Can't make reverse proxy work between public Apache server and local Nextcloud server

ℹ️ Support
, ,
4

Hi Jesper,

Yes, your understanding is mostly correct and you’re definitely heading in the right direction. Let me clarify a few points:

:wrench: How the setup works:

  1. Run NGINX Proxy Manager in Docker – either on a new host or on an existing machine you already have, as long as it has Docker installed and is accessible within your LAN.
    There’s no need to set up a brand new dedicated server just for the proxy if you already have one that fits.

  2. Forward ports 80 and 443 on your router to the machine running NGINX Proxy Manager.
    This ensures that all incoming traffic (e.g. for nextcloud.mydomain.dk, mydomain.dk) goes through your proxy first.

  3. Disable any reverse proxy setup on your Apache host – that part will no longer be needed. Apache can continue serving your websites or apps, but access will now go through the NGINX proxy.

  4. In NGINX Proxy Manager, configure:

    • mydomain.dk → points to the internal IP of your Apache host (e.g. 192.168.1.100:80)
    • nextcloud.mydomain.dk → points to the IP and port of your Nextcloud AIO host (e.g. 192.168.1.101:11000)

  5. Install Nextcloud AIO following my setting for docker-compose.yml
    Remember: Nextcloud AIO uses port 11000 for Nextcloud Apache, which you’ll need to use in the proxy config. But port 6789 is for Nextcloud Admin web interface.

:paperclip: Helpful links

I shared my full setup (including docker-compose.yml, port configuration, and routing) here:
:link: My working solution using NGINX Proxy Manager

And here’s a short video showing it in action:
:movie_camera: Video demo of the setup

:locked_with_key: About existing SSL certificates

You won’t need the certificates that are currently configured on your Apache server anymore – NGINX Proxy Manager will handle all SSL certificates using Let’s Encrypt.
You can leave them in place as backup, but they’ll no longer be used.

:locked: Security note

I strongly recommend NOT exposing the NGINX Proxy Manager web UI directly to the internet.
Instead, access it:

  • only from your local network, or
  • via a VPN like WireGuard if you need remote access.

Your public services like Nextcloud can be safely exposed via HTTPS through the proxy, but the proxy admin interface should remain protected.

Let me know if you run into anything. I’ve been running this setup for a long time with over 15 self-hosted services – rock solid and easy to manage.