Easy way to configure 'trusted_domains' in config.php

[asoltesz]

I am using NextCloud with PicoCMS to host a couple of public-facing sites operating on their own domain.

I can create appropriate ingresses for them but the requests still get blocked to the sites because the domains are not in the 'trusted_domains' variable in config/config.php.

If I add them manually it works but this is very cumbersome because it has to be done in the container.

Is there a way to configure the list of trusted hosts via the Helm chart?

If not, what is the least painful way to extend the list now and again.

[js02sixty]

this worked for me. Under configs: , you can add as many <whatever>.config.php entries.

nextcloud:
    configs:
      proxies.config.php: |-
        <?php
        $CONFIG = array (
          'trusted_proxies' => ['10.43.0.0/16']
        );

[asoltesz]

@js02sixty
Thanks, I will try this.

[Janl1]

this worked for me. Under configs: , you can add as many <whatever>.config.php entries.

nextcloud:
    configs:
      proxies.config.php: |-
        <?php
        $CONFIG = array (
          'trusted_proxies' => ['10.43.0.0/16']
        );

When i try to add the trusted proxies as you mentioned i get the following error:

Configuring Redis as session handler
Initializing nextcloud 19.0.5.2 ...
Initializing finished
New nextcloud instance
Installing with MySQL database
starting nextcloud installation
Cannot write into "config" directory!
This can usually be fixed by giving the webserver write access to the config directory

Or, if you prefer to keep config.php file read only, set the option "config_is_read_only" to true in it.
See https://docs.nextcloud.com/server/19/go.php?to=admin-config
setting trusted domains…
Cannot write into "config" directory!
This can usually be fixed by giving the webserver write access to the config directory

Or, if you prefer to keep config.php file read only, set the option "config_is_read_only" to true in it.
See https://docs.nextcloud.com/server/19/go.php?to=admin-config
[09-Dec-2020 11:36:08] NOTICE: fpm is running, pid 1
[09-Dec-2020 11:36:08] NOTICE: ready to handle connections
127.0.0.1 -  09/Dec/2020:11:36:15 +0000 "GET /cron.php" 200
127.0.0.1 -  09/Dec/2020:11:40:04 +0000 "GET /cron.php" 200

[luandro]

+1, everytime I install I get a message telling me to edit trusted_domains on config.php, that's really terrible UX.

[Black-Gold]

worked nextcloud version 23.x helm charts,add setting values.yaml,Inspired by @js02sixty
example:If you want to access from the external network for 192.168.2.x,Add the following settings

nextcloud:
  configs:
    domains.config.php: |-
      <?php
      $CONFIG = array (
        'trusted_domains' =>
          array (
           0 => '192.168.2.*',
           1 => 'nextcloud.kube.home',
          )
      );

[brandtkeller]

Should this file not be a config that would get templated anytime nextcloud.host is provided a value?

This would likely resolve some issues that the probes are hitting as well.

[jessebot]

Should this file not be a config that would get templated anytime nextcloud.host is provided a value?

I think that's what this is for in our _helpers.tpl:

helm/charts/nextcloud/templates/_helpers.tpl

Lines 153 to 154 in da174ec

	- name: NEXTCLOUD_TRUSTED_DOMAINS
	value: {{ .Values.nextcloud.host }}

According to the nextcloud/docker README that env variable is used for running an occ command directly:

if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
    echo "Setting trusted domains…"
    NC_TRUSTED_DOMAIN_IDX=1
    for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
        DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
        run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
        NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
    done
fi

It looks like the most recent change to that block was this: https://github.com/nextcloud/docker/pull/1868/files

If it's still not working though, I think testing at a docker level would be the next step. If anyone has time, could you please test if this works in the docker container by specifying the NEXTCLOUD_TRUSTED_DOMAINS env var at time of building or running? If it does not, it should be handled at the docker repo, as setting the env var should be enough from the helm side of things. I can try to get to it, but I have a bit of a backlog right now, so it may be a while :( Others in the community are welcome to test and submit needed PRs though, and I'm happy to review them :)

I don't use trusted_domains, but instead use trusted_proxies (in part due to my using nginx, I believe) which we currently don't handle in the helm chart, and I may submit a PR for that, as it does appear to be handled by the docker container according to this, so I will do my due diligence of testing that part, as it is part of my normal lab setup and easier to tackle sooner rather than later.

[gthieleb]

Hope that this does not break topic but can someone tell me which one has precedence the docker environment vars or the persisted config in the nextcloud container?

Looking here it seems the env var recreates the redis config on start. but here it seems the env var is only used once installation time.

I would like to migrate my configuration to using envvars only but don't know where to start.

[jessebot]

The env vars are used on startup once, I believe, but the config file is processed more often, I believe. You can also set any stragglers with the occ command. If you're still having trouble, please feel free to open another issue, but it may be best to ask upstream at nextcloud/docker, as they're the ones that maintain the env vars that we use here.