Nextcloud18 behind HAProxy Reverse Proxy: ... Exceeds Request exceeded the limit of 10 internal redirects due to probable configuration error

Nextcloud version (eg, 12.0.2): 18.0.2
Operating system and version (eg, Ubuntu 17.04):

Host: Ubuntu 19.10
Host (LXD Container): Ubuntu 18.04
Apache or nginx version (eg, Apache 2.4.25): 2.4.29
PHP version (eg, 7.1): 7.4.3

The issue you are facing:

(NOTE: nextcloud.personaldomain.com is obviously not the FQDN i am using)

Greetings. I am attempting to run Nextcloud 18 in an LXD container (Ubuntu 18.04) on a Ubuntu 19.10 host. I use another LXD container as a proxy (HAProxy) to expose my Nextcloud instance to the WAN. I used DDCLIENT to keep my dynamically assigned public IP tied to my domain. The host machine forwards ports 80 and 443 to the HAProxy container which in-turn forwards specific domain requests to the appropriate LXD container. The HAProxy container possesses the SSL certs and forwards all 443 requests onto the respective containers via 80 (i.e. https -> http)

So
WAN Request (https://nextcloud.personaldomain.com) -> Host Machine (https)-> HAProxy Container (http)-> Nextcloud18 Container

Unfortunately when I navigate to ‘nextcloud.personaldomain.com’ I receive “500 Internal Server Error” with the nextcloud log producing the following error:

... Exceeds Request exceeded the limit of 10 internal redirects due to probable configuration error ...

My config.php is as follows (note “#” are not in the actual config but for reference here)

<?php
$CONFIG = array (
  'instanceid' => 'oc0ggh7hsh66',
  'passwordsalt' => 'KP01hDT5KWg5kOFcw7CEjwhqwv+BZU',
  'secret' => 'jktg5cxkvJ/vsPPFZjOPZvYg8AIgzMF5HQvmtfgSAy3CKsD9',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => '10.96.103.14', #Nextcloud18 Container IP
    2 => 'nextcloud.personaldomain.com',
    3 => 'nextcloud.personaldomain2.com',
    4 => '10.96.103.53', #HAProxy Container IP
    5 => '192.168.86.100', #Host Machine Local IP
  ),
  'trusted_proxies' => 
  array (
   0 => '10.96.103.53',
   1 => '10.96.103.14',
   2 => '192.168.86.100',
   3 => 'nextcloud.personaldomain.com',
   4 => 'localhost',
   5 => 'nextcloud.personaldomain2.com',
  ),
  'datadirectory' => '/var/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '18.0.2.2',
  'overwrite.cli.url' => 'https://nextcloud.personaldomain.com/nextcloud/',
  'htaccess.RewriteBase' => '/nextcloud',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'USER', #Not my real user
  'dbpassword' => 'PASSWORD', #Not my real password
  'installed' => true,
  'memcache.locking' => '\OC\Memcache\Redis',
  'memcache.distributed' => '\OC\Memcache\Redis',
  'memcache.local' => '\OC\Memcache\Redis',
  'redis' => [
  'host' => 'localhost',
    'port' => 6379,
    'timeout' => 3,
  ],
  'overwritehost' => 'nextcloud.personaldomain.com',
  'overwriteprotocol' => 'https',
  'overwritewebroot' => '/nextcloud',
  'overwritecondaddr' => '^10\.96\.103\.53',
);

Apache config:

<VirtualHost *:80>
    ServerName nextcloud.personaldomain.com
    DocumentRoot /var/www/nextcloud/

    <Directory /var/www/nextcloud>
       DirectoryIndex index.php
       Options FollowSymLinks MultiViews
       AllowOverride All
       Require all granted

       <IfModule mod_dav.c>
         Dav off
       </IfModule>

    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/nextcloud.log
    CustomLog ${APACHE_LOG_DIR}/nextcloud.log combined

<IfModule mod_setenvif.c>
  SetEnvIf X-Forwarded-Proto "^https$" HTTPS
</IfModule>

</VirtualHost>

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Attempt to navigate to nextcloud.personaldomain.com

Thank you for your help!

Does any one have any suggestions or insight?

Hey! I noticed you tagged me on my original thread. Sorry, it’s been a crazy 20+ days for me so I haven’t been around on the forum :slight_smile: Anyway, I don’t think I can provide the best advice for your use case, since it is not quite like mine. My setup does ssl passthrough at HAProxy, whereas yours does ssl termination at HAProxy. Because of that, our configs will require a different set of configurations. From what I can see on HAProxy’s blog post, you may want to have a front end look something like this

frontend www.mysite.com
    bind <haproxy-ip>:80
    bind <haproxy-ip>:443 ssl crt /etc/ssl/certs/mysite.pem
    http-request redirect scheme https unless { ssl_fc }
    default_backend nextcloudbackend

And have a backend like this?

backend nextcloudbackend
        mode http
        server servername <nextcloud-ip>:80 check

I hope this gives you some direction at least, if you haven’t solved this already

Perhaps did you solve your issue already but just in case, i have a similar setup and got it solved with the following haproxy.cfg

global
        log         /dev/log local0
        pidfile     /var/run/haproxy.pid
        maxconn     500
        user        haproxy
        group       haproxy
        daemon

defaults
        log     global
        option  dontlognull
        mode tcp
	    retries 3
        maxconn 400
        timeout connect 50s
        timeout client  50s
        timeout server  50s

listen nextcloud
	bind *:55443
	option tcplog
	server nextcloud 10.0.10.100:443 send-proxy

Then changed NC nginx configuration to make the clients original IP address visible, namely:
- add “proxy_protocol” to the “listen 443 ssl” directive in /etc/nginx/conf.d/nextcloud.conf (->becomes “listen 443 ssl proxy_protocol http2 default_server;”)
- replace $remote_addr by $proxy_protocol_addr in /etc/nginx/nginx.conf and /etc/nginx/proxy.conf