Trouble with OpenOffice and Nextcloud behind VPS and Reverse Proxy
Our setup has evolved from a simple setup to one that is really pushing my knowledge. Recently my home IP address changed and broke DNS which created a few issues. Wanting to be a little more secure, I have since pointed my DNS to an AWS instance running HaProxy. HaProxy terminates SSL and forwards traffic through a Wireguard tunnel to my home Nginx reverse proxy. Nginx forwards traffic to the individual service’s server. I’ve got most of the bugs ironed out except for the connection between OnlyOffice and Nextcloud.
(Error occurred in the document service: Error while downloading the document file to be converted.) (version 8.0.1.31)
getConvertedUri on check error
The connector config in Nextcloud is set to https://onlyoffice.mydomain.org for each entry.
This worked when DNS pointed to nginx reverse proxy and broke when dns was pointed to haproxy on aws which also moved ssl termination.
Any help would be awesome!! TIA
Nextcloud version 29.0.3
AWS – ubuntu 22.04 – haproxy 2.4.24 - haproxy.cfg
# Global Settings
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
# Default settings
defaults
mode http
log global
option httplog
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
# Frontend configuration for HTTPS
frontend https-in
bind :80
bind :443 ssl crt /etc/haproxy/certs/
mode http
option httplog
# Set X-Forwarded-For header
http-request set-header X-Forwarded-For %[src]
# Redirect HTTP to HTTPS
http-request redirect scheme https code 301 unless { ssl_fc }
# Set X-Forwarded-Proto header for SSL connections
http-request set-header X-Forwarded-Proto https if { ssl_fc }
# Use ACL to route to the correct backend based on the domain
acl is_mydomain_org hdr(host) -i mydomain.org
acl is_mydomain_org hdr_end(host) -i .mydomain.org
# Direct traffic to the correct backend
use_backend backend_mydomain_org if is_mydomain_org
# Backend configuration for mydomain.org
backend backend_mydomain_org
balance roundrobin
option httpchk
http-check expect status 200
server server1 10.10.10.2:80
esxi – ubuntu 20.04 vm - nginx 1.18 - nginx/sites-available/config
server {
listen 80;
server_name nextcloud.mydomain.org www.nextcloud.mydomain.org;
set_real_ip_from 10.10.10.0/24;
real_ip_header X-Forwarded-For;
location / {
proxy_pass http://192.168.40.60;
proxy_max_temp_file_size 2000m;
client_max_body_size 0;
}
location /.well-known/carddav {
return 301 https://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 https://$host/remote.php/dav;
}
}
server {
listen 80;
server_name onlyoffice.mydomain.org www.onlyoffice.mydomain.org;
set_real_ip_from 10.10.10.0/24;
real_ip_header X-Forwarded-For;
location / {
proxy_pass http://192.168.40.56;
}
}
esxi – ubuntu 22.04 vm – nextcloud 29.03 - nextcloud/config.php
<?php
$CONFIG = array (
'trusted_domains' =>
array (
0 => 'nextcloud.mydomain.org',
),
'overwritehost' => 'nextcloud.mydomain.org',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/',
'overwrite.cli.url' => 'https://nextcloud.mydomain.org',
'htaccess.RewriteBase' => '/',
'trusted_proxies' =>
array (
0 => '127.0.0.1',
1 => '192.168.40.1/24',
),
'forwarded_for_headers' =>
array (
0 => 'HTTP_X_FORWARDED_FOR',
1 => 'X_FORWARDED_FOR',
),
'datadirectory' => '/srv/nextcloud/data',
'dbtype' => 'mysql',
'version' => '29.0.3.4',
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'installed' => true,
'memcache.local' => '\\OC\\Memcache\\Redis',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/run/redis/redis-server.sock',
'port' => 0,
'timeout' => 0,
),
'memcache.locking' => '\\OC\\Memcache\\Redis',
'filelocking.enabled' => 'true',
'default_phone_region' => 'US',
'log_type' => 'file',
'logfile' => '/var/log/nextcloud/nextcloud.log',
'logfile_audit' => '/var/log/nextcloud/audit.log',
'loglevel' => 1,
'maintenance' => false,
'maintenance_window_start' => 1,
'theme' => '',
'session_keepalive' => false,
'auto_logout' => true,
'session_lifetime' => 1800,
'remember_login_cookie_lifetime' => 0,
'mail_smtpsecure' => 'ssl',
);
apache2 2.4.52 - apache2/sites-enabled/mysite.conf
<VirtualHost *:80>
DocumentRoot "/var/www/nextcloud.mydomain.org"
ServerName nextcloud.mydomain.org
<Directory "/var/www/nextcloud.mydomain.org/">
Options MultiViews FollowSymLinks
AllowOverride All
Require all granted
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule /^\.well-known/cardav /nextcloud.mydomain.org/remote.php/dav [R=301,L]
RewriteRule /^\.well-known/caldav /nextcloud.mydomain.org/remote.php/dav [R=301,L]
RewriteRule /^\.well-known/webfinger /nextcloud.mydomain.org/index.php/.well-known/webfinger [R=301,L]
RewriteRule /^\.well-known/nodeinfo /nextcloud.mydomain.org/index.php/.well-known/nodeinfo [R=301,L]
</IfModule>
</VirtualHost>