@Bernd_Wechner
Just in to be sure, have you followed PritishSehzpaulâs link to make the snap writable? Iâd be interested to hear back if that didnât do the trick.
A couple of easy mistakes that might cause this:
- If you have not set the âtrusted_proxiesâ directive to match your reverse proxy IP, or if your reverse proxy does not send the âX-Forwarded-Forâ header with the clientâs IP. In these cases, Nextcloud canât always tell itâs behind a reverse proxy - it will think itâs being accessed directly via its IP address all the time, so it will redirect you to nextcloud.mydomain.tld even if thatâs where youâre already going.
- If you have set the âoverwritecondaddrâ config directive, that could be the culprit. Itâs included in the example in the reverse proxy docs you linked, but itâs optional. If youâre not sure what it does, you probably donât need it.
Thereâs some additional documentation specifically for using the snap behind a reverse proxy. It includes an nginx example you can work off of to make your apache reverse proxy config. You can also refer to mine below, if that helps.
Iâm using LXC containers rather than Snaps in my setup, but it should still be helpful for reference. Iâve anonymized domains and IPs (nextcloud.mydomain.tld, nextcloud.lan, nextcloud_direct_ip, reverse_proxy_ip). If following the snap reverse proxy docs linked above, I guess all the IPs would be localhost (127.0.0.1), and youâd just change port numbers.
Nextcloud's config.php
$CONFIG = array (
'trusted_domains' => array (
0 => 'nextcloud.mydomain.tld',
1 => 'nextcloud.lan'
),
'trusted_proxies' => array (
0 => 'reverse_proxy_ip',
),
'overwrite.cli.url' => 'https://nextcloud.mydomain.tld/',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/',
'htaccess.RewriteBase' => '/',
[...]
)
Nextcloud container's Apache cfg
<VirtualHost *:80>
ServerName nextcloud.mydomain.tld
ServerAdmin webmaster@mydomain.tld
# Might be different in snap
DocumentRoot /var/www/nextcloud
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy reverse_proxy_ip
<Directory /var/www/nextcloud/>
Require all granted
Options FollowSymlinks MultiViews
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
# Might be unnecessary in the snap
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
RewriteRule ^\.well-known/webfinger /public.php?service=webfinger [QSA,L]
RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
</IfModule>
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Reverse proxy container's Apache cfg
<VirtualHost *:443>
ServerName nextcloud.mydomain.tld
ProxyPreserveHost On
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
# Leave this part out until you're sure TLS is working properly
#<IfModule mod_headers.c>
# Header always set Strict-Transport-Security "max-age=15768000; preload"
#</IfModule>
ProxyPass / http://nextcloud_direct_ip/
ProxyPassReverse / http://nextcloud_direct_ip/
# TLS certs from letsencrypt/certbot, replace with your own paths
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/nextcloud.mydomain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.mydomain.tld/privkey.pem
</VirtualHost>