Nextcloud on docker: Reverse proxy

ℹ️ Support
, ,
1
Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 20.0.5): 26.0.0.11
Operating system and version (eg, Ubuntu 20.04): Ubuntu 22.04 / docker
Apache or nginx version (eg, Apache 2.4.25): nginx
PHP version (eg, 7.4): replace me

The issue you are facing:
Get a warning in the admin panel that the cron job was not executed for several hours.

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Got the warning message:

You are accessing your instance over a secure connection, but your instance is generating insecure URLs. This most likely means that you are behind a reverse proxy and the override configuration variables are not set correctly. Please read the documentation on this .
(translated from German)

I read the docu, but surely got something wrong.
Just for clarification: I am using docker container for database, nextcloud and reverse-proxy.

  1. The config is below. Had to replace som parts by XX

  2. Config of the nginx reverse proxy is:

server {
                listen 443 ssl;
                listen [::]:443;
                #include snippets/self-signed.conf;
                #include snippets/ssl-params.conf;
                include letsencrypt.conf;

                server_name bardhome.de;

                        location / {
                                        proxy_read_timeout 1800;
                                        proxy_connect_timeout 1800;
                                        proxy_send_timeout 1800;
                                        send_timeout 1800;
                                        add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;

                                        proxy_buffering                      off;
                                        proxy_set_header Host                $http_host;

                                        proxy_set_header X-Forwarded-Proto   https;

                                   client_max_body_size 25G;
                                   proxy_pass http://nextcloud;

                                proxy_set_header X-Real-IP $remote_addr;
                                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                                proxy_set_header X-Forwarded-Proto $scheme;
                        }

                        location ^~ /.well-known {
                        # The rules in this block are an adaptation of the rules
                        # in `.htaccess` that concern `/.well-known`.

                        location = /.well-known/carddav { return 301 /remote.php/dav/; }
                        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

                        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
                        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

                        # Let Nextcloud's API for `/.well-known` URIs handle all other
                        # requests by passing them to the front-end controller.

The output of your Nextcloud log in Admin > Logging:

not relevant

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'passwordsalt' => 'XX',
  'secret' => '+XX',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    5 => 'nextcloudpi.local',
    7 => 'nextcloudpi',
    8 => 'nextcloudpi.lan',
    1 => '172.18.0.6',
    6 => '192.168.103.44',
    20 => 'cloud.XX.de',
    12 => 'XX.de',
    21 => 'XX.spdns.de',
    22 => '192.168.103.44',
    11 => '79.244.33.204',
    3 => 'dbe5e509ecaf',
    14 => 'dbe5e509ecaf',
    '' => '01f946771284',
    15 => '79.244.33.204',
  ),
  'dbtype' => 'mysql',
  'version' => '26.0.0.11',
  'dbname' => 'nextcloud',
  'dbhost' => 'nc_mariadb',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'simon',
  'dbpassword' => 'XX#Q',
  'installed' => true,
  'instanceid' => 'XX',
  'overwrite.cli.url' => 'https://XX.de',
  'default_phone_region' => 'DE',
  'trusted_proxies' =>
  array (
    0 => '192.168.103.44',
    2 => '127.0.0.1',
    1 => 'localhost',
    11 => '127.0.0.1',
    12 => '::1',
    13 => 'dbe5e509ecaf',
    14 => '172.18.0.6',
    15 => '79.244.33.204',

The output of your Apache/nginx/system log in /var/log/____:

not relevant

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

not relevant

1 Like
2

What it means by insecure URLs is that you’re going to HTTPS but as Nc send you from one page to another it’s giving out a HTTP URL.

If you click the provided link, it explains a setting called overwriteprotocol. You need to set it to https. This tells NC to always direct you to HTTPS even if it thinks the incoming connection is HTTP.

1 Like
3

I am using
jrcs/letsencrypt-nginx-proxy-companion
jwilder/nginx-proxy

now to manage the docker container and proxy them. Quite simple solution!