Using behind reverse proxy
BerndGit opened this issue · comments
I try to run the container behind an Apache2 reverse proxy.
Result:
- Nextcloud is working.
- In Admin settings: OnlyOffice is found
- When I try to edit a document I get: "ONLYOFFICE not available. Contact your administrator.
Major changes, which I did on Apache myenabledsite.conf
:
<VirtualHost *:443>
ServerName myserver
ServerAdmin webmaster@myserver
CustomLog ${APACHE_LOG_DIR}/custom.log combined
ErrorLog ${APACHE_LOG_DIR}/errors.log
RewriteEngine On
RewriteRule ^/nextcloud$ /nextcloud/ [R,L]
RewriteRule ^/\.well-known/carddav /nextcloud/remote.php/dav [R=301,L]
RewriteRule ^/\.well-known/caldav /nextcloud/remote.php/dav [R=301,L]
RewriteRule ^/\.well-known/webfinger /nextcloud/index.php/.well-known/webfinger [R=301,L]
RewriteRule ^/\.well-known/nodeinfo /nextcloud/index.php/.well-known/nodeinfo [R=301,L]
<Location "/nextcloud/">
ProxyPass http://127.0.0.1:8089/ retry=0
ProxyPassReverse http://127.0.0.1:8089/
RequestHeader set X-Script-Name /nextcloud
</Location>
</VirtualHost>
and in docker-compose.yml
:
container_name: app-server
image: nextcloud:fpm
restart: always
expose:
- '80'
- '9000'
volumes:
- app_data:/var/www/html
environment:
- MYSQL_PASSWORD=mypassword
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_HOST=db
- OVERWRITEHOST=myserver
- OVERWRITEPROTOCOL=https
- OVERWRITECONADDR=https://myserver/nextcloud
- OVERWRITECLIURL=https://myserver/nextcloud
- OVERWRITEWEBROOT=/nextcloud
...
any Idea?
Hi!
I had also issues using Collabora behind the reverse proxy.
As far as I understood this tread seems to address the root cause of issues with Collabora and OnlyOffice behind reverse proxy: nextcloud/richdocuments#1904
Unfortunatly I lack the skills to make OnlyOffice running behind the proxy.
Config of internet facing proxy:
server {
listen 80;
server_name your_server_name;
location / {
proxy_pass http://your_server_internal_ip:80;
}
}
server {
listen 443 ssl;
server_name your_server_name;
location / {
proxy_pass http://your_server_internal_ip:80;
include /etc/nginx/snippets/rp.conf;
}
ssl_certificate /etc/letsencrypt/live/your_server_name/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/your_server_name/privkey.pem; # managed by Certbot
}
Passing those packets as is, without changing / setting any header seems to work for me. Also notice im terminating my ssl here as I trust the connection between internet facing proxy and the machine the container is running on. Hope this helps.
Try removing those rewrite rules or request header lines in your apache config, im using nginx though.
But this gives a red warning message in admin settings,
The reverse proxy header configuration is incorrect. This is a security issue and can allow an attacker to spoof their IP address as visible to the Nextcloud. For more details see the [documentation ↗](https://docs.nextcloud.com/server/28/go.php?to=admin-reverse-proxy).