Nextcloud AIO can be an intimidating black box, but it is simple to convert an install from directly-accessed to reverse-proxy mode. Generally, we delete and recreate the nextcloud-aio-mastercontainer with correct settings, leaving everything else intact.
Please note, this guide only covers Nextcloud AIO conversion. You still need to adjust your firewall rules, network routing (NAT), and the reverse proxy itself.
-
Stop Containers using the Nextcloud AIO management webpage
-
Stop Nextcloud AIO itself (login to the host machine terminal/SSH)
docker stop nextcloud-aio-mastercontainer -
Remove Nextcloud AIO. This does not affect any volumes, network, or other containers like apache/redis/etc.
docker rm nextcloud-aio-mastercontainer -
Recreate Nextcloud AIO with reverse proxy enabled, per the official Reverse Proxy instructions: all-in-one/reverse-proxy.md at main · nextcloud/all-in-one · GitHub. Once it launches, you can safely back out with Ctrl + C. It will keep running in the background due to
sig-proxy.
docker run \
--init \
--sig-proxy=false \
--name nextcloud-aio-mastercontainer \
--restart always \
--publish 8080:8080 \
--env APACHE_PORT=11000 \
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
ghcr.io/nextcloud-releases/all-in-one:latest
- Whitelist your reverse proxy’s IP so Nextcloud knows it can trust the incoming HTTP headers, especially the real client IP address. The first 3 lines here are auto-generated; add another line for your reverse proxy, e.g.
192.168.50.40.
/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php
'trusted_proxies' =>
array (
0 => '127.0.0.1',
1 => '::1',
10 => '172.18.0.0/16',
20 => '192.168.50.40',
),
- Start Containers using the Nextcloud AIO management webpage. That’s it!