IIS as reverse proxy for NC - NC does not 'see itself'

ℹ️ Support 📦 Appliances (Docker, Snappy, VM, NCP, AIO)
1

Hallo,

due to various restrictions, I’m using NC v25 as snap on ubuntu v22 in a VM by Hyper-V on a MS server 2021. On this server 2021 host I’m running IIS and have configured it as a reverse proxy. This way I can successfully connect to NC from my local intranet and from the internet using a Let’s encrypt certificate.

However, when I use on the ubuntu desktop for example firefox I cannot connect to NC running on exactly this machine (neither by http nor https) - that’s my problem.

I guess my problem is either related to the network configuration chapter in my NC config.php file or due to problems of interaction between the IIS reverse proxy and NC. However, all other windows-based VMs behind the IIS reverse proxy can successfully connect to their own webservices so I basically think that the IIS reverse proxy is correctly configured.

Details:
Host/IIS reverse proxy:
DNS name: MyServer.ddnss.de
IP 1: 192.168.178.36
IP 2: 192.168.178.37
Ubuntu VM with NC
DNS name: romagna.MyServer.ddnss.de
IP: 192.168.178.79

These are the lines in my config.php file:

‘memcache.locking’ => ‘\OC\Memcache\Redis’,
‘memcache.local’ => ‘\OC\Memcache\Redis’,
‘redis’ =>
array (
‘host’ => ‘/tmp/sockets/redis.sock’,
‘port’ => 0,
),
‘log_type’ => ‘file’,
‘logfile’ => ‘/var/snap/nextcloud/current/logs/nextcloud.log’,
‘logfilemode’ => 416,
‘instanceid’ => ‘ocfvvd83bc9j’,
‘passwordsalt’ => ‘NIL2DXukNfTitELQqCie8hl0qLMIzn’,
‘secret’ => ‘/aVzW3v9tu8Kg7/OPqoeOo7av71GRahPqeDPNa7yEbHq6yrp’,
‘overwritehost’ => ‘romagna.MyServer.ddnss.de’,
‘overwriteprotocol’ => ‘https’,
‘trusted_domains’ =>
array (
0 => ‘192.168.178.79:80’,
1 => ‘romagna.MyServer.ddnss.de’,
2 => ‘Romagna.MyServer.ddnss.de’,
),
‘trusted_proxies’ =>
array (
0 => ‘192.168.178.36’,
1 => ‘192.168.178.37’,
),
‘datadirectory’ => ‘/var/snap/nextcloud/common/nextcloud/data’,
‘dbtype’ => ‘mysql’,
‘version’ => ‘26.0.2.1’,
‘overwrite.cli.url’ => ‘http://192.168.178.79:80’,
‘dbname’ => ‘nextcloud’,
‘dbhost’ => ‘localhost:/tmp/sockets/mysql.sock’,
‘dbport’ => ‘’,
‘dbtableprefix’ => ‘oc_’,
‘mysql.utf8mb4’ => true,
‘dbuser’ => ‘nextcloud’,
‘dbpassword’ => ‘MJxpdxiVdwKzKubdvO5BD9SoUaMLgS5NKRFlZz4DZB97O4bEtA8tpYwLYe6vMTYV’,
‘installed’ => true,
‘maintenance’ => false,
‘app_install_overwrite’ =>
array (
0 => ‘folderplayer’,

When I look as admin in “Security & Setup Warnings” this message shows up:

There are some warnings with your system configuration.
The reverse proxy header configuration is incorrect or you are accessing Nextcloud through a trusted proxy. If this is not the case, then there is a security issue that allows an attacker to spy on the IP address that is visible to Nextcloud. More information about this can be found in the documentation.

Does anybody see any kind of misconfiguration that might explain my problem that I cannot connect from the ubuntu machine on its own NC instance? What do I have to do better?

Hannes

2

Have you tried consulting https://ddnss.de/ documentation to confirm you’ve actually set this up on their end?
Seems you do not have a let’s encrypt certificate.

Also see HowTo: Add a new trusted domain for additional ideas for setting this up. I don’t use snap, so cannot help there beyond suggesting the official documentation: Table of contents — Nextcloud latest Administration Manual latest documentation

3

Thank you for your advice! :slight_smile:

The Let’s encrypt certificate for ‘romagna.MyServer.ddnss.de’ is indeed installed on the MS IIS reverse proxy on the host and not on the ubuntu VM with NC. From ‘outside’ this is quite nicely working so I’m pretty sure that the HTTPS encryption is working well.

Presumably Firefox on the ubuntu VM with NC is either not contacting the IIS reverse proxy or there is any kind of stuff in my config.php file that does not allow NC to transfer data on ‘localhost’ via HTTP or HTTPs.

The articles you have mentioned I’ve already read - maybe I have not understood these text correctly (shame on my, I’m not 'a computer guy :-). Furthermore, various configurations for reverse proxy servers are mentioned - but unfortunately not IIS as reverse proxy. And googling for ‘NC & IIS reverse proxy’ does not help. Maybe I’m the first person with this crazy idea to use this combination… But due to other windows-based web services I’m stuck on IIS.

Hannes