How To Use Aptalca's Nginx-Letsencrypt to Reverse Proxy LSIO's Nextcloud


Recommended Posts

There are four files that need to be edited.

 

First: On my system is at /mnt/cache/appdata/letsencrypt/nginx/site-confs/default.  The exact location of your file depends on where you mapped /config to for Aptalca's docker.  Here is my file:

 

server {

listen 443 ssl default_server;

root /config/www;
index index.html index.htm index.php;

server_name kamhighway.com www.kamhighway.com ;

ssl_certificate /config/keys/fullchain.pem;
ssl_certificate_key /config/keys/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;

client_max_body_size 0;

location / {

	try_files $uri $uri/ /index.html /index.php?$args =404;
}
location /nextcloud {
        include /config/nginx/proxy.conf;
        proxy_pass https://192.168.x.xxx:xxx/nextcloud;
}
}

 

Second: /mnt/cache/letsecrypt/nginx/proxy.conf.  This file does not exist in a fresh install. It must be created. I copied this from Aptalca's post on page 5 of the support forum for letsencript. Here's mine:

 

client_max_body_size 10m;
client_body_buffer_size 128k;

#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;

# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;

 

Third:  /mnt/cache/appdata/nextcloud/config/nginx/site-confs/defaults. Look for this:

  # Path to the root of your installation
  root /config/www/nextcloud/;
  # set max upload size
  client_max_body_size 10G;
  fastcgi_buffers 64 4K;

 

Change it to this:

 

  # Path to the root of your installation
  root /config/www/;
  # set max upload size
  client_max_body_size 10G;
  fastcgi_buffers 64 4K;

 

Fourth:  /mnt/cache/appdata/nextcloud/config/www/nextcloud/config/config.php. Here is mine:

 

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'xxxxxxxxxxxxxxx',
  'passwordsalt' => 'xxxxxxxxxxxxxxxxxxxxxxxx',
  'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'trusted_domains' => 
  array (
    0 => '192.168.x.xxx',
    1 => 'www.kamhighway.com',
    2 => 'kamhighway.com',
  ),
  'trusted_proxies' => 
  array (
    0 => '192.168.x.xxx',
  ),
  'overwritewebroot' => '/nextcloud',
  'overwritehost' => 'kamhighway.com',
  'overwrite.cli.url' => 'https://192.168.x.xxx',

  'dbtype' => 'mysql',
  'version' => '9.0.51.0',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.x.xxx:3306',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'xxxxxxx',
  'dbpassword' => 'xxxxxxxxxxxxxxxxxxxxxxxx',
  'logtimezone' => 'UTC',
  'installed' => true,
  'mail_smtpmode' => 'smtp',
  'ldapIgnoreNamingRules' => false,
);

 

After you make these changes to the four files, make these changes to the dockers

 

Map port 443 on Aptalca's docker to port 443 on the host. Set your router to forward port 443 to port 443 on your unraid server.

 

On LSIO's nextcloud docker change the web UI to point to https://192.168.x.xxx:xxx/nextcloud/.

 

Restart both dockers. 

 

You should now be able to a reach nextcloud from outside of your network at https://domain.com/nextcloud/

 

From inside your network, you can reach nextcloud at https://192.168.x.xxx:xxx/nextcloud/.

 

Hope this is helpful to someone.

Link to comment
  • 2 weeks later...

@Azza666 and @Kewjoe,

 

Glad this post was helpful to you. I tried a lot of things, and when I finally got it working I knew that if I didn't write it down I'd never be able to redo it if I had to. Thought this was a good place to write it down so I could find it again if needed and also to see if I am the only one having these problems.

Link to comment

btw Kam,

 

Is this a correct path for you? "Fourth:  /mnt/cache/appdata/nextcloud/config/www/nextcloud/config/config.php. Here is mine:"

 

for me it's "/mnt/cache/appdata/nextcloud/www/nextcloud/config/config.php"

 

Wasn't sure if it's a typo in your post or if your setup is different than mine

 

 

 

Link to comment

@kewjoe,

 

That is the correct path on my system. For the docker I have the container's /config mapped to /mnt/cache/appdata/nextcloud/config.  If you have your's mapped to /mnt/cache/appdata/nextcloud then I can your path is correct. 

 

Thanks for pointing that out. It just goes to show you how hard it is to write instructions that will work for everyone's configuration.

Link to comment

Thanks for this guide!

 

I got a little problem,

this is working fine when I access it from a web browser, but when I try to access the server from my phone with the nextcloud app (android), it does not find the server.

