Nextcloud with reverse proxy on Scale

[emsicz]

Installed Nextcloud as app through Scale UI. Assume the TrueNAS Scale IP is 192.168.1.20. In the app's settings, I left the default port: 9001. I added the default hostname of 192.168.1.20. The app runs on 192.168.1.20:9001. All works.

I have a VM, which is runninx nginx for all my other services (quite few at this point). I can't figure out, how to properly config this. Nextcloud app always defaults to 192.168.1.20:9001 if traffic is forwarded to it, so it basically only works from internal lan. I have additionally tried to run another instance of Nextcloud app with hostname of my.hostname.com, with pod port of 9002. I've set up letsencrypt cert in my nginx and forwarded traffic targetting https://my.hostname.com:443 to 192.168.1.20:9002. This also doesn't work, because anyone trying to reach that gets redirected to my.hostname.com:9002. I suspect the internal nextcloud nginx is doing this, because the pod is set up as such and doesn't differentiate between what port I want to run it on, and what port it will be running on when exposed.

Has anyone had the same issue?

 

[Porske]

Hi,
I have the same exact problem, i have install Nextcloud from official repo and nginx proxy manager by hand. My Jellyfin and guacamole works well behind reverse proxy but nextcloud always respond with his private ip, make it impossible to use outside my home network.

this is my config.php

Code:

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'overwritehost' => 'nextcloud.mydomain.com:18443',
  'overwriteprotocol' => 'https',
  'overwrite.cli.url' => 'https://nextcloud.mydomain.com:18443',
  'trusted_proxies' =>
  array (
    0 => '127.0.0.1',
    2 => '192.168.1.4',
  ),
  'passwordsalt' => '<omissed>',
  'secret' => '<omissed>',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => '192.168.1.4',
    2 => 'nextcloud.mydomain.com',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'pgsql',
  'version' => '25.0.0.18',
  'overwrite.cli.url' => 'https://localhost',
  'dbname' => 'nextcloud',
  'dbhost' => 'nextcloud-postgres:5432',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_admin',
  'dbpassword' => '<omissed>',
  'installed' => true,
  'instanceid' => 'ocg75633kyfp',
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
);

and this is my nginx proxy config


I use port 18443 because of my ISP that reserve me a custom range of ports not canonical of course.

If I browse to https://nextcloud.mydomain.com:18443 redirect me to https://192.168.1.4:9001
but if I browse https://nextcloud.mydomain.com:18443/login it load the login page correctly! after login it redirect again to local ip and if i manually type https://nextcloud.mydomain.com:18443/apps/dashboard/ I am logged in correctly.

In the end I think nextcloud is not correctly overwriting the host despite the configurations explained here https://docs.nextcloud.com/server/1...ation_server/reverse_proxy_configuration.html

I don't know what else to try.

P.S.
I also tried Traefik but nextcloud not have a Ingress option and i don't know how to setup it manually

 

[ETNY]

Same problem for me.

I redirected ports 443 and 80 of the box to NMP.
In NMP, the nextcloud.mondomaine.ovh domain points to the TrueNas IP and port 9001 corresponding to Nextcloud.
When I connect though my domaine, it's redirected to the IP address.

 

[emsicz]

It sounds to me like the container was written with docker features in mind, which includes port forwarding. If I could tell the container manager to kindly forward ports, I could run the nextcloud instance on it’s port 80, forward it to whatever and be happy. But since TrueNAS doesn’t carry that feature, the container doesn’t work as expected. I feel like workaround to this is to run dedicated VM for nextcloud specifically and set it’s own port forwarding on the router instead.

 

[emsicz]

So just to resolve this with a workaround if anyone is still wondering - I figured the limitation of TrueNAS SCALE in my previous post isn't going to change anytime soon. Those limitations being:

1. Nextcloud pod can't use host network. Instead, it will always run on TrueNAS's IP address.
2. Nextcloud pod can't use port forwarding. So whatever port it runs on, it will have that port on TrueNAS's IP address.

My workaround is that I simply accept that my nextcloud instance will not run on default 443 port. If you can relax your requirements this much, you then specify "Nextcloud host" field as your translated choice (such as "nextcloud.mydomain.com").

Warning: If you do not specify valid certificate, it will run as HTTP on given port. If you do specify certificate, it will run as HTTPS on that port. If you accidentally do not specify the certificate, but you then run the reverse proxy as HTTPS, you will be receiving HTTP error 502 bad gateway, your nginx log will say "Error on SLL_do_handshake" and you can verify by checking that upstream is specified as

https://youraddress

, but host field is just youraddress.

Then, I added the nginx config:

And finally I forwarded port 10002 on my router. And that would publish my nextcloud instance on nextcloud.mydomain.com:port.

