One shared host with Owncloud 9 starts to refuse login(sporadically) after ~3 months of the first successful login.
Sometimes it works fine, but sometimes with no reasonable explanation pops up:
You are accessing the server from an untrusted domain.
Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domains" setting in config/config.php. An example configuration is provided in config/config.sample.php.
Depending on your configuration, as an administrator you might also be able to use the button below to trust this domain.
The instability happens only with the domain with Let's Encrypt DNS challenge validation. I tested with a subdomain validation certificate (*.sslblindado.com from GeoTrust) and it is estable.
There is only one installation of owncloud, but the DNS zone has 2 domains pointed to the installation: example.com.br with letsencript and example2.ssblindado.com with Geo Trust)
When it works I can identify Content-Encoding:gzip.
The host has 256 MB of memory, but OC9 users have files with 300K
Do you have any hint what is causing the login failure?
REgards
Murilo
Steps to reproduce Test1
1.https://example.com.br
Steps to reproduce Test2
1.https://example.com.br/index.php/core/js/oc.js?v=[...]
Expected behaviour
Test1
The login window to type: user an password
Test2 Expected a javascript like
var oc_debug=false;
var oc_isadmin=false;
var oc_dataURL=false;
var oc_webroot="";
... ... ...
Actual behaviour
Test1
OC9 shows a html page without login fields, but
You are accessing the server from an untrusted domain. ....
ask to add Client IP as trusted domain
Test2
OC9 shows a html page with
You are accessing the server from an untrusted domain. ....
Server configuration
Operating system:
Linux:1 4.1.8-1.el6.elrepo.x86_64
Web server:
uolhost.com.br
Database:
sqlite3
PHP version:
PHP Version 5.6.28
ownCloud version: (see ownCloud admin page)
9.1.4 (stable) , but same behavior with Version 10.0.2
Updated from an older ownCloud or fresh install:
No
Where did you install ownCloud from:
https://owncloud.org/install/
http://example.com/index.php/settings/integrity/failed
No errors have been found.
The content of config/config.php:
<?php
$CONFIG = array (
'theme' => 'AA',
'instanceid' => 'EDIT',
'passwordsalt' => 'EDIT',
'secret' => 'EDIT',
'trusted_domains' =>
array (
0 => 'www.example.com.br',
1 => 'example.com.br',
2 => 'example2.sslblindado.com',
),
'datadirectory' => '/var/www/html/example2.com.br/web/data',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/',
'overwrite.cli.url' => 'https://example.com.br',
'dbtype' => 'sqlite3',
'version' => '9.1.4.2',
'logtimezone' => 'America/Sao_Paulo',
'installed' => true,
'mail_smtpmode' => 'smtp',
'mail_from_address' => 'EDIT',
'mail_domain' => 'example.com.br',
'mail_smtpauth' => 1,
'mail_smtphost' => 'smtp.example.com.br',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpport' => '587',
'mail_smtpname' => 'user@example.com.br',
'mail_smtppassword' => 'EDIT',
'loglevel' => 2,
'enable_certificate_management' => true,
'singleuser' => false,
'versions_retention_obligation' => 'auto,30',
'memcache.local' => '\OC\Memcache\ArrayCache',
);
List of activated apps:
The process control (PCNTL) extensions are required in case you want to interrupt long running commands - see http://php.net/manual/en/book.pcntl.php
Enabled:
- activity: 2.3.2
- comments: 0.3.0
- configreport: 0.1.1
- dav: 0.2.7
- federatedfilesharing: 0.3.0
- federation: 0.1.0
- files: 1.5.1
- files_pdfviewer: 0.8.1
- files_sharing: 0.10.0
- files_texteditor: 2.1
- files_trashbin: 0.9.0
- files_versions: 1.3.0
- files_videoplayer: 0.9.8
- firstrunwizard: 1.1
- gallery: 15.0.0
- notifications: 0.3.0
- provisioning_api: 0.5.0
- systemtags: 0.3.0
- templateeditor: 0.1
- updatenotification: 0.2.1
Disabled:
- encryption
- external
- files_antivirus
- files_external
- user_external
- user_ldap
Are you using external storage, if yes which one: local/smb/sftp/...
NO
Are you using encryption: yes/no
YES
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
NO
Client configuration
Browser:
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
Operating system:
WIN10
Logs
Web server error log
Insert your webserver log hereownCloud log (data/owncloud.log)
{"reqId":"EDIT","remoteAddr":"123.321.123.321","app":"core","message":"Trusted domain error. \"123.321.123.321\" tried to access using \"123.321.123.321\" as host.","level":2,"time":"2017-08-04T17:44:42-03:00","method":"POST","url":"\/index.php\/heartbeat","user":"--"}
Browser log
Successful
Request URL:https://example.com.br/index.php/login
Request Method:GET
Status Code:200 OK
Remote Address:XXX.XXX.XXX.XXX:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Cache-Control:no-cache, must-revalidate
Connection:keep-alive
Content-Encoding:gzip
Content-Length:2096
Content-Security-Policy:default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'
Content-Type:text/html; charset=UTF-8
Date:Fri, 04 Aug 2017 19:58:08 GMT
Expires:Thu, 19 Nov 1981 08:52:00 GMT
Pragma:no-cache
Server:Apache
Strict-Transport-Security:max-age=15768000
X-Cache-Status:BYPASS
X-Content-Type-Options:nosniff
X-Download-Options:noopen
X-Frame-Options:SAMEORIGIN
X-Permitted-Cross-Domain-Policies:none
X-Robots-Tag:none
X-XSS-Protection:1; mode=block
Request Headers
view source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8,de;q=0.6,pt-BR;q=0.4,pt;q=0.2
Connection:keep-alive
Cookie:Edited
DNT:1
Host:example.com.br
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
Bad Request
Request URL:https://www.example.com.br/
Request Method:GET
Status Code:400 Bad Request
Remote Address:XXX.XXX.XXX.XXX:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection:keep-alive
Content-Length:6932
Content-Security-Policy:default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *
Content-Type:text/html; charset=UTF-8
Date:Fri, 04 Aug 2017 19:44:40 GMT
Expires:Thu, 19 Nov 1981 08:52:00 GMT
Pragma:no-cache
Server:Apache
Status:400 Bad Request
Strict-Transport-Security:max-age=15768000
X-Content-Type-Options:nosniff
X-Download-Options:noopen
X-Frame-Options:SAMEORIGIN
X-Permitted-Cross-Domain-Policies:none
X-Robots-Tag:none
X-XSS-Protection:1; mode=block
Request Headers
view source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8,de;q=0.6,pt-BR;q=0.4,pt;q=0.2
Cache-Control:max-age=0
Connection:keep-alive
Cookie:EDITED
DNT:1
Host:www.example.com.br
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36