Hello!
Iam trying to setup nextcloud with a nginx as reverse proxy.
I can access the page but when I login, I receive the message “this operation is not allowed”.
This is my config.php:
<?php
$CONFIG = array (
'instanceid' => 'ocybjdlkuzyj',
'passwordsalt' => 'passwordsalt',
'secret' => 'secret',
'trusted_proxies' =>
array (
0 => 'reverproxyip:443',
),
'overwritehost' => 'nextcloud.domain.de',
'overwriteprotocol' => 'https',
'overwritewebroot' => '',
'overwriteconaddr' => '^reverproxyip$',
'forwarded_for_headers' =>
array (
0 => 'HTTP_X_FORWARDED',
1 => 'HTTP_FORWARDED_FOR',
),
'trusted_domains' =>
array (
0 => 'nextcloud.domain.de',
1 => 'chat.domain.de',
2 => 'portal.domain.de',
),
'datadirectory' => '/var/www/nextcloud/data',
'dbtype' => 'mysql',
'version' => '23.0.4.1',
'overwrite.cli.url' => 'https://nextcloud.domain.de:443',
'dbname' => 'nextcloud_db',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'user',
'dbpassword' => 'password',
'installed' => true,
'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
'default_phone_region' => 'DE',
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/run/redis/redis.sock',
'port' => 0,
'dbindex' => 0,
'timeout' => 1.5,
),
this is my reverseproxy config:
upstream cloud {
server nextcloudserverip:443;
}
# HTTPS Server
server {
listen *:443 ssl;
server_name nextcloud.domain.de;
client_max_body_size 50000M;
access_log /var/log/nginx/cloud.access.log;
error_log /var/log/nginx/vhost_combined.error.log;
ssl_certificate /etc/nginx/certs/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/certs/PrivKey.pem;
include /etc/nginx/snippets/tls.conf;
# HSTS, HTTP_HEADER Security
add_header Strict-Transport-Security "max-age=1209600" always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
location / {
proxy_pass https://cloud;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
proxy_connect_timeout 140;
proxy_send_timeout 180;
proxy_read_timeout 180;
#Wellknown w/e
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# Disable unwanted HTTP methods
limit_except GET HEAD POST { deny all; }
}
}
# HTTP Server
server {
listen 80;
server_name nextcloud.domain.de;
return 301 https://$host$request_uri;
}
I also see following error messages on reverse proxy:
2022/05/16 11:01:20 [error] 2568018#2568018: *296 access forbidden by rule, client: 141.91.18.15, server: nextcloud.domain.de, request: "PROPFIND /remote.php/dav/files/user/ HTTP/1.1", host: "nextcloud.domain.de"
2022/05/16 11:02:03 [error] 2568018#2568018: *300 access forbidden by rule, client: 109.42.114.1, server: nextcloud.domain.de, request: "PUT /apps/user_status/heartbeat HTTP/1.1", host: "nextcloud.domain.de"
is there any mistake at my config? Cant figure it out…
Best Regards
LittleITworld