2

I want to install Nextcloud at my home server. The Nextcloud snap will always put the Nextcloud instance at /, let's say https://myserver.ddns.com. But I also want to serve other webpages from my server at https://myserver.ddns.com/otherstuff/, so I'd like to move Nextcloud to https://myserver.ddns.com/nextcloud/.

It seems this can be done for a HTTP server using a reverse proxy with url rewriting, i.e. I run the Nextcloud snap at port 81 and the reverse proxy transparently routes https://myserver.ddns.com/nextcloud/ -> https://myserver.ddns.com:81/.

But I don't want to expose an unencrypted Nextcloud instance to the internet. Is it possible to do this URL rewriting for a HTTPS instance? It would require the proxy to read the HTTPS request, but a transparent reverse proxy shouldn't be able to decrypt the communication?

The alternative is of course a manual install of Nextcloud, but the snap's promise of easier maintenance and configuration written by people who know this stuff better than me is alluring.

Åsmund
  • 1,332
  • 1
  • 15
  • 26

1 Answers1

1

This was solved by letting the reverse proxy terminate the SSL connection and forward unencrypted to the Nextcloud server. Then the proxy can rewrite the URL. Nextcloud must also be told it's behind an url-rewriting reverse proxy.

For nextcloud snap, you can use the following commands (from https://github.com/nextcloud/nextcloud-snap/wiki/Putting-the-snap-behind-a-reverse-proxy#nginx-optional-custom-path-location-for-reverse-proxy):

$ nextcloud.occ config:system:set overwritehost --value="myserver.ddns.com"
$ nextcloud.occ config:system:set overwriteprotocol --value="https"
$ nextcloud.occ config:system:set overwritewebroot --value="/nextcloud"
$ nextcloud.occ config:system:set overwrite.cli.url --value="https://myserver.ddns.com/nextcloud"

or you can edit these values directly in the Nextcloud config.php.

The link above doesn't explain Apache setup, but the following works:

ProxyPass       "/nextcloud" "http://127.0.0.1:8000"
ProxyPassReverse "/nextcloud" "http://127.0.0.1:8000"
ProxyPass "/" "http://127.0.0.1:8001/"
ProxyPassReverse  "/" "http://127.0.0.1:8001/"

where port 8001 is a webserver for static/other files. For some reason which I don't understand, the trailing slashes are important: If I add a trailing slash:

ProxyPass       "/nextcloud" "http://127.0.0.1:8000/"

then I'm redirected, but Nextcloud doesn't work properly, and if I remove it from the static redirect:

ProxyPass "/" "http://127.0.0.1:8001"

then myserver.ddns.com/foo gets redirected internally to http://127.0.0.1:8001foo which clearly doesn't work.

Åsmund
  • 1,332
  • 1
  • 15
  • 26