I have several Nextloud servers running on Ubuntu Server 20.04 VMs behind an NGINX reverse proxy. It’s not fun to set up so here you go:
- Nextcloud config.php
<?php
$CONFIG = array (
'instanceid' => 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
'passwordsalt' => 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
'secret' => 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
'trusted_domains' =>
array (
0 => '192.168.###.###',
1 => 'nextcloud.DOMAIN.com',
),
'datadirectory' => '/var/www/DATAFILES',
'dbtype' => 'mysql',
'version' => '22.1.1.2',
'overwrite.cli.url' => 'https://nextcloud.DOMAIN.com/nextcloud',
'overwriteprotocol' => 'https',
'dbname' => 'DATABASEPASSWORD',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'DATABASEUSER',
'dbpassword' => 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
'installed' => true,
'memcache.local' => '\\OC\\Memcache\\APCu',
'trashbin_retention_obligation' => 'auto, 30',
'log_type' => 'file',
'logfile' => '/var/log/nextcloud.log',
'logfilemode' => 416,
'loglevel' => '0',
'logdateformat' => 'F d, Y H:i:s',
'default_phone_region' => 'US',
'twofactor_enforced' => 'true',
'twofactor_enforced_groups' =>
array (
),
'twofactor_enforced_excluded_groups' =>
array (
),
'maintenance' => false,
'theme' => '',
);
- NGINX conf file:
server {
server_name nextcloud.DOMAIN.com;
location / {
proxy_pass http://192.168.###.###/;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
# Enable HSTS (HTTP Strict Transport Security)
add_header Strict-Transport-Security "max-age=15768000;includeSubDomains";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
proxy_redirect off;
proxy_max_temp_file_size 0;
}
location /.well-known {
location = /.well-known/carddav { return 301 /nextcloud/remote.php/dav/; }
location = /.well-known/caldav { return 301 /nextcloud/remote.php/dav/; }
# according to the documentation these two lines are not necessary, but version 21.0.0 will produce warnings in the overview setup check
location = /.well-known/webfinger { return 301 /nextcloud/index.php$uri; }
location = /.well-known/nodeinfo { return 301 /nextcloud/index.php$uri; }
# anything else is dynamically handled by Nextcloud
location ^~ /.well-known { return 301 /nextcloud/index.php$uri; }
try_files $uri $uri/ =404;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/nextcloud.DOMAIN.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/nextcloud.DOMAIN.com-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = nextcloud.DOMAIN.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name nextcloud.DOMAIN.com;
return 404; # managed by Certbot
}
- Apache virtualhost config file
I run Nextcloud on standalone Ubuntu Server 20.04 VMs so here is a copy of a apache conf file found at /etc/apache2/sites-available/nextcloud.conf:
Alias /nextcloud "/var/www/nextcloud/"
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
Hope that helps to point you in the right direction.