Problem accessing Nextcloud from behind a reverse proxy server

Seth12 · April 16, 2022, 11:24pm

Hello, I am running Ubuntu Server 21.10 in a Hyper-V machine with Windows Server 2022 as the host system. This host server is one of several I have behind my router, so I have no choice but to use a reverse proxy to get to my Nextcloud installation. I should also add that I installed Nextcloud on the Ubuntu server using snap.

Here’s my problem, I can access the Nextcloud installation from my domain name (example.com) to get to the “Access through untrusted domain” page, but for some reason as soon as I add my IP address to the list of trusted domains, I get a 500 - Internal server error.

Any help with this would be greatly appreciated, I have already spent days trying to get this Nextcloud installation up and running. Thanks for your time.

cyberjohn58 · April 17, 2022, 2:44pm

You will need to add your reverse proxy to the trusted domain in Nextcloud config.php.

https://docs.nextcloud.com/server/20/admin_manual/configuration_server/reverse_proxy_configuration.html

Seth12 · April 17, 2022, 4:25pm

Thank you for your response, I hadn’t thought about adding a trusted proxy. So I had added the proxy IP address to the list of trusted domains already, but from what I understand I need to add it to the list of trusted proxies. I know the link you gave me describes how to do this, but I suck with php. This is what I have added in the config.php file, but it doesn’t seam to work. Any ideas?

<?php
$CONFIG = array (
  'trusted_proxies' => '192.168.2.2',        **<---This is the only line I added**
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/snap/nextcloud/current/htdocs/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/snap/nextcloud/current/nextcloud/extra-apps',
      'url' => '/extra-apps',
      'writable' => true,
    ),
  ),
  'supportedDatabases' =>
  array (
    0 => 'mysql',
  ),
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => '/tmp/sockets/redis.sock',
    'port' => 0,
  ),
  'log_type' => 'file',
  'logfile' => '/var/snap/nextcloud/current/logs/nextcloud.log',
  'logfilemode' => 416,
  'instanceid' => 'ocorkmrneall',
  'passwordsalt' => '96HOW3vfmVWqKs36OKBvHBKodQgddY',
  'secret' => '6bTJrze4ttg63abZW4CteNdxawtUJryfQKqL6kFu8VOrZGWN',
  'trusted_domains' =>
  array (
    0 => 'localhost',

cyberjohn58 · April 17, 2022, 5:12pm

If this will help, these are my settings. I have my server behind a Nginx Reverse Proxy server but the concept is still the same.

‘trusted_domains’ =>
array (
0 => ‘Domain Name’,
1 => ‘Nextcloud Server IP’,
2 => ‘Reverse Proxy Server IP’,
),
‘trusted_proxies’ => ‘Reverse Proxy Server IP’,
‘overwriteprotocol’ => ‘https’,
‘overwritehost’ => ‘Domain Name’,
‘overwritecondaddr’ => ‘^00\.00\.000\.00$’, <---- This is the reverse proxy IP broken down.
‘forwarded-for-headers’ =>
array (
0 => ‘X-Forwarded-For’,
1 => ‘HTTP_X_FORWARDED_FOR’,
),
‘overwrite.cli.url’ => ‘https://Domain Name/nextcloud’,

Seth12 · April 17, 2022, 5:50pm

I am trying to set it up right now, I don’t understand this part. So lets say my reverse proxy server IP is 123.123.1.1 would I change this value to ‘^000.000.0.0$’

Seth12 · April 17, 2022, 7:14pm

I got it figured out, finally! Alright, for anyone else running into this problem, my fix was everything cyberjohn58 had to say (thanks again, that was a big help) as well as this fix from RockNLol that
has to do with forcing NC to send out uncompressed data.

Thank you both for saving me an untold amount of time.

cyberjohn58 · April 17, 2022, 8:13pm

‘trusted_domains’ =>
array (
0 => ‘Domain Name’,
1 => ‘192.168.2.2’,
2 => ‘123.123.1.1’,
),
‘trusted_proxies’ => [‘123.123.1.1’],
‘overwriteprotocol’ => ‘https’,
‘overwritehost’ => ‘Domain Name’,
‘overwritecondaddr’ => ‘^123\.123\.1\.1$’,

rcjca · December 3, 2023, 1:38pm

The above ‘condensed’ April 22 solution offered by cyberhohn58 worked for me as well. Running NC on a Proxmox server, using the Turnkey LXC container NC template.

orbalt · August 26, 2024, 6:47pm

Settings provided by cyberjohn58 worked out perfectly for me.
The only thing that was different in my setup is that I additionally needed to override overwritewebroot parameter because I’m hosting NC using Caddy reverse proxy (+ Tailscale) and it forwards all requests on specific URL path to the NC.
Otherwise I was getting empty (almost) login page and no specific logs.
My Caddy reverse proxy server and NC are both running on same docker bridge network so to obtain trusted proxy IP I went and checked what is my IP of Caddy for given network (recommend checking from Portainer).
‘trusted_domains’ =>
array (
0 => ‘mydomain.net’,
1 => ‘192.168.0.XXX’, ← LAN IP of my docker host machine
2 => ‘172.22.0.2’ ← Proxy server docker network IP
),
‘trusted_proxies’ => [‘172.22.0.2’],
‘overwriteprotocol’ => ‘https’,
‘overwritehost’ => ‘mydomain.net’,
‘overwritewebroot’ => ‘/nextcloud’, ← this is the path Caddy listens on
‘overwritecondaddr’ => ‘^172\.22\.0\.2$’, ← derived from Caddy net IP
‘forwarded-for-headers’ =>
array (
0 => ‘X-Forwarded-For’,
1 => ‘HTTP_X_FORWARDED_FOR’,
), ← be careful guys, these are suspended sometimes by reverse proxies and need to be forwarded specifically on reverse proxy server
‘overwrite.cli.url’ => ‘https://mydomain.net/nextcloud’, ← not confident what it is, but it works