Return to Level1Techs.com

Nginx-reverseproxy and nextcloud issue

Thanks for the drop. Just a quick notice I’m entering a very busy time of the year so if I don’t get back to anybody please don’t take it personally. If there is something that needs clarity and it’s quick I’ll probably get to it. The guide should be thorough enough for you to figure out. I know people who knew nothing about nginx and managed to set things up so I guess that’s a good way to know that your guide is sufficient enough.

A good luck :+1:t4: OP

1 Like

I’d say Linux + Podman, or Linux + single-node microk8s. Yeah, docker has more templates, but with podman or microk8s, you learn how to do them (just my $0.02).

I agree with this, but I have very specific reasons for saying docker and not expanding.

1 Like

Ill expand on it so novasty does not have to. Podman compose is in a very infant state. I appreciate the amazing work Red Hat is doing but even though I know how to convert dockers to podman I refuse to provide any help with it as Podman is the “devs” docker rn. I highly recommend sticking with docker as does novasty. If you want documentation on podman-compose here it is. I provide no support with this statement whatsoever.

If you would like to share that information in your thread or maybe the OP wants to on a journey largely by himself. People would love that but as its a protocol and piece of software currently in largely what is considered unsupported alpha. Its not really useful for production.

Also due to how podman compose is pretty ghetto hacking away at the functions of docker compose its better that IF you move to podman you construct and build your own pods which is well beyond the scope of this thread. (While I have been practicing at this I am in no way capable of giving functional support on the topic)

2 Likes

Yeah, from what I’ve read in the past weeks, podman-compose is basically garbage at this point. I can completely understand the sentiment, as I refuse to offer help on some software (like unraid which came up a few hours ago in another thread).

But docker-compose is docker specific. Kompose may simplify migration to kubernetes configuration, but I haven’t tried it.

Anyway, I’m a hard-headed autist, I don’t like using config files, I’d rather convert the run commands into scripts.

To drop the links to make it easy for @Rogue-agent to find. Quoting myself here. Also all posts contain indexes to each other. If you want my rambles as I did so the blog has it.

Links to Infrastructure Series and Blogs:

Blog: Phaselockedloopable- PLL's continued exploration of networking, self-hosting and decoupling from big tech
Series 1: Infrastructure Series -- Native Dual Stack IP4+IP6
Series 2: Infrastructure Series -- Wireguard Site to Site Tunnel
Series 3: Infrastructure Series -- Recursive DNS and Adblocking DNS over TLS w/NGINX
Series 4: Infrastructure Series -- NGINX Reverse Proxy and Hardening SSL
Series 5: Infrastructure Series -- Taking DNS One Step Further - Full DNS Server infrastructure
Series 6: Infrastructure Series -- HTTP(S) Security Headers! You should use them! [NGINX]
Series 7: Infrastructure Series -- Use NGINX to inject CSS themes

Theres a lot of other people in there that might be able to help you more than I. I have a lot of travel coming up and im giving talks at universities and stuff. So im more just on my phone and unable to hand out anything significant. I hope this helps you.

Cool, I recommend Windows + nothing else.
Doesn’t mean I can get anything to work, but at least I’m comfortable working.

We already were able to setup NGINX-SWAG (reverse proxy with ssl) and it works. The titles don’t recommend bein significant to the topic? Reading in, idk if I need this right now…?

The issue I’m having now is that opening the sub domain cc should open the Nextcloud container but it does not.

image

Well for starters,

maximals little blurb about

server_name cc.abyss.fi; 

Is your solution right there.

You mean line 8 in nextcloud.conf ?

image

I can’t believe I am doing this:

upstream nextcloud {
    server <IP_HERE>;
}

server {
    listen 80;
    listen [::]:80;
    server_name cc.abyss.fi;

    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name cc.abyss.fi;

    location / {
        proxy_pass http://nextcloud;
    }

    location = /.well-known/carddav {
        return 301 $scheme://$server_name/remote.php/dav;
    }
    location = /.well-known/caldav {
        return 301 $scheme://$server_name/remote.php/dav;
    }
}

If you can’t extract the information you need from that, delete NGINX.

1 Like

Yea, I was using Apache with xampp, and that worked like nothing other.

Anyways I’m pretty daft. Bear with me :wink:

image
I guess you mean the external IP. But even with that, nothing changes, well idk. I don’t really do much with docker.
I’m see the page still displaying the main page of top domain.

I tried:
nextcloud:90
0.0.0.0:90
externalip
externalip:90

Also after you sent me that bit I looked a bit closer and I noticed, it was a total bs, that conf file that I had, should’ve noticed it.

More than that.

I refuse.

All you did was copy my conf file and input one value in it, you didn’t do shit. I’m not familiar with docker, but I’m pretty sure pointing 0.0.0.0:90 is not going to work.

None of those are going to work because line 21 is not made to work that way. Well one of them will work, but you’re still fucking up line 21.

  1. one being for a php-handler, I guess the php module to run the page…
  2. container is nextcloud, not app
    wrong port.
  3. well I was told earlier I should force nextcloud to go http
  4. Server name is wrong
  5. letsencrypt, what I don’t need anymore
  6. Robots.txt for SEO, don’t really need.

That was what I was able to get out of the conf file. Correct me if I’m wrong in my analysis.

I would assume ${FQDN} pulls from your compose file?

basically all I see is a matter of you point DNS wrong.

I won’t because you shit on me when I did so in the past.

Well, that used to be. Earlier I tried finding a solution for Nextcloud only, but this one was recommended my Maximal to secure both connections.

So the conf file is also a relic from when I tried that other nextcloud configuration.

Right now, I’m trying to figure out what internal IP the nextcloud has but


has to ruin my day like always.

You really should change FQDN to cc.abyss.fi

if you’re dockers are running correctly, they should be mapped to ports on your machine, which then you can redirect back to using the local IP of the host device.

1 Like

Yea, I had, now.

upstream php-handler {
    server 0.0.0.0:90;
}

server {
    listen       80;
    listen       443 ssl http2;
    server_name  cc.abyss.fi;
    # Max allowed upload file in web page
    client_max_body_size 20G;
    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }

    # Enable gzip compression
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # redirection and disable to access backend sensitive folders and resources
    location / {
        rewrite ^ /index.php$request_uri;
    }

    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
        deny all;
    }
    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^\/(?:updater|ocs-provider)(?:$|\/) {
        try_files $uri/ =404;
        index index.php;
    }

    location ~ \.(?:css|js|woff2?|svg|gif)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        add_header Referrer-Policy no-referrer;
        access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
        try_files $uri /index.php$request_uri;
        # Optional: Don't log access to other assets
        access_log off;
    }
    'trusted_proxies' => ['reverseproxy'],
    'overwrite.cli.url' => 'https://cc.abyss.fi/',
    'overwritehost' => 'cc.abyss.fi',
    'overwriteprotocol' => 'https',
}

this config still does not work though, I’m missing something.

Is nextcloud reachable via the local ip?


http://nextcloud is not.
neither nextcloud:90 nor https
nothing on
localhost:90

I also tried the other container names, and nothing…


image

Docker creates a private network for container(s) (unless you specify host networking). You could find out what the IPs are with docker inspect on a running container but then your setup is kinda dependent on whatever those might be and it probably will change next time you update the container(s). The way docker solved this is by having container names resolve to their private IPs within the docker network they are in.

His containers should already all be in the same docker network.

So nextcloud should be working for the upstream ip in his setup rn. Lots of nextcloud in there…