Hi all
I’m running NC28 behind an apache reverse proxy (including high performance files backend) - but CODE gives me a hard time; on the Nextcloud Office Admin page it says:
URL used by the browser points to the internal IP where CODE is running together with NC28 - which is obviously not reachable by the browser from outside… So - no surprise - after a couple of seconds it says
apache-config on the proxy is:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName XXXXXXXXXXXXX.com
ServerAdmin admin@XXXXXXXXX.com
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains, preload"
RequestHeader set X-Forwarded-SSL "1"
RequestHeader set X-Forwarded-Proto "https" env=HTTPS
LimitRequestBody 0
Include /etc/letsencrypt/options-ssl-apache.conf
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
#RewriteEngine On
#RedirectMatch ^/$ /sites/web/
# proxy to nextcloud
# internal connection uses SSL ( yet self signed - so no chk )
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPreserveHost On
# websocket proxying for high performance backend
ProxyPassMatch (.*)(\/websocket)$ "ws://192.X.X.X/$1$2"
ProxyPass /push/ws ws://192.X.X.X:7867/ws
ProxyPass /push/ https://192.X.X.X:7867/
ProxyPassReverse /push/ https://192.X.X.X:7867/
# other nc proxying
ProxyPass /.well-known !
ProxyPass / https://192.X.X.X/ flushpackets=on
ProxyPassReverse / https://192.X.X.X/
RewriteEngine On
RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/nextcloud/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/nextcloud/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/webfinger https://%{SERVER_NAME}/nextcloud/public.php?service=webfinger [QSA,L]
RewriteRule ^/\.well-known/nodeinfo https://%{SERVER_NAME}/nextcloud/index.php/.well-known/nodeinfo [R=301,L]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/XXXXXXXXXXX.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XXXXXXXXXXX.com/privkey.pem
ProxyRequests Off
ProxyPreserveHost Off
</VirtualHost>
</IfModule>
Apache-config on the NC machine:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin@XXXXXXXXXXX.com
# 2020-01-30 enable http2 (note: http2 only works w/ SSL)
Protocols h2 http/1.1
DocumentRoot /var/www/nextcloud/
ServerName XXXXXXXXXXX.com
ServerAlias XXXXXXXXXXX.com nc.local
Include /etc/letsencrypt/options-ssl-apache.conf
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
Alias /nextcloud "/var/www/nextcloud/"
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
Require all granted
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
# redirect root to website - all other url's are treated by nextcloud's .htaccess rules
RewriteEngine On
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
RedirectMatch ^/$ /sites/web/
Redirect 301 /.well-known/carddav https://XXXXXXXXXXX.com/remote.php/dav
Redirect 301 /.well-known/caldav https://XXXXXXXXXXX.com/remote.php/dav
# rewrite website (pico) for nicer appearance (corresponding to the previous RedirectMatch)
ProxyPass /sites/ https://XXXXXXXXXXX.com/index.php/apps/cms_pico/pico_proxy/
ProxyPassReverse /sites/ https://XXXXXXXXXXX.com/index.php/apps/cms_pico/pico_proxy/
# reverse proxy for high performance file push
ProxyPass /push/ws ws://127.0.0.1:7867/ws/
ProxyPass /push/ http://127.0.0.1:7867/
ProxyPassReverse /push/ http://127.0.0.1:7867/
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 192.X.X.X
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/XXXXXXXXX.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xxxxxxxxxxx.com/privkey.pem
</VirtualHost>
</IfModule>
Anyone a hint, why the browser gets told to reach CODE on the internal IP?
el lobo