Nextcloud - direct and reverse-proxy access


I have this problem and trying to get it to work since a few weeks. I had a similar setup with owncloud and nginx, which worked well for several years.

I have a home-server with Nextcloud 10 called cloud.home.domain.tld.
Due to the lack of a static ip address (i don’t want to use dyndns), i also have a hosted virtual server called cloud.domain.tld, which serves as reverse http/https-proxy.
home-server and hosted server are connected via openvpn.

OS: Debian 8.6 (latest, on both server)
Webserver: Apache 2.6 (on both server)
Nextcloud: 10.0.1

What i want to do:
I want to connect directly to my home-server from my pc at home (same lan) via cloud.home.domain.tld for maximum performance (no ssl requiered).
Other mobile devices like smartphone and tables should access the server using the reverse-proxy (SSL!) installed on the hosted server.

What works:
It works perfectly via reverse-proxy and public ip-addresses from anywhere.

What does not work / Problem:
When i try to access the home-server from my home-pc (lan), the address “cloud.home.domain.tld” gets rewritten to “cloud.domain.tld”.
The connection gets forced through the reverse-proxy and back, resulting in bad performance.

Picture of my setup

Reverse-Proxy Configuration on cloud.domain.tld

< IfModule mod_ssl.c>
< VirtualHost *:443>
ServerName cloud.domain.tld
ProxyPass “/” “http://cloud.home.domain.tld
ProxyPassReverse “/” “cloud.home.domain.tld”

SSLCertificateFile /etc/letsencrypt/live/cloud.domain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.domain.tld/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

< /VirtualHost>
< /IfModule>

Nextcloud Apache
There are currently no other sites on the server, nextcloud is the default site.

< VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /data/nextcloud

< Directory /data/nextcloud/>
Options +FollowSymlinks
AllowOverride All

< IfModule mod_dav.c>
Dav off
< /IfModule>

SetEnv HOME /data/nextcloud
SetEnv HTTP_HOME /data/nextcloud

< /Directory>
< /VirtualHost>

Nextcloud config.php

<?php $CONFIG = array ( 'instanceid' => 'SECRET', 'passwordsalt' => 'SECRET', 'secret' => 'SECRET', 'trusted_domains' => array ( 0 => '', 1 => 'cloud.domain.tld', 2 => 'cloud.home.domain.tld', ), 'datadirectory' => '/data/nextcloud/data', // Reverse Proxy Config **'overwrite.cli.url' => 'http://cloud.domain.tld',** **'overwritehost' => 'cloud.domain.tld',** **'overwriteprotocol' => 'https',**

‘dbtype’ => ‘mysql’,
‘version’ => ‘’,
‘dbname’ => ‘nextcloud’,
‘dbhost’ => ‘localhost’,
‘dbport’ => ‘’,
‘dbtableprefix’ => ‘oc_’,
‘dbuser’ => ‘oc_admin’,
‘dbpassword’ => ‘SECRET’,
‘logtimezone’ => ‘UTC’,
‘installed’ => true,

What i’ve tested:
DNS-Resolution (both domain) is ok.
OpenVPN is ok.
Apache is ok.
The setup works perfectly with static or test-html sites.

If i delete the three bold lines in my config.php, the server is accessible from the home-lan, but not from the reverse-proxy.

If somebody has a clue what i’ve done wrong or has some tips, please let me now. I start to get really desperate and any help is appreciated!


2 ideas:

  • let apache reverse proxy do the URL rewriting:
  • add a different local vhost, use a different DocumentRoot with the same Nextcloud-code. Use the same config.php except of the bold lines (same data-directory, same database). If you upgrade, only do this on the original Nextcloud config, set up a new duplicate (don’t run any upgrade process on the duplicate setup).

The behaviour you described is exactly what the overwrite* values are supposed to do.

1 Like

thanks for the ideas, tflidd!

I could not get it to work with the substitution-statement. :cry:

But finally, i got it to work. :relaxed: What i did:
I made some self signed certs and changed the config of the reverse-proxy to use HTTPS/SSL for the connection to the internal server. I removed all overwrite-values in the nextcloud config.php file except the ‘overwriteprotocol’ => ‘https’ statement. Now, the connection is double-encrypted (VPN+HTTPS), which is also kind of a little performance drop, but it works for me.