Hi there,
I set up a raspberry pi with two docker images: nginx and nextcloud/postgres.
nginx looks like:
# Datei: /data/RevProx/docker-compose.yml
version: "3"
services:
proxy:
image: nginx:1
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- ./conf.d:/etc/nginx/conf.d
- certs:/etc/letsencrypt
- certs-data:/data/letsencrypt
volumes:
certs:
certs-data:
and its configuration:
server {
listen [::]:80;
listen 80;
server_name myserver.homelinux.net;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen [::]:443 ssl;
listen 443 ssl;
server_name myserver.homelinux.net;
ssl_certificate ...
ssl_certificate_key ...
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
client_max_body_size 512M;
rewrite ^/\.well-known/caldav((/|$).*)$ /nextcloud/remote.php/dav$1 last;
rewrite ^/\.well-known/carddav((/|$).*)$ /nextcloud/remote.php/dav$1 last;
location /nextcloud {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass http://nextcloud_app_1.revprox_default;
}
location / {
# other Raspi. Works.
}
}
Now the nextcloud container:
# Datei: data/nextcloud/docker-compose.yml
version: '3'
services:
db:
image: postgres:10-alpine
restart: always
volumes:
- nextcloud_db:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=xxYxx
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
app:
image: nextcloud:18-apache
volumes:
- nextcloud:/var/www/html
- nextcloud_data:/var/www/html/data
restart: always
ports:
- 8080:80
networks:
- revprox_default
- default
environment:
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=xxYxx
- POSTGRES_HOST=db
- NEXTCLOUD_ADMIN_USER=yyy
- NEXTCLOUD_ADMIN_PASSWORD=zzz
- NEXTCLOUD_TRUSTED_DOMAINS=tsht2
volumes:
nextcloud_db:
external: true
nextcloud:
external: true
nextcloud_data:
external: true
networks:
revprox_default:
external: true
and the main parts of nextclouds config.php:
<?php
$CONFIG = array (
'htaccess.RewriteBase' => '/nextcloud',
'memcache.local' => '\\OC\\Memcache\\APCu',
'trusted_domains' =>
array (
0 => 'localhost',
1 => '192.168.200.14',
2 => 'myserver.homelinux.net',
),
'trusted_proxies' =>
array(
0 => '172.18.0.2',
),
'version' => '18.0.1.3',
'overwrite.cli.url' => 'https://myserver.homelinux.net/nextcloud',
'overwritehost' => 'myserver.homelinux.net',
'overwritewebroot' => '/nextcloud',
'overwriteprotocol' => 'https',
);
First, I accessed the nextcloud container directly local and could install it successfully.
Then, I tried to access it via the reverse proxy. So I inserted the overwrite* parameters as I found it in the nextcloud documentation.
At the moment, when I access myserver.homelinux.net/nextcloud, it redirects to the https variant (301), then to /nextcloud/login (302).
Then it redirects to https://myserver.homelinux.net/nextcloud/login (302), and so on until the browser ends with a error (“Umleitungsfehler”).
I checked the network traffic with wireshark.
The Request:
Hypertext Transfer Protocol
GET /nextcloud/login HTTP/1.0\r\n
Host: myserver.homelinux.net\r\n
X-Real-IP: 00.42.177.96\r\n
X-Forwarded-For: 00.42.177.96\r\n
X-Forwarded-Proto: https\r\n
Connection: close\r\n
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n
Accept-Language: de,en-US;q=0.7,en;q=0.3\r\n
Accept-Encoding: gzip, deflate, br\r\n
[truncated]Cookie: [...]
Upgrade-Insecure-Requests: 1\r\n
\r\n
[Full request URI: http://myserver.homelinux.net/nextcloud/login]
[HTTP request 1/1]
[Response in frame: 81]
And the Response:
Hypertext Transfer Protocol
HTTP/1.1 302 Found\r\n
Date: Sun, 17 May 2020 13:13:22 GMT\r\n
Server: Apache/2.4.38 (Debian)\r\n
X-Powered-By: PHP/7.3.14\r\n
Expires: Thu, 19 Nov 1981 08:52:00 GMT\r\n
Cache-Control: no-store, no-cache, must-revalidate\r\n
Pragma: no-cache\r\n
[truncated]Content-Security-Policy: [...]
Referrer-Policy: no-referrer\r\n
X-Content-Type-Options: nosniff\r\n
X-Download-Options: noopen\r\n
X-Frame-Options: SAMEORIGIN\r\n
X-Permitted-Cross-Domain-Policies: none\r\n
X-Robots-Tag: none\r\n
X-XSS-Protection: 1; mode=block\r\n
Location: https://myserver.homelinux.net/nextcloud/login\r\n
Content-Length: 0\r\n
Connection: close\r\n
Content-Type: text/html; charset=UTF-8\r\n
\r\n
[HTTP response 1/1]
[Time since request: 0.121199000 seconds]
[Request in frame: 78]
[Request URI: http://myserver.homelinux.net/nextcloud/login]
So… it redirects to exactly the URL of the request.
I googled around and read many posts, but I think I have done the configs in the way most of them suppose. I fiddled around a bit, but any try made it worse.
What happens? What have I configured wrong?
Thanks.
BTW: The links won’t work, since I replaced the real domain name