Help with Apache Reverse Proxy to NC Docker Instance

ℹ️ Support 📦 Appliances (Docker, Snappy, VM, NCP, AIO)
,
1

A while back, I set up a Docker image for Nextcloud on my host, and successfully set up a Reverse Proxy from a public-facing webserver to help serve up Nextcloud. Long story short, my host crashed, and I had to rebuild my webserver from scratch. The docker image survived, and is running fine, but for the life of me, I cannot get the Proxy to work again, and I can’t restore from backup for the proxy.

The docker image is up and running fine - I can browse it by IP if I disable URL rewrite. The problem is solely with the Apache2 Reverse Proxy.

The docker is using a self-signed SSL cert. I remember having to set the Proxy to tolerate this, but my internal notes are lacking, and I can’t find how I did it properly the first time any more.

I looked at the AIO Proxy guide, and tried to follow it, but I’m still getting a 500 Internal Server error when trying to proxy to the Nextcloud instance. I’ll post my Apache config below, any insight as to what I am missing would be appreciated.

SuexecUserGroup #1001 #1001
ServerName cloud.aiskon.net
DocumentRoot /home/aiskon/domains/cloud.aiskon.net/public_html
ErrorLog /var/log/virtualmin/cloud.aiskon.net_error_log
CustomLog /var/log/virtualmin/cloud.aiskon.net_access_log combined
ScriptAlias /cgi-bin/ /home/aiskon/domains/cloud.aiskon.net/cgi-bin/
DirectoryIndex index.php index.htm index.html
<Directory /home/aiskon/domains/cloud.aiskon.net/public_html>
    Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch 
    Require all granted
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
<Directory /home/aiskon/domains/cloud.aiskon.net/cgi-bin>
    Require all granted
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
# Reverse proxy based on https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html
RewriteEngine On
ProxyPreserveHost On
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
AllowEncodedSlashes NoDecode

# Adjust the two lines below to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
ProxyPass / https://10.0.0.253:11000/ nocanon
ProxyPassReverse / https://10.0.0.253:11000/

SSLEngine on
SSLCertificateFile /home/aiskon/ssl.combined
SSLCertificateKeyFile /home/aiskon/ssl.key
SSLCACertificateFile /home/aiskon/ssl.ca
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule ^/?(.*) "wss://10.0.0.253:11000/$1" [P]
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLHonorCipherOrder     off
SSLSessionTickets       off
2

Is your problem similar to this?

3

I was able to dig up my old Apache config, and confirm it’s working. I’ll paste it here for reference:

    ServerName cloud.aiskon.net
    ServerAlias www.cloud.aiskon.net
    ServerAlias mail.cloud.aiskon.net
    ServerAlias webmail.cloud.aiskon.net
    ServerAlias admin.cloud.aiskon.net
    DocumentRoot /home/aiskon/domains/cloud.aiskon.net/public_html
    ErrorLog /var/log/virtualmin/cloud.aiskon.net_error_log
    CustomLog /var/log/virtualmin/cloud.aiskon.net_access_log combined
    DirectoryIndex index.php index.php4 index.php5 index.htm index.html
    <Directory /home/aiskon/domains/cloud.aiskon.net/public_html>
        Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch 
        Require all granted
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    </Directory>
    <Directory /home/aiskon/domains/cloud.aiskon.net/cgi-bin>
        Require all granted
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
        SetHandler proxy:unix:/var/fcgiwrap/173439249341172.sock/socket|fcgi://localhost
        ProxyFCGIBackendType GENERIC
    </Directory>
    RewriteEngine on
    RewriteCond %{HTTP_HOST} =webmail.cloud.aiskon.net
    RewriteRule ^/(?!.well-known)(.*)$ https://cloud.aiskon.net:20000/ [R]
    RewriteCond %{HTTP_HOST} =admin.cloud.aiskon.net
    RewriteRule ^/(?!.well-known)(.*)$ https://cloud.aiskon.net:10000/ [R]
    ScriptAlias /cgi-bin/ /home/aiskon/domains/cloud.aiskon.net/cgi-bin/
    RemoveHandler .php
    RemoveHandler .php7.4
    RemoveHandler .php8.0
    RemoveHandler .php8.3
    <FilesMatch \.php$>
        SetHandler proxy:unix:/run/php-fpm/173439249341172.sock|fcgi://127.0.0.1
    </FilesMatch>
    <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
    </IfModule>
    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteRule ^\.well-known/carddav https://cloud.aiskon.net/remote.php/dav [R=301,L]
        RewriteRule ^\.well-known/caldav  https://cloud.aiskon.net/remote.php/dav [R=301,L]
        RewriteRule ^\.well-known/webfinger  https://cloud.aiskon.net/index.php/.well-known/webfinger [R=301,L]
        RewriteRule ^\.well-known/nodeinfo  https://cloud.aiskon.net/index.php/.well-known/nodeinfo [R=301,L]
    </IfModule>
    SSLEngine on
    SSLCertificateFile /home/aiskon/ssl.combined
    SSLCertificateKeyFile /home/aiskon/ssl.key
    SSLCACertificateFile /home/aiskon/ssl.ca
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    ProxyPass /.well-known/webfinger !
    ProxyPass / https://10.0.0.253:11000/
    ProxyPassReverse /.well-known/webfinger !
    ProxyPassReverse / https://10.0.0.253:11000/
    RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
    RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
    RewriteRule ^/?(.*) "wss://10.0.0.253:11000/$1" [P]
    SSLProxyEngine on
    SSLProxyVerify none 
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off
1 Like
4

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.