 

[phradr]

Hi together,

the effect @Porske described, sounds like a misconfiguration of the nextcloud instance. What I can tell is: for me it works without a workaround (internet -> nginx revProxy -> nextcloud in TNS docker).
To make use of a reverse proxy the config of nextcloud needs to be set to the specific port you may have to use (at least this is important for @Porske ), all others can look for it here and/or change it here though.

You also need to alter your posted config/config.php at this variable:

'overwrite.cli.url' => 'https://localhost',
to
'overwrite.cli.url' => 'http://192.168.1.4:9001',.

This makes NextCloud to use the correct internal URL for calling ressources as localhost seems not to work (at least it didn't for me). Pay attention with your http(s)! If you don't use any SSL cert within nextcloud internally, you mustn't set https, but http!
Furthermore your config contains a second overwrite that again overwrites your first one.

Show : copy of [USER=120008]@Porske[/USER] 's config

Code:

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'overwritehost' => 'nextcloud.mydomain.com:18443',          #### this is needed overwrite links to forward externally (i.e. for ex. share links for others)
  'overwriteprotocol' => 'https',                                                 #### this should be fine
  'overwrite.cli.url' => 'http://192.168.1.4:9001',                       #### (2) THIS SHOULD FINALLY DO THE TRICK, but please try the deletion of the wrong line first and test, see (1)
  'trusted_proxies' =>
  array (
    0 => '127.0.0.1',
    2 => '192.168.1.4',
  ),
  'passwordsalt' => '<omissed>',
  'secret' => '<omissed>',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => '192.168.1.4',
    2 => 'nextcloud.mydomain.com',
    3 => '127.0.0.1:9001', #### you MIGHT also add this
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'pgsql',
  'version' => '25.0.0.18',
  'overwrite.cli.url' => 'https://localhost',                                  #### (1) THIS IS WHERE YOUR WRONG REDIRECT COMES FROM, just delete this line, try this first! if this makes your instance work, omit the "THIS SHOULD DO THE TRICK" (2). I don't know enough of your setup.
  'dbname' => 'nextcloud',
  'dbhost' => 'nextcloud-postgres:5432',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_admin',
  'dbpassword' => '<omissed>',
  'installed' => true,
  'instanceid' => 'ocg75633kyfp',
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
);

Hope this helps.

 

[ETNY]

View attachment 60122

Hello, Thank you.
Were can i find "networking and services"?
Yannick

 

[phradr]

Go to Edit:

Scroll to the third section, there it is.

 

[ETNY]

Sorry but i only have :

Nextcloud Configuration​

Storage​

CronJob configuration​

Scaling/Upgrade Policy​

Advanced DNS Settings​

Resource Limits​

 

[phradr]

Could you take a screenshot?

 

[ETNY]

 

[phradr]

Ahhhh, I see…
You installed NC from the official sources…
If you could switch to truecharts nextcloud version, then it would be there. I struggled a lot with this official version and gave up on that as soon as I found truecharts.

Sorry, that I have overseen that fact.

 

[Porske]

Hi together,

the effect @Porske described, sounds like a misconfiguration of the nextcloud instance. What I can tell is: for me it works without a workaround (internet -> nginx revProxy -> nextcloud in TNS docker).
To make use of a reverse proxy the config of nextcloud needs to be set to the specific port you may have to use (at least this is important for @Porske ), all others can look for it here and/or change it here though.

View attachment 60122

You also need to alter your posted config/config.php at this variable:

'overwrite.cli.url' => 'https://localhost',
to
'overwrite.cli.url' => 'http://192.168.1.4:9001',.

This makes NextCloud to use the correct internal URL for calling ressources as localhost seems not to work (at least it didn't for me). Pay attention with your http(s)! If you don't use any SSL cert within nextcloud internally, you mustn't set https, but http!
Furthermore your config contains a second overwrite that again overwrites your first one.

Show : copy of [USER=120008]@Porske[/USER] 's config

Code:

