Nextcloud, website and subdomains

ℹ️ Support 📦 Appliances (Docker, Snappy, VM, NCP, AIO)
1

I have successfully set up Nextcloud on an Ubuntu 20.04 headless server. My intention is to have nextcloud listen on (say) 8433 and 8080 and respond to traffic from cloud.domain.tld while apache listens for ordinary web-traffic from domain.tld on 80 and 443. I know how to change nextcloud’s ports and have access to (i.e. can change) the DNS records on the domain. I’m sure it’s simple but if anyone could point me to a step-by-step tutorial on how to go about this I’d be very grateful.

Currently, nextcloud trusts both domain.tld and cloud.domain.tld.

The problem that I have that Google seems to yeild not too little but far too much information: even a suggestion as to a Google search string to narrow it down would be gratefully accepted.

2

Which part is it you don’t know how to do?

3

I don’t know how to divert the cloud.dom.tld to the new ports while letting the standard http(s) go to my Web root

4

The domain name itself is not tied to any given port(s), only the IP address.

What type of installation of Nextcloud do you have? Manual, Docker, snap, NCP, etc.

5

You can use the ports 80 (redirect to 443) and 443 for your webserver and your nextcloud. Then the urls looks better and people in restricted areas (company lans) have got less (useless) problems. Set virtual name based hosts in apache2 .“certbot” can help you.

How to Install NextCloud on Debian 10

In this tuturial you setup an nextcloud virtual webserver only on port 80 and “certbot” generates Lets Encrypt Certificats and redirection from 80 to 443. You can use as much as you want subdomains (and domain.tld / www.domain.tld) with ports 80, 443, Lets Encrypt. You only must map (A-record, for domain, CNAME for subdomain) to the same ip-address.

6

Sorry, I should have said, Snap (as that comes pre-installed on Ubuntu server).

7

Just to make it clear, I’m not asking how to install nextcloud: I’ve already done that using snap and got it working just fine. I need to know how to configure Apache to sent subdomain traffic to nextcloud and domain traffic to webroot. Preferably in words of one syllable!

8

Sorry. Search in the internet " snap set nextcloud ports.http=

https://github.com/nextcloud/nextcloud-snap

9

Ok, if I’m understanding your situation, you have a non-snap Apache server already installed and serving some other web root, and what you need is a named virtual host added to your Apache server that will reverse proxy traffic to Nextcloud.

A named vhost allows Apache to deliver a different site based on the URL that was used, even though it’s ultimately coming to the same IP and server.

I have such a setup in my guide for installing Nextcloud with Docker. The Apache virtual host configuration to reverse proxy for snap should be pretty similar.

10

Yes, I have understand it similar. Because he uses Snap for Nextcloud (including apache2) and another apache2/webserver, he can not use the same sockets (IP:80) and (IP:443) because it is usede for apache2/webserver. But the different port is nothis problem. It is only setting the port.

11

Also, the Apache reverse proxy can serve the site on ports 80 and 443, even if it’s sending the connection to a backend server running on different ports.

12

@KarlF12
Yes. But without Snap or the other webserver also in Snap it would not necessary.

13

No. The only Apache server is that installed by snap. Ubuntu server even has two boxes to tick on installation: install openssl and a menu of goodies to be installed by snap: I ticked nextcloud. It really is that simple, nothing else is installed. I just want to point the cloud subdomain to nextcloud and the ordinary traffic to webroot ON THE SAME Apache web server. Why is that so complicated?

14

Maybe because the nextcloud snap has it’s own apache server built-in…
And since the snap is not writeable, I don’t think that it is possible to use the apache server (that is provided by the nextcloud snap) for another web application…

1 Like
15

Because this is not the intended use case for snap. Snap is intended to compartmentalize the software and make it as simple for you as possible. A natural consequence of that is inflexibility.

Bottom line is to do what you’re asking, you would be best served by either

  1. Installing a normal Apache instance via apt, having it reverse proxy the Nextcloud instance and serve your other site, or
  2. Ditching snap altogether and using a normal Apache installation for both.

I would say neither option is particularly difficult, and #1 would probably suit you just fine. You wouldn’t have to start over or anything. Here’s how that would go if you want to try it.

First you’ll need to change the port numbers for the snap Apache. I would change 80 and 443 to 8080 and 8443 respectively.

Then you will need to install Apache via apt and enable some mods.

sudo apt install apache2

sudo a2enmod ssl proxy proxy_http proxy_wstunnel rewrite headers

sudo systemctl restart apache2

You can use the default site if you like for your web root. Then you’ll add a vhost config under /etc/apache2/sites-available with something like this:

Adjust as needed to fit your setup. At a minimum you’ll need to change your ServerName to the subdomain you want it to use.

