I’m trying to setup lsio-Nextcloud with lsio-SWAG as a reverse proxy - running on different hosts.
When trying to access Nextcloud via the reverse proxy the login fields are not shown - just the Nextcloud logo and one-liner (see image below).
If I remove the reverse proxy settings in the Nextcloud config.php and use the host-URL, it works as expected - login fields are shown (see image below).
The error-logs from Nextcloud and SWAG don’t give me any pointers on what is missing or could be wrong.
Any suggestions?
Below the config details from the Docker containers and the Nextcloud-config.php. Nextcloud and SWAG are running on different hosts within the same subnet.
Please note that I can access Nextcloud only via the local URL if I leave the following 4 lines out of the config.php:
/* Below is for SWAG - see also comments in proxy-conf */
'trusted_proxies' => [gethostbyname('logos')],
'overwrite.cli.url' => 'https://nc.itv360.net/',
'overwritehost' => 'nc.itv360.net',
'overwriteprotocol' => 'https',
=====
The Nextcloud-container is created via the CLI below:
#!/bin/sh
docker pull linuxserver/nextcloud:latest
docker stop nextcloud
docker rm nextcloud
docker run \
--name nextcloud \
--network bridge \
--hostname nextcloud \
-p 192.168.139.250:443:443 \
-v /opt/docker/nextcloud/config/main:/config \
-v /mnt/allData/nextcloud:/data \
-e TZ=Europe/Amsterdam \
-d \
--restart unless-stopped \
linuxserver/nextcloud
# Remove unused images
docker image prune --all --force
=====
De config.php from Nextcloud:
<?php
$CONFIG = array (
'datadirectory' => '/data',
'instanceid' => 'ocixkoruob14',
'passwordsalt' => '<hash>',
'secret' => '<hash>',
'trusted_domains' =>
array (
0 => 'logos.tech.lan',
1 => 'nc.itv360.net',
2 => '192.168.139.250',
),
'dbtype' => 'sqlite3',
'version' => '29.0.4.1',
'installed' => true,
'mail_from_address' => 'nextcloud',
'mail_smtpmode' => 'smtp',
'mail_sendmailmode' => 'smtp',
'mail_domain' => 'itv360.net',
'mail_smtpauth' => 1,
'mail_smtphost' => 'mx2f38.netcup.net',
'mail_smtpport' => '465',
'mail_smtpname' => 'support@itv360.net',
'mail_smtppassword' => '<wachtwoord>',
'memcache.local' => '\\OC\\Memcache\\APCu',
'filelocking.enabled' => false,
'memcache.locking' => '\\OC\\Memcache\\APCu',
'upgrade.disable-web' => true,
'loglevel' => 1,
'default_phone_region' => 'NL',
'maintenance_window_start' => 1,
/* Below is for SWAG - see also comments in proxy-conf */
'trusted_proxies' => [gethostbyname('logos')],
'overwrite.cli.url' => 'https://nc.itv360.net/',
'overwritehost' => 'nc.itv360.net',
'overwriteprotocol' => 'https',
);
=====
Below the proxy-conf-file in swag:
## Version 2024/07/16
# make sure that your nextcloud container is named nextcloud
# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
# 'trusted_proxies' => [gethostbyname('swag')],
# 'overwrite.cli.url' => 'https://nextcloud.example.com/',
# 'overwritehost' => 'nextcloud.example.com',
# 'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
# array (
# 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
# 1 => 'nextcloud.example.com',
# ),
server {
listen 443 ssl;
# listen [::]:443 ssl;
server_name nc.itv360.net;
include /config/nginx/ssl.conf;
client_max_body_size 0;
location / {
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_app logos.tech.lan;
set $upstream_port 443;
set $upstream_proto https;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
# Hide proxy response headers from Nextcloud that conflict with ssl.conf
# Uncomment the Optional additional headers in SWAG's ssl.conf to pass Nextcloud's security scan
proxy_hide_header Referrer-Policy;
proxy_hide_header X-Content-Type-Options;
proxy_hide_header X-Frame-Options;
proxy_hide_header X-XSS-Protection;
proxy_buffering off;
}
}
=====