Don´t get access to Nextcloud behind reverse proxy

Hello to all of you,

after running Nextcloud on a Pi for a long time, I wanted to install the whole thing in a VM. Since I run two systems in parallel I needed a reverse proxy here. When I installed it yesterday, access was also possible. Unfortunately not today.
The apache error.log contains the following messages:

Wed Nov 27 10:40:45.811334 2019] [mpm_prefork:notice] [pid 23034] AH00169:          caught SIGTERM, shutting down
[Wed Nov 27 10:41:13.310035 2019] [mpm_prefork:notice] [pid 254] AH00163: Apach/2.4.29 (Ubuntu) configured -- resuming normal operations
[Wed Nov 27 10:41:13.311210 2019] [core:notice] [pid 254] AH00094: Command line: '/usr/sbin/apache2'

In the forum I could not find a solution that would have worked for me.

$CONFIG = array (
'instanceid' => '',
'passwordsalt' =>  '*****',
'secret' =>  '****',
'trusted_domains' => 
array (
0 => '‘,
1 => '',
2 => 'nc1.local',
'datadirectory' => '/mnt/hdd',
'dbtype' => 'mysql',
'version' => '',
'overwrite.cli.url' => '',
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextclouduser',
'dbpassword' => '********',
'installed' => true,
'maintenance' => false,
'trusted_proxies'=> array(
0 => ''

My virtual host config on the proxy

 <VirtualHost *:80>
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass /
ProxyPassReverse /
RewriteEngine on
RewriteCond %{SERVER_NAME}
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Please let me know if more information is needed.

Thanks for the help in advance.


Nowadays I use a nginx proxy instead (performance seems to be a lot better with nextcloud) but I do have my old apache config available. I hope it helps:

<VirtualHost *:443>
 ErrorLog logs/ssl_error_log
 TransferLog logs/ssl_access_log
 LogLevel warn
 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
# These need updating as it is an old list

 SSLCertificateFile /<certpath>/cert.pem
 SSLCertificateKeyFile /<certpath>/privkey.pem
 SSLCertificateChainFile /<certpath>/chain.pem

# Enable this if if you use letsencrypt in a specific folder
# Alias /.well-known "/var/www/html/le/.well-known"
# ProxyPass /.well-known !

 Serveralias nextcloud

 <IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

 ProxyPreserveHost On
 SSLProxyEngine On
 ProxyRequests Off
 SSLProxyVerify none
 SSLProxyCheckPeerCN off
 SSLProxyCheckPeerName off
 SSLProxyCheckPeerExpire off

 ProxyPass / https://nextcloud.internal.hostname/
 ProxyPassReverse / https://nextcloud.internal.hostname/
# Or use an IP address by keeping the https and just replace the hostname. 
 ProxyPass / !
 ProxyPassReverse / !

Hi try traefik… this is a very simple and almost selfconfiguring reverse proxy…

Did you enable mod_proxy?

a2enmod proxy
systemctl restart apache2

is there any tutoral step by step how to put 2 services in one hosting ??

Apache works just fine for this with no performance problems. No need to throw it out for nginx or whatever to resolve the issue…

You appear to be redirecting to HTTPS but don’t have an HTTPS vhost?

Here is a working example. Let’s Encrypt will add the rewrite from HTTP to HTTPS for you when you configure it.

You can actually not serve anything but a redirect on port 80 if you want, but the HTTPS vhost needs to be there.

<VirtualHost *:80>
  ErrorLog ${APACHE_LOG_DIR}/nextcloud-error.log
  CustomLog ${APACHE_LOG_DIR}/nextcloud-access.log combined
  ProxyPreserveHost On
  ProxyPass /
  ProxyPassReverse /
  RewriteEngine On
  RewriteRule ^/\.well-known/carddav http://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
  RewriteRule ^/\.well-known/caldav http://%{SERVER_NAME}/remote.php/dav/ [R=301,L]

<VirtualHost *:443>
  ErrorLog ${APACHE_LOG_DIR}/nextcloud-error.log
  CustomLog ${APACHE_LOG_DIR}/nextcloud-access.log combined
  SSLEngine On
  ProxyPreserveHost On
  ProxyPass    /
  ProxyPassReverse /
  # Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
  RewriteEngine On
  RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
  RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
  SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key