My company has a Nextcloud setup with a ADFS/SAML login to prompt the 2FA. I have all this working inside the VPN. Outside the VPN, no one can get to the ADFS page so I am looking into a Web Application Proxy to meet that need while keeping the 2FA prompts. As part of this, I also pulled the nextcloud server back into the VPN and am trying to reverse proxy it on the same WAP server through IIS.
Setup:
-
Microsoft 2016 Hosting IIS acting as WAP and Reverse Proxy through IIS/Remote Access Manager, placed in DMZ and can ping/talk to everything it needs to
-
Microsoft 2016 Hosting ADFS inside VPN
-
Ubuntu 16.04 hosting Apache2, PHP 7.1.19, MySQL 15.1 with Nextcloud configs
I am so close to having everything working, but I cannot get Nextcloud to load for external users. I keep getting the âto many redirects errorâ. I think Iâve narrowed it down to being on the Nextcloud side after playing with settings.
The current setup I have on nextcloud doesnât allow HTTP traffic. It redirects all traffic to HTTPS (as seen in the configs). So I think I am getting the to many redirects since the proxy redirects and then nextcloud redirects. But I canât figure out how to open Nextcloud to allow HTTP, or how to have the redirect between the WAP and Nextcloud be HTTPS instead of HTTP so nextcloud wont redirect it again. Iâve tried playing with a handful of settings, such as adding most of the configs in the 443 apache settings into 80 (without the SSL portions), toying with SSL offloading, etc. all with no luck. Any ideas?
I know its possible because I see a handful of people doing it after some google searches.
Guide used to setup Nextcloud - https://www.linuxbabe.com/cloud-storage/setup-nextcloud-server-ubuntu-16-04-apache-mariadb-php7
Guide used to setup ADFS/SAML - https://rephlex.de/blog/2018/04/05/how-to-connect-nextcloud-to-active-directory-using-ad-fs-without-losing-your-mind/
Guide used to install Reverse Proxy - https://blogs.msdn.microsoft.com/friis/2016/08/25/setup-iis-with-url-rewrite-as-a-reverse-proxy-for-real-world-apps/
Nextcloud config file - https://hastebin.com/kowukexuvu.xml
Apache config file - https://hastebin.com/xezifakusu.apache