Hi everyone, I am trying to install NC TrueNas plugin (nginx) behind an Apache reverse proxy which is not working properly, I have been reviewing forums for more than three days in search of guidance and the most I have achieved is that it shows me the login screen.
When I enter the credentials to access it returns me to the login screen again and again.
In the proxy I configure the use of certificates
I share configuration files
cloud.org is not my real domain
cloud.conf
<VirtualHost *:80>
ServerName cloud.org
ServerAlias cloud
RewriteEngine on
RewriteCond %{SERVER_NAME} =cloud.org [OR]
RewriteCond %{SERVER_NAME} =cloud.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerName cloud.org
AllowEncodedSlashes NoDecode
SSLProxyEngine on
SSLProxyProtocol +all
SSLProxyVerify none
SSLProxyCheckPeerName off
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
ProxyPass /.well_known/ !
ProxyVia On
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyRequests Off
RewriteEngine On
RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/host-meta https://%{SERVER_NAME}/public.php?service=host-meta [QSA,L]
RewriteRule ^/\.well-known/host-meta\.json https://%{SERVER_NAME}/public.php?service=host-meta-json [QSA,L]
RewriteRule ^/\.well-known/webfinger https//%{SERVER_NAME}/public.php?service=webfinger [QSA,L]
ProxyPass / https://192.168.10.17/
ProxyPassReverse / https://192.168.10.17/
RequestHeader set X-Forwarded-Proto "https"
SSLEngine on
ErrorLog /var/log/httpd/cloud.error
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
SSLCertificateFile /etc/letsencrypt/live/cloud.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
config.php
<?php
$CONFIG = array (
'apps_paths' =>
array (
0 =>
array (
'path' => '/usr/local/www/nextcloud/apps',
'url' => '/apps',
'writable' => true,
),
1 =>
array (
'path' => '/usr/local/www/nextcloud/apps-pkg',
'url' => '/apps-pkg',
'writable' => false,
),
),
'logfile' => '/var/log/nextcloud/nextcloud.log',
'memcache.local' => '\\OC\\Memcache\\APCu',
'one-click-instance' => true,
'one-click-instance.user-limit' => 100,
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'localhost',
),
'passwordsalt' => ''
'secret' => '',
'trusted_domains' =>
array (
0 => '127.0.0.1',
1 => 'cloud.org',
),
'allow_local_remote_server' => true,
'oidc_login_id_token' => false,
'trusted_proxies' => ['127.0.0.1', '192.168.10.11'],
'overwritehost' => 'cloud.org',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/',
'htaccess.RewriteBase' => '/',
'forwarded_for_headers' =>
array (
0 => 'HTTP_X_FORWARDED_FOR',
1 => 'HTTP_X_FORWARDED'
),
'bulkupload.enabled' => false,
'overwrite.cli.url' => 'https://cloud.org',
'datadirectory' => '/usr/local/www/nextcloud/data',
'dbtype' => 'mysql',
'version' => '25.0.2
....
nextcloud.cont
upstream php-handler {
server unix:/var/run/nextcloud-php-fpm.sock;
}
# Redirect to HTTPS
server {
listen 80 default_server;
listen [::]:80;
location ^~ /.well-known/acme-challenge {
# Path to the root of your installation
root /usr/local/www/nextcloud/;
try_files $uri $uri/ =404;
}
location / {
return 301 https://$host:443$request_uri;
}
}
server {
listen 443 ssl http2;
server_name _;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
include conf.d/nextcloud.inc;
}
Thank you very much in advance for the help.