Trying to switch Nextcloud pre built VM to HTTP from HTTPS

R0gue_One · September 4, 2024, 4:52pm

Support intro

Sorry to hear you’re facing problems

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can

Nextcloud version (eg, 29.0.5): 29.0.4
Operating system and version (eg, Ubuntu 24.04): Ubuntu 22.04.4 LTS
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.52
PHP version (eg, 8.3): 8.3

The issue you are facing: I am implementing reverse proxy with Caddy, and trying to switch Nextcloud from HTTPS to HTTP and let Caddy handle SSL.

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

I am using HanssonIT pre-built VM, and modifying config.php
Tried adding ‘overwriteprotocol’ => ‘http’ and updated my ‘overwrite.cli.url’ from the dynamic DNS name it’s always been to either localhost or the ip address of the server.

The output of your Nextcloud log in Admin > Logging:

Can't login to interface, so cannot collect.

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'passwordsalt' => 'REDACTED',
  'secret' => 'REDACTED',
  'trusted_domains' =>
  array (
    0 => 'DYNAMIC DNS',
    1 => 'NEW DOMAIN BEHIND CADDY',
    2 => 'LOCAL IP OF SERVER',
  ),
  'datadirectory' => '/mnt/ncdata',
  'dbtype' => 'pgsql',
  'version' => '29.0.4.1',
  'overwrite.cli.url' => 'DYNAMIC DNS',
  'overwriteprotocol' => 'http',
  'dbname' => 'nextcloud_db',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'REDACTED',
  'dbpassword' => 'REDACTED',
  'installed' => true,
  'instanceid' => 'REDACTED',
  'upgrade.disable-web' => true,
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'loglevel' => '2',
  'log.condition' =>
  array (
    'apps' =>
    array (
      0 => 'admin_audit',
    ),
  ),
  'mail_smtpmode' => 'smtp',
  'remember_login_cookie_lifetime' => '1800',
  'log_rotate_size' => '10485760',
  'trashbin_retention_obligation' => 'auto, 60',
  'versions_retention_obligation' => 'auto, 180',
  'activity_expire_days' => '120',
  'simpleSignUpLink.shown' => false,
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'filelocking.enabled' => true,
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => '/var/run/redis/redis-server.sock',
    'port' => 0,
    'timeout' => 0.5,
 'dbindex' => 0,
    'password' => 'REDACTED',
  ),
  'default_phone_region' => 'us',
  'logtimezone' => 'US/Central',
  'htaccess.RewriteBase' => '/',
  'enable_previews' => true,
  'enabledPreviewProviders' =>
  array (
    11 => 'OC\\Preview\\PNG',
    12 => 'OC\\Preview\\JPEG',
    13 => 'OC\\Preview\\GIF',
    14 => 'OC\\Preview\\BMP',
    16 => 'OC\\Preview\\MP3',
    17 => 'OC\\Preview\\TXT',
  ),
  'preview_max_x' => 2048,
  'preview_max_y' => 2048,
  'jpeg_quality' => 60,
  'maintenance' => false,
  'has_rebuilt_cache' => true,
  'mail_smtpsecure' => 'ssl',
  'mail_sendmailmode' => 'smtp',
  'mail_smtphost' => 'REDACTED',
  'mail_smtpport' => '465',
  'mail_smtpauthtype' => 'PLAIN',
  'mail_smtpauth' => 1,
  'mail_from_address' => 'REDACTED',
  'mail_domain' => 'REDACTED',
  'mail_smtpname' => 'REDACTED',
  'mail_smtppassword' => 'REDACTED',
  'memories.exiftool_no_local' => true,
  'memories.vod.path' => '/var/www/nextcloud/apps/memories/bin-ext/go-vod-amd64',
  'memories.vod.ffmpeg' => '/usr/bin/ffmpeg',
  'memories.vod.ffprobe' => '/usr/bin/ffprobe',
  'updater.release.channel' => 'stable',
  'maintenance_window_start' => 1,
  'memories.db.triggers.fcu' => true,
  'app_install_overwrite' =>
  array (
    0 => 'otpmanager',
    1 => 'news',
  ),
);

R0gue_One · September 4, 2024, 11:03pm

Or, am I overthinking this, and is there a way to just use Caddy to pass port 443 to Nextcloud, and keep Nextcloud handling it’s SSL Cert renewal? For that I’ve have to change it to a different domain, but is that even possible to just use a pass through instead of trying to reverse forced HTTPS to HTTP?

blackstorm · September 5, 2024, 8:29am

this is my caddy config for nextcloud

https://nextcloud.REDACTED.XX {
	header Strict-Transport-Security max-age=31536000;
    reverse_proxy nextcloud:443 {
        transport http {
            tls
            tls_insecure_skip_verify
        }
    }
}

blackstorm · September 5, 2024, 8:30am

and my overwrite.cli.url points to my domain i set for nextcloud or in this case the one at the top of the caddy config https://nextcloud.REDACTED.XX

R0gue_One · September 5, 2024, 11:51am

That is amazing! That works perfectly against my Clone VM.

So my next question, with this setup, I’m assuming I will need to change Nextcloud / Certbot to obtain a SSL cert against the new domain? Because my pre built VM is doing it’s own SSL Cert. Or, is Nextcloud just inheriting the SSL Cert obtained by Caddy?

Right now, if I check the SSL Cert against my clone, it appears to be the one obtained by Caddy.

blackstorm · September 5, 2024, 5:55pm

From now on the reverse proxy will handle the certs no need for the local instance to have its own certs.

After all that’s what a reverse proxy is for.

R0gue_One · September 5, 2024, 6:31pm

Thanks for the help! I really appreciate the Caddy block