Docker Nginx Nextcloud Configuration does not work

maxt123980 · March 9, 2025, 12:40pm

Hello,

I am currently running Home Assistant and Nextcloud behind an Nginx Proxy.

The Home Assistant runs at / and I want to run nextcloud at /nextcloud on the same domain.

I opened Port 443. The router converts the 8443 to 443.

I replaced my domain with ‘mydomain’.

I am an beginner, so I am open for improvements.

Thank you for your help

The problem is when I try to access my website I get just:
The URL changes from /nextcloud to /nextcloud/login

Nextcloud
Nextcloud – ein sicherer Ort für all deine Daten

This is my docker-compose:

services:
  homeassistant:
    container_name: homeassistant
    image: "ghcr.io/home-assistant/home-assistant:stable"
    cap_add:
      - NET_ADMIN
      - NET_RAW
    volumes:
      - /home/max/docker/homeassistant/config:/config:rw
      - /etc/localtime:/etc/localtime:ro
      - /run/dbus:/run/dbus:ro
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - internal_network

  nginx:
    image: nginxinc/nginx-unprivileged:latest
    container_name: nginx
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    ports:
      - "8443:8443"
    volumes:
      - /home/max/docker/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - /home/max/docker/nginx/html:/usr/share/nginx/html:ro
      - /home/max/docker/nginx/conf.d:/etc/nginx/conf.d:ro
      - /home/max/docker/nginx/certs:/etc/nginx/certs:ro
      - /home/max/docker/nginx/sites-available:/etc/nginx/sites-available:ro
      - /home/max/docker/nginx/sites-available:/etc/nginx/sites-enabled:ro
      - /home/max/docker/nginx/logs:/tmp/logs:rw
    networks:
      - internal_network
  nextclouddb:
    image: mariadb:latest
    container_name: nextclouddb
    restart: always
    volumes:
      - /home/max/docker/mariadb/nextcloud:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=rootpassword
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=userpassword
    networks:
      - internal_network

  nextcloud:
    image: nextcloud:latest
    container_name: nextcloud
    restart: always
    depends_on:
      - nextclouddb
    volumes:
      - /home/max/docker/nextcloud/html:/var/www/html:rw
      - /home/max/docker/nextcloud/data:/var/www/html/data:rw
      - /home/max/docker/nextcloud/config:/var/www/html/config:rw
      - /home/max/docker/nextcloud/apps:/var/www/html/custom_apps:rw
    environment:
      - NEXTCLOUD_TRUSTED_DOMAINS=mydomain
      - NEXTCLOUD_OVERWRITEHOST=mydomain
      - NEXTCLOUD_OVERWRITEPROTOCOL=https
      - NEXTCLOUD_OVERWRITEWEBROOT=/nextcloud
      - NEXTCLOUD_SUB_URL=/nextcloud
      - NEXTCLOUD_HTACCESS_REWRITE_BASE=/nextcloud
      - NEXTCLOUD_DB_HOST=nextclouddb
      - MYSQL_HOST=nextclouddb
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=userpassword
      - NEXTCLOUD_ADMIN_USER=admin
      - NEXTCLOUD_ADMIN_PASSWORD=adminpassword
      - NEXTCLOUD_TRUSTED_PROXIES=172.18.0.0/16
      - NEXTCLOUD_TRUSTED_DOMAINS=mydomain
    networks:
      - internal_network
    ports:
      - 8081:80

networks:
  internal_network:
    driver: bridge

This is my sites-available file:

server {
    listen 8443 ssl;
    http2 on;
    server_name mydomain;

    # SSL configuration
    ssl_certificate /etc/nginx/certs/fullchain.pem;
    ssl_certificate_key /etc/nginx/certs/privkey.pem;
    ssl_dhparam /etc/nginx/certs/dhparams.pem;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384';
    ssl_ecdh_curve secp384r1;
    ssl_session_timeout 10m;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;

    # Camera stream optimice
    proxy_buffer_size 128k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;
    proxy_max_temp_file_size 0;

