-
-
Notifications
You must be signed in to change notification settings - Fork 216
NGINX proxy manager
Let NGINX proxy manager handle encryption and certificate management for Nextcloud snap. This setup will assume that SSL termination and certificate management is handled by NGINX proxy manager.
The Nextcloud snap encryption and certificate renewal services may be disabled.
- Stop and disable encryption:
sudo nextcloud.disable-https lets-encrypt
- Stop and disable certificate renewal service:
sudo snap stop --disable nextcloud.renew-certs
- Cache Assets (optional) --> recommend disabled
Tip: caching assets may be required in some cases, disabling caching assets is recommended for most
- Websockets Support (optional)
- Block Common Exploits (optional)
- HSTS Subdomains (optional)
copy & paste into advanced settings
location = /.well-known/carddav {return 301 $scheme://$host:$server_port/remote.php/dav;}
location = /.well-known/caldav {return 301 $scheme://$host:$server_port/remote.php/dav;}
Ref: upstream issue
copy & paste into advanced settings
location /.well-known/carddav {return 301 $scheme://$host/remote.php/dav/;}
location /.well-known/caldav {return 301 $scheme://$host/remote.php/dav/;}
optional setting from NC29
Tip: recommend only if recurring errors appear in logs
- resolve webfinger error in logs
- resolve nodeinfo error in logs
location /.well-known/webfinger {return 301 $scheme://$host/index.php/.well-known/webfinger;}
location /.well-known/nodeinfo {return 301 $scheme://$host/index.php/.well-known/nodeinfo;}
- Set trusted proxies in config-php if your Nextcloud snap instance is behind a reverse proxy.
'trusted_proxies' =>
array (
0 => 'your.reverse.proxy.ip',
1 => 'your.other.proxy.ip',
),
or issue command on host (iterating values 0, 1, 2...):
sudo nextcloud.occ config:system:set trusted_proxies 0 --value="your.reverse.proxy.ip"
Setting FQDN (fully qualified domain name) is best practice and is optional on self-hosted Nextcloud snap instances running on vm or container behind reverse proxy with termination and may improve site response.
- Discover hostname:
- issue command
hostnamectl
or
hostname
- Set or change hostname:
- issue command
hostnamectl set-hostname NEW-HOSTNAME
- Set FQDN on instance behind reverse proxy with termination:
- edit
/etc/hosts
in vm or container using your favourite editor as root$ sudo nano /etc/hosts
and add second line replacing<your.reverse.proxy.ip> <your.domain.xyz>
and<hostname>
with your own domain name and hostname:
- edit
127.0.0.1 localhost
<your.reverse.proxy.ip> <your.domain.xyz> <hostname>
## The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
Nextcloud snap Wiki, use all information and scripts at own risk