Federation shares ignore server ports

[IzzySoft]

I run two Nextcloud instances, one of them (let's call it "B") is using a custom server port as 443 is already in use by a different machine behind the same public IP, the other ("A") is reachable via standard port (443). Both servers have the federation app activated, and its counterpart added as "trusted" (with the port specified for B when adding it to A, like https://example.com:8843/nextcloud).

When I share something from B to A, the notification pops up on A and I can accept – but the share never shows up. The other way around, I can't even accept it.

No Nextcloud log entries on B in either case – but on A I see:

{"reqId":"W7p6ZH8AAQEAACknWdQAAAAN","level":3,"time":"2018-10-07T21:28:06+00:00","remoteAddr":"1.2.3.4","user":"myUser","app":"files_external","method":"PROPFIND","url":"\/nextcloud\/remote.php\/webdav\/","message":"SSL certificate problem: self signed certificate in certificate chain","userAgent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:55.0) Gecko\/20100101 Firefox\/55.0","version":"12.0.7.1"}

which suggests the port is being ignored (as I don't see it mentioned), and a connection on the default port (443) is tried – with the result of getting the certificate from the wrong server (which, finding no suitable server name via SNI, defaults to a self-signed cert).

Side-note: I cannot find a corresponding Apache log entry on B. The only 3 entries I find are from "Nextcloud Crawler": 1 to ocs-provider/, 1 to ocs/v2.php/cloud/shares?format=json, and 1 to status.php – no PROPFIND.

Steps to reproduce

1. Create a share to a user on the other instance
2. Try accepting it there
3. Be stuck.

Expected behaviour

I can accept the share on either side, and access its contents.

Actual behaviour

Share cannot be accepted on B – and doesn't show after being accepted on A

Server configuration

Operating system:
Debian 9.4

Web server:
Apache 2.4

Database:
MariaDB

PHP version:
7.0.27

Nextcloud version: (see Nextcloud admin page)
12.0.7.1

Updated from an older Nextcloud/ownCloud or fresh install:
Updated from previous versions, reaching back to 9.

Where did you install Nextcloud from:
Download from nextcloud website

Signing status:

Signing status

No errors have been found.

List of activated apps:

- activity: 2.5.2 - bruteforcesettings: 1.1.0 - calendar: 1.5.8 - comments: 1.2.0 - dav: 1.3.1 - documents: 0.16.0 - federatedfilesharing: 1.2.0 - federation: 1.2.0 - files: 1.7.2 - files_markdown: 2.0.4 - files_pdfviewer: 1.1.2 - files_sharing: 1.4.0 - files_texteditor: 2.4.1 - files_trashbin: 1.2.0 - files_versions: 1.5.0 - files_videoplayer: 1.1.0 - firstrunwizard: 2.1 - gallery: 17.0.0 - logreader: 2.0.0 - lookup_server_connector: 1.0.0 - nextcloud_announcements: 1.1 - notes: 2.4.2 - notifications: 2.0.0 - oauth2: 1.0.5 - password_policy: 1.2.2 - provisioning_api: 1.2.0 - serverinfo: 1.2.0 - sharebymail: 1.2.0 - survey_client: 1.0.0 - systemtags: 1.2.0 - tasks: 0.9.6 - theming: 1.3.0 - twofactor_backupcodes: 1.1.1 - updatenotification: 1.2.0 - workflowengine: 1.2.0

Nextcloud configuration:

{ "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "example.com" ], "datadirectory": "\/home\/cloud\/data", "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "12.0.7.1", "dbname": "nextcloud", "dbhost": "localhost", "dbport": "", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "logtimezone": "UTC", "installed": true, "memcache.local": "\\OC\\Memcache\\APCu", "trashbin_retention_obligation": "auto,30", "maintenance": false, "loglevel": 2 } }

Are you using external storage, if yes which one: local/smb/sftp/...
No

Are you using encryption: yes/no
No

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
No

LDAP configuration (delete this part if not used)

None

Client configuration

Browser:
Firefox

Operating system:
Linux Mint

Logs

Web server error log

As written above: No matching entries here.

Nextcloud log (data/nextcloud.log)

Nextcloud log

{"reqId":"W7p6ZH8AAQEAACknWdQAAAAN","level":3,"time":"2018-10-07T21:28:06+00:00","remoteAddr":"1.2.3.4","user":"myUser","app":"files_external","method":"PR OPFIND","url":"\/nextcloud\/remote.php\/webdav\/","message":"SSL certificate problem: self signed certificate in certificate chain","userAgent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:55.0) Gecko\/20100101 Firefox\/55.0","version":"12.0.7.1"}

Browser log

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...

[nextcloud-bot]

GitMate.io thinks possibly related issues are #453 (Small fixes needed for federation / trusted servers), #8858 ((please ignore)), #6147 (updater app ignores proxy server from configuration), #175 (Port WND), and #9434 (Public Sharing).

[IzzySoft]

Checked them, I don't think they are related.

[IzzySoft]

Update: Further tests confirmed it must be the port being ignored:

1. I setup a third Nextcloud instance ("C") sharing the same IP with "B" (same home network), but being accessible on port 443 (standard HTTPS port; C runs on a different machine than B).
2. Shared a folder from B to C (ie. "inside the home network"): No issues, worked fine.
3. Shared a file from A to C (ie. "from outside"): No issues, worked fine.

So the only constellation where it fails is between A and B (any direction, as described in the initial post), with B having the web server reachable via a non-standard port only from outside.

[IzzySoft]

Last update: Upgrading A to Nextcloud 13 solved the issue. Now all 3 instances can share between another.

Sidenote: B still runs on NC 12 (using one app that's no longer available with 13+, still looking for a replacement to that). C even is only NC 10 (cannot upgrade further before upgrading the entire box, as it still only offers PHP 5.4).