Reverse Proxy, PHP cache, custom logo, CSS bug (does http instead of https)

[athendrix]

Steps to reproduce

1. Have Nextcloud sent through a reverse proxy that performs SSL on it's behalf
2. Set PHP cache settings that Nextcloud recommends (not sure if this is necessary, but it seemed to be one of the things that triggered it to start)
3. Setup a custom logo (not sure if this is necessary, but it seemed to be one of the things that triggered it to start)
4. Login to Nextcloud

Expected behaviour

PHP generated server.css should have https in the image path so the images load properly.
(under the "#header .logo-icon" and "#header .logo" sections of the css)

Actual behaviour

Tell us what happens instead
PHP generated server.css has http in the image path and therefore won't load on https connections.
(under the "#header .logo-icon" and "#header .logo" sections of the css)

Server configuration

Operating system:
Ubuntu 16.04.2 LTS
Web server:
Apache 2
Database:
MySQL
PHP version:
7.0
Nextcloud version: (see Nextcloud admin page)
12.0.0
Updated from an older Nextcloud/ownCloud or fresh install:
Updated from older versions (initially from ownCloud)
Where did you install Nextcloud from:
Built-in updater.

Signing status:

Signing status

No errors have been found.

List of activated apps:

App list

Enabled:

• activity: 2.5.2
• bruteforcesettings: 1.0.2
• comments: 1.2.0
• dav: 1.3.0
• federatedfilesharing: 1.2.0
• federation: 1.2.0
• files: 1.7.2
• files_external: 1.3.0
• files_pdfviewer: 1.1.1
• files_sharing: 1.4.0
• files_texteditor: 2.4.1
• files_trashbin: 1.2.0
• files_versions: 1.5.0
• files_videoplayer: 1.1.0
• firstrunwizard: 2.1
• gallery: 17.0.0
• logreader: 2.0.0
• lookup_server_connector: 1.0.0
• nextcloud_announcements: 1.1
• notifications: 2.0.0
• oauth2: 1.0.5
• password_policy: 1.2.2
• provisioning_api: 1.2.0
• serverinfo: 1.2.0
• sharebymail: 1.2.0
• survey_client: 1.0.0
• systemtags: 1.2.0
• theming: 1.3.0
• twofactor_backupcodes: 1.1.1
• updatenotification: 1.2.0
• user_ldap: 1.2.1
• workflowengine: 1.2.0
  Disabled:
• admin_audit
• encryption
• user_external

Nextcloud configuration:

Config report

{
"system": {
"updatechecker": false,
"instanceid": "ocq035yq2rd7",
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"cloud.example.com"
],
"trusted_proxies": [
"192.168.0.203"
],
"overwritehost": "cloud.example.com",
"overwriteprotocol": "https",
"overwritecondaddr": "^192\.168\.0\.207$",
"datadirectory": "/var/www/nextcloud/data",
"overwrite.cli.url": "https://cloud.example.com",
"dbtype": "mysql",
"version": "12.0.0.29",
"dbname": "owncloud",
"dbhost": "localhost",
"dbtableprefix": "oc_",
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"logtimezone": "UTC",
"installed": true,
"preview_libreoffice_path": "/usr/bin/libreoffice",
"ldapIgnoreNamingRules": false,
"appstore.experimental.enabled": true,
"maintenance": false,
"loglevel": 2,
"ldapProviderFactory": "\OCA\User_LDAP\LDAPProviderFactory",
"updater.secret": "REMOVED SENSITIVE VALUE",
"updater.release.channel": "stable",
"mail_smtpmode": "php"
}
}

Are you using external storage, if yes which one: local/smb/sftp/...
no
Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
LDAP

LDAP configuration (delete this part if not used)

LDAP config

+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Configuration | |
+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | CN=Progam Access,CN=Users,DC=example,DC=com |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | DC=example,DC=com |
| ldapBaseGroups | DC=example,DC=com |
| ldapBaseUsers | DC=example,DC=com |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | REMOVED SENSITIVE VALUE |
| ldapGroupFilterGroups | REMOVED SENSITIVE VALUE |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | member |
| ldapHost | 192.168.0.201 |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(|(objectclass=user))(|(|(memberof=CN=Cloud_Access,CN=Users,DC=example,DC=com)(primaryGroupID=2182))))(|(samaccountname=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid)))) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 1 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayname |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(|(objectclass=user))(|(|(memberof=CN=Cloud_Access,CN=Users,DC=example,DC=com)(primaryGroupID=2182)))) |
| ldapUserFilterGroups | Cloud_Access |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | user |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Client configuration

Browser:
Firefox 54.0 and Google Chrome 59.0.3071.109
Operating system:
Windows 10 Version 1703 (OS Build 15063.332)

Logs

Web server error log

Web server error log

Error PHP Invalid argument supplied for foreach() at /var/www/nextcloud/lib/private/Template/SCSSCacher.php#145

Nextcloud log (data/nextcloud.log)

