Hey everyone,
I am trying to set up Nextcloud on my home server and I keep getting the same error all the time, no matter what I try. I think this comes from the fact, that I use a Caddy Podman Container as a reverse proxy in front of the Nextcloud Pod.
The error I keep getting is the following:
Your browser has been unable to connect to the Collabora server: http://nextcloud.my.domain
This URL is determined on the Collabora server either from the configured URL or the server_name parameter in coolwsd.xml.
My Nextcloud set up looks the following way:
caddy-reverse-proxy.container
[Container]
ContainerName=caddy-reverse-proxy
Image=docker.io/library/caddy:latest
AutoUpdate=registry
PublishPort=80:80
PublishPort=443:443
Volume=/mnt/storage/reverse-proxy/Caddyfile:/etc/caddy/Caddyfile:z
Volume=/mnt/storage/reverse-proxy/data:/data:z
Network=host
[Service]
Restart=always
[Install]
WantedBy=default.target
Caddyfile for the reverse proxy:
{
email my.address@proton.me
}
nextcloud.my.domain {
reverse_proxy 127.0.0.1:8080 {
header_up Host {host}
header_up X-Real-IP {remote_ip}
header_up X-Forwarded-For {remote_ip}
header_up X-Forwarded-Proto {scheme}
}
}
Nextcloud Pod and Containers:
[Pod]
PodName=nextcloud
PublishPort=8080:80
[Service]
Restart=always
[Install]
WantedBy=default.target
Caddy Container:
[Container]
ContainerName=caddy-nextcloud
Pod=nextcloud.pod
Image=docker.io/library/caddy:latest
AutoUpdate=registry
Volume=/mnt/storage/nextcloud/nextcloud:/var/www/html:z
Volume=/mnt/storage/nextcloud/caddy/Caddyfile:/etc/caddy/Caddyfile:z
[Unit]
After=nextcloud.pod
After=mariadb-nextcloud.container
After=nextcloud-app.container
Requires=nextcloud.pod
Requires=mariadb-nextcloud.container
Requires=nextcloud-app.container
[Service]
Restart=always
[Install]
WantedBy=default.target
Caddyfile for the Nextcloud Caddy Container:
:80 {
root * /var/www/html
file_server
php_fastcgi nextcloud-app:9000 {
root /var/www/html
env front_controller_active true
}
encode gzip
log {
output file /data/nextcloud-access.log
}
header {
Strict-Transport-Security "max-age=15768000;includeSubDomains;preload"
}
# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
}
respond @forbidden 404
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
}
Database and Nextcloud Containers:
[Container]
ContainerName=mariadb-nextcloud
Pod=nextcloud.pod
Image=docker.io/library/mariadb:latest
AutoUpdate=registry
Volume=/mnt/storage/nextcloud/mariadb:/var/lib/mysql:z
Environment=MYSQL_DATABASE=nextcloud
Environment=MYSQL_USER=nextcloud
Environment=MYSQL_PASSWORD=PASSWORD
Environment=MYSQL_ROOT_PASSWORD=PASSWORD
Exec=--transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW --max_allowed_packet=256000000
[Unit]
After=nextcloud.pod
Requires=nextcloud.pod
[Service]
Restart=always
[Install]
WantedBy=default.target
[Container]
ContainerName=nextcloud-app
Pod=nextcloud.pod
Image=docker.io/library/nextcloud:fpm
AutoUpdate=registry
Environment=MYSQL_DATABASE=nextcloud
Environment=MYSQL_USER=nextcloud
Environment=MYSQL_PASSWORD=PASSWORD
Environment=MYSQL_HOST=127.0.0.1
Volume=/mnt/storage/nextcloud/nextcloud:/var/www/html:z
Volume=/mnt/storage/nextcloud/data:/var/www/html/data:z
[Unit]
After=nextcloud.pod
After=mariadb-nextcloud.container
Requires=nextcloud.pod
Requires=mariadb-nextcloud.container
[Service]
Restart=always
[Install]
WantedBy=default.target
I have also added the following lines to the config.php in the Nextcloud config folder:
'forwarded_for_headers' => ['HTTP_X_FORWARDED_FOR'],
'trusted_proxies' => ['127.0.0.1'], // The IP of your reverse proxy
'overwrite.cli.url' => 'https://nextcloud.ppflaum.ch',
'overwritehost' => 'nextcloud.ppflaum.ch',
'overwriteprotocol' => 'https',
This was apparently needed for my applications to trust Nextcloud as the Nextcloud container only sees as http connection and does not know that the connection is actually over https and therefore secure.
I would be very thankful to anybody who shares their ideas or experiences with me, as I really don’t know what to try anymore.