this post was submitted on 30 Jul 2023
9 points (76.5% liked)

Selfhosted

40133 readers
500 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

What does it actually do? When it's on, I get a redirecting error when trying to connect to my nextcloud at cloud.example.com, but with it off, it seems like I can't connect to NC using http anyway? Am I misunderstanding what it does?

Thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago (1 children)

Usually it's due to the webapp not knowing that the request is actually already served under https by the reverse proxy, it think the request is still served over http so it issues a redirect to https, which leads to a redirect loop.

[–] [email protected] 1 points 1 year ago (2 children)

Alright that makes sense, do you know how to solve that if that webapp is nextcloud aio?

[–] [email protected] 1 points 1 year ago

I'm not sure what happened in your setup, but here is how https handling should works:

  • users request https://example.com to your reverse proxy
  • reverse proxy pass the requests to upstream server, but using http instead. It also add HTTP_X_FORWARDED_PROTO header to let the upstream server know that even though the request is over http, the end user actually served over https so it should assume the connection as https
  • the upstream server return a response, it take into accounts that the request is already done via https (e.g. generating links with https:// prefix, etc).

I think this chain is broken somewhere in your setup and cause nextcloud to not receive the HTTP_X_FORWARDED_PROTO header from nginx proxy.

[–] [email protected] 1 points 1 year ago

I just remember nextcloud has trusted_proxies option located in config/config.php file. Not configuring it (or configured it wrong) can cause nextcloud to not trust the HTTP_X_FORWARDED_PROTO header it received (it assumed to be spoofed).

https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html