Nextcloud behind Traefik

example

longer
example
here

Nextcloud version (eg, 20.0.5): 26.1.1
Operating system and version (eg, Ubuntu 20.04): Debian 11
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.26
PHP version (eg, 7.4): 8.0

The issue you are facing:

I am trying to get my Nextcloud (no AIO, no docker) working behind Traefik. All i am getting are SSL errors, too many redirect errors.

My Domain DNS is handled by Cloudflare. My nextcloud is working fine when i use an free external IP. With a Nextcloud problem i would post the config file etc. Is that useful in this case? The problem is probably the Traefik config.

I think i need to find someone how has got Nextcloud behind Traefik running

Is this the first time you’ve seen this error? (Y/N):

Steps to replicate it:

The output of your Nextcloud log in Admin > Logging:

PASTE HERE

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

Linux cloud 5.10.0-22-amd64 #1 SMP Debian 5.10.178-3 (2023-04-22) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.


  GNU nano 5.4   config.php
  'maintenance' => false,
  'updater.release.channel' => 'stable',
  'trusted_proxies' =>
  array (
    0 => '127.0.0.1',
    1 => '172.16.20.250',
    2 => '172.16.20.245',
    3 => '::1',
    4 => '185.*.*.*',
    5 => '172.18.0.0/16',
    6 => 'cloud.domain.nl',
  ),
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'theme' => '',
  'twofactor_enforced' => 'false',
  'twofactor_enforced_groups' =>
  array (
  ),
  'twofactor_enforced_excluded_groups' >
  array (
  ),
  'mail_smtpauth' => 1,
  'mail_smtpname' => 'EMAIL@EMAIL.COM>
  'mail_smtppassword' => 'PASSWORD>
  'mail_smtpsecure' => 'ssl',

The output of your Apache/nginx/system log in /var/log/____:

PASTE HERE

PASTE HERE

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

PASTE HERE

often you want to run backend applications like Nextcloud without TLS behind reverse proxy - in other words plain http:// between reverse proxy nad application while traefik does “TLS termination” - please review reverse proxy docs

please post logs/errors once you added required config and restarted all components…

I look at the link and saw this:

If you want to access your Nextcloud installation http://domain.tld/nextcloud via a multiple domains reverse SSL proxy https://ssl-proxy.tld/domain.tld/nextcloud with the IP address 10.0.0.1 you can set the following parameters inside the config/config.php .

<?php
$CONFIG = array (
  'trusted_proxies'   => ['10.0.0.1'],
  'overwritehost'     => 'ssl-proxy.tld',
  'overwriteprotocol' => 'https',
  'overwritewebroot'  => '/domain.tld/nextcloud',
  'overwritecondaddr' => '^10\.0\.0\.1$',
  'overwrite.cli.url' => 'https://domain.tld/,
);

Not really sure what that means. I run my nextcloud on cloud.domain.com. internal IP of traefik is 10.10.10.245. Not sure what my reverse SSL proxy address should. Traefik-dashboard.ad.domain.com works. Should that be traefik.ad.domain.com ?

Could please clarify that part?

If you’re getting SSL and redirect errors (and particularly since you’ve confirmed NC works w/o the proxy in front), I agree it’s a traefik level issue. You’ll have to post your traefik config.

The only other thing that stood out is you mentioned Cloudflare. Is that only for DNS? You’re not trying to use any of their other services in this case as well for the NC web path, right?

The values of the config.php are described the guide I referenced above… it even includes a traefik example.

Please use the search - lot of issues regarding this topic exist on this forum.