Hello,
I am testing out the NextCloud v27.1.1.0 TurnKey appliance behind my Apache reverse proxy.
I have installed the NextCloud and Collabra apps to run self-hosted online office.
This is my first Apache reverse proxy configuration attempt. I have used what little information I found in chapter 5.13 of the manual, ‘Reverse Proxy’.
As per chapter 5.13.1, I have added ‘trusted_proxies
’ and (as per chapter 5.13.2) ‘overwrites’ to my NextCloud config.php file:
public.domain.co.uk
is the public-facing FQDN for the Apache2 VPS running the reverse proxy, while my.internal.domain.co.uk
is the local LAN DNS resolution for the NextCloud VM. As you will see, I use the internal FQDN to connect to NextCloud from the Apache reverse proxy.
<?php
$CONFIG = array (
'passwordsalt' => '*********************************',
'secret' => '*********************************************************************',
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'public.domain.co.uk',
2 => 'my.internal.domain.co.uk'
),
'datadirectory' => '/var/www/nextcloud-data',
'dbtype' => 'mysql',
'version' => '27.1.1.0',
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => '****************************',
'installed' => true,
'instanceid' => '*************',
'memcache.local' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/var/run/redis/redis.sock',
'port' => 0,
'timeout' => 0.0,
),
'filelocking.enabled' => true,
'memcache.locking' => '\\OC\\Memcache\\Redis',
'log_type' => 'file',
'logfile' => '/var/www/nextcloud-data/nextcloud.log',
'loglevel' => 3,
'enforce_theme' => '',
'default_locale' => 'en_GB',
'default_phone_region' => 'UK',
'maintenance' => false,
'trusted_proxies' => ['192.168.42.9'],
'overwritehost' => 'public.domain.co.uk',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/',
'overwritecondaddr' => '^192\.168\.42\.9$',
'overwrite.cli.url' => 'https://public.domain.co.uk/',
'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
);
(I gather there should be no closing php tag?)
Apache2.4 vhost reverse proxy configuration. As per 5.13.3 I added the Apache 2 rewrite rules for caldav and carddav and extra header directives as per some forum posts I found discussing reverse proxy issues with Collabra:
<VirtualHost *:80>
ServerName public.domain.co.uk
ServerAlias www.public.domain.co.uk
RewriteEngine on
RewriteCond %{SERVER_NAME} =public.domain.co.uk
RewriteCond %{SERVER_NAME} =www.public.domain.co.uk
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerName public.domain.co.uk
ServerAlias www.public.domain.co.uk
RewriteEngine on
RewriteRule ^/\.well-known/carddav https://my.internal.domain.co.uk/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/caldav https://my.internal.domain.co.uk/remote.php/dav/ [R=301,L]
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
ProxyPass / https://my.internal.domain.co.uk/ nocanon
ProxyPassReverse / https://my.internal.domain.co.uk/
Header always set Strict-Transport-Security "max-age=15768000; preload"
RequestHeader set X-Forwarded-SSL "1"
RequestHeader set X-Forwarded-Proto "https" env=HTTPS
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/public.domain.co.uk/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/public.domain.co.uk/privkey.pem
</VirtualHost>
(I just noticed an incumbent 'overwrite.cli.url' => 'http://localhost',
entry as I pasted my NextCloud config.php. - I have removed that line and nothing has changed (I don’t think it was causing an issue as it is overridden later in the array.)
I can create a new document fine, but when it comes to editing it, I just get the circular loading spinner.
Previously, I managed to correct all the internal domain names that were being sent to the clientbut it seems to be sending my.internal.domain.co.uk instead of public.domain.co.uk in this instance, resulting in the following errors in my FireFox v124.0.1 client. As I said I can’t find anywhere to fix this:
404 | GET | public.domain.co.uk | workspace?path=/EXTANT+DIRECTORY | xhr | json | ...
404 | GET | public.domain.co.uk | preview?fileId=nnnn&c=hexhexhexhexhexhexhexhexhex&x=200&y=200&forceIcon=0&a=1 | merged-index.js:6634 (img) | json | ...
404 | GET | public.domain.co.uk | closedoc.svg | img | ...
404 | POST | my.internal.domain.co.uk | https://my.internal.domain.co.uk/apps/richdocumentscode/proxy.php?req=/cool/https%3A%2F%2Fpublic.domain.co.uk%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F4324_144e733f82229%3Faccess_token%3DerXk20dLs2MXjfEYkHamGbviQS615B6q%26access_token_ttl%3D0/ws?WOPISrc=https%3A%2F%2Fpublic.domain.co.uk%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F4324_144e733f82229&compat=/ws/open/open/0 | | ...
That past POST looks suspect and I think that’s what’s causing the failure, but I can’t find out where this particular URL is coming from, since every other URL error has been rectified (I got lots until I sorted the NextCloud domains and some Apache2 vhost SSL settings.
I tried to glean as much information from the documentation on NextCloud as I could but ultimately found it to be missing important details and context and I do see other potential advocates having troubles relying solely on the instruction manual for instructions.
How would one go about making submissions or recommendations to the documentation team?
I am not seeing any errors from the proxy or the NextCloud Apache2 web service, just client errors - which is a monumental improvement on initial installation lol
So, I guess my questions are:
- Do my configs look OK or is something glaringly obviously broken?
- How would I remedy that leaked, rogue, internal domain name?
If there’s anything I’ve missed, please ask.
I hope this post is clearly put. If not, just ask and I’ll augment and clarify.
Many thanks.
(Apologies for any spelling mistakes or layout problems.)