Support intro
Sorry to hear youāre facing problems. 
The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / āas availableā basis. All of those responding are volunteering their time to help you.
If youāre using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.
Getting help
In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.
Before clicking submit: Please check if your query is already addressed via the following resources:
- most of office issues are handled in Collabora integration guide
- Official documentation (searchable and regularly updated)
- How to topics and FAQs
- Forum search
(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).
Second time writing this, I accidentally closed the tab before posting and it didnāt saveā¦ sigh. Hopefully I donāt miss any details.
The Basics
- Nextcloud Server version (e.g., 29.x.x):
32.0.5
- Operating system and version (e.g., Ubuntu 24.04):
Unraid 7.2.3
- Web server and version (e.g, Apache 2.4.25):
N/A
- Reverse proxy and version _(e.g. nginx 1.27.2)
nginx 1.28.0
- PHP version (e.g, 8.3):
8.3.30
- Is this the first time youāve seen this error? (Yes / No):
N/A
- When did this problem seem to first start?
always
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
Docker containers
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
No
Summary of the issue you are facing:
Hello! I have a working Nextcloud instance with document editing via Collabora. I even have LibreSign, it works great! Thanks for all your hard work, and in particular the docs that I have read over.
My Nextcloud is behind a nginx reverse proxy, accessed via a domain nextcloud.mydomain.com that I have a valid SSL cert for. Iāve updated trusted_domains and trusted_proxies in config.php and it all works great.
Now Iām working on making sure my Nextcloud server is secure.
Iāve worked through the various Admin > Overview messages (they are great btw), I wonāt bore you with the ones that fixed up easily. And Iāve received an A via scan.nextcloud.com so relatively sure things are good.
- Is it okay to use
'overwriteprotocolā => āhttpsāto get Collabora working?
One thing to note is that my Nextcloud docker container only seemed to expose a webGUI on http port 80 (is this my mistake?) instead of https 443. This means my nginx accepts https connections but then forwards them to the Nextcloud via http 80. I believe this is OK and secure, the URL still says itās secure.
set $upstream_app nextcloud;
set $upstream_port 80;
set $upstream_proto http;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
BUT I noticed that;
- Collabora wouldnāt work (I read somewhere in a forum post that it ONLY works over SSL)
- Admin > Overview message about accessing via HTTP (even though the URL was HTTPS and secure)
I added 'overwriteprotocolā => āhttpsāto my config.php and this solved both of the above - I can now open documents! Is this an OK thing to do?
- Is it okay to add
192.168.1.1in the WOPI allow-list, for a built-in Collabora server behind a reverse proxy?
I now wanted to resolve the WOPI allow-list warning by adding some items to it.
The docker container seems to run a built-in Collabora server that it points requests to. I started by adding nextcloud.mydomain.com but this blocked the requests and resulted in this log message
WOPI request denied from 192.168.1.1 as it does not match the configured ranges: nextcloud.mydomain.com
That IP is my router/gateway that port forwards to nginx. It seems I have to add 192.168.1.1 to the allow-list (or leave it empty). I have read, via the Collabora integration guide that adding internal IPs to this list is bad practice. Is it ok in my situation? Or do I need to fix something else?
"donāt use internal names or IPs e.g. http://127.0.0.1, http://office:9980, http://192.168.0.7:80"
Most of the docs/guides/posts I have read have a separate Collabora server so itās more obvious what its IP is to use there.
It would be helpful if scan.nextcloud.com could scan for basic WOPI issues - just a thought!
Log entries
Nextcloud
Provided above
Web server / Reverse Proxy
I couldnāt actually find the nginx system logs in my container but let me know and I can try to troubleshoot more. Only seemed to find access.log
Configuration
Nextcloud
$ php occ config:list system
{
"system": {
"htaccess.RewriteBase": "\/",
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"upgrade.disable-web": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": "***REMOVED SENSITIVE VALUE***",
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"overwriteprotocol": "https",
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "32.0.5.0",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"maintenance": false,
"maintenance_window_start": 1
}
}
Apps
N/A (but let me know and Iāll add if needed)
