[Solved] Setup of apache2 ssl reverse proxy

Hello!

This is my basic network map.

I setup one VM only for apache2 proxy, but cannot get it work with my two NC instances… I setup one simple webpage on top on my proxy (192.168.1.200) and I can access it thru https (https://personal.freemyip.com). Second, I try to create one virtualhost linked to my nc1 (192.168.1.201):

<VirtualHost *:*>
    ServerName nc1.personal.freemyip.com
    ProxyPreserveHost On

    ProxyPass / http://192.168.1.201/
    ProxyPassReverse / http://192.168.1.201/

</VirtualHost>

After that, I’ve create second virtualhost for https for the same backend (192.168.1.201)

<VirtualHost *:443>

        SSLEngine On

        # Set the path to SSL certificate
        # Usage: SSLCertificateFile /path/to/cert.pem
        Protocols h2 http/1.1
        ServerName nc1.personal.freemyip.com
        SSLCertificateFile /etc/letsencrypt/live/personal.freemyip.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/personal.freemyip.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/personal.freemyip.com/chain.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLUseStapling on
        Header always set Strict-Transport-Security "max-age=31536000"

        ProxyPass / https://192.168.1.201/
        ProxyPassReverse / https://192.168.1.201/

</VirtualHost>

Same story for the other backend (192.168.1.2)

When I try to open https://nc1.personal.freemyip.com I’ve got Internal error 500.

When http request isworking fine.

Can I take your advice, please?

Best regards!

Hello friends,

I fix all the mess:

1. I started with new vhost for the two NC instances
2. I clear as much as possible the config.php file for the both NC instances
3. I removed all ssl certs from the both NC instances
4. I’ve setup super simple new vhosts form the proxy side for the both instances
5. After that I just generate new certs for the both NCs from the proxy side
6. I’ve do specific configs for the both NCs in config.php files

I hope this post will be helpful for someone

Best regards!

Hello. Could you provide further details?

1. What apache2 config did you start with?
2. What did you remove, why did you leave what you did and what config.php did you end up with?
3. What is your specific config?
4. What specific things did you do and why?

I hope your answers will help someone.

Many thanks.

Good day.
Excuse my very late answer on this topic.

1. What apache confs Ive used:
   basic nc instance conf:

<VirtualHost *:80>
        DocumentRoot "/var/www/nextcloud"
        ServerName https://put-your-sub-domain-here.com/

        ErrorLog ${APACHE_LOG_DIR}/nextcloud.error
        CustomLog ${APACHE_LOG_DIR}/nextcloud.access combined

        <Directory /var/www/nextcloud/>
            Require all granted
            Options FollowSymlinks MultiViews
            AllowOverride All

           <IfModule mod_dav.c>
               Dav off
           </IfModule>

        SetEnv HOME /var/www/nextcloud
        SetEnv HTTP_HOME /var/www/nextcloud
        Satisfy Any

       </Directory>
</VirtualHost>

2. In some cases, your nc config.php can be configured wrong, so in my case I just take the default config.php and edited by my needs:

<?php
$CONFIG = array (
  'instanceid' => 'private',
  'passwordsalt' => 'private',
  'secret' => 'private',
  'trusted_domains' => 
  array (
    0 => 'your-nc-sub-domain.com', # for example nc.harry.com
    1 => 'private', # add your local nc address in case if you want to access nc from within the local network
  ),
  'trusted_proxies' => 
  array (
    0 => 'private', # put the address of your REVERSE PROXY server, for example 192.168.1.31
  ),
  'forwarded-for-headers' => 
  array (
    0 => 'X-Forwarded-For',
    1 => 'HTTP_X_FORWARDED_FOR',
  ),
  'datadirectory' => '/path/to/your/nc-data-location', # can be remote storage as well, for example /mnt/nas/nextcloud-data/
  'dbtype' => 'mysql',
  'version' => 'private',
  'overwrite.cli.url' => 'https://your-nc-sub-domain/', # for example https://nc.harry.com/
  'overwriteprotocol' => 'https',
  'default_phone_region' => 'US', # add a phone region to bypass the warning in the administrative panel of your instance
  'htaccess.RewriteBase' => '/',
  'dbname' => 'nc',
  'dbhost' => 'localhost:3306', # it can be a remote database server, for example 192.168.1.30:3096
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'private',
  'dbpassword' => 'private',
  'installed' => true,
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'localhost', # it could be a remove redis server, for example 192.168.1.29
    'port' => 6379,
  ),
  'mail_from_address' => 'private',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'private',
  'mail_smtpsecure' => 'ssl',
  'mail_smtpauthtype' => 'PLAIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'private',
  'mail_smtpport' => 'private',
  'mail_smtpname' => 'private',
  'mail_smtppassword' => 'private',
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
  'logfile' => '/var/log/nc/nc.log',
  'log_type' => 'file',
  'default_timezone' => 'TZ', # for example BE, Belgium
  'logdateformat' => 'c',
  'maintenance_window_start' => 1,
);

3. The above example is production config.php . You must tweak it by your needs. The best option is to create a copy of your original config.php and start from there.

4. I’ve use a default reverse proxy configuration provided in nextcloud repo . It’s important to note that on top of this vhost configuration, certbot generate a LE certificate.

Please, be aware that this is a my method to provide an access to the nc instance and you must investigate a little further the whole process for deploying and configuration of the software.

Best regards!

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.