    # limit rate
    limit_req zone=req_limit_per_ip burst=40 nodelay;
    error_page 503 /rate_limit_error.html;
    location /rate_limit_error.html {
        root /usr/share/nginx/html;
        internal;
    }

    # General Content-Security-Policy
    #add_header Content-Security-Policy "default-src 'self'; img-src 'self' http://192.168.178.57; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: 192.168.178.57; font-src 'self'; connect-src 'self' wss ws: https: 192.168.178.57; frame-ancestors 'self' https://mydomain; form-action 'self'; manifest-src 'self';" always;

    # HTTP header for Cache-Control
    add_header Cache-Control "public, max-age=31536000, immutable" always;

    # X-Frame Options
    add_header X-Frame-Options "SAMEORIGIN" always;

    # HTTP Only
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

    # Other
    add_header X-XSS-Protection "1; mode=block";
    add_header Referrer-Policy "strict-origin-when-cross-origin";

    # Config API
    location /api/ {
        limit_req zone=req_limit_per_ip burst=40 nodelay;
        add_header Cache-Control "no-store, no-cache, must-revalidate" always;
        add_header X-Frame-Options "SAMEORIGIN";
        proxy_pass http://homeassistant:8123;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_http_version 1.1;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
        proxy_cache my_cache;
        proxy_cache_valid 200 1h;
        proxy_cache_valid 404 0s;
    }

    # Config frontend
    location / {
        limit_req zone=req_limit_per_ip burst=20 nodelay;
        add_header Cache-Control "no-store, no-cache, must-revalidate" always;
        add_header X-Frame-Options "SAMEORIGIN";
        proxy_pass http://homeassistant:8123;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_http_version 1.1;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
        proxy_cache my_cache;
        proxy_cache_valid 200 1h;
        proxy_cache_valid 404 0s;
    }

    # Config Static files
    location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 365d;
        add_header Cache-Control "public, max-age=31536000, immutable";
        add_header X-Frame-Options "SAMEORIGIN";
        proxy_pass http://homeassistant:8123;
    }




    # Prevent unwanted file access
    location ~ /\.ht {
        deny all;
    }

    # HTTP methodes
    if ($request_method !~ ^(GET|HEAD|POST)$) {
        return 444;
    }

    # NextCloud Configs
    location /nextcloud {
    rewrite ^/nextcloud/(.*)$ /$1 break;
    proxy_pass http://172.18.0.5:80;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_request_buffering off;  # Wichtig für große Uploads!
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_cache_bypass $http_upgrade;
    }


    # Redirects für CalDAV und CardDAV
    location /.well-known/carddav {
    return 301 $scheme://$host/nextcloud/remote.php/dav;
    }

    location /.well-known/caldav {
    return 301 $scheme://$host/nextcloud/remote.php/dav;
    }

}

jtr · March 9, 2025, 2:24pm

See Nginx RP config here for subfolder use with that image: Maybe document subfolder based access (example) · Issue #2276 · nextcloud/docker · GitHub

Note also that some of your environment variables are not correct (i.e. there is no NEXTCLOUD_ prefix for the OVERWRITE* parameters, etc. See the docs for that image.

maxt123980 · March 9, 2025, 4:01pm

Thank you for your answer.

I changed it and now I just get an blank page with some text when I access it:

The URL changes from /nextcloud to /nextcloud/login

Nextcloud
Nextcloud – ein sicherer Ort für all deine Daten

Fixed: I had some settings to cache files which caused issues:

#    # Config Static files
#    location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
#        expires 365d;
#        add_header Cache-Control "public, max-age=31536000, immutable";
#        add_header X-Frame-Options "SAMEORIGIN";
#       proxy_pass http://homeassistant:8123;
#    }




#    # Prevent unwanted file access
#    location ~ /\.ht {
#        deny all;
#    }

#    # HTTP methodes
#    if ($request_method !~ ^(GET|HEAD|POST)$) {
#        return 444;
#    }