I’m intending to run an Nginx reverse proxy that points to my nextcloud server. The Nginx server is only listening on port 443 (firewall port 80 is blocked). It has a valid SSL cert. So all traffic is https.
Nextcloud is installed as a snap on Ubuntu 18.04.
The problem:
I managed to get it working, but not without difficulty. I guess that’s how I learn. The problem is, I can no longer access nextcloud via the local IP. When I navigate to the local IP, it redirects to the FQDN. I believe this is due to some overwrite settings, but I also think those settings were necessary to get nextcloud working with nginx. Its working at the moment with NAT reflection settings, but it seems very unnecessary / inefficient to send local traffic to my WAN and then through nginx first.
I want to be able to access nextcloud directly on my local network via it’s local IP (or local hostname), and also be able to access nextcloud externally with SSL encrypted traffic on a domain I own.
Details:
Initially I set it up to point to Nextcloud via the proxy_pass directive, and was getting a bad request error. To be honest, there were several errors that I tried to eliminate via a few guides and forum posts. Here are the steps I took to get it working.
I ran a snap command to disable https
I added a trusted domain
sudo snap run nextcloud.occ config:system:set trusted_domains 1 –value=your.fancy.domain
It loaded for a minute but then threw an error. So I followed the main snap page instructions to overwrite the host
sudo nextcloud.occ config:system:set overwritehost --value=“custom.example.com”
I was having a hard time with the android app after this (getting a malformed server configuration error).
I ended up scrapping Nginx config and following a guide, which also involved changing some settings in the nextcloud php config
Here is my nginx config:
#after hours of abuse got this one working from https://breuer.dev/tutorial/Setup-NextCloud-FrontEnd-Nginx-SSL-Backend-Apache2
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/custom.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/custom.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
server_name "custom.example.com";
client_max_body_size 0;
underscores_in_headers on;
location ~ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
proxy_buffering off;
proxy_redirect off;
proxy_max_temp_file_size 0;
proxy_pass http://192.168.20.15;
}
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
}
Here is the only thing I added / changed in the nextcloud php config:
'trusted_domains' =>
array (
4 => 'localhost',
1 => 'custom.domain.com',
2 => '192.168.20.15',
3 => 'nextcloud',
),
'overwritehost' => 'custom.domain.com',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/',
'overwrite.cli.url' => 'https://custom.domain.com/',
'htaccess.RewriteBase' => '/',
'trusted_proxies' =>
array (
0 => '192.166.6.2',
Guess I’m stuck here now. I’m pretty sure the local ip is redirecting to external domain because I’ve told it to… but I couldn’t get the external domain working without this. Any help would be greatly appreciated.