Using behind reverse proxy

Question

Using behind reverse proxy

BerndGit opened this issue a year ago · comments

BerndGit commented a year ago

I try to run the container behind an Apache2 reverse proxy.

Result:

Nextcloud is working.
In Admin settings: OnlyOffice is found
When I try to edit a document I get: "ONLYOFFICE not available. Contact your administrator.

Major changes, which I did on Apache myenabledsite.conf:


<VirtualHost *:443>
    ServerName myserver
    ServerAdmin webmaster@myserver
    CustomLog ${APACHE_LOG_DIR}/custom.log combined
    ErrorLog ${APACHE_LOG_DIR}/errors.log

    RewriteEngine On
    RewriteRule ^/nextcloud$ /nextcloud/ [R,L]

    RewriteRule ^/\.well-known/carddav /nextcloud/remote.php/dav [R=301,L]
    RewriteRule ^/\.well-known/caldav /nextcloud/remote.php/dav [R=301,L]
    RewriteRule ^/\.well-known/webfinger /nextcloud/index.php/.well-known/webfinger [R=301,L]
    RewriteRule ^/\.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo [R=301,L]

    <Location "/nextcloud/">
    ProxyPass        http://127.0.0.1:8089/ retry=0
    ProxyPassReverse http://127.0.0.1:8089/
    RequestHeader    set X-Script-Name /nextcloud
    </Location>
</VirtualHost>

and in docker-compose.yml:


   container_name: app-server
    image: nextcloud:fpm
    restart: always
    expose:
      - '80'
      - '9000'
    volumes:
      - app_data:/var/www/html
    environment:
      - MYSQL_PASSWORD=mypassword
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db
      - OVERWRITEHOST=myserver
      - OVERWRITEPROTOCOL=https
      - OVERWRITECONADDR=https://myserver/nextcloud
      - OVERWRITECLIURL=https://myserver/nextcloud
      - OVERWRITEWEBROOT=/nextcloud

...

any Idea?

BerndGit · Answer 1 · Mon Apr 10 2023 00:29:35 GMT+0800 (China Standard Time)

Hi!

I had also issues using Collabora behind the reverse proxy.

As far as I understood this tread seems to address the root cause of issues with Collabora and OnlyOffice behind reverse proxy: nextcloud/richdocuments#1904

Unfortunatly I lack the skills to make OnlyOffice running behind the proxy.

Madhav Prabhu · Answer 2 · Mon Dec 25 2023 23:05:00 GMT+0800 (China Standard Time)

Config of internet facing proxy:

server {
        listen 80;
        server_name your_server_name;
        
        location / {
                proxy_pass http://your_server_internal_ip:80;
        }

}                                        

server {                                        
        listen 443 ssl;
        server_name your_server_name;
        location / {
                proxy_pass http://your_server_internal_ip:80;
                include /etc/nginx/snippets/rp.conf;
        }


    ssl_certificate /etc/letsencrypt/live/your_server_name/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/your_server_name/privkey.pem; # managed by Certbot
}

Passing those packets as is, without changing / setting any header seems to work for me. Also notice im terminating my ssl here as I trust the connection between internet facing proxy and the machine the container is running on. Hope this helps.

Try removing those rewrite rules or request header lines in your apache config, im using nginx though.

But this gives a red warning message in admin settings,

The reverse proxy header configuration is incorrect. This is a security issue and can allow an attacker to spoof their IP address as visible to the Nextcloud. For more details see the [documentation ↗](https://docs.nextcloud.com/server/28/go.php?to=admin-reverse-proxy).