Right now I have HAProxy set up on my network acting as a dedicated reverse proxy doing pass-through SSL, not SSL termination. I have a wordpress server running inside my network as well. I can access the wordpress page but not nextcloud. I looked at the nextcloud documentation and saw there was a trusted proxy array I could put in my config.php file (which I did), but I still can’t connect to it
It works! I didn’t make any changes either…my domain name is www.mydomain.com, but I have been typing mydomain.com and it doesn’t connect. What’s weird though is even though my domain name is www.mydomain.com, I still have a ServerAlias line in my apache configuration files with www.mydomain.com. For some reason it won’t take it
I got to a different network and for some reason on This network I cannot connect (or over openvpn). I can’t even curl it when I’m on this network. Is there a reason why I can connect on some networks and not others?
Are you saying you can’t get to it internally, but can from external networks? If that’s the case I’d assume NAT redirection isn’t in place?
I can access it internally (I had to edit the hosts files), but it appears that on some external networks I can’t reach it. I would try www.mydomain.com and mydomain.com and they couldn’t be reached, but I could successfully do a “curl mydomain.com”. So far this has only happened on 2 networks, and I’m trying others as the day goes on
How new is the domain and it’s DNS records? Could be a DNS propagation issue wherein all you can do is wait, I had to delay a customer installation a full day while DNS propagated. It could be reached from the office, but not my home network or their network.
I have had the domain name for over a week now, and the SSL certs are the same age from Let’s Encrypt. I can’t confirm this but I’m wondering if this is a Comcast issue…I can connect over Verizon networks and I can connect over a local ISP, but I can’t connect via Comcast (seemingly) and a Private Internet Access VPN. My ISP is Comcast though so…I am making an edit to my statement because what I was thinking was a Nextcloud problem is now seemingly persistent on my Wordpress site. This is probably not the best forum for this problem now as it seems the problem is beyond the scope of Nextcloud
Turns out it was more HAProxy configuration problems. So, I finally have it working the way its supposed to and for people who are interested, here are the configurations!
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
maxconn 4096
user haproxy
group haproxy
daemon
defaults
log global
mode tcp
option tcplog
option dontlognull
timeout connect 15s
timeout client 15s
timeout server 15s
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend localhost80
bind *:80
mode http
redirect scheme https code 301 if !{ ssl_fc }
frontend localhost443
bind *:443
option tcplog
mode tcp
acl tls req.ssl_hello_type 1
tcp-request inspect-delay 5s
tcp-request content accept if tls
acl is_wordpress req.ssl_sni -i domain1.com #10.0.0.165
acl is_nextcloud req.ssl_sni -i www.domain2.com #10.0.0.160
acl is_nextcloud2 req.ssl_sni -i domain2.com
use_backend nextcloud_cluster if is_nextcloud
use_backend nextcloud_cluster if is_nextcloud2
use_backend wordpress_cluster if is_wordpress
backend wordpress_cluster
mode tcp
option ssl-hello-chk
server is_wordpress 10.0.0.165:443 check
backend nextcloud_cluster
mode tcp
option ssl-hello-chk
server is_nextcloud 10.0.0.160:443 check
Sorry I couldn’t have helped more. If it were an Apache proxy I would have
Pop that into a new post with a relevant title in the howto category and others will find it much easier than in here. Thanks for your contribution
I’ll do that! I was looking at doing an Apache reverse proxy but I thought it would be easier to do this since I read Apache doesn’t handle SSL traffic. Either way, HAProxy is really nice
I can safely say Apache handles SSL perfectly fine, proxy or not. I opted for Apache as I’m more familiar with it than HAProxy, though I really should spend some time with that too as it’s likely more powerful.
It appears to be the case that it is, I guess it’s all dependent on what you want. I’m sure it is lighter weight than running Apache. That’s my gut feeling at least. Sometimes Apache can be heavy