NGINX proxypass for Nextcloud PI

ℹ️ Support 📦 Appliances (Docker, Snappy, VM, NCP, AIO)
1

Hi !
I have a dedicated server running my website. The server runs Ubuntu 16.04 server and NGINX.

SSL is installed using Certboot and everything works great.

My domain redirects all https://www.exampledomain to https://exampledomain.com and all http is redirected to https
Now, I have installed NextcloudPI on a raspberry PI 3 and the installation seems to work fine.

My server have a local ip inside the firewall 192.168.1.15 and I have set the PI to IP 192.168.1.16

I want to add a Nginx proxypass rule to the main server https://examplledomain.com (192.168.1.15) so that all requests to the NextcloudPI witch responds no https://nc.exampledomain.com (192.168.1.16) gets directed to the raspberry running nextcloudPI and also SSL must be working and able to renew the SSL certificate in this configuration.
If possible, I want to use my already installed nginx running on the main server to do the proxy pass to the raspberry.

Any help to archive this would be great.

2

I have the same setup. I assume you want to terminate ssl at the proxy.
Here is the relevant part of the nginx config:

server {
    listen                      443 ssl;
    server_name                 nc.exampledomain.com;
    ssl_certificate             /path/to/letsencrypt/fullchain.pem;
    ssl_certificate_key         /path/to/privkey.pem;
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
        
    ssl_ciphers                 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers   on;

    ssl_dhparam                 /path/to/dh.pem;	

    access_log                  /var/log/nginx/nc_exampledomain_access.log;
    error_log                   /var/log/nginx/nc_exampledomain_error.log;
    
    location / {
        proxy_pass                              http://192.168.1.16;
        proxy_read_timeout                      360;
        proxy_buffering                         off;
        proxy_set_header    Host                $host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto   $scheme;
    }
}

server {
    listen                      80 default_server;
    listen [::]:80              default_server;
    server_name                 nc.exampledomain.com;
    return                      301 https://$server_name$request_uri;

    #For LetsEncrypt
    root /usr/share/nginx/html;
    location ~ /.well-known {
        allow all;
    }
}