NextCloud with Apache behind NGINX reverse proxy on CentOS
This is probably useful to figure out how to reverse proxy Apache behind NGINX, but I was finally able to get NextCloud working on NGINX with no problem⌗
I like to use NGINX as my web server because that’s what I’ve always worked with. I’ve tried a couple times to get NGINX to work with NextCloud, but it would also end up not letting me log in. I did some Googleing and I guess it has something to do with how the cache is handled in NGINX. I tried to give the location correct permissions, but it still didn’t work so I figured what the heck lets use Apache behind NGINX. This is being ran on CentOS 7 I would assume you could do the same with Debian. As with most of my other writeups, this isn’t a complete start to finish it’s just notes that should help me down the road if I ever need to do this again.
Set up nginx reverse proxy
nano /etc/nginx/sites-available/cloud.example.com
server {
listen 443;
ssl_certificate /etc/nginx/ssl/cloud.example.com/crt;
ssl_certificate_key /etc/nginx/ssl/cloud.example.com/key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
root /var/www/html/nextcloud;
index index.php index.html index.htm;
server_name cloud.example.com;
location / {
proxy_pass http://127.0.0.1:8787/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location = /robots.txt { return 200 "User-agent: *\nDisallow: /\n"; }
}
We then need to enable the reverse proxy on NGINX
ln -s /etc/nginx/sites-available/cloud.example.com /etc/nginx/sites-enabled/
Now we need to install apache and install php for apache
yum --enablerepo=remi-php72 install php httpd
Now we need to edit the apache config for NextCloud
nano /etc/httpd/conf.d/000-cloud.example.com.conf
Paste this into the file. I can’t get wordpress formatting just right so I just pasted it in my pastebin. LINK
Now we can test to make sure apache test passes
apachectl configtest
Now we can run nginx test to make sure it works
nginx -t
If both the of above pass without any horrible errors we can reload both with the command below
systemctl reload httpd nginx
MariaDB is recoomended, but you can just use the default SQLite if you’d like. To install and configure MariaDB there’s already a bunch of tutorials on that.
Now we want to start the nextcloud installation
Create nextcloud directory and go to it
mkdir /var/www/nextcloud; cd /var/www/nextcloud
Now we want to download the installer
wget https://download.nextcloud.com/server/installer/setup-nextcloud.php
Now we should be able to run the installer by going to https://cloud.example.com/setup-nextcloud.php then choose . (period) to where you want to install nextcloud. Just follow the steps and you should be good to go.
Now we need to configure NextCloud to use the X-Forward-For header.
nano /var/www/nextcloud/config/config.php
Append the follow to the file above the last ‘);’
'trusted_proxies' => ['127.0.0.1'],
We now need to tell apache to use the x-forward-for header in the logs LINK
When you start out, your httpd.conf will look something like this:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "logs/access_log" combined
Now the %h is already there to capture your header, which, by default, will capture the IP of the Loadbalancer (the last proxy server that the traffic came from). All of these entries need to commented out.
Assuming you have X-Forwarded-For enabled in the load balancer (or whatever proxy server you’re using), you can capture the source IP from the original client. You’ll need to change your config file entries to look like this:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog "logs/access_log" combined env=!forwarded
CustomLog "logs/access_log" proxy env=forwarded