Text files (.txt and .md) will not open in the iPhone app from outside of my LAN. The only meaningful differences that I can think of are NAT on pfsense (all traffic on 443 is forward to nginx) and network speed 200M / 20M (which should be more than enough to open a text file). Additional details can be found below.
LAN Path
client → nginx → apache → nextcloud
WAN Path
pfsense → nginx → apache → nextcloud
Nextcloud version 25.0.3
Operating system and version FreeBSD 13.1 Release p2
nginx version 1.22.1
apache 2.4.54
PHP version 8.1.14
pfsense forwarding all traffic on 443 to nginx
nginx proxying traffic to nextcloud
apache serves nextcloud on port 80
config.php
<?php
$CONFIG = array (
'instanceid' => '????',
'passwordsalt' => '???',
'secret' => '?????',
'trusted_domains' =>
array (
0 => 'MY_HOST',
),
'trusted_proxies' =>
array (
0 => '192.168.10.10',
),
'overwriteprotocol' => 'https',
'datadirectory' => '/usr/local/www/nextcloud/data',
'dbtype' => 'mysql',
'version' => '25.0.3.2',
'overwrite.cli.url' => 'https://MY_HOST',
'dbname' => 'office',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'BOB',
'dbpassword' => '?????? ',
'installed' => true,
'theme' => '',
'loglevel' => 2,
'preview_ffmpeg_path' => '/usr/local/bin/ffmpeg',
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\BMP',
1 => 'OC\\Preview\\GIF',
2 => 'OC\\Preview\\HEIC',
3 => 'OC\\Preview\\JPEG',
4 => 'OC\\Preview\\MarkDown',
5 => 'OC\\Preview\\Movie',
6 => 'OC\\Preview\\MP3',
7 => 'OC\\Preview\\OpenDocument',
8 => 'OC\\Preview\\PDF',
9 => 'OC\\Preview\\PNG',
10 => 'OC\\Preview\\SVG',
11 => 'OC\\Preview\\TIFF',
12 => 'OC\\Preview\\TXT',
13 => 'OC\\Preview\\Krita',
14 => 'OC\\Preview\\XBitmap',
),
'maintenance' => false,
'mail_from_address' => 'admin',
'mail_smtpmode' => 'smtp',
'mail_sendmailmode' => 'smtp',
'mail_domain' => 'MY_DOMAIN',
'mail_smtphost' => 'localhost',
);
apache logs
192.168.10.10 - USERNAME [23/Jan/2023:19:03:52 -0800] "POST /ocs/v2.php/apps/files/api/v1/directEditing/open?path=/kiziah-nava/grocery-list.md&editorId=text HTTP/1.0" 200 200
192.168.10.10 - - [23/Jan/2023:19:03:52 -0800] "POST /index.php/apps/text/session/sync HTTP/1.0" 200 246
192.168.10.10 - - [23/Jan/2023:19:03:52 -0800] "GET /index.php/apps/files/directEditing/DjygWdGgeWdbBwkmsJJFCf5JXdJ7DKknYMcqFYGXRLJPJ5HoWoBfry26JRXKMLbo HTTP/1.0" 200 4684
192.168.10.10 - - [23/Jan/2023:19:03:53 -0800] "GET /core/css/server.css?v=bfb7b0cc-0 HTTP/1.0" 200 162364
192.168.10.10 - - [23/Jan/2023:19:03:53 -0800] "GET /dist/core-files_fileinfo.js?v=bfb7b0cc-0 HTTP/1.0" 200 928
192.168.10.10 - - [23/Jan/2023:19:03:53 -0800] "GET /dist/core-files_client.js?v=bfb7b0cc-0 HTTP/1.0" 200 12462
192.168.10.10 - - [23/Jan/2023:19:03:53 -0800] "GET /dist/core-main.js?v=bfb7b0cc-0 HTTP/1.0" 200 148452
192.168.10.10 - - [23/Jan/2023:19:03:53 -0800] "GET /apps/theming/css/default.css?v=47354877-0 HTTP/1.0" 200 3251
192.168.10.10 - - [23/Jan/2023:19:03:53 -0800] "GET /dist/core-common.js?v=bfb7b0cc-0 HTTP/1.0" 200 14249367
192.168.10.10 - - [23/Jan/2023:19:03:53 -0800] "GET /index.php/core/js/oc.js?v=bfb7b0cc HTTP/1.0" 200 3685
192.168.10.10 - - [23/Jan/2023:19:03:53 -0800] "GET /index.php/js/core/merged-template-prepend.js?v=bfb7b0cc-0 HTTP/1.0" 200 3098
192.168.10.10 - - [23/Jan/2023:19:03:53 -0800] "GET /dist/files_sharing-main.js?v=bfb7b0cc-0 HTTP/1.0" 200 371
nginx configuration
server {
listen 443 ssl;
server_name my_domain;
ssl_certificate /usr/local/etc/nginx/fullchain.pem;
ssl_certificate_key /usr/local/etc/nginx/privkey.pem;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
access_log /var/log/nginx/my_domain.access.log;
add_header Strict-Transport-Security "max-age=31536000";
client_max_body_size 512M;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 120s;
proxy_pass http://NEXTCLOUD_IP;
}
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
}
Apache Configuration
<VirtualHost INTERFACE IP:80>
ServerName NEXTCLOUD_DOMAIN
ServerAlias Nextcloud-http
DocumentRoot "/usr/local/www/nextcloud"
ErrorLog "/var/log/nextcloud-error_log"
CustomLog "/var/log/nextcloud-access_log" common
Protocols h2 http/1.1
</VirtualHost>