I found out. It works now. It indeed is as simple as editing the file
/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/.htaccess
to contain:
<IfModule mod_proxy_fcgi.c>
# added:
SetEnv ap_trust_cgilike_cl
# /added
SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
</IfModule>
As far as the /etc/nginx/conf.d/default.conf is concerned, nothing special is needed:
server {
listen 80;
server_name localhost;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
server {
listen 443 ssl;
server_name my.domain.net;
location / {
proxy_pass http://127.0.0.1:11000; #the host ip address, localhost I assume would just come back to this docker container
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# if we comment this out, uploads fail
client_max_body_size 0;
# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
ssl_certificate /etc/letsencrypt/live/my.domain.net/fullchain.pem; # managed by Certbot
# managed by certbot on host machine
ssl_certificate_key /etc/letsencrypt/live/my.domain.net/privkey.pem;
# managed by Certbot
}
So it indeed was the apache bug szaimen mentioned.
DIACLAIMER: I don’t fully understand what kind of security vulnerabilities this apache option opens my server up to. It might. If you know, please post.
Thanks to everyone that tried to help solve the mystery!