Nextcloud/Owncloud with Nginx as a reverse proxy

S

Strator

Verified User
Joined
Jan 19, 2011
Messages
239
Hi all,

Has anyone been able to install Owncloud or something similar with Nginx set up as reverse proxy? I've found a couple of instructions on the topic, but of course, with DirectAdmin not allowing direct edits to the nginx configuration files (hence you can't just copy/paste a recommended config file), it's really very hard to follow anyone's instructions or predict what will happen.

Thanks in advance for any pointers!
 
If you use nginx as reverse proxy for apache, you don't need any custom nginx configuration :) It'd read your .htaccess file for URL rewrites and other things.
 
Well in all setup guides, there are lengthy custom nginx configuration files, like the following. I simply wouldn't know where to add it:

Code: 
server {
    listen 80;
    server_name nextcloud.your-domain.com;

    # Add headers to serve security related headers
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header Referrer-Policy no-referrer;

    #I found this header is needed on Debian/Ubuntu/CentOS/RHEL, but not on Arch Linux.
    add_header X-Frame-Options "SAMEORIGIN";

    # Path to the root of your installation
    root /usr/share/nginx/nextcloud/;

    access_log /var/log/nginx/nextcloud.access;
    error_log /var/log/nginx/nextcloud.error;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;

    location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
       return 301 $scheme://$host/remote.php/dav;
    }

    location ~ /.well-known/acme-challenge {
      allow all;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location / {
       rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
       deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
       deny all;
     }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
       include fastcgi_params;
       fastcgi_split_path_info ^(.+\.php)(/.*)$;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       #Avoid sending the security headers twice
       fastcgi_param modHeadersAvailable true;
       fastcgi_param front_controller_active true;
       fastcgi_pass unix:/run/php-fpm/www.sock;
       fastcgi_intercept_errors on;
       fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
       try_files $uri/ =404;
       index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
   }

   location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets
        access_log off;
   }
}
 
It's for standalone nginx, not as nginx as reverse proxy. You just use nginx as reverse proxy as a regular apache.
 
Hm - it was all so promising. Unfortunately, I ran into an issue that I just can't seem to be able to solve.

In order to access Nextcloud, which I'm supposed to install somewhere in /var/www I have to configure openbasedir. But it seems there's a bug in directadmin, so it's impossible to do it for php-fpm via the tokens in DA's custom httpd configuration (just has no effect).

I've tried to edit the configuration files directly in /usr/local/directadmin/data/users which works as a proof of concept, but they get overwritten way too often.

I've also tried to use "php_value open_basedir" in .htaccess, but no luck.
 
You may install nextcloud into any public_html of your users :) It's just a CMS, like WordPress.
 
Duh - then, of course, it's a piece of cake. Thanks for the clarification!
 
You must log in or register to reply here.
Back
Top