Docker, reverse proxy, and trusted domains

I am having trouble understanding the required configuration to prevent issues related to a trusted domain.

I have a Docker container (Apache version) serving the application through a reverse proxy on the same host.

What environment variables must I set to allow Nextcloud to operate with the proxy? What value should I set for the trusted_domains option? Should I use localhost, or the domain name exposed to the client by the proxy?

I use nginx as a docker and i put in trsted domains my subdomain for nextcloud. I also once tried to put in my localhost but it won’t let me login what makes sense because it requests https:// not http://
because i configured it in nginx that nginx creates a ssl with letsencrypt and forces it, and also uses HSTS.

I hope i could help you a little bit

Sorry, @Copaxy, I have not understood your configuration or solution. Would you mind trying again to explain each, as directly and concretely as possible?

No problem i try.
In your case what you should put in the trusted domain section in your config.php is your subdomain if you have one. I guess you have a domain. Then you create a subdomain like

then you open your config.php in your nextcloud folder, in my case i use the text editor nano in the terminal with a commmand like that: nano /var/lib/ncdata2/nextcloud2/config/config.php, then you go to the trusted domain section and put in your subdomain like that:


yours like :

I would do this if i do not missunderstand your problem.

@Copaxy, yes I have done as you just explained, even before posting my question. The problem is that a message about trusted domains is showing when accessing the application through a reverse proxy.

Part of my question is whether the trusted domain should be localhost (which is how the reverse proxy accesses the application), or the actual server name used by clients (as you show in your example).

However, I have tried both options, and found that neither works with the reverse proxy. I am wondering what else I may need to change. The documentation for the Docker image discusses reverse proxies, but I have found the explanations very ambiguous and incomplete.

Oh okey then i missunderstood your problem.
What does the message sound like? Can you post a picture?

I am also not a very experienced user (i set up my first reverse proxy with nextcloud myself a few days ago an still not all problems are solved) but maybe i can get an idea when i see the message.

For me i use a nginx proxy and i used the subdomain option and it works :man_shrugging:

Sure, @Copaxy.

The following message appears in the web browser when accessing the address served by the reverse proxy.

Access through untrusted domain

Please contact your administrator. If you are an administrator, edit the “trusted_domains” setting in config/config.php like the example in config.sample.php.

Further information how to configure this can be found in the documentation.

weird…maybe there is a problem in forwarding the localhost to the subdomain?
I do not know a solution right now, sorry :frowning:

Which value would you recommend for trusted_hosts, the domain or localhost?

I did it through nginx and forwarded my localhost to my subdomain and set the ssl ettings in the UI and put my subdomain in the trusted domain section. And it worked

so i would rather recommend the subdomain


Did you need to set any of the environment variables described in the container documentation (see Using the apache image behind a reverse proxy), such as TRUSTED_PROXIES?

Not really, i just set it up as the UI said and i had a calddav problem but it got solved in my other topic and thats it now. Sorry but i am very fresh to the topic.

There must be differences in the way proxies behave with respect to how they rewrite client requests. Hopefully someone will answer with the needed understanding of how the application evaluates whether the request is trusted.

Please try passing below environment variable to your nextcloud docker container:


Based on the documentation, this variable is used for autoconfiguration when the container is initialized, after which time it has no effect.

I have set the trusted_domains value through the configuration command, as explained in another discusssion.

trusted_hosts should the name/ip of your reverse proxy (in docker usually the container_name)
trusted_domain is the hostname you use to access you application like

there are only few variables please read and understand the reverse proxy manual carefully… and once it doesn’t work collect configs and logs so we can see what is going wrong

Here is my configuration. I use nginx reverse proxy, which I had to learn as I came from Apache. I’m a non-expert in both, having worked in IT years ago.
Everything works on my system. I need to point out that some of the entries I could have removed as they’re redundant and you will see a lot of # where I’ve edited out config and not returned to clean up the files so apologies for the mess. is my server. is my router. represents my domain name edited for privacy.
I use the reverse proxy to handle the SSL from acme and the config for CALDAV and CARDDAV.
I haven’t seen your configuration but wwe has give you the answer correctly. Although, I think you need to see an example.
My nextcloud is in a docker. I always upgrade nextcloud inside the docker, rather than the docker itself. Be aware of differences like php versions etc. I would not recommend simply copying my config but trying to check the differences between mine and yours.

Happy to try and help, but I’m very busy at the moment with some tight deadlines so apologies if I don’t respond in a hurry. Once again, I’m not an expert but I’ve invested a lot of time getting my system how I want it. The experts may even read my config and laugh but it gets an A+ security rating from Nextcloud when I do a security check.

NOTE: The intention was to upload my config files in a quote. The quote function on this forum thread is terrible!!
You can pull it from here:
Nextcloud and nginx reverse proxy configuration

Let me know if this helps, I’d like to know if I helped somebody :wink:

Also, I’m running similarly to copaxy’s configuration. My docker is sitting on unRaid.

@wwe: I suppose I had confused trusted_hosts and trusted_domains.

I have now set trusted_domains to the domain name for use by the client browser, and trusted_hosts to the name of the container as understood by Docker. I have kept also trusted_proxies unset.

I no longer see the error message generated by Nextcloud, but instead find that the Nextcloud returns a redirect command that affects the domain name. This change causes further problems.

How would I configure Nextcloud to keep from redirecting to a different host name than was originally used by the client?

I am sorry if these answers might be available from the documentation, but after reviewing it, I find a great deal of confusion from the various manuals and deployment styles.

brainchild, you need to consider that we have to imagine what your issue is, because you’re not providing enough information ie. screenshots, logs, etc.
If you are using a reverse proxy, why would you leave it unset? You need to tell Nextcloud to trust that proxy.
Also, did you look at the configuration in the link that I’ve shared with you?

You’ve provided very little information to try and get the issue resolved.