Nextcloud 15 behind HAproxy, redirect to localhost

I am running Raspbian on a Raspberry Pi at home, hosting my own Nextcloud instance using Apache2 as the webserver. In order to make it accessible from outside and look “professional” with my own URL without any port numbers attached, I am using the following setup:

  • My domain (let’s call it iyassinde) is attached to my CentOS-based managed webspace (Uberspace, if anyone knows them)
  • Subdomain cloud.iyassinde is created as a folder in the webroot, containing a .htaccess with the following code in order to direct all traffic to HAproxy:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Server} ^$
RewriteRule (.*) http://localhost:12345/$1 [P]
  • Managed webspace is running an HAproxy instance listening on port 12345, pointing to nextcloud.mydyndnsserviceeu:443
  • Apache2 on Raspberry Pi answers the request using a VirtualHost configuration matching cloud.iyassinde and serving the correct Letsencrypt SSL certificate that I have copied to the Pi from the managed webspace. It also has its own certificate when accessed directly through nextcloud.mydyndnsserviceeu:443, so that the connection to HAproxy is also encryped.

This used to work perfectly for over a year, redirecting my browser to https://cloud.iyassinde/index.php/login. A few days ago, it failed - when I access https://cloud.iyassinde, it’ll redirect now my browser to https://localhost:12345/index.php/login which of course fails. This could have appeared around the time I upgraded to Nextcloud 15.0.2, it was still working on Nextcloud 14. I have not changed anything about the Raspberry Pi’s OS, the managed webspace’s OS or HAproxy since.

What could this be caused by? The Apache rewrite is still working, as I can change the port number. The HAproxy is working, as killing it will produce an 503 error instead of the wrong redirection. Also it establishes the connection to my Raspberry Pi as it gets the correct login path, but it just fails to correctly rewrite the URL.

Here’s my haproxy.cfg as well:


frontend HTTP
	mode			http
	timeout client		5000
	acl			a_example hdr(X-Forwarded-Host) -i cloud.iyassin<dot>de
	use_backend		b_example if a_example

	default_backend		uberspace_81

backend uberspace_81
	mode	http
	timeout connect		3000
	timeout server		3000
	server	uberspace 123.456.789.123:81

backend b_example
	mode	http
	timeout connect		5000
	timeout server		7200000
	server	server1-a nextcloud.mydyndnsservice<dot>eu:443 ssl ca-file /etc/ssl/certs/

Nextcloud version: 15.0.2
Operating system and version: Raspbian 9 Stretch
Apache or nginx version: Apache 2, not sure about version
PHP version: 7.1, not sure about exact version