Hello everyone,
I have the following setup. I am running nextcloud:27.1.2-apache in a docker compose setup on a virtual machine in azure. This machine is referenced as server 2 in the following. I can reach the nextcloud instance via the public ip of the server on port 8080 as desired. Everything works.
The nextcloud instance is to be part of a service offering that is reachable via an ssl-encrypted domain, which points to a different server (server 1) that also hosts a docker compose setup, including NGINX as reverse proxy. All SSL-traffic is routed to the NGINX instance.
The goal is to make the nextcloud instance available under https://subdomain.domain.com/path/path2. Therefore, I have created a location entry with a proxy_pass to the IP and Port of my nextcloud instance, to forward all traffic from the above url to the nextcloud docker container.
The forwarding rule generally seems to work, as I do not get an SSL error and reach the netcloud instance. However, nextcloud complains that I am trying to access the instance via an untrusted domain and the formatting of the page is missing.
In the Nextcloud config.php, I included:
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'public-ip-server2',
2 => 'subdomain.domain.com',
3 => 'public-ip-server1',
4 => 'vnet-private-ip-server1',
),
'trusted_proxies' =>
array (
0 => 'public-ip-server1',
1 => 'vnet-private-ip-server1',
2 => 'subdomain.domain.com',
),
...
'overwrite.cli.url' => 'https://subdomain.domain.com/path/path2',
...
Some of the array entries might not be necessary, however I simply added all variations of the IPs and domains in trusted_domains and trusted_proxies during debugging.
The relevant part of the NGINX config looks like this:
server {
listen 443 ssl;
sendfile on;
default_type application/octet-stream;
server_name subdomain.domain.com;
root /usr/share/nginx/html;
ssl_certificate /etc/nginx/ssl/live/subdomain.domain.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/subdomain.domain.com/privkey.pem;
location /path/path2 {
proxy_pass http://vnet-private-ip-server2:8080;
}
}
What am I missing in any of the configurations, such that Nextcloud recognizes this to be a valid trusted domain and proxy? Do I need to add additional configuration in NGINX for this to work properly?
Any help would be highly appreciated.
Thanks and best regards
Jens