Nextcloud log

{"reqId":"yLDgESR6H2A6Wr09D9p1","level":3,"time":"2017-06-23T22:49:25+00:00","remoteAddr":"192.168.0.203","user":"A3BCC5DF-9148-4BC8-BBF2-7AC56F723B5E","app":"PHP","method":"GET","url":"/index.php/apps/files/","message":"Invalid argument supplied for foreach() at /var/www/nextcloud/lib/private/Template/SCSSCacher.php#145","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0","version":"12.0.0.29"}
{"reqId":"ItfttoG98PLKLFwzTD8N","level":3,"time":"2017-06-23T23:26:01+00:00","remoteAddr":"192.168.0.203","user":"A3BCC5DF-9148-4BC8-BBF2-7AC56F723B5E","app":"internet_connection_check","method":"GET","url":"/index.php/settings/ajax/checksetup","message":"Exception: {"Exception":"GuzzleHttp\\Exception\\RequestException","Message":"cURL error 18: transfer closed with 24536 bytes remaining to read","Code":0,"Trace":"#0 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/RequestFsm.php(103): GuzzleHttp\\Exception\\RequestException::wrapException(Object(GuzzleHttp\\Message\\Request), Object(GuzzleHttp\\Ring\\Exception\\RingException))\n#1 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/RequestFsm.php(132): GuzzleHttp\\RequestFsm->__invoke(Object(GuzzleHttp\\Transaction))\n#2 \/var\/www\/nextcloud\/3rdparty\/react\/promise\/src\/FulfilledPromise.php(25): GuzzleHttp\\RequestFsm->GuzzleHttp\\{closure}(Array)\n#3 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/ringphp\/src\/Future\/CompletedFutureValue.php(55): React\\Promise\\FulfilledPromise->then(Object(Closure), NULL, NULL)\n#4 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/Message\/FutureResponse.php(43): GuzzleHttp\\Ring\\Future\\CompletedFutureValue->then(Object(Closure), NULL, NULL)\n#5 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/RequestFsm.php(134): GuzzleHttp\\Message\\FutureResponse::proxy(Object(GuzzleHttp\\Ring\\Future\\CompletedFutureArray), Object(Closure))\n#6 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/RequestFsm.php(132): GuzzleHttp\\RequestFsm->__invoke(Object(GuzzleHttp\\Transaction))\n#7 \/var\/www\/nextcloud\/3rdparty\/react\/promise\/src\/FulfilledPromise.php(25): GuzzleHttp\\RequestFsm->GuzzleHttp\\{closure}(Array)\n#8 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/ringphp\/src\/Future\/CompletedFutureValue.php(55): React\\Promise\\FulfilledPromise->then(Object(Closure), NULL, NULL)\n#9 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/Message\/FutureResponse.php(43): GuzzleHttp\\Ring\\Future\\CompletedFutureValue->then(Object(Closure), NULL, NULL)\n#10 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/RequestFsm.php(134): GuzzleHttp\\Message\\FutureResponse::proxy(Object(GuzzleHttp\\Ring\\Future\\CompletedFutureArray), Object(Closure))\n#11 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/Client.php(165): GuzzleHttp\\RequestFsm->__invoke(Object(GuzzleHttp\\Transaction))\n#12 \/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/Client.php(125): GuzzleHttp\\Client->send(Object(GuzzleHttp\\Message\\Request))\n#13 \/var\/www\/nextcloud\/lib\/private\/Http\/Client\/Client.php(138): GuzzleHttp\\Client->get('http:\/\/www.next...', Array)\n#14 \/var\/www\/nextcloud\/settings\/Controller\/CheckSetupController.php(125): OC\\Http\\Client\\Client->get('http:\/\/www.next...')\n#15 \/var\/www\/nextcloud\/settings\/Controller\/CheckSetupController.php(108): OC\\Settings\\Controller\\CheckSetupController->isSiteReachable('www.nextcloud.c...')\n#16 \/var\/www\/nextcloud\/settings\/Controller\/CheckSetupController.php(414): OC\\Settings\\Controller\\CheckSetupController->isInternetConnectionWorking()\n#17 [internal function]: OC\\Settings\\Controller\\CheckSetupController->check()\n#18 \/var\/www\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(160): call_user_func_array(Array, Array)\n#19 \/var\/www\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(90): OC\\AppFramework\\Http\\Dispatcher->executeController(Object(OC\\Settings\\Controller\\CheckSetupController), 'check')\n#20 \/var\/www\/nextcloud\/lib\/private\/AppFramework\/App.php(114): OC\\AppFramework\\Http\\Dispatcher->dispatch(Object(OC\\Settings\\Controller\\CheckSetupController), 'check')\n#21 \/var\/www\/nextcloud\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php(47): OC\\AppFramework\\App::main('OC\\\\Settings\\\\Con...', 'check', Object(OC\\AppFramework\\DependencyInjection\\DIContainer), Array)\n#22 [internal function]: OC\\AppFramework\\Routing\\RouteActionHandler->__invoke(Array)\n#23 \/var\/www\/nextcloud\/lib\/private\/Route\/Router.php(299): call_user_func(Object(OC\\AppFramework\\Routing\\RouteActionHandler), Array)\n#24 \/var\/www\/nextcloud\/lib\/base.php(1000): OC\\Route\\Router->match('\/settings\/ajax\/...')\n#25 \/var\/www\/nextcloud\/index.php(40): OC::handleRequest()\n#26 {main}","File":"\/var\/www\/nextcloud\/3rdparty\/guzzlehttp\/guzzle\/src\/Exception\/RequestException.php","Line":51}","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0","version":"12.0.0.29"}

Browser log

Browser log

Content Security Policy: The page’s settings blocked the loading of a resource at http://cloud.example.com/index.php/apps/theming/logo?v=13 (“img-src https://cloud.example.com data: blob:”).

[MorrisJobke]

We fixed something that is most likely the same root cause for this issue here: #5584 Please upgrade to 12.0.3 and test again. It should be fixed then.