I will assume you’ve installed Nextcloud into the /var/www/html/nextcloud directory. I’ll demonstrate on Nextcloud 13 hosted on Ubuntu 18.04. In other words, you won’t be able to log in. So, if you do something like move your Nextcloud server to a different IP address, you’ll see the feature in action. Because of this, the Nextcloud developers added the trusted domain feature.
The problem is that the HTTP Host header can be controlled by an attacker and exploited using web-cache poisoning and/or abusing alternative channels like password reset emails. What is Host Header Poisoning? In most cases, developers trust an HTTP Host header value and use it to do things like generate links, import scripts, and even generate password resets. See: Network security policy (Tech Pro Research) What is a trust domain? For Nextcloud, a trusted domain is a way to prevent Host Header Poisoning. Networking: Must-read coverageĥ programming languages network architects should learn (free PDF)īehind the scenes: A day in the life of a database administratorĢ0 steps to decommission a redundant data center facilityġ7 Terminal commands every user should know When this happens, the trusted domain issue appears, and there’s no way (without a quick re-configure) to log in. I have, on a number of occasions, run into an issue where I am unable to log into an instance of Nextcloud because the server hosting the service changed the IP address. But what happens when it won't let you log in, because of a Trusted Domain issue? Jack Wallen shows you what to do. Nextcloud is one of the most powerful and flexible locally hosted cloud servers.
How to add a new trusted domain to Nextcloud