NC Behind Apache reverse proxy

Hi everyone, I am trying to install NC TrueNas plugin (nginx) behind an Apache reverse proxy which is not working properly, I have been reviewing forums for more than three days in search of guidance and the most I have achieved is that it shows me the login screen.
When I enter the credentials to access it returns me to the login screen again and again.

In the proxy I configure the use of certificates
I share configuration files is not my real domain


<VirtualHost *:80>
    ServerAlias cloud

    RewriteEngine on

    RewriteCond %{SERVER_NAME} [OR]
    RewriteCond %{SERVER_NAME}
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]


<VirtualHost *:443>

AllowEncodedSlashes NoDecode

SSLProxyEngine on
SSLProxyProtocol +all
SSLProxyVerify none
SSLProxyCheckPeerName off
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off

ProxyPass /.well_known/ !

ProxyVia On
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyRequests Off

RewriteEngine On
RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/host-meta https://%{SERVER_NAME}/public.php?service=host-meta [QSA,L]
RewriteRule ^/\.well-known/host-meta\.json https://%{SERVER_NAME}/public.php?service=host-meta-json [QSA,L]
RewriteRule ^/\.well-known/webfinger https//%{SERVER_NAME}/public.php?service=webfinger [QSA,L]

ProxyPass /
ProxyPassReverse /
RequestHeader set X-Forwarded-Proto "https"

SSLEngine on

ErrorLog /var/log/httpd/cloud.error

Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
Include /etc/letsencrypt/options-ssl-apache.conf



$CONFIG = array (
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/usr/local/www/nextcloud/apps',
      'url' => '/apps',
      'writable' => true,
    1 =>
    array (
      'path' => '/usr/local/www/nextcloud/apps-pkg',
      'url' => '/apps-pkg',
      'writable' => false,
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'one-click-instance' => true,
  'one-click-instance.user-limit' => 100,
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'localhost',
  'passwordsalt' => ''
   'secret' => '',
  'trusted_domains' =>
  array (
    0 => '',
    1 => '',
  'allow_local_remote_server' => true,
  'oidc_login_id_token' => false,
  'trusted_proxies' => ['', ''],
  'overwritehost' => '',
  'overwriteprotocol' => 'https',
  'overwritewebroot' => '/',
  'htaccess.RewriteBase' => '/',
  'forwarded_for_headers' =>
    array (
     1 => 'HTTP_X_FORWARDED'
  'bulkupload.enabled' => false,
  'overwrite.cli.url' => '',
  'datadirectory' => '/usr/local/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '25.0.2


  upstream php-handler {
    server unix:/var/run/nextcloud-php-fpm.sock;

# Redirect to HTTPS
server {
    listen 80 default_server;
    listen [::]:80;

    location ^~ /.well-known/acme-challenge {
        # Path to the root of your installation
        root /usr/local/www/nextcloud/;
        try_files $uri $uri/ =404;

    location / {
       return 301 https://$host:443$request_uri;


server {
    listen 443 ssl http2;
    server_name _;

    # HSTS settings
    # WARNING: Only add the preload option once you read about
    # the consequences in This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    include conf.d/;

Thank you very much in advance for the help.

This is a reverse proxy for a Docker setup where it was on the same host, so it’s probably a little different, but maybe it’ll help.

Make sure you clear your browser cache. I’ve noticed, usually after an upgrade or after my laptop was asleep, occasionally I have to clear the cache and/or retype the URL to get past the login screen.

thanks for your suggestion, I am using two different servers, one with apache (Fedora 36) and the other TrueNas (Core) with the nextcloud plugin.

I tried that configuration and the login screen loads but when I enter the credentials again it shows me the login screen.

If I connect directly to the nextcloud IP it works fine

Finally I finished installing a server with ngnix and configuring a reverse proxy and it worked