Nextcloud behind Nginx Proxy Manager and Safari (iOS/macOS) no access

I recently moved my NextCloudPi instance behind a Nginx Proxy Manager, so that I could run other services on port 80 and 443. After I did this my friends who use iOS and macOS where unable to access my NC instance.

The issue is clearly with the Proxy Manager and so with a quick Brave Search i found the solution.

Here is what you have to do to solve the issue

  • Login to your Nginx Proxy Manager.
  • Open the [3 dots] settings menu of the NextCloud(Pi) host and select ā€œEditā€

  • In the tab menu at the top of the window that has just opened select ā€œAdvancedā€ and insert the following in the ā€œCustom Nginx Configurationā€ box:
proxy_hide_header Upgrade;

  • Click ā€œSaveā€ and it should work.

In my case it was working right away, but you might want to try and re-boot if it does not work.

Hello,

I have similar setup, NextCloud (Snap installation on 80/443) running behind Nginx Proxy manager.

I beg to differ.

My setup is accessible from iOS / MacOS via Safari without any extra config argument in the advance settings.

My setup has itā€™s own issue (specifically speaking upload speed) but thatā€™s a genera one and present on every platform. Regarding this, I just checked again, its working fine with latest Safari iOS / MacOS and iPadOS

Thanks.

The issue @michuvon is refering to happens when HTTP 2 is enabled. I guess you donā€™t have H2 enabled then?

I can also confirm that the custom nginx configuration is needed for iOS access with HTTP2 enabled. I found this out some time back. My other services donā€™t need it.

That did not do the trick.

On IOS 16 Nextcloud 25.0.1 and 2FA enabled.

I can access the login page, and enter the credentials, then nothing.
Domain:

  • Namecheap

nginx proxy manager setup:

  • Cache Assets

  • Block Common Exploits

  • Force SSL

  • HTTP/2 Support

  • HSTS Enabled

  • HSTS Subdomains

nginx proxy manager advanced config:

proxy_hide_header Upgrade;
client_max_body_size 0;
proxy_request_buffering off;
location /.well-known/carddav {
  return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav 
{ 
  return 301 $scheme://$host/remote.php/dav; 
}
location /.well-known/webdav 
{
 return 301 $scheme://$host/remote.php/dav; 
}

Log:
GET /login?redirect_url=/apps/dashboard/ HTTP/1.1" 200 5719 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/107.0.5304.101 Mobile/15E148 Safari/604.1"

I do have access through the IOS app and Chrome on macOS Ventura, I wonder if its related to 2FA.

  • Two-Factor TOTP Provider by Christoph Wurst AGPL-licensed v7

Any news Pls.?

Same here

as I donā€™t have any iOS 16 devices in house I can not test this. But thanks for the post, I will ask friends to test my setup to see if I have the same issue.

Any news :thinking:

I donā€˜t know if this is still an interesting point for someone, but I want to share it anyway

I had a similar issue with iOS 16 Safari and the login page at my Nextcloud (26) instance behind a NGinx reverse proxy. No login was possible. After I had inserted the credentials I was redirected to the login page. Sometimes the login worked for a few minutes and then I have to log in again. Nothing from the written extra configs could solve the issue.

After a long time of trial and error I found the config that I added to the reverse proxy setting and could solve my problems:


proxy_cookie_path / /;
proxy_set_header Cookie $http_cookie;

My conclusion is that Safari on iOS have maybe some problems to deal with cookies for the session lifetime behind a reverse proxy, but this is just a guessā€¦

Maybe it will help someone elseā€¦

Greetings

Thanks! It works for me. You saved my day.

Thank you so much! finally i fixed this issues.

Lucky You :slightly_smiling_face:

I still have problem: ( iPhone IOS 15.8)

Safari cannot open the site.
Error: ā€œParsing of response not possibleā€

Here are my NPM settings:
image

image

image

image

Any Idea how to solve?

Hi,

I donā€™t know your setup of Nextcloud (docker or bare metal installation or something else) but your npm setting looks little bit confusing to me.

Why do you forward with https scheme to port 443 and use a custom location with http scheme and port 80? Have you tried to delete your custom location and forward directly with http scheme to port 80?

Here are my complete advanced settings you can also try:


proxy_cookie_path / /;
proxy_set_header Cookie $http_cookie;
proxy_hide_header Upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;


location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}

location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}