Hello everyone
I am not sure if I am in the right forum here,
since it’s not directly related to Nextcloud per se.
But I hope there is someone here who can help me.
Current situation:
I run Nextcloud on a Server on 192.168.10.20:80 (Installation is complete)
I also have a reverse proxy (Nginx) running on 192.168.10.15 on a
different machine which also handles SSL (Certbot).
The Firewall on 192.168.1.1 has NAT Port Forwarting on Port 80 and 440
to the reverse proxy on 192.168.10.15, NAT reflection enabled.
What I would like to achive:
Make nextcloud available from WAN with the domain MYDOMAIN.duckdns.org /cloud
But somehow i have bitten off more than I can chew.
For the past few days i tried diffrent configurations on the Nextcloud server
and the reverse proxy. But i’m running in circles.
The problems I face:
The Nextcloud server is not reachabe over the domain MYDOMAIN.duckdns.org/cloud
If i go to MYDOMAIN.duckdns.org i get the welcome page from Nginx,
so the NAT is working properly.
If i go directly to the IP from the reverse proxy on my internal network like this:
https://192.168.10.15/cloud everything works fine, after i have added the IP to
the trusted domain in the config.php from nextcloud.
If i open nextcloud over the internal network, and then try to open the
domain MYDOMAIN.duckdns.org/cloud on my Smartphone (WAN), nextcloud freezes for a short time, afterwards i have this error in the nextcloud log related to the external IP:
{"reqId":"YweSWW4vOWHhb8rCOlJ2","level":3,"time":"2022-10-16T19:11:22+00:00","remoteAddr":"194.230.182.158","user":"--","app":"core","method":"GET","url":"/cloud/index.php/login","message":"Tried to log in admin but could not verify token","userAgent":"Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-G990B) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/18.0 Chrome/99.0.4844.88 Mobile Safari/537.36","version":"24.0.6.1","data":{"app":"core"}}
On the client i get 504 Gateway Time-out from Nginx.
Nextcloud Server Data
NEXTCLOUD SERVER
Nextcloud version : 24.06
Operating system and version: : Ubuntu 22.04.1 LTS
Apache or nginx version: Apache 2.4.52
PHP version (eg, 7.4): 8.1.2
IP: 192.168.10.20
The output of your Nextcloud log in Admin > Logging:
{"reqId":"uLY5Kld7TAEzlhYkP5VM","level":3,"time":"2022-10-16T18:29:08+00:00","remoteAddr":"194.230.182.158","user":"--","app":"core","method":"GET","url":"/index.php","message":"Tried to log in admin but could not verify token","userAgent":"Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-G990B) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/18.0 Chrome/99.0.4844.88 Mobile Safari/537.36","version":"24.0.6.1","data":{"app":"core"}}
{"reqId":"kNwl6O8E7kDML4Kos9Bp","level":3,"time":"2022-10-16T18:29:26+00:00","remoteAddr":"194.230.182.158","user":"--","app":"core","method":"GET","url":"/index.php","message":"Tried to log in admin but could not verify token","userAgent":"Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-G990B) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/18.0 Chrome/99.0.4844.88 Mobile Safari/537.36","version":"24.0.6.1","data":{"app":"core"}}
{"reqId":"jJlDGCgNPlCJ4ebVMhsO","level":2,"time":"2022-10-16T18:55:49+00:00","remoteAddr":"192.168.1.213","user":"admin","app":"no app in context","method":"GET","url":"/cloud/index.php/core/preview?fileId=274&x=250&y=250","message":"Host 192.168.10.15 was not connected to because it violates local access rules","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0","version":"24.0.6.1","data":[]}
{"reqId":"cUNqjqWz60a1XVuDoT8y","level":2,"time":"2022-10-16T18:55:49+00:00","remoteAddr":"192.168.1.213","user":"admin","app":"no app in context","method":"GET","url":"/cloud/index.php/core/preview?fileId=303&x=250&y=250","message":"Host 192.168.10.15 was not connected to because it violates local access rules","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0","version":"24.0.6.1","data":[]}
{"reqId":"aub8M6zD8zpZMcqaBQku","level":2,"time":"2022-10-16T19:10:50+00:00","remoteAddr":"192.168.1.213","user":"admin","app":"no app in context","method":"GET","url":"/cloud/index.php/core/preview?fileId=274&x=250&y=250","message":"Host 192.168.10.15 was not connected to because it violates local access rules","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0","version":"24.0.6.1","data":[]}
