Curious redirect to HTTP after upgrade to NextCloud 15.02

February 2nd at 8:07pm

While trying to get NC Talk to work I upgraded my Next Cloud server to 15.02 and got side tracked troubleshooting an interesting issue: why are my logins now being silently redirected to HTTP instead of HTTPS? I might not have noticed this as quickly if I hadn't disabled HTTP on the box years ago.

Edit: Updated on Feb 7 with new information

References:

Enforce HTTPS via .htaccess edit [github.com/nextcloud]
Updating .htaccess with occ not working [help.nextcloud.com]
NC 14.0.0 beta 4, web login failed after upgrade from 13.0.5.2 [github.com/nextcloud]
Login loop after manually upgrading to NC 14.0.0.19 [github.com/nextcloud]
Stuck in Maintenance mode after attempt to go to Nextcloud 13 [help.nextcloud.com]

Setup Notes

I run Next Cloud in a dockerized environment with volumes configured to persist configuration and upload data across container upgrades. This instance has been running for a couple years now with few issues. My goal for the day was to get the 'Talk' client working so it seemed prudent to get everything updated to the latest version (15.02).

Symptoms

I experienced a few odd behaviors:

After upgrading to 15.02 I tried to login with a new user and experienced a 'login loop' where a successful login would keep taking me back to the login page
Once I used a different web browser I noticed that the login page would not load (browser debugger tools showed that the host seemed to be dead)
The admin session I had left open from before the upgrade still loaded/refreshed without issue over https which let me easily view the logs in the administration section. Unfortunately the logs had no information about redirects or potential logic/login errors (everything looked clean)

Closer inspection / resolution

I looked more closely at the browser dev tools and noticed that when I disabled cache and forced a reload of the login page there was a 302 redirect to an http endpoint (http://my.owncloud-server.tld) instead of what I configured (https://). Digging into the log stream out of the container (docker logs --tail 50 4bcff8) that I could see apache performing the redirect. Temporarly enabling http access on the Next Cloud server allowed me to load the login page successfully, so this definitely seemed to be the issue.

The apache VHOST configuration looked clean, so I turned my attention to the .htaccess file in the webserver virtual host's web directory and found an incredibly long htaccess file. Looks like it had been added to with a lot of duplicate/redundant information over the years of upgrades I'd performed.

What fixed the login weirdness for me was to:

- mv .htaccess .htaccess-old
- sudo -u www-data php occ maintenance:update:htaccess

(If you don't have sudo in your container you'll probably have to: apt update && apt install sudo -y)

This restored the usual behavior of the site. I'm glad I was running the system exclusively over HTTPS otherwise my logins may have been redirected to HTTP without immediate notice on my part!

Edit (Feb 7): The problem came back and I had to find a different fix: Apply this line to my NextCloud config.php file: 'apps_paths' => 'https', as described here. Once this was applied the issue went away again. Hopefully permanently this time!