Unable to get NextCloud to work behind a reverse proxy

I previously had this working, but something broke it unrelated to NextCloud (had NextCloud as a plugin in FreeNas before and tried to update that plugin, which broke the settings somehow, so now I’m trying to manually get a jail working).

My set-up is as follows:

  • Host pc: Windows 10 Pro (I’m using IIS to do the reverse proxy with url rewriting)
  • Virtual machine (VMware Workstation): FreeNas
  • Jail in which I followed instructions to install NextCloud + PGSQL + NGINX as described here nextcloud-17-on-freebsd-12-1 (search on google as I’m out of links to post, its on a sub-domain of vermaden) (although slightly deviated from it to exclude https).

NextCloud functions perfectly on LAN if I disable the reverse proxy rule in IIS and omit the proxy settings in config.php. However as soon as I try to put it on WAN I always get a 500 internal server error.

Host pc IP = 192.168.2.11
NextCloud jail IP = 192.168.2.37

The following IIS rules have affect on accessing the NextCloud server: https://hastebin.com/xixavimore.xml

config.php: https://hastebin.com/jasovapevi.xml

nginx.conf: https://hastebin.com/vawewekazu.nginx

nginx error log (there are some other errors at the top that are probably unrelated to the current settings as I was trying other things to no avail): https://hastebin.com/nekeyesero.m

@Neijwiert On your config.php file starting at line 24 you have…

  array (
	0 => '192.168.2.37',
  ),

add to it to read…

  array (
	0 => '192.168.2.37',
    1 => 'nextcloud.YOURDOMAIN.com',
  ),

Thanks for the reply. Yes, sorry I have had that before in my config.php, but due to me trying different things I accidentally omitted that in my post here. I’ve just tried it again and I’m still getting a 500 response. I’m not sure if it helps, but it seems that the Nextcloud server is somehow responding as when I go to nextcloud.MyRedactedDomain.com I get redirected to nextcloud.MyRedactedDomain.com/login. Also I’m trying logins through incognito windows, just in case my browser cached something wrong.

Edit: And I checked the log again, and NGINX sees everything. It sees a GET request from 192.168.2.11 but it says “Access forbidden by rule”.

@Neijwiert So when looking at Nextcloud’s Example their trusted proxy is a certain ip, which in your case based on your config.php on line 27 is your host PC “192.168.2.37”. Then you list the overwritehost as your Nextcloud jail. Then taking note your overwritewebroot, is that correct it should just be “/”? Nextcloud states to set it as the “absolute web path of the proxy to the Nextcloud folder.” I am just making sure more for myself.

I know for me it points to nextcloud.mydomain.com/index.php/login, I hope that helps.

@foxhoundvenom

Then you list the overwritehost as your Nextcloud jail

You’re right. This might also have been a leftover from my fooling around. I changed it to .37, but it is still not working. I also didn’t need this setting to have it work previously.

Then taking note your overwritewebroot, is that correct it should just be “/”? Nextcloud states to set it as the “absolute web path of the proxy to the Nextcloud folder.” I am just making sure more for myself.

My previous working instance didn’t even have this setting. I thought I would just leave it empty as a forward slash. I’m not sure what else to make of it then. I left it out completely and it still does not work.

I know for me it points to nextcloud.mydomain.com/index.php/login, I hope that helps.

The previous working instance also had index.php. I don’t know what is causing it to leave out index.php (as I just followed the tutorial and it automatically left it out), but if I go to the nextcloud instance over LAN it also leaves out index.php and it works fine.

EDIT: If I manually insert index.php it still returns a 500 status.

I did some research regarding this and on this site they state:

The difference between absolute and relative paths
It’s fairly simple.

If the path is built starting from the system root, it is called absolute.
If the path is built starting from the current location, it is called relative (which makes sense, as it is relative to our present position)

So it seems like maybe it should be “/usr/local/www/nextcloud/”

@foxhoundvenom

So it seems like maybe it should be “/usr/local/www/nextcloud/”

No that doesn’t seem to be it either. When I go to nextcloud.MyRedactedDomain.com I get redirected to nextcloud.MyRedactedDomain.com/usr/local/www/nextcloud/login and I get an ERR_TOO_MANY_REDIRECTS.

Outright removing the setting still gives a 500 status.

I have figured out the solution. It seems that there were 2 (and a third not related to the 500 error) problems:
(1) My IIS URL rewrite rule was wrong and it was adding an extra forward slash to the GET request to the server. It was http://192.168.2.37/{REQUEST_URI}, but it needed to be http://192.168.2.37{REQUEST_URI}.

(2) IIS does not support compression by default from the server it is reverse proxying to. You either need to disable all the gzip compression in the nginx.conf or set some extra rules: https://stackoverflow.com/questions/2640526/detailed-500-error-message-asp-iis-7-5/2765795#2765795

(3) (the unrelated one) If I had trusted_proxies and overwritecondaddr in my Nextcloud’s config, it was using the wrong server address and authorization would fail on the desktop Nextcloud’s app, however the webpage and phone app would work fine.

@Neijwiert Awesome, at least we were on the right path. [Pun intended]

Hello,

I am in the same situation. Can you explain more about where to change IIS URL rewrite rule ?

Thanks in advance