{"reqId":"xjkBSJOeWxVIUy8s7avY","level":2,"time":"2022-10-16T19:10:50+00:00","remoteAddr":"192.168.1.213","user":"admin","app":"no app in context","method":"GET","url":"/cloud/index.php/core/preview?fileId=303&x=250&y=250","message":"Host 192.168.10.15 was not connected to because it violates local access rules","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0","version":"24.0.6.1","data":[]}
{"reqId":"YweSWW4vOWHhb8rCOlJ2","level":3,"time":"2022-10-16T19:11:22+00:00","remoteAddr":"194.230.182.158","user":"--","app":"core","method":"GET","url":"/cloud/index.php/login","message":"Tried to log in admin but could not verify token","userAgent":"Mozilla/5.0 (Linux; Android 12; SAMSUNG SM-G990B) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/18.0 Chrome/99.0.4844.88 Mobile Safari/537.36","version":"24.0.6.1","data":{"app":"core"}}
{"reqId":"ujAo6BqE0lqOScLoaCJr","level":2,"time":"2022-10-19T20:01:54+00:00","remoteAddr":"192.168.1.213","user":"admin","app":"no app in context","method":"GET","url":"/cloud/index.php/core/preview?fileId=274&x=250&y=250","message":"Host 192.168.10.15 was not connected to because it violates local access rules","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0","version":"24.0.6.1","data":[]}
{"reqId":"E1fmlhgQYExsjgwMJT5L","level":2,"time":"2022-10-19T20:01:54+00:00","remoteAddr":"192.168.1.213","user":"admin","app":"no app in context","method":"GET","url":"/cloud/index.php/core/preview?fileId=303&x=250&y=250","message":"Host 192.168.10.15 was not connected to because it violates local access rules","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0","version":"24.0.6.1","data":[]}
The output of config.php file:
$CONFIG = array (
'instanceid' => 'XXXXXXX',
'passwordsalt' => 'XXXXXXX',
'secret' => 'XXXXXXX',
'trusted_domains' =>
array (
0 => '192.168.10.20',
1 => 'MYDOMAIN.duckdns.org',
2 => '192.168.10.15'
),
'trusted_proxies' =>
array(
0 => '192.168.10.15',
),
'datadirectory' => '/var/www/nextcloud/data',
'dbtype' => 'mysql',
'version' => '24.0.6.1',
'overwrite.cli.url' => 'https://MYDOMAIN.duckdns.org/cloud',
'overwirtehost' => 'MYDOMAIN.duckdns.org',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/cloud',
//'forwarded_for_headers' => ['HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR'],
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'XXXXXXX',
'dbpassword' => 'XXXXXXX',
'installed' => true,
);
Apache VirtualHost File:
<VirtualHost *:80>
DocumentRoot "/var/www/nextcloud"
ServerName 192.168.10.20
ServerAlias MYDOMAIN.duckdns.org
<Directory "/var/www/nextcloud/">
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud
Satisfy Any
</Directory>
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 192.168.10.15
TransferLog /var/log/apache2/nextcloud_access.log
ErrorLog /var/log/apache2/nextcloud_error.log
</VirtualHost>
The output of your Apache/nginx/system log in /var/log/____:
Currently no errors/content
Reverse Proxy Data
REVERSE PROXY
Operating system and version: : Ubuntu 22.04.1 LTS
Apache or nginx version: Nginx 1.18.0
IP: 192.168.10.15
Nginx Configuration:
server {
listen 80;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/MYDOMAIN.duckdns.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/MYDOMAIN.duckdns.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server_name MYDOMAIN.duckdns.org;
location /cloud/ {
#rewrite ^/cloud(/.*)$ $1 break;
#proxy_pass http://192.168.10.20:80/;
proxy_pass http://192.168.10.20/;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
add_header Strict-Transport-Security "max-age=15768000;includeSubDomains";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
proxy_redirect off;
proxy_max_temp_file_size 0;
}
location /cloud {
return 301 /cloud/;
}
}
server {
if ($host = MYDOMAIN.duckdns.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name MYDOMAIN.duckdns.org;
return 404; # managed by Certbot
}
I hope someone can help me or give me a direction on how to solve the problem,
because i am stuck.
Regards
Neuland