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'overwritehost' => 'nextcloud.mydomain.com:18443',          #### this is needed overwrite links to forward externally (i.e. for ex. share links for others)
  'overwriteprotocol' => 'https',                                                 #### this should be fine
  'overwrite.cli.url' => 'http://192.168.1.4:9001',                       #### (2) THIS SHOULD FINALLY DO THE TRICK, but please try the deletion of the wrong line first and test, see (1)
  'trusted_proxies' =>
  array (
    0 => '127.0.0.1',
    2 => '192.168.1.4',
  ),
  'passwordsalt' => '<omissed>',
  'secret' => '<omissed>',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => '192.168.1.4',
    2 => 'nextcloud.mydomain.com',
    3 => '127.0.0.1:9001', #### you MIGHT also add this
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'pgsql',
  'version' => '25.0.0.18',
  'overwrite.cli.url' => 'https://localhost',                                  #### (1) THIS IS WHERE YOUR WRONG REDIRECT COMES FROM, just delete this line, try this first! if this makes your instance work, omit the "THIS SHOULD DO THE TRICK" (2). I don't know enough of your setup.
  'dbname' => 'nextcloud',
  'dbhost' => 'nextcloud-postgres:5432',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_admin',
  'dbpassword' => '<omissed>',
  'installed' => true,
  'instanceid' => 'ocg75633kyfp',
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
);

Hope this helps.

Thanks @phradr for your replay, but it did not work, we are trying to config the official nextcloud container not truechart one.

I'm thinking to giving up and installing a virtual machine.

 

[phradr]

@Porske what exactly happened after editing the overwrite line(s)?

The docker config is only nessessary for you, as you are bound to a specific port.

For everyone else this is no needed step, as calling NC directly (i.e. via http://truenasip:givenPortByDocker) will open it.

To make use of a reverse proxy there are different ways from here. I will try to post my Nginx config tomorrow. That will show how I configured it. If there are no specific things (besides your port bonding) you should be able to adopt it.

Anyways, at first NC needs to run „locally“ so you can login to it. After that it could seem to be a bit tricky reverse proxying to it.

But tbh: that‘s not TrueNAS fault.

Furthermore I‘m afraid using docker from TrueNAS will always be more or less tinkering if you want more than the plain local funcion.

 

[ETNY]

For me : if i click "web portal" it's ok.

if i click : in NPM

I've got : (whereas my jeedom works fine)

My config is :

If you think it will be better with truechart version i could try.

 

[ETNY]

Hello !
I installed truecharts version and it's better !
Accessing web is ok, webdav ok too.
Accessing via android App Nok. ok too!

Where are config files (config.php...)? I don't know where they are with this installation because i've those remarques on nextcloud security :

• You are accessing your instance over a secure connection, however your instance is generating insecure URLs. This most likely means that you are behind a reverse proxy and the overwrite config variables are not set correctly. Please read the documentation page about this ↗.
• The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips ↗.

 

[ETNY]

Everything is now working for me ! Thank you @phradr.

 

[panzerscope]

Hello all,

I am also trying to make my nextcloud accessible but have some problems. I currently have True Charts version of Nextcloud installed along with NGINX Proxy Manager.

I have tried using this video to help me: https://www.youtube.com/watch?v=iFHbzWhKfuU&ab_channel=ChristianLempa

My setup is as follows

The issue I have at the moment is that when I try to issue a certificate via NGINX Proxy Manager I get an "Internal Error"

Would this internal error be caused by the fact that the domain I am using as part of this setup is my main TrueNas domain that is already registered through LetsEncrypt?

Please let me know if there is anything else I have missed or should be aware of :)

Thanks in advance!

 

[slacks425]

Hello all,

I am also trying to make my nextcloud accessible but have some problems. I currently have True Charts version of Nextcloud installed along with NGINX Proxy Manager.

I have tried using this video to help me: https://www.youtube.com/watch?v=iFHbzWhKfuU&ab_channel=ChristianLempa

My setup is as follows

View attachment 62281


The issue I have at the moment is that when I try to issue a certificate via NGINX Proxy Manager I get an "Internal Error"

View attachment 62280
Would this internal error be caused by the fact that the domain I am using as part of this setup is my main TrueNas domain that is already registered through LetsEncrypt?

Please let me know if there is anything else I have missed or should be aware of :)

Thanks in advance!

Hi @panzerscope , I think I'm in the exact same situation than you with Nginx Proxy Manager. I user certbot to do a Let's Encrypt cert (manually) and it worked fine but now I cannot access it within Nginx. So I tried to redo it in Nginx but I got this cryptic "internal Error".
Did you solve your problem since then?
I'm wondering if the port forwarding from my router is correct, I forwarded 80 and 443 to the truenas IP on 80 and 443 as well but maybe it should be forwarded to the the port of Nginx? Or am I misunderstanding how it works?

EDIT: so my Nginx problem is solve and as I guessed I must redirect 80/443 from my router to the Nginx http and https ports respectively (see apps config or the ports listed next to the "web portal" button, first is webUI, second http, third https in order port number, not order it's displayed).

Now all my apps works with Nginx except Nextcloud. Still the issues it redirect to nextcloud.domain.tld:9001 instead of 80 or 443.
By ready here and other place most users either when to Truecharts version or dedicated VM for Nextcloud.