1. Configuring Apache
$ sudo apt-get update
$ sudo nano /etc/apache2/ports.confmodify the VirtualHost and Listen lines for port 80 to use port 8000 (or any other port number you would like to use).
Note: If you are using a ssl certificate, see ERRORS & SOLUTIONS for a ‘502 Bad Gateway Error' – the solution is to simply delete both ‘Listen 443' lines. :
Listen 8000
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>Ctrl-x, then ‘Y' to save and exit.
Next open the vhost configuration file:
$ sudo nano /etc/apache2/sites-available/000-default.conf… and change the VirtualHost line at the top to use the IP address 127.0.0.1 and the port 8000:
<VirtualHost 127.0.0.1:8000>
[...]Ctrl+x, then ‘Y' to save and exit.
Install the Apache module libapache2-mod-rpaf which takes care of logging the correct IP address:
$ sudo apt-get -y install libapache2-mod-rpafNext you will need to edit the module configuration file:
$ sudo nano /etc/apache2/mods-available/rpaf.confAdd the server IP address, in this example we use 192.168.1.100 as the server IP.
RPAFproxy_ips 127.0.0.1 192.168.1.100 ::1Ctrl+x, then ‘Y' to save and close the file and restart Apache server.
$ sudo /etc/init.d/apache2 restartYou can test rpaf by viewing the Apache access log:
$ sudo tail -f /var/log/apache2/access.logYou should see the following output:
#Before:
127.0.0.1 - - [31/Jun/2016:08:34:07 +0000] "GET /index.html HTTP/1.1"
127.0.0.1 - - [31/Jun/2016:08:34:10 +0000] "GET /index.html HTTP/1.1"
#After
192.168.1.100 - - [31/Jun/2016:08:34:30 +0000] "GET /index.html HTTP/1.1"
192.168.1.100 - - [31/Jun/2016:08:34:34 +0000] "GET /index.html HTTP/1.1"Restart Apache:
$ sudo /etc/init.d/apache2 restartConfigure the Apache service to start at boot time by running:
$ sudo update-rc.d apache2 defaults2. Configure nginx
$ sudo apt-get -y install nginxCreate its system startup links and make sure it is started:
$ sudo systemctl enable nginx.service
$ sudo service nginx restartIt should now be listening on port 80.
Create new nginx server block:
$ sudo nano /etc/nginx/sites-available/nextcloudAdd the following content. Note that the path to the original apache ssl certificate is updated and reflected in the path. Also note that this server block is for a nextcloud subdirectory installation (e.g. yoursite.com/nextcloud) and that the root path DOES NOT include ‘/nextcloud' but most of the location lines include the ‘nextcloud' directory while some do not. Referenced from:
https://docs.nextcloud.com/server/11/admin_manual/installation/nginx_nextcloud_9x.html
server {
listen 80;
listen [::]:80;
server_name 192.168.1.100;
root /var/www/html;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name 192.168.1.100;
root /var/www/html;
index index.php index.html index.htm;
ssl on;
ssl_certificate /etc/ssl/certs/apache-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/apache-selfsigned.key;
ssl_session_timeout 5m;
ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=15768000; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
access_log /var/log/nginx/nextcloud.access.log;
error_log /var/log/nginx/nextcloud.error.log;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location ^~ /nextcloud {
#set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
gzip off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location /nextcloud {
rewrite ^ /nextcloud/index.php$uri;
}
location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~* \.(?:css|js)$ {
try_files $uri /nextcloud/index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /nextcloud/index.php$uri$is_args$args;
access_log off;
}
location ~ /\.ht {
deny all;
}
}
}Ctrl+x, then ‘Y' to save and exit.
Verify your Nginx configuration syntax by running the following command:
$ sudo nginx -tIf everything is ok, you should see the following output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successfulActivate the server block by running the following command:
$ sudo ln -s /etc/nginx/sites-available/nextcloud /etc/nginx/sites-enabled/nextcloudDelete the default nginx server block from the ‘sites-enabled' directory (but NOT from ‘site-available'):
$ sudo rm /etc/nginx/sites-enabled/defaultStart the Nginx service by running the following command:
$ sudo /etc/init.d/nginx startThen configure the Nginx service to start at boot time by running the following command:
$ sudo update-rc.d nginx defaults3. Test Nginx Reverse Proxy
Running the following curl command (the ‘-I' is a hypen and capital ‘I' as in India):
$ curl -I localhostExample output:
HTTP/1.1 301 Moved Permanently
Server: nginx/1.10.0 (Ubuntu)
Date: Tue, 28 Mar 2017 21:24:49 GMT
Content-Type: text/html
Content-Length: 194
Connection: keep-alive
Location: https://192.168.1.100/More info on the above output:
https://httpstatuses.com/301
ERRORS & SOLUTIONS
1. If you are getting an error that Nginx will not start/restart after configuring the Nextcloud server block:Solution:
Stop apache > then start nginx > then restart apache. This will allow nginx access to the required ports and let apache run in the back.
$ sudo service apache2 stop
$ sudo /etc/init.d/nginx start
$ sudo service apache2 start2. If you are getting a ‘502 Bad Gateway Error' when trying to access NextcloudSolution:
Remove the lines ‘Listen 443' from both lines located inside the file ‘/etc/apache2/sites-available/nextcloud.conf':
Reference and more info here:
https://www.scalescale.com/tips/nginx/502-bad-gateway-error-using-nginx/#
original code:
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 8000
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noetChange to look like this:
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 8000
<IfModule ssl_module>
</IfModule>
<IfModule mod_gnutls.c>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet3. If Nginx redirects to the root directory of your site instead of its subdirectory. For example, when trying to access ‘https://yoursite.com/nextcloud‘ nginx will automatically redirect to ‘https://yoursite.com'/login or ‘https://yoursite.com/index.php/login‘, etc.Reference:
https://help.nextcloud.com/t/nginx-reverse-proxy-what-to-write-in-nextclouds-config-php/9149/15
Solution:
1. Double/Triple check the nginx server block code above and make sure it is correct.
2. Make sure that there is no ‘default' file/link in the ‘/etc/nginx/sites-enabled' folder. If there is, remove it. You do not need this enabled.
$ sudo rm /etc/nginx/sites-enabled/defaultHowever, if you have phpmyadmin installed and a corresponding code block set up in ‘default', then it will return a ‘404 Not Found' page when trying to access phpmyadmin.
This is the code block for phpmyadmin located inside the ‘default' file:
# Phpmyadmin Configurations
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_param HTTPS on; # <-- add this line
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}Will need to attempt an alternative way to access phpmyadmin.
More References: