Owncloud X trusted domain error from outside


#1

Hello all,
I started a new fresh installation of owncloud univention appliance some days ago, I configured my public domain with the public IP of my firewall (Sophos UTM 9 virtual appliance) and I added a WAF configuration to access my onwcloud server.
But it’s not working, I have continuously the trusted domain error message but my domain and the public IP are set into the config.php file.

Expected behaviour

I should have access to owncloud from outside

Actual behaviour

I have the error message :
You are accessing this server with an untrusted domain.
Please contact your administrator. If you are an administrator of this instance, configure the “trusted_domains” setting in config/config.php. …

Server configuration

Operating system:
UCS Version: 4.3-3 errata410
UMC Version : 10.0.6-18A~4.3.0.201901151044

Web server: apache2

Database: mysql

PHP version: php 7.x

ownCloud version: (see ownCloud admin page) 10.0.10.4

Updated from an older ownCloud or fresh install: fresh install

The content of config/config.php:

“config”: {
“apps_paths”: [
{
“path”: “/var/www/owncloud/apps”,
“url”: “/apps”,
“writable”: false
},
{
“path”: “/var/www/owncloud/custom”,
“url”: “/custom”,
“writable”: true
}
],
“trusted_domains”: [
cloud.mydomain.net
],
“datadirectory”: “/var/lib/univention-appcenter/apps/owncloud/data/files”,
“dbtype”: “mysql”,
“dbhost”: “172.17.42.1:3306”,
“dbname”: “owncloud”,
“dbuser”: “REMOVED SENSITIVE VALUE”,
“dbpassword”: “REMOVED SENSITIVE VALUE”,
“dbtableprefix”: “oc_”,
“log_type”: “owncloud”,
“supportedDatabases”: [
“sqlite”,
“mysql”,
“pgsql”
],
“upgrade.disable-web”: true,
“default_language”: “fr”,
“overwrite.cli.url”: “http://cloud.mydomain.net/owncloud”,
“htaccess.RewriteBase”: “/owncloud”,
“logfile”: “/var/lib/univention-appcenter/apps/owncloud/data/files/owncloud.log”,
“loglevel”: 2,
“memcache.local”: “\OC\Memcache\APCu”,
“filelocking.enabled”: true,
“passwordsalt”: “REMOVED SENSITIVE VALUE”,
“secret”: “REMOVED SENSITIVE VALUE”,
“version”: “10.0.10.4”,
“logtimezone”: “UTC”,
“installed”: true,
“instanceid”: “octy6gxpgen3”,
“log_rotate_size”: 104857600,
“onlyoffice”: {
“verify_peer_off”: true
},
“trusted_proxies”: [
“172.17.42.1”
]
},

List of activated apps:
There is no application installed yet

Are you using external storage, if yes which one: local/smb/sftp/…
No external storage used

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: Chrome - Edge - Firefox

Operating system: Windows

Logs

ownCloud log (data/owncloud.log)

{"reqId":"mR446UHoQ32WjhSfmnP9","level":2,"time":"2019-01-29T21:50:18+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"08efctfudlbhWs7LcXk2","level":2,"time":"2019-01-29T21:50:19+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/core\/js\/oc.js?v=dc144562d9252b20c8c59b2ed91037a2","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"QJFnuQIWoD3qq1snQ2Fb","level":2,"time":"2019-01-29T21:55:36+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"IjeUqqlQ7yNyx2YouKxR","level":2,"time":"2019-01-29T21:55:36+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/core\/js\/oc.js?v=dc144562d9252b20c8c59b2ed91037a2","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"Kk8JTD4Mi57GgYtaEr9j","level":2,"time":"2019-01-29T21:55:38+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"KlsHC1r8oZQ2xQTENl7b","level":2,"time":"2019-01-29T21:55:39+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/core\/js\/oc.js?v=dc144562d9252b20c8c59b2ed91037a2","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"9de8brttaYJYOxVYZhKu","level":2,"time":"2019-01-29T21:55:40+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"NxD2xRQSwBrcgLi2FsjJ","level":2,"time":"2019-01-29T21:55:40+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/core\/js\/oc.js?v=dc144562d9252b20c8c59b2ed91037a2","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"2OJl6rYU7sr1M40zW4jr","level":2,"time":"2019-01-29T22:01:33+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"bV8qdWOoba3FfDVOfSEZ","level":2,"time":"2019-01-29T22:01:33+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/core\/js\/oc.js?v=dc144562d9252b20c8c59b2ed91037a2","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"6a7BdXMfUVyKAOF9K4JH","level":2,"time":"2019-01-29T22:02:28+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"PPBlUOFVoOyWGqQ8J4Zq","level":2,"time":"2019-01-29T22:02:29+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/core\/js\/oc.js?v=dc144562d9252b20c8c59b2ed91037a2","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"i8XQmYEvKR1kHcDvv8Wb","level":2,"time":"2019-01-29T22:02:39+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"1cXRgO3dynfeD2OKUVby","level":2,"time":"2019-01-29T22:02:39+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/core\/js\/oc.js?v=dc144562d9252b20c8c59b2ed91037a2","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"68gxJfiAn1sJuPz1vHk5","level":2,"time":"2019-01-29T22:03:49+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"CpHcckq6NBruTBGy3six","level":2,"time":"2019-01-29T22:03:49+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/core\/js\/oc.js?v=dc144562d9252b20c8c59b2ed91037a2","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"3uj24b3ULpCs9v4H5DEk","level":2,"time":"2019-01-29T22:04:21+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"WnxLAMq1cTWEGx23a3KZ","level":2,"time":"2019-01-29T22:04:22+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/core\/js\/oc.js?v=dc144562d9252b20c8c59b2ed91037a2","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"0gH221I4JvCPepzJsL0w","level":2,"time":"2019-01-29T22:19:22+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"aQd5Jf4wOlWTHlh4qliM","level":2,"time":"2019-01-29T22:34:22+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"QLGpry187KvutkAPEtzg","level":2,"time":"2019-01-29T22:49:23+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"mE6GigPjKOBbWetuwveC","level":2,"time":"2019-01-29T23:04:23+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"j4IhbjzRLCy1CkZhA9f6","level":2,"time":"2019-01-29T23:19:24+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"G8xrUji4192D2QK2kHCz","level":2,"time":"2019-01-29T23:34:24+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"akhzN6g3seGVWcq9yjwF","level":2,"time":"2019-01-29T23:49:24+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"a0LkXHvbhyFiIdMwyrK9","level":2,"time":"2019-01-30T00:04:25+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"FAuF5kCo1VBci3RRaAYB","level":2,"time":"2019-01-30T13:50:00+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"PFiZRTsOzJ0A220nmxg1","level":2,"time":"2019-01-30T14:05:01+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"FfpN81JmLnYWKQdb08l6","level":2,"time":"2019-01-30T14:20:02+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"2XmZj0duo7BpTUw7AzVX","level":2,"time":"2019-01-30T14:35:04+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"PeIkR0BbppZaY9W98sLW","level":2,"time":"2019-01-30T14:50:04+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"xsRBNWNPhMiHJ10INU6q","level":2,"time":"2019-01-30T15:05:10+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"AjVAphmX39WQKpgvvdJo","level":2,"time":"2019-01-30T15:20:11+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"oL49zGhXj0dIZCsRrK8r","level":2,"time":"2019-01-30T15:35:11+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"3vpFCBvQnViNQE7OTYX1","level":2,"time":"2019-01-30T15:50:12+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"EoPa6hvOEcApCA3xCRsu","level":2,"time":"2019-01-30T16:05:14+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"cKncInxhgeMjMU0lNrzB","level":2,"time":"2019-01-30T16:20:15+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"ehtXpMpPFZjMudQ4lMBy","level":2,"time":"2019-01-30T16:22:08+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"sQcntdkQa01YGKbsTVOZ","level":2,"time":"2019-01-30T16:22:09+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/core\/js\/oc.js?v=dc144562d9252b20c8c59b2ed91037a2","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"OcAvVDmahV0koczlfya7","level":2,"time":"2019-01-30T16:22:14+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"HzifCrnntAAhykSW6i1V","level":2,"time":"2019-01-30T16:22:15+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/core\/js\/oc.js?v=dc144562d9252b20c8c59b2ed91037a2","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"kOiuJWh5YgRpTZiulEeW","level":2,"time":"2019-01-30T16:22:17+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"GET","url":"\/owncloud\/","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"Z0Q4znLauPUwZHxrx76A","level":2,"time":"2019-01-30T16:37:16+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"4QzhsqZGfj8dwATXwiDB","level":2,"time":"2019-01-30T16:52:19+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"X3XKoE5qlNZPpa69VE6C","level":2,"time":"2019-01-30T17:07:21+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"70UhPwFaBgNWHLLBB53c","level":2,"time":"2019-01-30T17:22:22+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"xJRaS7KiEWWvkeNmVTkx","level":2,"time":"2019-01-30T17:37:22+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}
{"reqId":"pqVeaOtLLLvKH0sC9u3H","level":2,"time":"2019-01-30T17:52:22+00:00","remoteAddr":"1.2.3.4","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"1.2.3.4\" tried to access using \"cloud.mydomain.net\" as host."}

#2

Maybe you can try to disable the firewall to check if it’s causing problems. It’s possible that the firewall is removing or modifying some of the http request headers, and the detection of the ip or domain isn’t working properly because of that.

Ideally, if you have “could.mydomain.net” as trusted domain, you should be able to connect to ownCloud using that domain, like “https://cloud.mydomain.net/owncloud” (or similar). If you still have a trusted domain error from ownCloud, maybe it’s because ownCloud isn’t detecting that you’re accessing with that domain.


#3

thanks for your reply, I tested with and without the firewall and I have the same result, but internally I tested with my own DNS server where I created a record cloud.domain.net who resolve the local IP and it’s working fine.
It’s a really strange issue.


#4

The code performing the check is around https://github.com/owncloud/core/blob/a7cfcab115f7acd1f9199859469bf16ba6aac05e/lib/base.php#L688 and the function should be https://github.com/owncloud/core/blob/eadbb98f23841e3287f2f684fd38e5993865b622/lib/private/AppFramework/Http/Request.php#L740

Maybe you can play around and check what the server is receiving and what are the differences.

I guess the IP reaching the server is the one of the firewall instead if the public domain. I don’t know if you can configured the public domain pointing to the ownCloud server and somehow put a firewall in between. As said, it’s possible that the one making the request to the ownCloud server is the server where the firewall is, and this is what is confusing ownCloud.


#5

Hi,
I checked the link you posted, and good news, I found 1 setting “overwritehost” I set it in my config.php file and now it’s working perfectly.
Thanks for your help