How to use GitHub
- Please use the 👍 reaction to show that you are affected by the same issue.
- Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
- Subscribe to receive notifications on status change and new comments.
Steps to reproduce
- running NC 32 via Docker Compose, using official NC FPM containers and a Redis container (with password) for caching and notify_push, specifying redis port and password in NC config.php.
- configured nginx container's nginx.conf for push notifications via
- ran ./occ notify_push:set up https://hub.magnificent.nz/push
Expected behaviour
I expect to see:
- redis is configured
- connected to push server
... other positive messages.
Actual behaviour
I see:
- redis is configured
- x can't connect to push server: Server error:
GET https://hub.magnificent.nz/push/test/cookie resulted in a 502 Bad Gateway
In the Redis container log, I see the following message:
"Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection from 172.20.0.1:60848 aborted."
Could this be due to the notify_push:setup script not sending the Redis password? It is set correctly in the relevant part of config.php (and redis works for caching)
Server configuration
Web server: Nginx (container and reverse proxy)
Database: MariaDB
PHP version: 8.3.30
Nextcloud version: 32.0.5
List of activated apps
Enabled:
- activity: 5.0.0-dev.0
- admin_audit: 1.22.0
- announcementcenter: 7.3.0
- bbb: 2.9.1
- bruteforcesettings: 5.0.0-dev.0
- calendar: 6.1.5
- circles: 32.0.0
- cloud_federation_api: 1.16.0
- comments: 1.22.0
- contacts: 8.3.1
- contactsinteraction: 1.13.1
- dashboard: 7.12.0
- dav: 1.34.2
- deck: 1.16.3
- federatedfilesharing: 1.22.0
- federation: 1.22.0
- files: 2.4.0
- files_downloadlimit: 5.0.0-dev.0
- files_pdfviewer: 5.0.0-dev.0
- files_reminders: 1.5.0
- files_sharing: 1.24.1
- files_trashbin: 1.22.0
- files_versions: 1.25.0
- firstrunwizard: 5.0.0-dev.0
- forms: 5.2.4
- logreader: 5.0.0-dev.0
- lookup_server_connector: 1.20.0
- mail: 5.6.9
- nextcloud_announcements: 4.0.0-dev.0
- notes: 4.12.4
- notifications: 5.0.0-dev.0
- notify_push: 1.3.0
- oauth2: 1.20.0
- onlyoffice: 9.12.0
- password_policy: 4.0.0-dev.0
- polls: 8.6.3
- privacy: 4.0.0-dev.0
- profile: 1.1.0
- provisioning_api: 1.22.0
- recommendations: 5.0.0-dev.0
- registration: 2.8.0
- related_resources: 3.0.0-dev.0
- richdocumentscode: 25.4.702
- serverinfo: 4.0.0-dev.0
- settings: 1.15.1
- sharebymail: 1.22.0
- spreed: 22.0.8
- support: 4.0.0-dev.0
- survey_client: 4.0.0-dev.0
- suspicious_login: 10.0.0-dev.0
- systemtags: 1.22.0
- text: 6.0.1
- theming: 2.7.0
- twofactor_backupcodes: 1.21.0
- twofactor_email: 2.8.4
- twofactor_nextcloud_notification: 6.0.0-dev.0
- updatenotification: 1.22.0
- user_saml: 7.1.2
- user_status: 1.12.0
- viewer: 5.0.0-dev.0
- weather_status: 1.12.0
- webhook_listeners: 1.3.0
- workflowengine: 2.14.0
Disabled:
- app_api: 32.0.0 (installed 32.0.0)
- encryption: 2.20.0
- files_external: 1.24.1
- photos: 5.0.0-dev.1 (installed 4.0.0)
- twofactor_totp: 14.0.0
- user_ldap: 1.23.0
- whiteboard: 1.5.3 (installed 1.5.3)
Nextcloud configuration
{
"system": {
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"password": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"upgrade.disable-web": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"hub.magnificent.nz"
],
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"default_phone_region": "NZ",
"dbtype": "mysql",
"version": "32.0.5.0",
"overwrite.cli.url": "https:\/\/hub.magnificent.nz",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "587",
"mail_smtpauth": true,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"maintenance_window_start": 13,
"maintenance": false,
"loglevel": 2,
"defaultapp": "dashboard,files"
}
}
Browser
Browser name: Firefox
Browser version: 147
Operating system: Linux
Browser log
not relevant
How to use GitHub
Steps to reproduce
Expected behaviour
I expect to see:
... other positive messages.
