News app ignoring port in nc http proxy configuration

[Szwendacz99]

IMPORTANT

Read and tick the following checkbox after you have created the issue or place an x inside the brackets ;)

• [ x] I have read the CONTRIBUTING.md and followed the provided tips
• [x ] I accept that the issue will be closed without comment if I do not check here
• [ x] I accept that the issue will be closed without comment if I do not fill out all items in the issue template.

Explain the Problem

My nextcloud is using forward http proxy to reach public internet. The proxy address together with tcp port is specified both in HTTPS_PROXY env variable and in config.php. The proxy uses http, and port is 80 so at first I was not specifying port, as it is the default for protocol, but then whole Nextcloud had trouble connecting to the public https, with error that it cannot connect to proxy with port 1080. I have no idea where it got that port from, but when I specified the port 80 in configuration, almost everything started to work, and use the proxy correctly. Everything except News app, which still tries to use port 1080 in cron and fails. I am not sure if this is problem with News app or with cron, but I dont see any other Nextclouds components having the issue right now. My whole setup is based on custom container images, running in kubernetes.

Steps to Reproduce

Explain what you did to encounter the issue

1. Setup http forward proxy working on http and port 80
2. Configure the proxy address in nextcloud, specifying port
3. Configure some rss news
4. Wait until warnings appear in log about being unable to connect to the proxy address with port 1080

System Information

• News app version: 25.1.0
• Nextcloud version: 30.0.4
• Cron type: "system cron"
• PHP version: 8.3.14
• Database and version: Postgres 17.2
• Browser and version:
• OS and version:

Contents of nextcloud/data/nextcloud.log

Paste output here

Contents of Browser Error Console

Read http://ggnome.com/wiki/Using_The_Browser_Error_Console if you are unsure what to put here

Paste output here

[wofferl]

tcp/1080 is the default socks proxy port
Did you at first only use ip without http://?

The setting normally looks like:
'proxy' => 'http://192.168.0.1:8080',

If you have set it correct, it's maybe a caching problem. Have you tried restart your web server.

[Szwendacz99]

my config is:
'proxy' => 'http://<k8s-cluster-internal-domain>:80'

Restarting pod that contains httpd, php and cron loop does not help. Not sure what cache could be cleaned there and how.

[Grotax]

Did you figure out what the issue is or did it solve itself?

I checked the code an I'm not sure what the issue could be we could possibly add some debug logging so that the we can log what news receives from Nextcloud.

news/lib/Config/FetcherConfig.php

Lines 76 to 106 in 22db637

	public function __construct(IAppConfig $config, IConfig $systemconfig, IAppManager $appManager)
	{
	$this->version = $appManager->getAppVersion(Application::NAME);
	$this->client_timeout = $config->getValueInt(
	Application::NAME,
	'feedFetcherTimeout',
	Application::DEFAULT_SETTINGS['feedFetcherTimeout']
	);
	$this->redirects = $config->getValueInt(
	Application::NAME,
	'maxRedirects',
	Application::DEFAULT_SETTINGS['maxRedirects']
	);
	$proxy = $systemconfig->getSystemValue('proxy', null);
	if (is_null($proxy)) {
	return $this;
	}
	$url = new Net_URL2($proxy);
	$creds = $systemconfig->getSystemValue('proxyuserpwd', null);
	if ($creds !== null) {
	$auth = explode(':', $creds, 2);
	$url->setUserinfo($auth[0], $auth[1]);
	}
	$this->proxy = $url->getNormalizedURL();
	return $this;
	}

[Szwendacz99]

I just changed the port of proxy to use 1080, so the default here matches. But I can try debugging, you can tell me what and how to print in that function, and where to retrieve the output.

[Grotax]

Hey I started to look into this.

But so far I could not identify the issue, my first thought was that maybe Nextcloud or the following steps in the FeedFetcherConfig would change the port.

But setting 'proxy' => 'http://192.168.0.1:8080', or 'proxy' => 'http://192.168.0.1:80', was both logged correct in my dev setup.

What I did not test yet is to actually have a proxy that could be used, it is of course possible that further down some function does not like port 80.

[Grotax]

So I manged to get a proxy running based on tinyproxy just for testing this.

And I had the proxy listen on port 80 through the docker port mapping.

I set the proxy address and port in the nextcloud config, no authentication since my proxy does not need that.

It worked fine also worked fine with port 8888. So I'm not sure what the issue could be in your case.

[Szwendacz99]

I am restoring config to test it once again. My though was that some apps take ports and addresses from k8s-provided env variables, but in the variables there is nothing about port 1080.

[Szwendacz99]

The problem still occurs. I manually applied the modification with logger to FetcherConfig.php, hopefully I will see something.

[Szwendacz99]

Apparently the config there is good:

I don't know what happens then.
Example warning that appears from time to time labeled with news as app:

https://forgejo.org/releases/rss.xml read error : cURL error 7: Failed to connect to tinyproxy.nextcloud.svc.cluster.local. port 1080 after 1059 ms: Could not connect to server (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://forgejo.org/releases/rss.xml

And when open news app I see red icons on feeds and information that it "has errors"

Maybe it matters if I also have HTTPS_PROXY env set up?

[Grotax]

Well I have no idea then, checking all your environment variables makes sense I guess.

In the end some software in the stack might choose those instead of the config we provide.
And maybe that port is set somewhere?

It might also have to do with the cron job no idea how that works with docker and kubernetes.

Anyway I guess I can't help with this anymore than I did sorry.

[wofferl]

The problem is normalizing the proxy url. This will remove standard ports like 80 from the proxy url string, but which are needed by curl. This is why the socks standard port 1080 is used here.

news/lib/Config/FetcherConfig.php

Lines 101 to 109 in 21614f6

	$url = new Net_URL2($proxy);
	$creds = $systemconfig->getSystemValue('proxyuserpwd', null);
	if ($creds !== null) {
	$auth = explode(':', $creds, 2);
	$url->setUserinfo($auth[0], $auth[1]);
	}
	$this->proxy = $url->getNormalizedURL();

Don't know yet if normalizing here is really needed.

[wofferl]

@Szwendacz99 You can configure the proxy setting without the http:// scheme ( 'proxy' = '<k8s-cluster-internal-domain>:80'), as described in the Nextcloud Proxy Configurations.
This prevents the library from removing :80 from the proxy url.

[Szwendacz99]

I will test that. However this seem somewhat wrong, as I should be able to specify protocol, as it could be https instead of http. Also other parts of the nextcloud do work with the url with scheme.

[wofferl]

I will test that. However this seem somewhat wrong, as I should be able to specify protocol, as it could be https instead of http. Also other parts of the nextcloud do work with the url with scheme.

The nextcloud server took the proxy string like it is, so there is no problem, but yes you're right, this is a bug that shoud be fixed.

Actual it means that news fails on proxy settings where the scheme equals the standard port for that scheme like:
http://proxy-ip:80
https://proxy-ip:443
and so on.

[Grotax]

Should be solved with #3027 will be released soonish