Reverse Proxy with nextcloud snap
I was looking for a way to use a reverse Proxy with my nextcloud snap install, this guid was what I needed. github.com/…/Putting-the-snap-behind-a-reverse-pr…
First change, what ports nextcloud listens to: sudo snap set nextcloud ports.http=81 ports.https=444
Install haproxy and append this to the config file in /etc/haproxy/haproxy.cfg
<span style="color:#323232;">backend nextcloud-http
</span><span style="color:#323232;"> mode http
</span><span style="color:#323232;"> balance roundrobin
</span><span style="color:#323232;"> option forwardfor
</span><span style="color:#323232;"> option httpchk HEAD /
</span><span style="color:#323232;"> http-check send ver HTTP/1.1 hdr Host localhost
</span><span style="color:#323232;"> server nextcloud 127.0.0.1:81 check
</span><span style="color:#323232;"> timeout connect 4s
</span><span style="color:#323232;"> timeout server 4s
</span><span style="color:#323232;">
</span><span style="color:#323232;">backend nextcloud-https
</span><span style="color:#323232;"> mode tcp
</span><span style="color:#323232;"> balance roundrobin
</span><span style="color:#323232;"> option httpchk HEAD /
</span><span style="color:#323232;"> http-check send ver HTTP/1.1 hdr Host localhost
</span><span style="color:#323232;"> option ssl-hello-chk
</span><span style="color:#323232;"> server nextcloud 127.0.0.1:444 check
</span><span style="color:#323232;"> timeout connect 4s
</span><span style="color:#323232;"> timeout server 4s
</span><span style="color:#323232;">
</span>
And this for the front end, don’t forget to change <domain name> to your domain. nextcloud.example.org
<span style="color:#323232;">frontend http
</span><span style="color:#323232;"> bind *:80
</span><span style="color:#323232;"> mode http
</span><span style="color:#323232;">
</span><span style="color:#323232;"> acl host_nextcloud hdr(host) -i <domain name>
</span><span style="color:#323232;"> use_backend nextcloud-http if host_nextcloud
</span><span style="color:#323232;"> timeout client 4s
</span><span style="color:#323232;">
</span><span style="color:#323232;">frontend https
</span><span style="color:#323232;"> bind *:443
</span><span style="color:#323232;"> mode tcp
</span><span style="color:#323232;">
</span><span style="color:#323232;"> tcp-request inspect-delay 5s
</span><span style="color:#323232;"> tcp-request content accept if { req_ssl_hello_type 1 }
</span><span style="color:#323232;">
</span><span style="color:#323232;"> acl host_nextcloud req_ssl_sni -i <domain name>
</span><span style="color:#323232;"> use_backend nextcloud-https if host_nextcloud
</span><span style="color:#323232;"> timeout client 4s
</span>
Check if everything is correct with sudo haproxy -c -f /etc/haproxy/haproxy.cfg
and start it.
<span style="color:#323232;">sudo systemctl enable haproxy
</span><span style="color:#323232;">sudo systemctl start haproxy
</span>
just do the lets-encrypt stuff again: nextcloud.enable-https
And it worked for me(Apache)
Add comment