Any idea what is causing this?

 

Sort out the first issue before starting on the next!  :P

 

And I thought you were using Apache?!

Link to comment

Thanks for this guide!

 

I got a little problem,

this is working fine when I access it from a web browser, but when I try to access the server from my phone with the nextcloud app (android), it does not find the server.

Any idea what is causing this?

 

Sort out the first issue before starting on the next!  :P

 

And I thought you were using Apache?!

I switch between apache and nginx with letsencrypt. I originally did set up apache, but later find out about nginx with letsencrypt so had to try that. 

 

Only changes between nginx and apache is the one line in nextcloud, so easy to switch.

 

with apache I can't connect to the local server, and with nginx I can't connect to my phones..

 

The differnce between them is this line (first post), I keep the "nextcloud/" part it in apache, but remove it in nginx.

 root /config/www/nextcloud/;

Link to comment

Thanks for this guide!

 

I got a little problem,

this is working fine when I access it from a web browser, but when I try to access the server from my phone with the nextcloud app (android), it does not find the server.

Any idea what is causing this?

 

Sort out the first issue before starting on the next!  :P

 

And I thought you were using Apache?!

I switch between apache and nginx with letsencrypt. I originally did set up apache, but later find out about nginx with letsencrypt so had to try that. 

 

Only changes between nginx and apache is the one line in nextcloud, so easy to switch.

 

with apache I can't connect to the local server, and with nginx I can't connect to my phones..

 

The differnce between them is this line (first post), I keep the "nextcloud/" part it in apache, but remove it in nginx.

 root /config/www/nextcloud/;

 

If you'd told me that in your other post it might have saved me a fair bit of time trying to work out a solution for you.  I've replied in our support thread.

Link to comment

Set this up on a new server now just to test. I copied everything you did, just put on my own dns name instead.

 

Now I can access nextcloud from my browser on both the local and external ip/dns name and from the iOS app, but NOT from the android app. I can access nextcloud from the browser on my phone, but not the app.

Anyone has any idea? Can someone test if it is the same to you, or if it works for you with the setup in first post.

Link to comment

Finally got it working, copied kamhighway's configs in the excact same order then it worked..

 

Posting my config below :)

 

/mnt/cache/appdata/Nginx-letsencrypt/nginx/site-confs/default

server {
listen 80;

listen 443 ssl default_server;

if ($scheme = http) {
	return 301 https://xxx.ddns.net$request_uri;
}

root /config/www;
index index.html index.htm index.php;

server_name xxx.ddns.net;

ssl_certificate /config/keys/fullchain.pem;
ssl_certificate_key /config/keys/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;

client_max_body_size 0;

location / {

	try_files $uri $uri/ /index.html /index.php?$args =404;
}
location /nextcloud {
	include /config/nginx/proxy.conf;
	proxy_pass https://192.168.1.2:444/nextcloud;
}
location /request {
	include /config/nginx/proxy.conf;
	proxy_pass http://192.168.1.2:3579/request;
}
}

 

 

/mnt/cache/appdata/nextcloud/www/nextcloud/config/config.php

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => xxxxxxxxxx',
  'passwordsalt' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'trusted_domains' => 
  array (
    0 => '192.168.1.2:444',
  ),
  'trusted_proxies' =>
  array (
    0 => '192.168.1.2',
  ),
  'overwritewebroot' => '/nextcloud',
  'overwritehost' => 'xxx.ddns.net',
  'overwrite.cli.url' => 'https://192.168.1.2:444/nextcloud',
  'dbtype' => 'mysql',
  'version' => '9.1.0.16',
  'dbname' => 'NextCloud',
  'dbhost' => '192.168.1.2:3306',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_xxxxxxxxxx',
  'dbpassword' => 'xxxxxxxxxxxxxxxxxxxxxxxxxx',
  'logtimezone' => 'UTC',
  'installed' => true,
  'maintenance' => false,
  'loglevel' => 2,
  'mail_smtpmode' => 'php',
);

 

 

"/mnt/cache/appdata/Nginx-letsencrypt/nginx/proxy.conf" and "/mnt/cache/appdata/nextcloud/nginx/site-confs/default"

is the same as in OP

Link to comment

Anyone know how to get rid of these warnings?

Not very important, but would be nice.

