Configuration on Nginx for Nextcloud and Pi-Hole

Question

I want to apologize already for the wrong use of terms and my general misunderstanding for... EVERYTHING :D

The context :

I rent a server for two purposes :

Nextcloud
Pi-Hole

I rent a name domain “www.mydomain.com” and I linked the IP address of my server to this name domain.

Nextcloud is configured on port 80 (HTTP) et 443 (HTTPS) and Pi-Hole on port 81. So when I type www.mydomain.com, I’m redirected directly to my Nextcloud. And for reach my Pi-Hole, I have to enter my IP address XX.XXX.XXX.XXX:YY (where X number is the IP and Y number the port)

The problem is, I have SSL only on the Nextcloud interface, and not on the admin interface of my Pi-Hole.

So I created a sub-domain (just for Pi-Hole) : pihole.mydomain.com

So after some research, I found Nginx and I want to use it as a reverse proxy, configurated on port 80, and from him, redirect my sub-domain to the different services (Nextcloud and Pi-Hole).

But I’m struggling to setup Nginx. The installation is fine, when I type my IP address or www.mydomain.com, I’m properly redirected to the Nginx welcome page.

I followed this tutorial to setup Nginx :

https://www.linode.com/docs/guides/use-nginx-reverse-proxy/#configure-nginx

And I setup my Nextcloud on port 81 and port 444, and my PiHole on port 82 So I created a domain.conf file where I entered :

#For nextcloud
server {
  listen 80;
  listen [::]:80;
  server_name mydomain.com;
  location / {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_pass http://XX.XXX.XXX.XXX:81/;
  }
}

#For Pi-Hole
server {
  listen 80;
  listen [::]:80;
  server_name pihole.mydomain.com;
  location / {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_pass http://XX.XXX.XXX.XXX:82/admin/;
  }
}

PS : I don't really understand what the purpose of the following line : proxy_set_header X-Real-IP $remote_addr;

It perfectly worked for the Pi-Hole. When I want to reach it, I just have to type : pihole.mydomain.com and everything work smoothly. Even the address on top of the browser stay pihole.mydomain.com/XXX (in function of the page I’m visiting in the admin interface).

For the Nextcloud, it’s not, I’m redirected to localhost:444. So I created a second sub-domain : nextcloud.myserver.com and I change the mydomain.conf file :

#For nextcloud
server {
  listen 80;
  listen [::]:80;
  server_name nextcloud.mydomain.com;
  location / {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_pass http://XX.XXX.XXX.XXX:81/;
  }
}

This time, it works, but when I type nextcloud.mydomain.com, I reach indeed my Nextcloud, but the address on the browser change for the IP address, and I would like that it stay nextcloud.mydomain.com as the Pi-Hole. But how to do that ?

As well #1 : I would like to reach my Nextcloud directly with the address : myserver.com. I don’t want to have to type nextcloud.mydomain.com for reaching it.

As well #2 : Everything that I describe before worked properly on Brave and Edge, but for Firefox, every domain or subdomain I type in the navigation bar sent me an error like : Firefox can’t find this domain.

Any suggestion on what I'm doing wrong ?

Thank you for taking time to read me !

Nextcloud is a PHP app. Exactly what are you `proxy_pass`ing to? — Michael Hampton, Jul 13 '21 at 15:31
Hello, Thanks for answering, but I don't get your messages... Can you be more specific please ? — PerfectJam, Jul 13 '21 at 21:29

score 0 · Answer 1 · answered Aug 20 '23 at 19:57

Since the homepage already redirects you to the path "/admin/", the correct approach would be to check the path and issue a "return 302" to adjust the "location" as it appears in the original URL. See the examples below.

Nginx version

Docker: nginx:1.25-alpine3.18
Nginx: 1.25

Original URL Pihole:

http://192.168.29.2:8088/admin/

Original URL NextCloud:

http://192.168.29.2:8080/

Reverse proxy for Pihole:

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name ~^(dns).youdomain.com;

    client_max_body_size 50M;
    include ssl_config.config;

    location = / {
        return 302 https://$host/admin/;
    }

    location /admin/ {
        proxy_pass http://192.168.29.2:8088/admin/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

For Nextcloud, you can add another block in NGINX

Reverse proxy for Nextcloud:

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name ~^(nextcloud).youdomain.com;

    client_max_body_size 50M;
    include ssl_config.config;

    location / {
        proxy_pass http://192.168.29.2:8080/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

ssl_config.config

    # SSL configuration
    ssl_certificate         /etc/nginx/certs/certificate.crt;
    ssl_certificate_key     /etc/nginx/certs/certificate.key;

    #ssl_protocols TLSv1.3 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 10m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver_timeout 5s;
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";

    ssl_dhparam /etc/nginx/certs/dhparam.pem;

    # Your server DNS here
    resolver 192.168.29.2;