android icon indicating copy to clipboard operation
android copied to clipboard

Published 20 hours ago • verified publisher icon nextcloud

Unable to log in from app into a self-hosted instance behind Cloudflare from Android app

Open giantplaceholder opened this issue 2 years ago • 3 comments

Steps to reproduce

  1. Connect to any network
  2. Open the app and try to log in
  3. Instead of log in screen, 520 error will be thrown

Expected behaviour

  • I should see log in screen after entering instance location (i.e. https://hostname/)

Actual behaviour

  • Cloudflare throws 520 error when trying to log in via the app. I can log in using regular desktop or mobile browser (Chrome, Firefox), the issue is specific to Android app only.

Environment data

Android version: 12

Device model: Pixel 6 (non-Pro)

Stock or customized system: stock, non-rooted

Nextcloud app version: 3.20.3 (Google Play)

Nextcloud server version: 24.0.2

Reverse proxy: nginx + Cloudflare

Logs

Web server error log

No errors per se:

<device IP> - - [24/Jun/2022:11:31:18 +0300] "GET /status.php HTTP/2.0" 200 170 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.20.3"
<device IP> - - [24/Jun/2022:11:31:18 +0300] "HEAD /remote.php/dav HTTP/2.0" 401 0 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.20.3"
<device IP> - - [24/Jun/2022:11:31:18 +0300] "GET /ocs/v2.php/cloud/capabilities?format=json HTTP/2.0" 200 454 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.20.3"
<device IP> - - [24/Jun/2022:11:31:18 +0300] "GET /index.php/login/flow HTTP/2.0" 444 0 "-" "Google Pixel 6 (Android)"
<device IP> - - [24/Jun/2022:11:31:19 +0300] "GET /favicon.ico HTTP/2.0" 444 0 "https://<instance_fqdn>/index.php/login/flow" "Google Pixel 6 (Android)"
<device IP> - - [24/Jun/2022:11:31:19 +0300] "GET /favicon.ico HTTP/2.0" 444 0 "https://<instance_fqdn>/index.php/login/flow" "Google Pixel 6 (Android)"

For instance, this is how log in looks in the logs when using regular browser (Windows + up-to-date Chrome):

<device IP> - - [24/Jun/2022:11:38:29 +0300] "GET /login HTTP/2.0" 200 6555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36"
<device IP> - - [24/Jun/2022:11:38:29 +0300] "GET /apps/theming/styles?v=7 HTTP/2.0" 200 1764 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36"
<device IP> - - [24/Jun/2022:11:38:29 +0300] "GET /apps/accessibility/css/user-a82fd95db10ff25dfad39f07372ebe37 HTTP/2.0" 200 56385 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36"
<device IP> - - [24/Jun/2022:11:38:33 +0300] "GET /svg/core/logo/logo?color=ffffff&v=1 HTTP/2.0" 200 818 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36"
<device IP> - - [24/Jun/2022:11:38:33 +0300] "GET /index.php/apps/theming/image/background HTTP/2.0" 404 7277 "https://<instance_fqdn>/apps/breezedark/css/guest.css?v=17bdfa90-7" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36"
<device IP> - - [24/Jun/2022:11:38:49 +0300] "GET /apps/files/ HTTP/2.0" 200 11228 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36"
<device IP> - - [24/Jun/2022:11:38:55 +0300] "POST /login HTTP/2.0" 303 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36"
<device IP> - - [24/Jun/2022:11:38:55 +0300] "GET /login/challenge/totp HTTP/2.0" 200 6183 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36"
<device IP> - - [24/Jun/2022:11:38:56 +0300] "GET /index.php/apps/theming/image/background HTTP/2.0" 303 0 "https://<instance_fqdn>/apps/breezedark/css/guest.css?v=17bdfa90-7" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36"
<device IP> - - [24/Jun/2022:11:38:56 +0300] "GET /login/selectchallenge?redirect_url=/index.php/apps/theming/image/background HTTP/2.0" 200 6117 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36"
<device IP> - - [24/Jun/2022:11:39:14 +0300] "POST /login/challenge/totp HTTP/2.0" 303 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36"
<device IP> - - [24/Jun/2022:11:39:14 +0300] "GET /apps/files/ HTTP/2.0" 200 11233 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36"

Same network, same connection, same instance, same everything. The only difference are clients.

giantplaceholder avatar Jun 24 '22 08:06 giantplaceholder

I'm not using Cloudflare, but am suffering something similar: I get to a login page but no username nor password fields nor buttons are displayed, so I can't login.

jdaviescoates avatar Sep 07 '22 13:09 jdaviescoates

Seeing the 444 error in your logs, please check https://community.cloudflare.com/t/blocking-access-over-port-80-with-nginx-444-results-in-520-error/159916/9 to see if it applies to you @yakovuvarov

AlvaroBrey avatar Sep 08 '22 07:09 AlvaroBrey

~~I have a near identical issue, using cloudflare for the dns and traefic as the reverse proxy set up on a trueNas scale install with traefic configured to use ports 80 and 443. I can log into the web domains with no issue (just like yakovuvarov) but my only issue is with the android app itself. This may or may not be a separate issue so please let me know if I should open up a separate issue - on the app it states that the server is in maintenance mode (I have triple checked this and run the occ command to verify that it is indeed not in maintenance mode) and it seems to be a relevant, although not identical, issue that's being stated here with communicating with the nextcloud server and login problems.~~

~~EDIT: I wanted to add an edit that I can reach the nextcloud server via the nextcloud Windows client app as well so it really only seems to be affecting the android app itself~~

I stand corrected - it seems to be an issue with my configuration - possibly with traefic and/or cloudflare. Logging into the android app using the server's subnet and port while connected to my home network did work -> sorry for the addition in clutter-space here since it doesn't seem related to this particular issue thread.

USAFrenzy avatar Sep 11 '22 23:09 USAFrenzy

This bug report did not receive an update in the last 4 weeks. Please take a look again and update the issue with new details, otherwise the issue will be automatically closed in 2 weeks. Thank you!

github-actions[bot] avatar Oct 11 '22 00:10 github-actions[bot]

I stand corrected - it seems to be an issue with my configuration - possibly with traefic and/or cloudflare. Logging into the android app using the server's subnet and port while connected to my home network did work -> sorry for the addition in clutter-space here since it doesn't seem related to this particular issue thread.

@USAFrenzy is correct -- the issue was my anti-bot regular expression, which threw 444 to anything that looked even remotely different from a regular browser; CF in its turn treated this as undefined behavior, as it should've, since 444 is non-standard HTTP code.

Disabled this for debug, turned out to be the culprit. Sorry for confusing the rest of you people, ought to check my configuration better. Thanks everyone.

giantplaceholder avatar Oct 25 '22 10:10 giantplaceholder