Bug 44845 - cannot use nextcloud if hostname does not match external DNS name
cannot use nextcloud if hostname does not match external DNS name
Status: NEEDMOREINFO
Product: UCS
Classification: Unclassified
Component: App Center
UCS 4.2
Other Linux
: P5 normal (vote)
: ---
Assigned To: App Center maintainers
App Center maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-23 08:33 CEST by Daniel Tröder
Modified: 2019-08-26 15:56 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 4: A User would return the product
User Pain: 0.229
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Tröder univentionstaff 2017-06-23 08:33:31 CEST
I setup a DC master on a root server with a public IP. The hostname known in public DNS is nc.external.name. I can connect to the DC masters UMC through https://nc.external.name. The name that the DC master got during system setup is nc.mydom.local.

Then I installed the nextcloud app. It was installed in a docker container.

------------------ Sidenote (not this bug): --------------------
I had installed it on the command line, and it said that the join script did run:

Installing join script /var/cache/univention-appcenter/appcenter.software-univention.de/4.1/nextcloud_20170512120050.inst
univention-run-join-scripts: runs all join scripts existing on local computer.
[..]
Running 50nextcloud.inst done
[..]

But when I logged into the UMC, it was pending. I ran it again. The join.log clearly shows, that it did run the first time already.
--------------------------------------------------------------

Anyway - this bug is about this:

When I go to the portal, I cannot log into nextcloud, because the link goes to the internal DNS nc.mydom.local which is unknown on the internet.

Thus I went to the LDAP browser and added an entry to the portal_entry object, that points to the external hostname that I use to connect to the masters UMC. Now I have a second portal link to nextcloud (one with internal DNS, one with external DNS). If I click the new link I get to the nextcloud page. And here is the problem. The page displays:
--------------------------------------------------------------
You are accessing the server from an untrusted domain.
Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domains" setting in config/config.php. An example configuration is provided in config/config.sample.php.	
Depending on your configuration, as an administrator you might also be able to use the button below to trust this domain.
--------------------------------------------------------------

There is a button "Add "nc.external.name" as trusted domain", but it is a link with the internal DNS (https://master.mydom.local/nextcloud/index.php/settings/admin?trustDomain=nc.<external name>)

If I copy&paste the link and replace https://master.mydom.local/... with https://nc.external.name/ I end up on the same page.

If I log into the UCS, I cannot edit the config/config.php*, because it is in the docker container.

→ nextcloud app cannot be used on a server where internal name != external name.
Comment 1 Daniel Tröder univentionstaff 2017-06-24 13:25:24 CEST
After fixing this problem by adding master.mydom.local to my /etc/hosts, I don't get the "untrusted domain" problem anymore.

But login is still not possible. The reason is (also why the join script never finished), that in the containers /etc/resolv.conf Googles two nameservers (8.8.8.8, 8.8.4.4) are configured. Those cannot resolve master.mydom.local, and thus nextcould cannot access the LDAP on the host.

After adding the master to /etc/hosts and a nameserver to /etc/resolv.conf, login to nextcloud works.

→ fix /etc/resolv.conf
Comment 2 Nico Gulden univentionstaff 2019-08-26 14:19:03 CEST
Which /etc/resolv.conf do you mean? The one in the Nextcloud container?