 

The "X-XSS-Protection" HTTP header is not configured to equal to "1; mode=block". This is a potential security or privacy risk and we recommend adjusting this setting.
The "X-Content-Type-Options" HTTP header is not configured to equal to "nosniff". This is a potential security or privacy risk and we recommend adjusting this setting.
The "X-Robots-Tag" HTTP header is not configured to equal to "none". This is a potential security or privacy risk and we recommend adjusting this setting.
The "X-Frame-Options" HTTP header is not configured to equal to "SAMEORIGIN". This is a potential security or privacy risk and we recommend adjusting this setting.

Link to comment

@bjonness406,

 

Can you post the changes you made. If I can duplicate your results I'll update the instructions in the original post.

I realised my config was a bit different than yours, then I copied your config exact it worked.

I think the issue was the order I had some of the lines in, after I changed that everything worked. (in the /mnt/cache/appdata/nextcloud/www/nextcloud/config/config.php file).

 

Thank you very much for the great post btw!  ;)

Link to comment
  • 4 weeks later...

Damn... i messed up... i think.

 

This morning everything worked fine. I was trying to add peter_sm fix for the warning in nextcloud, but that ended up i a "502 bad gateway" page. I then removed the line i just add, but that didn't changed anything, still bad gateway. I tried different browsers, restarted nextcloud and letsencrypt docker, without any luck.

 

 

this is my nextcloud config.php

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'octetfa9q409',
  'passwordsalt' => 'xxxxxxxxxxxxxxxxxxxx',
  'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'trusted_domains' =>
  array (
    0 => '192.168.x.xxx:xxx',
    1 => 'www.xxx.dk',
    2 => 'xxx.dk',
),

  'trusted_proxies' =>
  array (
    0 => '192.168.xx.xxx',
),

  'overwritewebroot' => '/nextcloud',
  'overwritehost' => 'xxxx.dk',
  'overwrite.cli.url' => 'https://192.168.xx.xxx:xxx/nextcloud',
  'dbtype' => 'mysql',
  'version' => '9.1.1.5',
  'dbname' => 'nextcloud',
  'dbhost' => '192.168.xx.xxx:3305',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_xxxxxxx',
  'dbpassword' => 'xxxx',
  'logtimezone' => 'UTC',
  'installed' => true,
);

 

This i added to letsencrypt default site-confs

 


        location /nextcloud {
        include /config/nginx/proxy.conf;
        proxy_pass https://192.168.x.xxx:xxx/nextcloud;
        }
}

 

---edit---

started from scratch, now everything is working again.

 

Link to comment
  • 3 weeks later...

Any one else getting this when they try to enable app/plugin on nextcloud?

 

"Error while enabling app"

 

nothing in log.

 

reverse proxying via nginx letsencrypt docker

 

 

No, and without more detail kind of difficult to help.... What app/plugin?

 

any app, but i have figured out this in my nginx conf is the problem...

 

	location / {
	try_files $uri $uri/ /index.html /index.php?$args =404;
}

location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
}

 

how can i modify this to work for my index.php and various other files in the root of www but also have nextcloud work?

 

 

UPDATE:

For now i have it working by doing this but surely there is a better way?

 

	location / {
	try_files $uri $uri/ /index.html /index.php?$args =404;
}

location ~ ^/(index.php|setup.php|settings.php|settings.ini.php) {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
}

 

These files i'm referencing are for a custom dashboard system i use for my homepage.

Link to comment

Ah, I see, I run my nextcloud as nextcloud.server.com seen way too many problems running it on server.com/nextcloud

 

Sorry.

 

i don't want more domains on my cloudflare list :D it's already got loads, i have 1 for unraid (Secure) and 1 for the others :)

 

this fix above works for me to make PHP files work (whitelist essentially) and also have nextcloud work.

Link to comment
  • 2 months later...

 

I had nextcloud working with mariadb but after trying to get it working with lets encrypt it's broken.  I noticed the config file is missing the mysql reference you guys have.  Is this part of the problem?

 

 

<?php
$CONFIG = array (
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'datadirectory' => '/data',
  'instanceid' => 'xxxxxx',
  'passwordsalt' => 'xxxxxx',
  'secret' => 'xxxxxx',
  'trusted_domains' =>
  array (
    0 => '192.168.2.100',
    1 => 'www.domain.me',
    2 => 'domain.me',
  ),
  'trusted_proxies' =>
  array (
    0 => '192.168.2.100',
  ),
  'overwritewebroot' => '/nextcloud',
  'overwritehost' => 'domain.me',
  'overwrite.cli.url' => 'https://192.168.2.100',
  'dbtype' => 'sqlite3',
  'version' => '11.0.0.10',
  'logtimezone' => 'UTC',
  'installed' => true,
);

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.