Hello,
I have Nextcloud 21 running with php-7.4, httpd(8) and relayd(8).
On my laptop, a script regularly runs nextcloudcmd to synchonize the files
with the nextcloud instance. And quite often, nextcloudcmd returns such error:
03-31 23:28:56:089 [ info nextcloud.sync.networkjob.lscol ]: LSCOL of
QUrl("https://nextcloud.tumfatig.net/remote.php/dav/files/user85419/Uploads";)
FINISHED
WITH STATUS "UnknownNetworkError Network access is disabled."
Both run OpenBSD 6.8/amd64.
It seems that it only happens when I access nextcloud via relayd. If I access
nextcloud straight via httpd, the error never pops up.
Running relayd in debug mode, I saw the following difference:
* when traffic works ok
relay https_lan, session 2 (1 active), 0, 192.168.1.76 -> :8083, done, [Host:
nextcloud.tumfatig.net] [User-Agent: Mozilla/5.0 (OpenBSD) mirall/3.0.1git
(Nextcloud)] [nextcloud.tumfatig.net/ocs/v1.php/cloud/capabilities:
format=json] GET
-> 127.0.0.1:8083; [Host: nextcloud.tumfatig.net] [User-Agent: Mozilla/5.0
(OpenBSD)
mirall/3.0.1git (Nextcloud)]
[nextcloud.tumfatig.net/remote.php/dav/files/user85419/Uploads] PROPFIND;
* when the error occurs
relay https_lan, session 1 (1 active), 0, 192.168.1.76 -> 127.0.0.1:8083, done,
[Host: nextcloud.tumfatig.net] [User-Agent: Mozilla/5.0 (OpenBSD)
mirall/3.0.1git
(Nextcloud)] [nextcloud.tumfatig.net/ocs/v1.php/cloud/capabilit
ies: format=json] GET -> 127.0.0.1:8083;
As you may notice, we can see "192.168.1.76 -> :8083" when it's working and
"192.168.1.76 -> 127.0.0.1:8083" when it fails. But I can't see the reason for
it in my relayd configuration. I've attached it to this mail.
Any thoughts on what I'm doing wrong?
Thank you,
Jo
# vim: ft=pf syntax=pf
lan_ip="192.168.1.1"
table <acme> { 127.0.0.1 }
table <httpd> { 127.0.0.1 }
table <nextcloud> { 127.0.0.1 }
log state changes
log connection
# HTTP #######################################################################
http protocol "http" {
match header log "Host"
match header log "X-Forwarded-For"
match header log "User-Agent"
match header log "Referer"
match url log
match header set "X-Forwarded-For" value "$REMOTE_ADDR"
match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
match header set "Keep-Alive" value "$TIMEOUT"
match response header set "X-Powered-By" value "Powered by OpenBSD"
match request path "/.well-known/acme-challenge/*" forward to <acme>
tcp { nodelay, socket buffer 65536, backlog 100 }
}
relay "http" {
listen on $lan_ip port 80
protocol "http"
forward to <httpd> port 8080 check tcp # HTTP to HTTPS redirection
forward to <acme> port 8081 check tcp # Let's Encrypt renewal
}
# HTTPS ######################################################################
http protocol "https" {
match header log "Host"
match header log "X-Forwarded-For"
match header log "User-Agent"
match header log "Referer"
match url log
match header set "X-Forwarded-For" value "$REMOTE_ADDR"
match header set "X-Forwarded-By" value
"$SERVER_ADDR:$SERVER_PORT"
match header set "Keep-Alive" value "$TIMEOUT"
match response header set "X-Powered-by" value "OpenBSD"
tcp { nodelay, socket buffer 65536, backlog 100 }
tls keypair nextcloud.tumfatig.net
# Default block
block request path "/*"
# Allow Let's Encrypt operations
pass request path "/.well-known/acme-challenge/*" forward to <acme>
# Nextcloud
pass request forward to <nextcloud>
}
relay "https_lan" {
listen on $lan_ip port 443 tls
protocol "https"
forward to <acme> port 8081 check tcp # Let's Encrypt renewal
forward to <nextcloud> port 8083 check tcp # Nextcloud
}
