Untrusted domains, local network

Luka1 · March 2, 2019, 10:59am

Hello everyone. I’m a noob at Linux and I set up Ubuntu desktop as a server and installed owncloud. When connecting from outside of my local network I can connect fine if I added the domain in the config.php file. I added the local 192.168.1.11 - my laptop, but with it when I connect to https://192.168.1.12 I am greeted with untrusted domain. In the apache log I confirmed that the connecting computer’s ip is 192.168.1.11 That is my first issue.

Second issue: I cannot add domains in the settings when I log into owncloud on my server machine. It just refreshes when I hit enter. Also no domains that I added in the config.php are listed there.

Third issue: I don’t understand how trusted domains work when I use my laptop at the school’s wifi network. Do I have to add each single different IP I will connect from to the php beforehand? That seems very tedious to me. I’d rather have it open to all domains so I can connect from everywhere normally. I understand that this is probably terrible from a security standpoint. But Dropbox allows me to log in from everywhere.

All this is very complex and hard to me still, I appreciate all the help, thank you!

Luka

alfredb · March 2, 2019, 11:34am

Yes, this might be because the two IPs differ.

You should give more info, eg your config.php

alfredb · March 2, 2019, 1:23pm

You should have something like:

 'trusted_domains' => array (
    0 => 'my.external.domain',
    1 => 'internal domain or ip',
  ),

Please note, that both are related to the server, not the accessing client.

Luka1 · March 2, 2019, 3:15pm

This is m config:

<?php
$CONFIG = array (
  'updatechecker' => false,
  'instanceid' => 'ocjl5t1z8miu',
  'passwordsalt' => '3mHDjYKIENgeNt99h1BiQMWQJ/HaBC',
  'secret' => 'oOYKTREu7OvTSy5tIJhB6Y4nQBckaKU8mWx+2zLCGGjiBuLf',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => '95.176.169.149',
    2 => '192.168.1.11','192.168.1.7'
  ),
  'datadirectory' => '/var/www/owncloud/data',
  'overwrite.cli.url' => 'https://localhost',
  'dbtype' => 'mysql',
  'version' => '10.1.0.4',
  'dbname' => 'owncloud',
  'dbhost' => 'localhost',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'owncloud',
  'dbpassword' => 'Sadni tekoci jogurt ananas in kokos 1,1%',
  'logtimezone' => 'UTC',
  'installed' => true,
  'mail_domain' => 'server.com',
  'mail_from_address' => 'server',
  'mail_smtpmode' => 'php',
);

alfredb · March 2, 2019, 3:20pm

Please remove passwords and other secret stuff!

alfredb · March 2, 2019, 3:23pm

I assume this is wrong, only one IP per line.

Try this

 'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => '95.176.169.149',
    2 => '192.168.1.12',
  ),

Assuming that

‘95.176.169.149’ is your external IP
‘192.168.1.12’ is your internal IP, as stated above.

Bernard_Gelly · August 16, 2020, 6:07pm

Thanks alfredb, your were right (of course), but as I have been stumbling on the same problem the last two hours, I think there is an easy misunderstanding of what the ‘trusted_domains’ keyword exactly means. Just quoting: ‘both are related to the server, not the accessing client’ is true but also a bit cryptic.

People like myself will first think that ‘trusted_domains’ is their (client) ip or ip range, while it is not. ‘trusted_domains’ is actually what you type in your client browser to access your owncloud box e.g.:

‘localhost’ from your owncloud box itself
‘192.168.blah.blah’ from your home class C network computers
‘my.public.ip’ when accessing from the outside world

So basically there is only 3 (or rather 2) levels of denial of access provided (fine with me)… Maybe the evidence need to be rewritten a few times to become an evidence.

alfredb · August 17, 2020, 8:29am

Yes, maybe. But it’s well documented.