Enable the site:

sudo a2ensite nextcloud.conf

sudo systemctl reload apache2

Install and enable certbot:

Somewhere during this process you’ll probably have to change some of the proxy related settings in Nextcloud. Details here:

https://docs.nextcloud.com/server/19/admin_manual/configuration_server/config_sample_php_parameters.html#proxy-configurations

3 Likes
16

@KarlF12. I really can’t thank you enough for this clear and lucid explanation. I did find your excellent post that you referred me to concerning Docker and Debian but had not realised how much of it would also work for Snap and Ubuntu so I had disregarded it. Apologies. It’s going to take me a little while to work my way through all of this and I may come back with further queries but thank you for giving me a good place to start.

1 Like
17

@KarlF12

OK, I’ve followed the instructions and now have a (different) Apache server set up with my website holding page working fine on http(s);//badbury.org.uk. All good.

However, cloud.badbury.org.uk (the nextcloud server) returns a 503 error (service not available).

Here is the approriate virtual host configuration file. What have I missed?

derek@badbury-server:/etc/apache2/sites-enabled$ cat 010-nextcloud.conf
<VirtualHost *:80>
ServerName cloud.badbury.org.uk
ErrorLog ${APACHE_LOG_DIR}/nextcloud-error.log
CustomLog ${APACHE_LOG_DIR}/nextcloud-access.log combined
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
RewriteEngine On
RewriteRule ^/.well-known/carddav http://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteRule ^/.well-known/caldav http://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteCond %{SERVER_NAME} =cloud.badbury.org.uk
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

<VirtualHost *:443>
ServerName cloud.badbury.org.uk
ErrorLog ${APACHE_LOG_DIR}/nextcloud-error.log
CustomLog ${APACHE_LOG_DIR}/nextcloud-access.log combined
SSLEngine On
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/

Header always set Strict-Transport-Security “max-age=15552000; includeSubDomains”

RewriteEngine On
RewriteRule ^/.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteRule ^/.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/cloud.badbury.org.uk/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.badbury.org.uk/privkey.pem

18

Herewith the error log:

derek@badbury-server:~$ cat /var/log/apache2/nextcloud-error.log
[Thu Sep 03 09:09:15.506004 2020] [proxy:error] [pid 1125:tid 140300894803712] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 09:09:15.506065 2020] [proxy_http:error] [pid 1125:tid 140300894803712] [client 62.4.14.206:34103] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 09:35:11.532938 2020] [proxy:error] [pid 1126:tid 140301138126592] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 09:35:11.532994 2020] [proxy_http:error] [pid 1126:tid 140301138126592] [client 62.210.10.77:55307] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 13:05:11.025387 2020] [proxy:error] [pid 1496051:tid 140300408321792] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 13:05:11.025456 2020] [proxy_http:error] [pid 1496051:tid 140300408321792] [client 35.195.243.150:2067] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 13:05:11.517936 2020] [proxy:error] [pid 1496051:tid 140299938559744] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 13:05:11.517966 2020] [proxy_http:error] [pid 1496051:tid 140299938559744] [client 194.149.246.126:20912] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 13:05:11.705701 2020] [proxy:error] [pid 1496052:tid 140300232140544] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 13:05:11.705750 2020] [proxy_http:error] [pid 1496052:tid 140300232140544] [client 194.149.246.126:20931] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 13:05:21.256860 2020] [proxy:error] [pid 1496052:tid 140299804342016] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 13:05:21.256907 2020] [proxy_http:error] [pid 1496052:tid 140299804342016] [client 194.149.246.126:22652] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 13:07:11.031788 2020] [proxy:error] [pid 1496051:tid 140300391536384] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 13:07:11.031827 2020] [proxy_http:error] [pid 1496051:tid 140300391536384] [client 194.149.246.126:38256] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 13:07:21.920924 2020] [proxy:error] [pid 1496052:tid 140301129733888] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 13:07:21.920959 2020] [proxy_http:error] [pid 1496052:tid 140301129733888] [client 194.149.246.126:39970] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 13:07:22.218637 2020] [proxy:error] [pid 1496052:tid 140301104555776] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 13:07:22.218673 2020] [proxy_http:error] [pid 1496052:tid 140301104555776] [client 194.149.246.126:40018] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 17:53:35.559120 2020] [proxy:error] [pid 1496052:tid 140300265711360] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 17:53:35.559160 2020] [proxy_http:error] [pid 1496052:tid 140300265711360] [client 192.168.1.1:39472] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Thu Sep 03 17:53:35.657431 2020] [proxy:error] [pid 1496052:tid 140300869691136] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Thu Sep 03 17:53:35.657463 2020] [proxy_http:error] [pid 1496052:tid 140300869691136] [client 192.168.1.1:39474] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
derek@badbury-server:~$
19

Hey,

Make it easy on yourself, run the VM instead.

Plain Ubuntu, apt packages, and lots of extra nifty stuff. The TLs setup is automated.

20

@enoch85

Now, you’ve downloaded the Nextcloud VM and you’ve installed VMware Player. The VM comes as a “.OVA file”. To mount it, simply right click on the file and select “open with VMware Player”.

What is this “right click” of which you speak? On a headless server? I think not.