. Do we have an example of the correct setup ? What should I look for ?

Regards

Can you post your apache proxy configuration?
Personally I haven’t seen one of them in a long time.
I think the Univention Appliance uses apache as a reverse proxy internally, so perhaps you can try to find that.

Also have you checked whether there is something in the log files, when logging in through the proxy?
Check all logs:

  • Browser (dev console → network tab [-> export as .har])
  • Apache reverse proxy (access and error log)
  • Docker container logs (apache & owncloud)

Apache config
DocumentRoot /var/www/html
ServerName owncloud.objclt.ca
ErrorLog /var/www/objclt.ca/logs/owncloud.error.log
CustomLog /var/www/objclt.ca/logs/owncloud.access.log “combined”
<Directory “/var/www/html”>
allow from all
Options None
Require all granted
Dav Off

ProxyPreserveHost On
ProxyPass / http://10.1.1.100:8084/
ProxyPassReverse / http://10.1.1.100:8084/

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/owncloud.objclt.ca/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/owncloud.objclt.ca/privkey.pem
LogLevel alert

10.1.1.100 is the docker server. (VM)
192.168.1.150 is the owncloud internal docker address
10.1.1.40 is the apache server (VM)
External traffic is rooted to apache server via firewall rules

The issue is the same either if you access from internet or internally but is working if you log directly to the docker

Sorry I don’t see an option to upload a file here.
Sharing a Link

I hope you get all what you want !
Thank you

Hello,

firstly I’d advise you to have a look at the Reverse Proxy documentation
Secondly, maybe it comes from the fact you don’t send the X-Forwarded-Proto header to your ownCloud, so ownCloud tries to force HTTPS.
Cheers.

Hi,
Yes I spent many time on the documentation looking for useful tips. The documentation you are referring, is more a theory than a practical doc.Help me and may be we can use this case to make the documentation more practical. I saw quit few issues with “login Loop”.
The documentation said “you can set the following parameters inside the config/config.php.” ok can you give an example ? because the format of the config file an array ?

Regards,

Well, probably something like that:

<?php
$CONFIG = array (
  "trusted_proxies"   => ['10.0.0.1'],
);

Adapt it to your needs.

As this is a container setup, please never manipulate the config.php of the container manually and use the environment variables instead.

For trusted proxies, this needs to be a comma separated list if multiple proxies should be configured e.g. OWNCLOUD_TRUSTED_PROXIES=192.168.0.1,10.0.0.1

2 Likes

Finally I found the issue thank you @cs35 thank you @rkaussow

  1. The environment variables OWNCLOUD_TRUSTED_PROXIES was missing
  2. The apache proxy configuration was incorrect. Here is my current working configuration

DocumentRoot /var/www/html
ServerName owncloud.objclt.ca
ErrorLog /var/www/objclt.ca/logs/owncloud.error.log
CustomLog /var/www/objclt.ca/logs/owncloud.access.log “combined”
<Directory “/var/www/html”>
allow from all
Options None
Require all granted

ProxyPreserveHost On
ProxyPass / http://10.1.1.100:8084/
ProxyPassReverse / http://10.1.1.100:8084/
RequestHeader set X-Forwarded-Port “443”
RequestHeader set X-Forwarded-Proto “https”

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/owncloud.objclt.ca/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/owncloud.objclt.ca/privkey.pem
LogLevel info

2 Likes