Nextcloud Hub II (23.0.0)
Can’t upload files via reverse proxy by nginx.
input trafic is normal, by output trafic is not normal - too small.
eth0
KB/s in KB/s out
71.67 67.62
11785.54 278.48
33600.63 553.52
nginx as reverse proxy config:
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name cloud.my.ru;
ssl_certificate /etc/ssl/www/cloud/cert.pem;
ssl_certificate_key /etc/ssl/www/cloud/key.pem;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
access_log /var/log/nginx/cloud_access.log;
error_log /var/log/nginx/cloud_error.log;
location / {
add_header Front-End-Https on;
proxy_pass https://192.168.4.16;
proxy_redirect off;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
client_max_body_size 0;
client_body_timeout 60s;
}
location = /.well-known/carddav {
proxy_pass https://192.168.4.16/remote.php/dav;
proxy_redirect off;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
client_max_body_size 0;
client_body_timeout 60s;
}
location = /.well-known/caldav {
proxy_pass https://192.168.4.16/remote.php/dav;
proxy_redirect off;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
client_max_body_size 0;
client_body_timeout 60s;
}
}
nextcloud nginx config:
upstream php-handler {
server unix:/var/run/php/php7.4-fpm.sock;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name cloud.my.ru;
ssl_certificate /etc/ssl/www/cloud/cert.pem;
ssl_certificate_key /etc/ssl/www/cloud/key.pem;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
add_header X-Frame-Options "SAMEORIGIN";
fastcgi_hide_header X-Powered-By;
root /var/www/cloud;
location = /.well-known/webfinger {
return 301 /index.php$uri;
}
location = /.well-known/nodeinfo {
return 301 /index.php$uri;
}
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
client_max_body_size 128M;
fastcgi_buffers 64 4K;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_read_timeout 3600;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
try_files $uri /index.php$request_uri;
access_log off;
}
}
in nextcloud logs:
Sabre\DAV\Exception\ServiceUnavailable: The server is in maintenance mode
help me please setup nginx or nextcloud to allow upload via reverse proxy.
if reverse proxy is the same nextcloud server that works perfectly, but I separate reverse proxy from nextcloud server, and with works wrong with file upload.
