I’d like to ask for some assistance in this matter please.
Nextcloud is installed on Ubuntu server 20.10. Deployed with the server itself, via snap. Version 20.0.7.
OPNsense is installed on a hardware device and is connected directly to internet.
I use Cloudflare as DNS.
So I tried setting it up:
Configured Nextcloud to accept HTTP at port 7444, HTTPS at port 7443, self-signed cert. Connect via HTTPS, confirm cert error, → OK
Also tested port forwarding → OK
Then I entered into the config.php file:
'trusted_domains' => array ( 0 => '192.168.110.6', 1 => 'nextcloud.domain.com', ), ... 'trusted_proxies' => array('192.168.110.254'),
.6 is the nextcloud server, .254 is the firewall (it’s actually a VLAN).
I also set up Cloudflare DNS to point to my WAN IP for nextcloud. domain .com.
I also have a second entry in DNS, call it firewall. domain. com, which is the FQDN of the OPNsense.
And then on with the OPNsense setup (this is just for a possible reference, I am aware this is not an opnsense forum):
Added upstream server: 192.168.110.6, 7443, 1
Configured Upstream: server entry = the above entry, weighted round robin, enable TLS unchecked, uncheck TLS: verify certificate (self-signed on NC)
Location: URL pattern /, match type none, URL rewriting nothing selected. Rest is default, upstream servers: previous step.
HTTP Port empty
HTTPS Port 7443
Server Name: nextcloud. domain. com
Locations: previous step
URL Rewriting Nothing selected
TLS Certificate: my *.domain .com wildcard certificate.
Rest is default afaik.
And now, if I try to access: https://nxtcld.domain.com:7443/
Nothing. Zip. Nada.
It’s not the firewall, ports are open.
Nothing in the log of nginx.
However, here’s the jist:
If I attempt to access the FQDN of the firewall (firewall. domain.com), I get untrusted domain, so apparently there is an answer from the nextcloud at port 7443. This makes sense, since it’s not trusted.
But: why does it answer at firewall. domain. com and not at nextcloud. domain. com? Basically, as soon as I enter the domain under trusted_domains, no connection is possible.
Also discovered another thing: if I then enter firewall. domain. com into trusted_domains, I get no answer any more via that FQDN. Vice versa too, if I remove nextcloud. domain. com from trusted_domains, I get untrusted domain message.
So, I am really not sure who’s at fault here. Is it wrong nextcloud config or is it OPNsense/nginx?
Can someone help a little please?