Hi,
Not really a NC question but I assume some might have run into the same issue.
Situation:
Router with NAT port 443 pointing at Server A.
NC running on ServerA with apache and “default” config file with subdomain a.example.com.
./sites-enabled/a.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /var/www/nextcloud
ServerName a.example.com
CustomLog /var/log/apache2/nc-access.log combined
ErrorLog /var/log/apache2/nc-error.log
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/a.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/a.example.com/privkey.pem
</VirtualHost>
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
LimitRequestBody 0
SSLRenegBufferSize 10486000
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDom
ains"
</IfModule>
</IfModule>
Another server B I would like to access through https://b.example.com
Revers proxy configuration:
./sites-enabled/b.conf
<VirtualHost *:80>
ServerName b.example.com
AllowEncodedSlashes NoDecode
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://b.example.com/
ProxyPassReverse / http://b.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName b.example.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://b.example.com/
ProxyPassReverse / https://b.example.com/
SSLProxyEngine On
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/a.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/a.example.com/privkey.pem
</VirtualHost>
This works for port 80 (http) but not 443. Trying to access https://b.example.com gives me the NC page about the server not being in trusted_domains - well, I did not want to go there anyway - but actually I wanted to access server B (no NC on that).
Does the configuration need to be done on another “level” (somewhere else in the apache configuration) to first consider the traffic by subdomain (server) and then going for the specific NC configuration? … or is my understanding of the concept wrong or not good enough?
Thank you, but I do not see what is different in there. … and now I do not even see 80 being handled by the correct server (actually it never worked - wrong test assumption on my side).
Is there anything you can suggest to analyze this? I am worried that it might not be about the apache configuration at the end.
Does a.conf really pass the syntax check? You have a bunch of stuff outside the VirtualHost element.
On b.conf your ProxyPass and ProxyPassReverse directives are wrong. The first argument is a path on the web server, not on disk. So it should just be: /
If you need to, then you’ll have to adjust the config files. Look back at the apachectl output. You’ll see site B is now the default. Apache doesn’t know which site you want when you don’t go to the URL by name (this is called SNI – service name indicator), so it gives you the default site.
The first conf it loads alphabetically for a given listening IP and port becomes the default site. I’m guessing a.conf and b.conf are not the actual file names?
You can number them to change the load order, e.g. 010-SiteA.conf and 011-SiteB.conf.