I like to use NGINX as my web server because that’s what I’ve always worked with. I’ve tried a couple times to get NGINX to work with NextCloud, but it would also end up not letting me log in. I did some Googleing and I guess it has something to do with how the cache is handled in NGINX. I tried to give the location correct permissions, but it still didn’t work so I figured what the heck lets use Apache behind NGINX. This is being ran on CentOS 7 I would assume you could do the same with Debian. As with most of my other writeups, this isn’t a complete start to finish it’s just notes that should help me down the road if I ever need to do this again.

Set up nginx reverse proxy

nano /etc/nginx/sites-available/cloud.example.com


server {
        listen 443;
        ssl_certificate           /etc/nginx/ssl/cloud.example.com/crt;
        ssl_certificate_key        /etc/nginx/ssl/cloud.example.com/key;
        ssl on;
        ssl_session_cache  builtin:1000  shared:SSL:10m;
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

        root /var/www/html/nextcloud;
        index index.php index.html index.htm;

        server_name cloud.example.com;

        location / {
                proxy_pass http://127.0.0.1:8787/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

location = /robots.txt { return 200 "User-agent: *\nDisallow: /\n"; }
}

We then need to enable the reverse proxy on NGINX
ln -s /etc/nginx/sites-available/cloud.example.com /etc/nginx/sites-enabled/

Now we need to install apache and install php for apache

yum --enablerepo=remi-php72 install php httpd

Now we need to edit the apache config for NextCloud

nano /etc/httpd/conf.d/000-cloud.example.com.conf

Paste this into the file. I can’t get wordpress formatting just right so I just pasted it in my pastebin. LINK

Now we can test to make sure apache test passes
apachectl configtest

Now we can run nginx test to make sure it works
nginx -t

If both the of above pass without any horrible errors we can reload both with the command below
systemctl reload httpd nginx

MariaDB is recoomended, but you can just use the default SQLite if you’d like. To install and configure MariaDB there’s already a bunch of tutorials on that.

Now we want to start the nextcloud installation

Create nextcloud directory and go to it
mkdir /var/www/nextcloud; cd /var/www/nextcloud

Now we want to download the installer
wget https://download.nextcloud.com/server/installer/setup-nextcloud.php

Now we should be able to run the installer by going to https://cloud.example.com/setup-nextcloud.php then choose . (period) to where you want to install nextcloud. Just follow the steps and you should be good to go.

Now we need to configure NextCloud to use the X-Forward-For header.
nano /var/www/nextcloud/config/config.php

Append the follow to the file above the last ‘);’
'trusted_proxies' => ['127.0.0.1'],

We now need to tell apache to use the x-forward-for header in the logs
LINK

When you start out, your httpd.conf will look something like this:


LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "logs/access_log" combined

Now the %h is already there to capture your header, which, by default, will capture the IP of the Loadbalancer (the last proxy server that the traffic came from). All of these entries need to commented out.

Assuming you have X-Forwarded-For enabled in the load balancer (or whatever proxy server you’re using), you can capture the source IP from the original client. You’ll need to change your config file entries to look like this:


LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog "logs/access_log" combined env=!forwarded
CustomLog "logs/access_log" proxy env=forwarded