Quantcast

web-interface permission error when going through proxy

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

web-interface permission error when going through proxy

Jon Charnas
Hi all,

I've been on IRC trying to figure this out earlier, but it seems everyone's stumped there.

I set up owncloud 9.1.0 as per the manual on CentOS 7, works great from the intranet, both web interface and desktop client.
Now the sysadmins have setup a port forwarding config on one of the webservers so we can share owncloud with our outside colleagues.

What happens when I go through the proxy is that I can login, see all files/folders, download all of them, even use the admin page.
But I apparently lose permission to upload or create files in my own user's directory. However the desktop client syncing through webDAV works fine.

RealRancor on IRC suggested I upgrade to 9.1.1, which I've done. The issue remains.

Here is the relevant bit of my config.php for the reverse-proxy setup:
 'trusted_domains' =>
  array (
    0 => 'internalhost',
    1 => 'publicproxyhost.tld',
  ),
  'trusted_proxies' => ['publicproxyhost.tld ip'],
  'overwriteprotocol' => 'http',
  'overwrite.cli.url' => 'http://internalhost/owncloud',
  'forwarded_for_headers' => array('HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR', 'HTTP_X_FORWARDED_FOR'),

This is what the proxy configuration for Apache looks like:
<Location /teamowncloud>
        Header edit Location ^([^/]*//[^/]*)?/owncloud/(.*)$ http://publicproxyhost.tld/teamowncloud/$2
 
        ProxyPass        http://internalhost/owncloud
        ProxyPassReverse http://internalhost/owncloud
 
        ProxyPassReverseCookiePath  /owncloud     /teamowncloud
        ProxyPassReverseCookieDomain  internalhost      publicproxyhost.tld
 
        SetOutputFilter INFLATE;SUBSTITUTE;DEFLATE
        AddOutputFilterByType SUBSTITUTE text/html
        AddOutputFilterByType SUBSTITUTE text/xml
        AddOutputFilterByType SUBSTITUTE text/css
        AddOutputFilterByType SUBSTITUTE application/javascript
        AddOutputFilterByType SUBSTITUTE application/json
        AddOutputFilterByType SUBSTITUTE application/xml
 
        Substitute  "s|<a class="moz-txt-link-freetext" href="http://internalhost/owncloud|/teamowncloud|inf">http://internalhost/owncloud|/teamowncloud|inf"
        Substitute  "s|<a class="moz-txt-link-freetext" href="https://internalhost/owncloud|/teamowncloud|inf">https://internalhost/owncloud|/teamowncloud|inf"
        Substitute  "s|/owncloud|/teamowncloud|inf"
        Substitute  "s|/owncloud|/teamowncloud|inf"
 </Location>

So why would I be able to upload files when accessing directly http://internalhost/owncloud, and not http://publicproxyhost.tld/teamowncloud?

At the moment we're still waiting for a certificate to arrive to move to HTTPS - we're aware of what that entails and we'll be fixing that ASAP.

What am I doing wrong with the OC config, or is it something that needs to be fixed in the proxy setup?

Thanks a bunch,
Jon

-- 
Software Engineer
DPCG
GAIA project
University of Geneva

_______________________________________________
User mailing list
[hidden email]
http://mailman.owncloud.org/mailman/listinfo/user
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: web-interface permission error when going through proxy

Chris-3
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: web-interface permission error when going through proxy

Jon Charnas
Hi Chris,

Thanks for the suggestion - we tried it, and found something odd...
Perhaps we misconfigured it, I don't know.

We changed the public access name from publicproxyhost.tld/teamowncloud
to publicproxyhost.tld/owncloud and it worked.

So then wanting to, if possible, conserve the /teamowncloud, we thought
we'd simply move from privatehost/owncloud to privatehost/teamowncloud...

And that did not work. Even from the intranet we didn't have permissions
to upload/create files. I'm not sure if this is a bug or a
misconfiguration somewhere.

Has anyone ever tried to host owncloud on an alias other than /owncloud?

Thanks,

Jon

Software Engineer
DPCG
GAIA project
University of Geneva

On 09/21/2016 05:43 PM, Chris wrote:

> Hi,
>
> maybe start with a clean proxy setup without any modifications of requests
> like "Header edit Location" or similar?
>
> The documentation about reverse proxies and ownCloud here might also contain
> some additional info:
>
> https://doc.owncloud.org/server/9.1/admin_manual/configuration_server/reverse_proxy_configuration.html
>
>
>
> --
> View this message in context: http://owncloud.10557.n7.nabble.com/web-interface-permission-error-when-going-through-proxy-tp17692p17693.html
> Sent from the Users mailing list archive at Nabble.com.
> _______________________________________________
> User mailing list
> [hidden email]
> http://mailman.owncloud.org/mailman/listinfo/user

_______________________________________________
User mailing list
[hidden email]
http://mailman.owncloud.org/mailman/listinfo/user
Loading...