Support intro
Public DNS = web.domain.com
Fortigate FW with DNAT in place for ports 80 and 443 to waf.domain.com
System = waf.domain.com (listens at web.domain.com)
Operating system and version = Ubuntu 20.04
Has been setup to renew Let’s Encrypt certs automatically
System = nextcloud.domain.com
Nextcloud version = 20.0.1
Operating system and version = Ubuntu 20.04
Apache version = Apache 2.4.41
PHP version = 7.4
NextCloud root at /var/www/nextcloud
Nextcloud available at nextcloud.domain.com
All VMs run on ESXi 7.0.1.
(Now, please read this very carefully). I don’t want to come across ungrateful or aggressive, but I am posting a detailed intro as I want to avoid all the typical unneeded questioning I see on these forums. I would appreciate not receiving questions that are asked for the sake of questioning what I am doing.
I am new to NextCloud and to web administration in general and am implementing all of this for advanced home use. I have a single static public IP (with public DNS) and I want to use an NGINX proxy to:
- Learn NGINX
- Learn ModSecurity
- Likely now learn Apache and NextCoud
- Publishing external websites asides from NextCloud
Originally I had installed the Hansson VM, however after moving /mnt/ncdata from the default ZFS to NFS (which runs on FreeNAS ZFS anyway), the upgrade script failed as it was looking for the original ZFS partition. I also wanted to get an in depth understanding of the solution anyway so I stopped using that solution.
I now have an operational NextCloud setup - by that I mean NextCloud ‘Security and Setup Warnings’ shows all checks passed . Originally I deployed on 20.0.0 and upgraded to 20.0.1 once I knew it was all working as expected. I kept the Hansson VM around and used it as a reference for resolving any issues - this included getting Redis installed, using Fastcgi(?), HTTP vs HTTPs etc.
Essentially what I am trying to achieve:
- Public access to NextCloud at web.domain.com/nc
- Public access to a password manager at web.domain.com/pw
- Whatever else I may want to publish - maybe a website of my own
What I can’t figure out:
- Should NGINX simply redirect to Apache - if so how?
- Should NGINX become the web front end for NextCloud completely - if so how?
- I am aware of this article: https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
- I am also equally unsure how I managed to remove the original /nexctloud path (location?) and replace with /. Too many posts suggested it is configured in sites-available/*.conf or in .htaccess or in config/config.php.
Further to this, when I had /nextcloud in place, I seemed to have my proxy config working. I know this because if I accessed nextcloud.domain.com/nextcloud and ran the config checks I was getting the Strict Transport Protocol warnings. However, when I was proxying using web.domain.com/nextcloud the warnings disappeared as it was part of the NGINX SSL options. I have though replaced the original pages in sites-available since then though - thought it may be relevant.
I am happy to send through whatever configs anybody wants to see, but first was interested in understanding if there was anybody who might be able to assist.
Thanks in advance.
P.S. Also please don’t give me the ‘search the forums first’ type responses. As you can imagine having now got all this operational you can probably see for yourself that I spent hours and hours checking logs and searching the forums (BTW NextCloud’s website is painfully slow) but there are so many people asking for assistance that I ended up breaking more configs than I fixed and had to revert snapshots to get back where I started - hence why I am now asking.