Actual behaviour
I see:
GET https://hub.magnificent.nz/push/test/cookieresulted in a502 Bad GatewayIn the Redis container log, I see the following message:
"Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection from 172.20.0.1:60848 aborted."
Could this be due to the notify_push:setup script not sending the Redis password? It is set correctly in the relevant part of config.php (and redis works for caching)
Server configuration
Web server: Nginx (container and reverse proxy)
Database: MariaDB
PHP version: 8.3.30
Nextcloud version: 32.0.5
List of activated apps
Enabled: - activity: 5.0.0-dev.0 - admin_audit: 1.22.0 - announcementcenter: 7.3.0 - bbb: 2.9.1 - bruteforcesettings: 5.0.0-dev.0 - calendar: 6.1.5 - circles: 32.0.0 - cloud_federation_api: 1.16.0 - comments: 1.22.0 - contacts: 8.3.1 - contactsinteraction: 1.13.1 - dashboard: 7.12.0 - dav: 1.34.2 - deck: 1.16.3 - federatedfilesharing: 1.22.0 - federation: 1.22.0 - files: 2.4.0 - files_downloadlimit: 5.0.0-dev.0 - files_pdfviewer: 5.0.0-dev.0 - files_reminders: 1.5.0 - files_sharing: 1.24.1 - files_trashbin: 1.22.0 - files_versions: 1.25.0 - firstrunwizard: 5.0.0-dev.0 - forms: 5.2.4 - logreader: 5.0.0-dev.0 - lookup_server_connector: 1.20.0 - mail: 5.6.9 - nextcloud_announcements: 4.0.0-dev.0 - notes: 4.12.4 - notifications: 5.0.0-dev.0 - notify_push: 1.3.0 - oauth2: 1.20.0 - onlyoffice: 9.12.0 - password_policy: 4.0.0-dev.0 - polls: 8.6.3 - privacy: 4.0.0-dev.0 - profile: 1.1.0 - provisioning_api: 1.22.0 - recommendations: 5.0.0-dev.0 - registration: 2.8.0 - related_resources: 3.0.0-dev.0 - richdocumentscode: 25.4.702 - serverinfo: 4.0.0-dev.0 - settings: 1.15.1 - sharebymail: 1.22.0 - spreed: 22.0.8 - support: 4.0.0-dev.0 - survey_client: 4.0.0-dev.0 - suspicious_login: 10.0.0-dev.0 - systemtags: 1.22.0 - text: 6.0.1 - theming: 2.7.0 - twofactor_backupcodes: 1.21.0 - twofactor_email: 2.8.4 - twofactor_nextcloud_notification: 6.0.0-dev.0 - updatenotification: 1.22.0 - user_saml: 7.1.2 - user_status: 1.12.0 - viewer: 5.0.0-dev.0 - weather_status: 1.12.0 - webhook_listeners: 1.3.0 - workflowengine: 2.14.0 Disabled: - app_api: 32.0.0 (installed 32.0.0) - encryption: 2.20.0 - files_external: 1.24.1 - photos: 5.0.0-dev.1 (installed 4.0.0) - twofactor_totp: 14.0.0 - user_ldap: 1.23.0 - whiteboard: 1.5.3 (installed 1.5.3)Nextcloud configuration
{ "system": { "memcache.local": "\\OC\\Memcache\\APCu", "apps_paths": [ { "path": "\/var\/www\/html\/apps", "url": "\/apps", "writable": false }, { "path": "\/var\/www\/html\/custom_apps", "url": "\/custom_apps", "writable": true } ], "memcache.distributed": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "password": "***REMOVED SENSITIVE VALUE***", "port": 6379 }, "upgrade.disable-web": true, "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "hub.magnificent.nz" ], "trusted_proxies": "***REMOVED SENSITIVE VALUE***", "datadirectory": "***REMOVED SENSITIVE VALUE***", "default_phone_region": "NZ", "dbtype": "mysql", "version": "32.0.5.0", "overwrite.cli.url": "https:\/\/hub.magnificent.nz", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "mysql.utf8mb4": true, "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_smtpmode": "smtp", "mail_sendmailmode": "smtp", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "587", "mail_smtpauth": true, "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "maintenance_window_start": 13, "maintenance": false, "loglevel": 2, "defaultapp": "dashboard,files" } }Browser
Browser name: Firefox
Browser version: 147
Operating system: Linux
Browser log
not relevant