I've been at this for a few days and I'm still scratching my head. I have a nextcloud jail running great (installed as a plugin), but it only works locally (of course, if I open port 80 to my nextcloud IP, I can access remotely no problem, but that isn't secure). Since I'd like to access my nextcloud jail (and a few others) remotely, I decided to setup a NGINX jail so I can reverse proxy. I followed this excellent guide, but I always get 404/not found when I try to configure everything with nextcloud. I can successfully connect to other local servers (e.g. pi-hole). I'm at a loss right now since I feel like I've tried everything. Is anyone successfully pulling off what I'm trying to do? If so, mind giving me a hand with my configurations?
My main configurations are:
Nextcloud Jail usr/local/www/nextcloud/config/config.php
NGINX Jail usr/local/etc/nginx/nginx.conf
NGINX Jail usr/local/etc/nginx/proxy_setup.conf
My main configurations are:
Nextcloud Jail usr/local/www/nextcloud/config/config.php
Code:
<?php $CONFIG = array ( 'apps_paths' => array ( 0 => array ( 'path' => '/usr/local/www/nextcloud/apps', 'url' => '/apps', 'writable' => true, ), 1 => array ( 'path' => '/usr/local/www/nextcloud/apps-pkg', 'url' => '/apps-pkg', 'writable' => true, ), ), 'logfile' => '/var/log/nextcloud/nextcloud.log', 'memcache.local' => '\\OC\\Memcache\\APCu', 'instanceid' => 'REMOVED', 'passwordsalt' => 'REMOVED', 'secret' => 'REMOVED', 'trusted_domains' => array ( 0 => 'NEXTCLOUD.JAIL.IP', 1 => 'MY.DOMAIN', ), 'datadirectory' => '/usr/local/www/nextcloud/data', 'dbtype' => 'mysql', 'version' => '15.0.0.10', 'dbname' => 'nextcloud', 'dbhost' => 'localhost', 'dbport' => '', 'dbtableprefix' => 'oc_', 'dbuser' => 'REMOVED', 'dbpassword' => 'REMOVED', 'installed' => true, /* 'overwrite.cli.url' => 'https://MY.DOMAIN/', */ 'trusted_proxies' => array ( 0 => 'NGINX.JAIL.IP', ), /* 'overwritehost' => 'MY.DOMAIN', */ /* 'overwriteprotocol' => 'https', */ /* 'overwritewebroot' => '/nextcloud', */ );
NGINX Jail usr/local/etc/nginx/nginx.conf
Code:
#user nobody; worker_processes 1; # This default error log path is compiled-in to make sure configuration parsing # errors are logged somewhere, especially during unattended boot when stderr # isn't normally logged anywhere. This path will be touched on every nginx # start regardless of error log location configured here. See # https://trac.nginx.org/nginx/ticket/147 for more info. # #error_log /var/log/nginx/error.log; # #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; listen [::]:80; server_name MY.DOMAIN; #charset koi8-r; #access_log logs/host.access.log main; location / { root /usr/local/www/nginx; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/local/www/nginx-dist; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server server { listen 443 ssl; listen [::]:443 ssl; ssl on; server_name MY.DOMAIN; include ssl_common.conf; include proxy_setup.conf; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; location / { root /usr/local/www/nginx; index index.html index.htm; } } }
NGINX Jail usr/local/etc/nginx/proxy_setup.conf
Code:
location /nextcloud { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; add_header Front-End-Https on; client_max_body_size 16400M; proxy_pass http://NEXTCLOUD.JAIL.IP; proxy_pass_header Authorization; proxy_read_timeout 90; }