I’m using Nextcloud AIO.
I have a reverse proxy configured in front of the server via Nginx. This proxy goes to another server, which relays the traffic.
When the firewall on the Nextcloud AIO is disabled, everything works as expected.
When I enable the firewall and kill all traffic (in and out) except to the external server/proxy, Nextcloud works for people but Nextcloud office stops responding and documents fail to load.
Is there a way to configure the Nginx reverse proxy so Nextcloud office works with this setup?
Basically, I do not want the backend communicating with people at all and want all traffic going over the proxy server.
jtr
December 22, 2024, 1:16am
2
Are you clients perhaps not communicating with Collabora via your reverse proxy?
You can see what is used in Nextcloud by going to Admin settings->Office .
AIO’s provided reverse proxy has handling for connecting clients via itself, but it sounds like you’re using your own RP.
You may need to setup Office via your RP.
See:
I’m using the reverse proxy config provided by AIO
# Reverse Proxy Documentation
> [!NOTE]
> The maintainers of AIO noticed that this documentation could be improved to make it easier to follow. All contributions that improve this are very welcome!
A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is a software service that acts as a gateway between services and a client. It is commonly used to allow a client connected to the Internet to access a website located in the [private subnet](https://en.wikipedia.org/wiki/Private_network) of that web server.
**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).
In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to:
1. specify the port that AIO's integrated Apache container shall use
2. add a specific config to your web server or reverse proxy
3. modify the startup command a bit.
All examples below will use port `11000` as `APACHE_PORT`. This port will be exposed in the private network to receive unencrypted HTTP traffic from the reverse proxy.
> [!IMPORTANT]
> If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
**Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
1. **Configure the reverse proxy! See [point 1](#1-configure-the-reverse-proxy)**
1. **Use this startup command! See [point 2](#2-use-this-startup-command)**
show original