Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems with OwnCloud on Qnap with Squid3 SSL Reverse Proxy

    Scheduled Pinned Locked Moved Cache/Proxy
    6 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      darkred
      last edited by

      Guys, I need your help
      since a few days I try to bring my OwnCloud on Qnap online through my pfsense with a Squid3 Reverse Proxy. I assume I made a mistake with the certificates, I am not very experienced in the handling with them. Without SSL I can access my OwnCloud trough my Reverse Proxy, but with, it is still impossible.
      What I have done:
      1. I exported the .crt and the .key file from my Qnap device (default certificate from my Qnap Device)
      2. Imported the certificate into pfsense as "owncloud external certificate" (self signed)
      3. Enabled "HTTPS Reverse Proxy" in my "Squid Reverse Proxy"
      4. Selected "Ignore Internal Certificate Validation" (no idea if I need the Intermediate CA Certificate or what it is…?)
      5. Selected my imported certificate as "Reverse SSL Certificate"
      6. Allowed TCP Port 443 on my WAN address
      7. Enabled and defined the "Web Server" with the IP, the peer port 4443, peer protocol https (the local port on Qnap for OwnCloud)
      8. Enabled and defined the "Mappings" to my peer and defined the URIs "https://my.domain"

      Locally I can access my OwnCloud instance over 4443 and it is correctly encrypted. It also works fine from external trough my reverse proxy without SSL. But if I try to access from outside with SSL (https://my.domain), I get the following error:
      "Der Server unter X braucht zu lange, um eine Antwort zu senden." Interesting is, that as soon as I receive the error page, the URL changes from "https://my.domain" to "https://my.domain/redirect.html?count=0.6637583377511048". But I have no redirects defined...
      I hope somebody will be able to support me, thank you!
      (2.2.4-RELEASE (amd64) - squid3 0.4.1.1 - Qnap TS-509 / 4.1.4 - OwnCloud 8.0.4)

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        @darkred:

        Interesting is, that as soon as I receive the error page, the URL changes from "https://my.domain" to "https://my.domain/redirect.html?count=0.6637583377511048". But I have no redirects defined…

        This is internal QNAP crap that has nothing to do with pfSense.

        1 Reply Last reply Reply Quote 0
        • D
          darkred
          last edited by

          Thank you for your message. Are you sure? That means, that my config should be correct?
          If it is an internal problem, would it be a possibility to create a ssl connection to pfsense / reverse proxy and connect to the http protocol of the qnap? If yes, how?

          Some other meanings or ideas?

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            Yeah, I'm very sure that the ?count= nonsense is stuff produced by QNAP webgui (they use it for some usage tracking or WTF). As for config - hitting this would suggest you are hitting the QNAP admin GUI instead of OC. The URI certainly doesn't look correct unless you produced some virtualhost on QNAP.

            (Honestly, the QNAP stuff notoriously outdated LAMP stack and core system in general is something I'd never run publicly accessible.)

            1 Reply Last reply Reply Quote 0
            • D
              darkred
              last edited by

              I have virtual host defined on Qnap to connect directly to OC, therefore I assume, that all the nonsense stuff of the Qnap Gui shouldn't have an impact, right?
              If I am looking for a way to build a secure "dropbox"-like solution for my own, what would you prefer if an SSL reverse proxy combined with the virtual host on Qnap is a risk?

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                Afraid I won't be much of an assistance here, beyond a couple of notes:

                • Don't use the default QNAP certificates, pretty much the same like having no encryption at all. Anyone can get the private key.
                • Literally every howto that deals with running OwnCloud on QNAP suggests to move the QNAP admin webgui our of port 443.

                Other than that, all QNAP boxes here are running Debian.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.