Weird Nextcloud Behavior with Proxy


i’m running into some weird problems with a fresh Nextcloud install behind a local Proxy.

So far I have encountered two symptoms which may or may not result from the same problem:

  1. In the contacts menu on the top right, pictures, names and the “Nextcloud Talk” icons only show up if i visit the Nextcloud via the local IP. If i use the public domain ( I only see a list of usernames that can’t be interacted with.
  2. Connecting to the Nextcloud using the app is only possible through the local IP, when I try to log in via the public domain nothing happens after pressing the “Grant Access Button”.

The Setup is the following:

  • A public domain with subdomain ( with a DNS redirect (Type A) to our static IP.
  • All traffic that arrives on Port 80 & 443 is redirected to proxy server ( running Ubuntu Server
  • That Proxy Server (109) has a apache2 config file that redirects to the nextcloud server ( also running Ubuntu Server:
nextcloud.conf on
<VirtualHost *:80>
        Redirect permanent /

<IfModule mod_ssl.c>
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)

<VirtualHost *:443>
                ProxyPreserveHost On
                ProxyRequests Off
                ProxyPass /
                ProxyPassReverse /
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
<IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
  • The Nextcloud Server (112) has a standard apache2 config file for the nextcloud installation:
nextcloud.conf on
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/nextcloud

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

#Nextcloud Konfiguration
<Directory /var/www/html/nextcloud/>
Options +FollowSymlinks
AllowOverride All

<IfModule mod_dav.c>
Dav off

SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud


My Nextcloud System Info:

Nextcloud version: 18.0.2
Operating system and version: Ubuntu Server 19.10
Apache or nginx version: Apache 2.4.41
PHP version: 7.3

In my Nexcloud Log I get a couple of Errors:

imagecreatefromstring(): Data is not in a recognized format at /var/www/html/nextcloud/lib/private/legacy/image.php#621

Swift_TransportException: Connection could not be established with host :stream_socket_client(): unable to connect to (Connection refused)

Cannot declare class OCA\Talk\Migration\Version2000Date20170707093535, because the name is already in use at /var/www/html/nextcloud/apps/spreed/lib/Migration/Version2000Date20170707093535.php#127
My Nextcloud config.php file:
$CONFIG = array (
  'instanceid' => 'xxx',
  'passwordsalt' => 'xxx',
  'secret' => 'xxx',
  'trusted_domains' =>
  array (
    0 => '',
    1 => '',
    2 => 'localhost',
  'trusted_proxies' =>
  array (
    0 => '',
  'datadirectory' => '/var/www/html/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '',
  'overwrite.cli.url' => '',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'password',
  'installed' => true,

I’ll be happy for any advice on what might be wrong here and how to set up the reverse Proxy properly.

Thanks in advance!

Use right click on picture to see the url.

(not admin but user in above url)

Is there “https” or “http” at the beginning of the url?

If http test the access of the url with:

So when i right click on the picture using the local adress i get:

And if i then test the different options:

a) local http: works
b) local https: Firefox gives me an SSL Error (makes sense, https isnt enabled for the Nextcloud Server as its done by the Proxy Server
c) public http: works (it’s automatically redirected to https)
d) public https: works

Perhaps you can use in Firefox the developer-option (F12) and then network. Can you find the corresponding urls? Perhaps there is an difference or an error.

So the URL is greyed out. It’s a http URL and not a https URL, which i guess its wrong? When going to that URL manually I am able to download the file though…

Perhaps the rewrite from http to https is not correct.

Test at the beginning of /var/www/html/nextcloud/.htaccess
Error in this file can break your nextcloud. Delete the lines on errors.

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{ENV:HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

Sorry, I’m not quite sure what you want me to do. I have the .htaccess file open now. Should i add these lines somewhere?

At the beginning of the file.

so all http-requests are redirected to https.
Perhaps there is a problem in nextcloud with redirecting from http to https.

I’ve attached the file below. Shouldn’t the rewrite happen on the Proxy Server already? In the Apache nextcloud.conf file on the Proxy Server (109) i’ve added your rewrite routine instead of the

Redirect permanent /

which i’ve had before. Unfortunately, that doesn’t solve the issue.

<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_fcgid.c>
       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    <IfModule mod_proxy_fcgi.c>
       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1

  <IfModule mod_env.c>
    # Add security and privacy related headers
    Header always set Referrer-Policy "no-referrer"
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Download-Options "noopen"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Permitted-Cross-Domain-Policies "none"
    Header always set X-Robots-Tag "none"
    Header always set X-XSS-Protection "1; mode=block"
    SetEnv modHeadersAvailable true

  # Add cache control for static resources
  <FilesMatch "\.(css|js|svg|gif)$">
    Header set Cache-Control "max-age=15778463"

  # Let browsers cache WOFF files for a week
  <FilesMatch "\.woff2?$">
    Header set Cache-Control "max-age=604800"
<IfModule mod_php7.c>
  php_value mbstring.func_overload 0
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
  RewriteRule ^\.well-known/webfinger /public.php?service=webfinger [QSA,L]
  RewriteRule ^\.well-known/nodeinfo /public.php?service=nodeinfo [QSA,L]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
  RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
  RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddEncoding gzip svgz
<IfModule mod_dir.c>
  DirectoryIndex index.php index.html
AddDefaultCharset utf-8
Options -Indexes
<IfModule pagespeed_module>
  ModPagespeed Off

ErrorDocument 403 //
ErrorDocument 404 //

Sorry. No further idea.

No worries, thank you for your time!

1 Like

Ok, I solved it.

’overwriteprotocol’ => ‘https’, was missing from my nextcloud config.php file.