Run Nextcloud through a reverse proxy – HAProxy – with a different webroot

I wanted to setup HAProxy as an reverse proxy towards my nextCloud 12 server and I really struggled to find proper information on how to do that. As I have a number of backend services I needed a different webroot to define the request and I finally succeeded and I want to share my configuration settings.

Nextcloud is now accessable from https://myserver.se/nc/

/etc/haproxy/haproxy.cfg

global
        maxconn 4096
        user haproxy
        group haproxy
        daemon
        log 127.0.0.1 local0 debug

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        option  redispatch
        option  http-server-close
        option  forwardfor
        timeout connect 5000
        timeout client  50000
        timeout server  50000

frontend www-http
        bind *:80
        mode http
        reqadd X-Forwarded-Proto:\ http

        default_backend www-backend

backend www-backend
        #All requests should be in SSL-mode. SSL is terminated in HAProxy
        #and uses HTTP in backend requests
        redirect scheme https code 301 if !{ ssl_fc }

frontend www-https
        #My server certificate
        #Here's a great instruction on how to setup
        # LetsEncrypt with HAProxy https://skarlso.github.io/2017/02/15/how-to-https-with-hugo-letsencrypt-haproxy/
        bind *:443 ssl crt /etc/haproxy/certs/myserver.pem
        mode http
        option forwardfor
        option http-server-close
        option http-pretend-keepalive

        #Only allow some services to be available internally
        acl network_allowed src 192.168.2.0/24
        acl restricted_page path_beg /internal
        block if restricted_page !network_allowed

        # App definitions
        acl is_nc path_beg /nc
        use_backend nextcloud if is_nc

backend nextcloud
        reqrep ^([^\ :]*)\ /nc/(.*)  \1\ /\2
        reqadd X-Script-Name:\ /nc
        option httpclose
        option forwardfor
        server node1 192.168.2.212:80

And for nextCloud I updated the PHP configuration settings with my domain name “myserver.se” and the HA Proxy IP address “192.168.2.196” as explained here¬†https://docs.nextcloud.com/server/12/admin_manual/configuration_server/reverse_proxy_configuration.html

 

/var/www/nextcloud/config/config.php:

  ...
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => '192.168.2.212',
    2 => '192.168.2.196',
    3 => 'myserver.se',
  ),
  'trusted_proxies' => ['192.168.2.196'],
  'overwritehost' => 'myserver.se',
  'overwritewebroot' => '/nc',
  'overwritecondaddr' => '^192\.168\.2\.196$',
Advertisements