0

I am trying to use Nextcloud's JSXC app (running under nextcloud.example.com) with Prosody (running under xmpp.example.com). However, the BOSH server (https://xmpp.example.com:5281/http-bind) keeps returning this error whenever I insert it into my nextcloud configuration:

Cross domain request was not possible. Either your BOSH server does not send any Access-Control-Allow-Origin header or the content-security-policy (CSP) blocks your request. The safest way is still to use Apache ProxyRequest or Nginx proxy_pass.

Within my browser's (Safari) console, I'm getting this message:

refused to connect to https://xmpp.example.com:5281/http-bind%20[P,L] because it does not appear in the connect-src directive of the Content Security Policy.

Both Prosody and Nextcloud have been running on the same server using apache 2.2 . I've been working within the prosody xmpp chatroom to try and fix this and so far, they have been saying my Apache config files are off, here is my nextcloud:


<VirtualHost *:443>
    ### YOUR SERVER ADDRESS ###


    ServerAdmin admin@nextcloud.example.com
    ServerName nextcloud.example.com

    ### SETTINGS ###
    <FilesMatch "\.php$">
        SetHandler "proxy:unix:/run/php/php8.1-fpm.nextcloud.sock|fcgi://localhost"
    </FilesMatch>

    # Intermediate configuration
    Header add Strict-Transport-Security: "max-age=15552000;includeSubdomains"
    SSLEngine               on
    SSLCompression          off
    SSLProtocol             -all +TLSv1.2 +TLSv1.3
    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 
    SSLHonorCipherOrder     off
    SSLSessionTickets       off
    ServerSignature         off

    # Logs
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel alert rewrite:trace6

    DocumentRoot /var/www/nextcloud

    <Directory /var/www/nextcloud>
        Options Indexes FollowSymLinks
        AllowOverride None
        ### include all .htaccess
        Include /var/www/nextcloud/.htaccess
        Include /var/www/nextcloud/config/.htaccess
        Include /mnt/ncdata/.htaccess
        ###
        Require all granted
        Satisfy Any
    </Directory>

    <IfModule mod_dav.c>
        Dav off
    </IfModule>

    SetEnv HOME /var/www/nextcloud
    SetEnv HTTP_HOME /var/www/nextcloud

    # The following lines prevent .htaccess and .htpasswd files from being
    # viewed by Web clients.
    <Files ".ht*">
        Require all denied
    </Files>

    # Disable HTTP TRACE method.
    TraceEnable off
    # Disable HTTP TRACK method.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^TRACK
    RewriteRule .* - [R=405,L]
 RewriteRule ^/http-bind$ https://xmpp.example.com:5281/http-bind [P,L]

    # Avoid "Sabre\DAV\Exception\BadRequest: expected filesize XXXX got XXXX"
    <IfModule mod_reqtimeout.c>
        RequestReadTimeout body=0
    </IfModule>

    ### LOCATION OF CERT FILES ###

    SSLCertificateChainFile /etc/letsencrypt/live/nextcloud.example.com/chain.pem
    SSLCertificateFile /etc/letsencrypt/live/nextcloud.example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.example.com/privkey.pem
    SSLOpenSSLConfCmd DHParameters /etc/letsencrypt/live/nextcloud.example.com/dhparam.pem


</VirtualHost>

### EXTRAS ###
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
SetEnv proxy-sendcl 1

My prosody:

<VirtualHost *:80>        
        ServerName xmpp.example.com

        DocumentRoot /var/www/prosody
        
RewriteEngine on
RewriteRule /http-bind$ https://xmpp.example.com:5281/http-bind [P,L]

</VirtualHost>

And the Prosody config that lets encrypt made:


<VirtualHost *:443>
    ### YOUR SERVER ADDRESS ###


    ServerAdmin admin@nextcloud.example.com
    ServerName nextcloud.example.com

    ### SETTINGS ###
    <FilesMatch "\.php$">
        SetHandler "proxy:unix:/run/php/php8.1-fpm.nextcloud.sock|fcgi://localhost"
    </FilesMatch>

    # Intermediate configuration
    Header add Strict-Transport-Security: "max-age=15552000;includeSubdomains"
    SSLEngine               on
    SSLCompression          off
    SSLProtocol             -all +TLSv1.2 +TLSv1.3
    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 
    SSLHonorCipherOrder     off
    SSLSessionTickets       off
    ServerSignature         off

    # Logs
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel alert rewrite:trace6

    DocumentRoot /var/www/nextcloud

    <Directory /var/www/nextcloud>
        Options Indexes FollowSymLinks
        AllowOverride None
        ### include all .htaccess
        Include /var/www/nextcloud/.htaccess
        Include /var/www/nextcloud/config/.htaccess
        Include /mnt/ncdata/.htaccess
        ###
        Require all granted
        Satisfy Any
    </Directory>

    <IfModule mod_dav.c>
        Dav off
    </IfModule>

    SetEnv HOME /var/www/nextcloud
    SetEnv HTTP_HOME /var/www/nextcloud

    # The following lines prevent .htaccess and .htpasswd files from being
    # viewed by Web clients.
    <Files ".ht*">
        Require all denied
    </Files>

    # Disable HTTP TRACE method.
    TraceEnable off
    # Disable HTTP TRACK method.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^TRACK
    RewriteRule .* - [R=405,L]
 RewriteRule ^/http-bind$ https://xmpp.example.com:5281/http-bind [P,L]

    # Avoid "Sabre\DAV\Exception\BadRequest: expected filesize XXXX got XXXX"
    <IfModule mod_reqtimeout.c>
        RequestReadTimeout body=0
    </IfModule>

    ### LOCATION OF CERT FILES ###

    SSLCertificateChainFile /etc/letsencrypt/live/nextcloud.example.com/chain.pem
    SSLCertificateFile /etc/letsencrypt/live/nextcloud.example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.example.com/privkey.pem
    SSLOpenSSLConfCmd DHParameters /etc/letsencrypt/live/nextcloud.example.com/dhparam.pem


</VirtualHost>

### EXTRAS ###
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
SetEnv proxy-sendcl 1

0 Answers0