I used to run Nextcloud behind Lighttpd on Raspberry Pi on a dedicated port (port forwarding from the router) with https. I have now switched up the configuration so that Nextcloud runs behind NGINX on the same server but with HTTP.
I am now terminating the connection (SSL) to Nextcloud with lighttpd 1.4 as a Reverse Proxy (on another server) and forwarding the request to the Nextcloud instance running with the NGINX server.
For the most part, the configuration is working.
In the Administration->Overview->Security & Setup Warnings I am getting the following warnings:
Your web server is not properly set up to resolve “/.well-known/webfinger”.
Your web server is not properly set up to resolve “/.well-known/nodeinfo”.
Your web server is not properly set up to resolve “/.well-known/caldav”.
Your web server is not properly set up to resolve “/.well-known/carddav”.
If I am reading the documentation correctly it sounds like this needs to be handled at the reverse proxy level. As lighthttpd is not officially supported, documentation on how this should be handled does not appear to exist.
I am reaching out to the community to see if there are any ideas to remove those warnings. I have used Lighttpd on the upstream server for many years and have too many things depending on that configuration to switch it up to NGINX at this time.
Below is the lighttpd configuration I am trying to use:
$HTTP[“host”] == “nextcloud.my.domain” {
proxy.server = ( “” => ( ( “host” => “1.2.3.4”, “port” => “80” ) ) )
proxy.header = (
“map-urlpath” => (
“/.well-known/caldav” => “/remote.php/dav”,
“/.well-known/carddav” => “/remote.php/dav”,
“/.well-known/webfinger” => “/index.php/.well-known/webfinger”,
“/.well-known/nodeinfo” => “/index.php/.well-known/nodeinfo”,
),
“upgrade” => “enable”,
“connect” => “enable”
)
ssl.ec-curve = “secp384r1”
ssl.honor-cipher-order = “enable”
ssl.cipher-list = “EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH”
setenv.add-response-header = (
“Strict-Transport-Security” => “max-age=15552000”
)
ssl.use-sslv2 = “disable”
ssl.use-sslv3 = “disable”
ssl.pemfile = “/etc/pki/lighttpd/private/nextcloud.my.domain.pem”
}
Besides the proxy.server and ssl.pemfile directives, I don’t know if any of the other stuff works or is necessary. I have removed everything else and I get the same results so I have kept the other stuff in case it has benefits.
If anyone has suggestions, I would appreciate the help.
Thank You.