This is probably useful to figure out how to reverse proxy Apache behind NGINX, but I was finally able to get NextCloud working on NGINX with no problem

I like to use NGINX as my web server because that’s what I’ve always worked with. I’ve tried a couple times to get NGINX to work with NextCloud, but it would also end up not letting me log in. I did some Googleing and I guess it has something to do with how the cache is handled in NGINX. I tried to give the location correct permissions, but it still didn’t work so I figured what the heck lets use Apache behind NGINX. This is being ran on CentOS 7 I would assume you could do the same with Debian. As with most of my other writeups, this isn’t a complete start to finish it’s just notes that should help me down the road if I ever need to do this again.

Set up nginx reverse proxy

nano /etc/nginx/sites-available/cloud.example.com

server {
        listen 443;
        ssl_certificate           /etc/nginx/ssl/cloud.example.com/crt;
        ssl_certificate_key        /etc/nginx/ssl/cloud.example.com/key;
        ssl on;
        ssl_session_cache  builtin:1000  shared:SSL:10m;
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

        root /var/www/html/nextcloud;
        index index.php index.html index.htm;

        server_name cloud.example.com;

        location / {
                proxy_pass http://127.0.0.1:8787/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

location = /robots.txt { return 200 "User-agent: *\nDisallow: /\n"; }
}

We then need to enable the reverse proxy on NGINX ln -s /etc/nginx/sites-available/cloud.example.com /etc/nginx/sites-enabled/

Now we need to install apache and install php for apache

yum --enablerepo=remi-php72 install php httpd

Now we need to edit the apache config for NextCloud

nano /etc/httpd/conf.d/000-cloud.example.com.conf

Paste this into the file. I can’t get wordpress formatting just right so I just pasted it in my pastebin. LINK

Now we can test to make sure apache test passes apachectl configtest

Now we can run nginx test to make sure it works nginx -t

If both the of above pass without any horrible errors we can reload both with the command below systemctl reload httpd nginx

MariaDB is recoomended, but you can just use the default SQLite if you’d like. To install and configure MariaDB there’s already a bunch of tutorials on that.

Now we want to start the nextcloud installation

Create nextcloud directory and go to it mkdir /var/www/nextcloud; cd /var/www/nextcloud

Now we want to download the installer wget https://download.nextcloud.com/server/installer/setup-nextcloud.php

Now we should be able to run the installer by going to https://cloud.example.com/setup-nextcloud.php then choose . (period) to where you want to install nextcloud. Just follow the steps and you should be good to go.

Now we need to configure NextCloud to use the X-Forward-For header. nano /var/www/nextcloud/config/config.php

Append the follow to the file above the last ‘);’ 'trusted_proxies' => ['127.0.0.1'],

We now need to tell apache to use the x-forward-for header in the logs LINK

When you start out, your httpd.conf will look something like this:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "logs/access_log" combined

Now the %h is already there to capture your header, which, by default, will capture the IP of the Loadbalancer (the last proxy server that the traffic came from). All of these entries need to commented out.

Assuming you have X-Forwarded-For enabled in the load balancer (or whatever proxy server you’re using), you can capture the source IP from the original client. You’ll need to change your config file entries to look like this:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog "logs/access_log" combined env=!forwarded
CustomLog "logs/access_log" proxy env=forwarded