Nextcloud trusted_domains always localhost only

Hello!

I have managed to succesfully install nextcloud, but the trusted_domains config stays as “localhost” no matter what I do.

A bit of background

  1. I have a zfs pool and dataset in /tank/apps
  2. I made the folder /tank/apps/nextcloud to keep all config and data there (chown to nextcloud:nextcloud)
  3. nextcloud-occ config:system:get trusted_domains returns localhost no matter what I do
  4. I have a pihole resolving my-domain.com to this local machine (192.168.1.219 aka “titan”) and the router delegates dns to this pihole. This is working.
  5. “titan” is headless, I rsync and ssh from my main machine to rebuild.

The symptoms

  • From my main pc, if I browse to 192.168.1.219 I get the nextcloud page saying “Access through untrusted domain”
  • From my main pc, if I browse to my-domain.com I also get the same nextcloud error page
  • if I ssh into titan and run nextcloud-occ config:system:get trusted_domains I always get “localhost”

Things I’ve tried

→ Setting trusted_domains in the configuration.nix file:

services.nextcloud.settings = {
    	trusted_domains = [
    		"my-domain.com"
	];

→ Tried to add the trusted domain with the cli:

nextcloud-occ config:system:set trusted_domains 1 --value=my-domain.com

→ Tried editing /tank/apps/nextcloud/config/config.php directly and add the domain to the trusted_domains array:

'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => 'my-domain.com',
  ),

This didn’t work either, and I confirmed that this file is being read by nextcloud, if I add an invalid char then browsing to my-domain.com gives me a php error page as expected.

What I believe is the problem

there is a file /tank/apps/nextcloud/config/override.config.php, looking at the source it reads the contents of the auto-generated nextcloud-settings.json which if I cat this json file it looks like this:

{
  "datadirectory": "/var/lib/nextcloud/data",
  "default_phone_region": "",
  "log_type": "syslog",
  "loglevel": 2,
  "memcache.distributed": "\\OC\\Memcache\\Redis",
  "memcache.locking": "\\OC\\Memcache\\Redis",
  "overwriteprotocol": "",
  "profile.enabled": false,
  "redis": {
    "host": "/run/redis-nextcloud/redis.sock",
    "port": 0
  },
  "skeletondirectory": "",
  "trusted_domains": [
    "localhost"
  ],
  "trusted_proxies": []
}

the override.config.php file uses array_replace_recursive which replaces existing properties with new ones, so even though config.php has a valid trusted_domains, the value in the nextcloud-settings.json file is empty and the resulting array does not include my-domain.com

Interesting that the nextcloud-settings.json file has a property datadirectory, the config.php file also has a property datadirectory but the nix service names it datadir, and in my case even though nixos-rebuild switches fine, and the /tank/apps/nextcloud folders were created correctly… the value points to /var/lib…

configuration.nix

  environment.etc."nextcloud-admin-pass".text = "${nextcloudPassword}";
  environment.etc."mysql-nextcloud-pass".text = "${mysqlPassword}";
  services.nextcloud = {
    enable = true;
    package = pkgs.nextcloud29;
    configureRedis = true;
    #home = "/tank/apps/nextcloud";
    datadir = "/tank/apps/nextcloud";
    hostName = "192.168.1.219";
    settings = {
      trusted_domains = [
        "my-domain.com"
      ];
      loglevel = 1;
    };
    config = {
      dbtype = "mysql";
      dbuser = "nextcloud";
      dbname = "nextcloud";
      dbpassFile = "/etc/mysql-nextcloud-pass";
      adminuser = "admin";
      adminpassFile = "/etc/nextcloud-admin-pass";
    };
  };

I can get rid of the override.config.php (which is a symlink to /nix/store…) or edit it to my needs, but this file was auto-generated and perhaps it will just be re-written in a future rebuild…

Can you please help me get my trusted_domains sorted out?

as an ugly workaround I edited the file /tank/apps/nextcloud/config/override.config.php and hard coded my trusted domains, nextcloud is now working but I fear this will be overwritten in the future.

This change renders useless the configuration.nix directive for trusted_domains but at least its working for me. Im sure there must be a better way and that I’ve done something wrong…