Running Nextcloud on separate server and VLAN than Nginx

Hello! First time posting here. I’ve managed to run an instance of Nextcloud using Nginx as a reverse proxy successfully for over a year now, however it was always on the same server. I’ve decided to have Nginx running on a dedicated Pi and am having a hard time getting it working correctly with Nextcloud. Every other app I’m using with my new Nginx setup is working great.

Is it possible to have Nginx on a separate server (and VLAN) than my Nextcloud instance? If anyone could provide some basic guidance or point me to a conversation that would help it would be greatly appreciated! I’m not sure if the root considers the proxy_pass to the IP address or if I’m needing to specify the root being on the other machine (http://nextcloud_ip/usr/share/nextcloud/). I’ve tried quite a few things and just can’t seem to get anywhere. I’m a little surprised I couldn’t find more people trying to achieve this same thing, which has me thinking I’m just completely missing something obvious (or maybe this just isn’t possible). Am a little new to this homebrew world so please be kind lol.

Thanks!

Hello

“Reverse Proxy” is the keyword you are looking for. You can run your Nextcloud in one VLAN and the reverse proxy in another. However, Nextcloud needs a web server to work. This means that you have to run two web servers. One on the same server where your nextcloud is installed (wich you already have) and one on the other server in a reverse proxy configuration, which forwards the requests to the Nextcloud web server.

This!

Nope.

Basically, you can leave your Nextcloud installation as it is now (beside of some small changes in the config.php: https://docs.nextcloud.com/server/21/admin_manual/configuration_server/reverse_proxy_configuration.html) and and put a reverse proxy in front of it.

If your Nextcloud server is already accessible from the Internet and you are using SSL certificates, the easiest way is to disable SSL on the Nextcloud server and reacquire the certificates on the reverse proxy. And of course the port forwarding from the Internet must point to the server with the reverse proxy on it, instead of the Nextcloud server.

If you want the connection between the reverse proxy and the Nextcloud server to be encrypted as well, the setup becomes more complicated. But this is also possible. However, I would start with the simpler variant and, if necessary, deal with ssl on the Nextcloud server afterwards.

Thank you so much for the quick response! I’m going to look into this when I get home from work tonight.

I’m dealing with a single internet connection. As far as I know, web servers listen on ports 80 & 443. Does this mean I will need to have the server paired with the Nextcloud instance listening on one of these ports and the reverse proxy server listening on the other? I’m guessing port 80 would be reverse proxy (since the proxy should force HTTPS) and port 443 would be on the Nextcloud server? Or do I need to use custom ports and deal with the headaches that could create on the access end?

Any suggestions on whether to go apache/nginx on the Nextcloud server?

Thank you again! I’ll follow up here within the next couple days with results.

All the requests for your Nextcloud from the internet should go to Port 443 of the reverse proxy. The reverse proxy then forwards the request to to the Nextcloud server. The Nextcloud server delivers the requested resource back to the proxy, which delivers it to the client. Since Nextcloud is running on a diffrent server, both servers can listen on Port 443.

I would use the web server that you most familiar with. But If I understood correctly, you already have a working Nextcloud installation? If so, you don’t have to change anything there, except for the things that are described in the link to the Nextcloud Docs that I posted in the previous post.

If you need more specific help, please post detailed information about your existing setup. It may also help to search the forum. There are already various threads on the subject of reverse proxy.