Hallo,
i have a very specialized error with my nextcloud setup. I get the error message “error 404: The requested resource could not be found” but only if I use the search in the iOS app and only if I access the nextcloud with an nginx reverse proxy in between. If i access the nextcloud without the proxy the search works fine. If i use an android phone the search works fine(with the proxy). If I use the web interface the search works fine with and without the proxy.
Is anyone running nextcloud behind a nginx reverse proxy and the search inside the iOS app is working? Any help or tipp is welcome!
-
Nextcloud Server 18.0.6
- Debian Buster
- php7.4
- nginx/1.19.0
-
Reverse Proxy: nginx/1.19.0
-
Nextcloud for iOS 3.0.0.76
-
iOS Software Version 13.6
-
iPhone 6s
Search:
- iOS + reverse proxy ==> Failed
- IOS direct access ==> Passed
- Webaccess with proxy ==> Passed
- Webaccess without proxy ==> Passed
- Android with proxy ==> Passed
- Android without proxy ==> Passed
nginx.conf:
user www-data;
pid /run/nginx.pid;
worker_processes auto;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 64;
upstream php-handler {
server unix:/run/php/php7.4-fpm.sock;
}
default_type application/octet-stream;
include /etc/nginx/snippets/ssl.conf;
access_log off;
error_log /var/log/nginx/error.log;
include /etc/nginx/sites-enabled/*;
}
ssl.conf:
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/certs/dh4096.pem;
ssl_ecdh_curve X448:secp521r1:secp384r1:prime256v1;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;";
resolver 127.0.0.1 valid=300s;
resolver_timeout 5s;
reverse-proxy-nextcloud.conf:
server {
listen 80;
listen [::]:80;
server_name cloud.example.tld icloud.example.tld;
server_tokens off;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cloud.example.tld icloud.example.tld;
# Do not show nginx version number
server_tokens off;
root /var/www/html;
index index.php index.html index.htm;
ssl_certificate /etc/nginx/ssl/certs/cloud.example.tld_tls_srv_crt_CHAINED.crt;
ssl_certificate_key /etc/nginx/ssl/private/cloud.example.tld_tls_srv_key.pem;
ssl_trusted_certificate /etc/nginx/ssl/certs/EXAMPLE_TLD_TLS_CA_chain.crt;
access_log /var/log/nginx/nextcloud-access.log combined buffer=512k flush=1m;
reset_timedout_connection on;
location ^~ / {
try_files $uri @proxy;
}
location @proxy {
client_max_body_size 1G;
include /etc/nginx/snippets/proxy.conf;
proxy_pass https://cloud.realm.example.tld:443;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location ~/\. {
deny all;
access_log off;
log_not_found off;
}
}
proxy.conf:
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
proxy_redirect off;
proxy_buffering off;
proxy_max_temp_file_size 1024M;
proxy_request_buffering off;
proxy_set_header Host $host;
proxy_set_header Referrer-Policy no-referrer;
#proxy_set_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload;";
proxy_set_header X-Content-Type-Options nosniff;
proxy_set_header X-Download-Options noopen;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Permitted-Cross-Domain-Policies none;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Robots-Tag none;
proxy_set_header X-XSS-Protection "1; mode=block";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;