From 7f8bb2fe7a99a4b806eb24badad5f22f4af5e017 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 2 Jan 2025 12:36:40 -0700 Subject: [PATCH] Add example file for Nextcloud. --- .../config/conf.d/cloud.example.com | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 Config/ReverseProxy/config/conf.d/cloud.example.com diff --git a/Config/ReverseProxy/config/conf.d/cloud.example.com b/Config/ReverseProxy/config/conf.d/cloud.example.com new file mode 100644 index 0000000..3bad7aa --- /dev/null +++ b/Config/ReverseProxy/config/conf.d/cloud.example.com @@ -0,0 +1,76 @@ +# 2025-01-02 Hyperling +# A dummy test file since true scripts are being kept private. +# This should help others understand how to get Nextcloud working. + +## Instructions ## +# Add this without the comment to your /etc/hosts to test that it is working, +# YOUR_DOCKER_SERVER_IP cloud.example.com +# If testing locally on a workstation, +# 127.0.0.1 cloud.example.com +# Then to test, first start the container, +# cd $DOCKER_HOME/Config/ReverseProxy && docker compose build && docker compose up -d +# Then from the system with the modified /etc/hosts, +# curl --insecure cloud.example.com +# You should see activity in the container log as well as the contents of the +# proxied website in the terminal, NOT cloud.example.com. If using a browser then you +# should notice that the URL is still cloud.example.com but the website is correct. + +server { + listen 80; + server_name cloud.example.com; + + location /.well-known/acme-challenge/ { + default_type "text/plain"; + root /etc/nginx/letsencrypt/; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + server_name cloud.example.com; + + ssl_certificate /etc/nginx/certs/cloud.example.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/nginx/certs/cloud.example.com/privkey.pem; # managed by Certbot + + # https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html#nginx + rewrite ^/\.well-known/carddav https://$server_name/remote.php/dav/ redirect; + rewrite ^/\.well-known/caldav https://$server_name/remote.php/dav/ redirect; + + location /.well-known/acme-challenge/ { + default_type "text/plain"; + root /etc/nginx/letsencrypt/; + } + + # Attempt to make OnlyOffice work both internally and externally. + # https://helpcenter.onlyoffice.com/installation/docs-nextcloud-proxy.aspx + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $proxy_connection; + proxy_set_header X-Forwarded-Host $http_host/office; + + # Send traffic to upstream server + location / { + expires epoch; + add_header Pragma public; + add_header Cache-Control "private, no-store"; + add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"; + + # Fix upload errors (HTTP Error: Request Entity Too Large). + client_max_body_size 0; + client_body_buffer_size 100M; + + # Attempt to make OnlyOffice work both internally and externally. + # https://helpcenter.onlyoffice.com/installation/docs-nextcloud-proxy.asp + proxy_pass_header Server; + proxy_pass http://hyperling-cloud; + } + + # Attempt to make OnlyOffice work both internally and externally. + # https://helpcenter.onlyoffice.com/installation/docs-nextcloud-proxy.aspx + location /office/ { + proxy_pass http://hyperling-office-http; + } +}