Hi Guys,
We are using V 9.0.53 + NGINX + CloudFront. Unfortunately, it seems WebDAV (NextCloud) is failing if run through the CDN - the error is “This operation is forbidden”. Is there any way to have the script populate files without WebDAV? I presume the CDN is blocking the ports and it would be nice to have everything accelerated versus running directly…
No errors in nginx or nextcloud logs. Works fine if we remove the CDN and access directly.
Thanks.
Bump. Hopefully someone knows a way around this to get NextCloud to work? Reviewing previous talk it seems to display the files in one’s browser NextCloud uses webdav…
As only static files are accelerated by a CDN and all dynamic stuff most likely is slowed down due to an extra network hop, rewriting nginx delivered files to replace static file assets to the CDN equivalent should do the trick.
You can check out: http://nginx.org/en/docs/http/ngx_http_sub_module.html
It enables the rewriting of urls inside the responses. If you have a working nginx config, I’d love to see that.
I am using the following configuration:
sub_filter_once off;
sub_filter 'defer src="/core/' 'defer src="https://cdn.example.com/core/';
sub_filter 'defer src="/apps/' 'defer src="https://cdn.example.com/apps/';
sub_filter '<link rel="stylesheet" href="/apps/' '<link rel="stylesheet" href="https://cdn.example.com/apps/';
sub_filter '<link rel="stylesheet" href="/core/' '<link rel="stylesheet" href="https://cdn.example.com/core/';
Since I have set it up just a short while ago, I can’t tell whether you’ll run into any troubles replacing like that, but I suppose that it should work out. Just make sure to add your CSP to include cdn.example.com as a style-src and you should be set.
@kasim where exactly did you insert that? I’ve tried it but URIs are not rewrited after nginx reload…thanks 
Hey @bloo, sorry for late response. Here’s my setting:
Nextcloud is running on an Apache server, in front of that is an nginx reverse proxy. The above config is inserted into the nginx config for location /.
Be warned that using the above settings might not be wise unless your CDN always has access to the up to date data on your main server. Otherwise, changes to apps and settings, etc. may not work properly.
P.S.: I had tested this with Nextcloud 19. I’m not sure if any changes were made with version 20 for this to not work properly. So do it at your own risk.
My final solution to get CDN working.
On main host you have to rewrite some URLs in HTML. For Apache2 it will looks as following:
Note: HOST is original Nextcloud URL and cdn.HOST is CDN.
<Location "/">
# We will only edit HTML, no
AddOutputFilterByType INFLATE;SUBSTITUTE text/html
# We will put size 2 Mb to aviod 500 Error by KeeWeb App crash
SubstituteMaxLineLength 2M
# Replace relative URL to the Absolute
Substitute "s|\"/index.php/apps/|\"https://cdn.HOST/index.php/apps/|inq"
Substitute "s|\"/core/|\"https://cdn.HOST/core/|inq"
Substitute "s|\"/dist/|\"https://cdn.HOST/dist/|inq"
Substitute "s|\"/apps/|\"https://cdn.HOST/apps/|in"
### Workaround for Memories ###
# We will put back memories scripts to load from original URL, not CDN
Substitute "s|https://cdn.HOST/apps/memories|/apps/memories|in"
### End Workaround for Memories ###
# We will edit CSP Header to enable fonts, img, scripts and styles to be loaded from CDN:
# - font, img, script, style needs for a static content
# - frame needs for a keepass to be able to open DB from the cloud
# - connect needs for UI upload
Header always edit* Content-Security-Policy (font|img|script|style|frame|connect)-src "$1-src https://cdn.HOST"
# OPTIONAL
# Some SVGs are part of CSS and JS, that are hard to edit, so lets
# Redirect SVG files to the CDN
# For this you HAVE to add CDN host to the trusted domains
RedirectMatch "^/apps/(.*)\.svg$" "https://cdn.HOST/$0"
</Location>
On CDN side I have following addons to the default Nextcloud configuration:
# We will only enable folders for CDN, the rest will be not accessible
<Location ~ "^((?!/apps|index.php/apps/theming|dist|core).)*$">
## We can ether redirect to original Cloud URL, or drop 404 to the files should not be accessible via CDN. Please select only one.
## Redirect to the cloud URL
#Redirect permanent https://cloud.HOST/
## Show 404
RewriteEngine On
RewriteRule ^ - [R=404]
</Location>
# We will set CORS to enable loading from the ORIGINAL DOMAIN via CDN
Header always set Access-Control-Allow-Origin 'https://cloud.HOST'
Header always set Vary 'Origin'
# We will add workaround for keeweb, it tries to call CDN instead of CLOUD
Redirect 301 "/index.php/login" "https://cloud.HOST/index.php/login"
Basically thats all… If somebody calls my CDN directly or not apps from nextcloud, he will see 404, for the rest works pretty good. Just check how data flows via CDN:
