Help with reverse proxy (NPM) for NC on a Synology NAS

tonitonae · October 7, 2021, 2:08pm

Hi all.

I am experiencing a very weird behavior when trying to configure Nextcloud to work behind a Nginx reverse proxy managed with Nginx Proxy Manager (probably due to my lack of knowledge on how RP interact with services).

I have a Docked based setup: both Nextcloud (NC) and Nginx Proxy Manager (NPM) are running in containers.

NC and NPM share the same bridged network, so they should be able to talk.

Everything is installed in a Synology NAS (this might not be relevant but something weird is happening with a redirection that might be due to Synology having its own Nginx running).

Finally, I also have a VM in the Synology NAS running Diet-Pi with Pi-Hole, Unbound and Wireguard running on it. My network is configured to use this server for DNS and I have a local DNS entry pointing (mydomain.com) to the Synology NAS IP (192.168.0.100).

DNS resolution and VPN is working properly, so I assume the VM is properly configured.

IN NPM I have several servers configured, including cops for ebooks management and Home Assistant. Both of them are being served from subdomains (cops.mydomain.com and ha.mydomain.com) without issues (in the case of HA I had to modify the config.yml file to make HA aware of being behind a reverse proxy). HTTPS is being served on a non standard port (4443) because Synology’s Nginx manages ports 443 and 80 and I did not want to mess with its config files as they are recreated every update and/or reboot.

However, I have been unable to make NC to work under a similar configuration. If I just configure the RP to point to NC’s IP, I get to connect (so NPM and NC are talking) but I get an error about “untrusted domain”. If I then update NC’s config.php to include nextcloud.mydomain.com as a trusted domain (along with the IP that was already configured) I can not longer connect to NC: I do not even see the error page of “trusted domains” but, instead, and this is they weird thing, it redirects to port 443 (managed by Synology). Then it of course complains about the certificate because it is the self-signed Synology certificate which is being sent.

This is pretty weird and I do not have a clue of what I might being done wrong.

I might have also missed something in my post as this is a somehow complicated setup, so feel free to ask any details that is not included in my description.

Any help is appreciated.

Thanks!

tonitonae · October 8, 2021, 8:05am

OK.

I have solved the access problem by moving everything to a macvlan so that https redirect can reach port 443 managed by the proxy and not the one managed by DSM.

However, now I have an additional problem: when accessing through the proxy it is veeery slow (around 1 minute for each page, systematically). Accessing directly on the IP and through HTTP is almost instantaneous, so it seems to be some kind of problem between NC and NPM.

Anyone with a similar config?

Thanks!

tonitonae · October 8, 2021, 8:44am

Another advance:

Disabling Collabora in Nextcloud makes things room smoothly, so the problem could be in the interaction of this app with nginx (accessing without the proxy does not need the app to be disabled).

Do not why this might be happening, but as I am not using Collabora in the short term, I will leave it disabled for now…

jackyjoy123 · October 9, 2021, 12:09pm

thanks, my issue has been fixed.

tonitonae · October 13, 2021, 5:59am

Glad it helped!