URL redirect behind NGINX reverse Proxy

ā„¹ļø Support šŸ“¦ Appliances (Docker, Snappy, VM, NCP, AIO)
1

Hi Guys,

Iā€™ve setup the Nextcloud VM using the scrip provided at: github.com/nextcloud/vm

I have an NGINX reversed proxy working to handle my SSL and load off for al my stuff.

Now i have the configuration working, but i need to remove the /nextcloud in the url.

In my config.php:
ā€˜overwrite.cli.urlā€™ => ā€˜https://cloud.mydomain.com/ā€™,

My NGINX config:

##########################################

cloud.mydomain.com

##########################################
server {
# SSL configuration
#listen 80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
include /etc/nginx/snippets/strong-ssl.conf;

    server_name cloud.mydomain.com;

    ssl_certificate /etc/letsencrypt/live/cloud.mydomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/cloud.mydomain.com/privkey.pem;

    # Root location
    root /var/www/html;

    # Let's Encrypt Webroot plugin location -- allow access
    location ^~ /.well-known/acme-challenge/ {
            auth_basic off;
            autoindex on;
    }


    # Disable maximum file size
    client_max_body_size 0;

    location / {
            proxy_set_header        Host $host;
            proxy_set_header        X-Real-IP $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header        X-Forwarded-Proto $scheme;

            #websocket configuration
            proxy_http_version      1.1;
            proxy_set_header        Upgrade            $http_upgrade;
            proxy_set_header        Connection         "Upgrade";
            proxy_set_header        Authorization      "";
            proxy_read_timeout      86400;

            # Fix the  ^ ^ It appears that your reverse proxy set up is broken" error.
            proxy_pass          http://192.168.1.185;

    }

}

When i enter the URL https://cloud.mydomain.com i ge the main status page of the VM, with the forward URLS for webmin, nextcloud etcā€¦

How would i configure it in the way taht i go to cloud.mydomain.com en get to:
https://cloud.mydomain.com/index.php/login
in stead of:
https://cloud.mydomain.com/nextcloud/index.php/login

I tried to change the config php and the nginx config to http://192.168.1.185/nextcloud and ā€˜overwrite.cli.urlā€™ => ā€˜https://cloud.mydomain.com/nextcloudā€™, and any other combination. But i canā€™t seem to get it to work propperly.

Please helpā€¦

2

If you run the scripts ad setup SSL with Letā€™s Encrypt on the backend the settings are changed and you wonā€™t see the setup page of the VM anymore.

I run Nginx myself, and everything happens on the backend. Nginx just forwards the requests. So, forget about Nginx, run the scripts, setup Letā€™s Encrypt and youā€™re all good.

Just for refernece, here are my setup:

server {
         error_page 404 500 502 503 504 /cloud-error.html;
        location = /cloud-error.html {
                root /usr/share/nginx/html;
                internal;
        }
        real_ip_header     X-Forwarded-For;
        real_ip_recursive  on;

        listen 192.168.74.201:443 ssl http2;

        ssl on;
        ssl_certificate /etc/letsencrypt/live/cloud.se/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/cloud.se/privkey.pem;
        ssl_dhparam /etc/nginx/sites-available/cloudflare_ip/cloud.se/cloud-dhparams.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:10m;
        ssl_stapling on;
        ssl_stapling_verify on;

        # Only use safe chiphers
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA$
        ssl_prefer_server_ciphers on;

        server_name cloud.se;
        set $upstream 192.168.20.111;

        location /.well-known {
                root /usr/share/nginx/html;
        }


## Nextcloud ##

        location / {
                proxy_pass_header Authorization;
                proxy_pass https://$upstream;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_http_version 1.1;
                proxy_set_header Connection "";
                proxy_buffering off;
                proxy_request_buffering off;
                client_max_body_size 0;
                proxy_read_timeout  36000s;
                proxy_redirect off;
                proxy_ssl_session_reuse off;
        }
}

server {
  listen 192.168.4.201:80;
  server_name cloud.se;
  return 301 https://cloud.se$request_uri;
}
3

Well the differance i have is that i have a separated NGINX proxy running in another machine, that is used for al lot of other items.

But, when i used your configurtion as inspiration and changed it to:

    location / {
            proxy_pass_header Authorization;
            proxy_pass https://192.168.1.185;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_buffering off;
            proxy_request_buffering off;
            client_max_body_size 0;
            proxy_read_timeout  36000s;
            proxy_redirect off;
            proxy_ssl_session_reuse off;
    }

All sseemed to work perfectly!

Thanx!

4

Just for the record, I also run a separate Nginx proxy as it handles all my servers. :wink:

Glad it worked out! :slight_smile: