Installation Advice -NGINX and Roundcube with working config file

chewiesw · August 6, 2023, 12:26pm

Raspberry Pi
Nginx
PHP 7.3
MariaDB
Roundcube

I have a working roundcube installation using NGINX which I don’t want to break. I would like to install Nextcloud on the same Pi. Please can someone give me some advice with regard to the NGINX config files. Is it possible to merge and have one config file? I am planning installing Nextcloud in a subdir of the NGINX webroot.
This is my current NGNIX config file

server {
 listen 80;
 listen [::]:80;
 server_name mail.mydomain.com;

 return 301 https://$server_name$request_uri;
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name mail.mydomain.com;
    root /usr/share/nginx/roundcubemail/;
    index index.php index.html index.htm;

  error_log /var/log/nginx/roundcube.error;
  access_log /var/log/nginx/roundcube.access;

  location / {
    try_files $uri $uri/ /index.php;
  }

  location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
    deny all;
  }
  location ~ ^/(bin|SQL)/ {
    deny all;
  }

  location ~ \.php$ {
   try_files $uri =404;
    fastcgi_pass unix:/run/php/php7.3-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }

  location ~ /.well-known/acme-challenge {
    allow all;
  }

          ####################################################################
          # SSL Stuff
          # https://mozilla.github.io/server-side-tls/ssl-config-generator/
          ####################################################################
          

          # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
          ssl_certificate           /etc/letsencrypt/live/mydomain.com/fullchain.pem;
          ssl_certificate_key       /etc/letsencrypt/live/mydomain.com/privkey.pem;
          ssl_session_timeout 1d;
          ssl_session_cache shared:SSL:50m;
          ssl_session_tickets off;


          # modern configuration. tweak to your needs.
          ssl_protocols TLSv1.2;
          ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
          ssl_prefer_server_ciphers on;

          # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
          add_header Strict-Transport-Security " max-age=15768000";

          # OCSP Stapling ---
          # fetch OCSP records from URL in ssl_certificate and cache them
         ssl_stapling on;
          ssl_stapling_verify on;


	  ###################################
          # REVERSE PROXY LOCATION SETTINGS #
          ###################################
          location /calibre/ {
                proxy_pass http://192.168.1.83:8084/;
                proxy_set_header     Host            $host ;
                proxy_set_header     X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-Proto $scheme;
                add_header              Front-End-Https        on;
                proxy_redirect       off;
          }

          ##########################################################
          # Sonarr needs additional config regarding reverse proxy
          # Settings -> General -> URL Base: /sonarr
          ##########################################################
          location /sonarr/ {
                proxy_pass http://192.168.1.77:8989;
                proxy_set_header     Host            $host;
                proxy_set_header     X-Real-IP       $remote_addr;
                proxy_set_header     X-Forwarded-For      $proxy_add_x_forwarded_for;
          }

 location /sabnzbd/ {
                proxy_pass http://192.168.1.77:8080;
                proxy_set_header     Host            $host ;
                proxy_set_header     X-Real-IP       $remote_addr;
                proxy_set_header        X-Forwarded-Proto $scheme;
                add_header              Front-End-Https        on;
                proxy_redirect       off;
	}
}

tflidd · August 6, 2023, 2:33pm

Install them in different vhosts. The config of Nextcloud is specific, it might change over time and if you keep this separate, it is much easier. Just add another server {} -section to your config (check the docs for the specific settings: NGINX configuration — Nextcloud latest Administration Manual latest documentation), and use a different hostname: nextcloud.example.com.

You have a raspberry, so they are not that powerful, perhaps you want to migrate the Nextcloud part one day on a different machine, virtual machine or container, with different sub-domains and different vhosts, this is no problem.

chewiesw · August 29, 2023, 11:15am

I have finally had some time to install nextcloudpi on a spare RPi. Everything seems to be working internally so far, although I an getting a https error. I am trying to access externally by adding this to my nginx config which sits on another Rpi.

location /cloud/ {
proxy_pass http://192.168.1.77;
proxy_set_header Host $host ;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
proxy_redirect off;
}
When browse to mysite/cloud all I get is a white page with bold NEXTCloudPi and then a hyperlink to Nextcloudpi - keep you data close which takes you briefly to ownbits.com and the back to my url.