Don´t get access to Nextcloud behind reverse proxy

sebawie · November 27, 2019, 11:18am

Hello to all of you,

after running Nextcloud on a Pi for a long time, I wanted to install the whole thing in a VM. Since I run two systems in parallel I needed a reverse proxy here. When I installed it yesterday, access was also possible. Unfortunately not today.
The apache error.log contains the following messages:

Wed Nov 27 10:40:45.811334 2019] [mpm_prefork:notice] [pid 23034] AH00169:          caught SIGTERM, shutting down
[Wed Nov 27 10:41:13.310035 2019] [mpm_prefork:notice] [pid 254] AH00163: Apach/2.4.29 (Ubuntu) configured -- resuming normal operations
[Wed Nov 27 10:41:13.311210 2019] [core:notice] [pid 254] AH00094: Command line: '/usr/sbin/apache2'

In the forum I could not find a solution that would have worked for me.

<?php
$CONFIG = array (
'instanceid' => '',
'passwordsalt' =>  '*****',
'secret' =>  '****',
'trusted_domains' => 
array (
0 => 'subdomain.domain.com‘,
1 => '192.168.178.125',
2 => 'nc1.local',
),
'datadirectory' => '/mnt/hdd',
'dbtype' => 'mysql',
'version' => '17.0.1.1',
'overwrite.cli.url' => 'http://subdomain.domain.com',
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextclouduser',
'dbpassword' => '********',
'installed' => true,
'maintenance' => false,
'trusted_proxies'=> array(
0 => '192.168.178.105'
),
);

My virtual host config on the proxy

 <VirtualHost *:80>
ServerName subdomain.domain.com
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.178.125:80/
ProxyPassReverse / http://192.168.178.125:80/
RewriteEngine on
RewriteCond %{SERVER_NAME} =subdomain.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Please let me know if more information is needed.

Thanks for the help in advance.

M_R · November 27, 2019, 5:47pm

Hi,

Nowadays I use a nginx proxy instead (performance seems to be a lot better with nextcloud) but I do have my old apache config available. I hope it helps:

<VirtualHost *:443>
 ErrorLog logs/ssl_error_log
 TransferLog logs/ssl_access_log
 LogLevel warn
 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
# These need updating as it is an old list
 SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"

 SSLCertificateFile /<certpath>/cert.pem
 SSLCertificateKeyFile /<certpath>/privkey.pem
 SSLCertificateChainFile /<certpath>/chain.pem

# Enable this if if you use letsencrypt in a specific folder
# Alias /.well-known "/var/www/html/le/.well-known"
# ProxyPass /.well-known !

 Servername nextcloud.example.com
 Serveralias nextcloud

 <IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
 </IfModule>

 ProxyPreserveHost On
 SSLProxyEngine On
 ProxyRequests Off
 SSLProxyVerify none
 SSLProxyCheckPeerCN off
 SSLProxyCheckPeerName off
 SSLProxyCheckPeerExpire off

 ProxyPass / https://nextcloud.internal.hostname/
 ProxyPassReverse / https://nextcloud.internal.hostname/
# Or use an IP address by keeping the https and just replace the hostname. 
 ProxyPass / !
 ProxyPassReverse / !
</VirtualHost>

sailor2000 · November 29, 2019, 12:26pm

Hi try traefik… this is a very simple and almost selfconfiguring reverse proxy…

MichaIng · November 29, 2019, 2:10pm

Did you enable mod_proxy?

a2enmod proxy
systemctl restart apache2

tiwi · May 15, 2020, 5:01pm

is there any tutoral step by step how to put 2 services in one hosting ??

KarlF12 · May 15, 2020, 6:57pm

Apache works just fine for this with no performance problems. No need to throw it out for nginx or whatever to resolve the issue…

You appear to be redirecting to HTTPS but don’t have an HTTPS vhost?

Here is a working example. Let’s Encrypt will add the rewrite from HTTP to HTTPS for you when you configure it.

You can actually not serve anything but a redirect on port 80 if you want, but the HTTPS vhost needs to be there.

<VirtualHost *:80>
  ServerName cloud.domain.name
  ErrorLog ${APACHE_LOG_DIR}/nextcloud-error.log
  CustomLog ${APACHE_LOG_DIR}/nextcloud-access.log combined
  ProxyPreserveHost On
  ProxyPass / http://127.0.0.1:8080/
  ProxyPassReverse / http://127.0.0.1:8080/
  RewriteEngine On
  RewriteRule ^/\.well-known/carddav http://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
  RewriteRule ^/\.well-known/caldav http://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
</VirtualHost>

<VirtualHost *:443>
  ServerName cloud.domain.name
  ErrorLog ${APACHE_LOG_DIR}/nextcloud-error.log
  CustomLog ${APACHE_LOG_DIR}/nextcloud-access.log combined
  SSLEngine On
  ProxyPreserveHost On
  ProxyPass    / http://127.0.0.1:8080/
  ProxyPassReverse / http://127.0.0.1:8080/
  # Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
  RewriteEngine On
  RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
  RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
  SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>