I try to install a fully working Nextcloud on my TrueNAS Scale machine which run already several apps, including Nginx Proxy Manager which is used for many apps on the same machine and external ones without any issues. However with Nextcloud I always have problem with the reverse proxy config.
Nextcloud official package is installed with a trusted domain like cloud.domain.tld in addition to local IP. It's on port 9001 locally (default). I can access the it unencrypted on NAS_IP:9001. Then I configured Nginx to point to http NAS_IP 9001 with a *.domain.tld Let's Encrypt Certificate (as for any others app). Now I can access my Nextcloud via https://cloud.domain.tld and login without apparent issues, I can upload files, share file with external link, everything in WebUI look good except when I log out I get a page in http than is not reachable.
In admin panel I have a warning that my reverse proxy is not properly configured and link to this page to solve it: https://docs.nextcloud.com/server/l...ation_server/reverse_proxy_configuration.html
When I try to connect DAVx5 on Android, it says it cannot find CardDAV and CalDAV.
I added this to the custom config tab in Nginx:
I still have the error in DAVx5. I tried to change in the above $host with $host:$port. Still not working.
I tried to enter the same but in the custom location tab, thus I don't think I'm doing it properly as it ends up with Nextcloud being completely unreachable, when I remove it's working again in WebUI but still all other errors.
Then I tried to login to the Android app, but it fails, I end up logged on the WebUI in a webview within the Nextcloud app but the apps is not connected to the account properly and I cannot sync files or anything.
I didn't try the desktop client yet but I except similar issues as well.
I found someone config online with these more 2 lines before mine in the advanced tab (also on Nextcloud doc):
No sure what it does but it's not solving the issues and not make it worst either.
I modified the Nextcloud config.php file and added my TrueNAS IP as trusted_proxies, not sure if it's necessary if it's on the same machine but it was mention in Nextcloud help.
It tried to add forwarded_for_headers too, both with x_forwarded_for and without x, as I don't find the forward header in the console (F12) when I connect to Nextcloud though the Nginx reverse proxy address.
I modified the overwrite.cli.url that was pointing to localhost to point to https://cloud.domain.tld (strangely it was working before this change already) but it's not helping either.
I tried to add overwritehost and overwriteprotocol to the config.php but then Nextcloud give an internal server error. When I comment, it's working again. Maybe that's the missing part? I tried IP_TrueNAS:Nginx_port_http, IP_TrueNAS:Nginx_port_https, IP_TrueNAS:Nginx_webUI_port (you never know), IP_TrueNAS:Nextcloud_port. I don't know what else I can try. Even if I set only the overwriteprototcol to https it's then giving the internal server error...
What is super strange is that I still have an old Nextcloud install on an older machine (SynologyNAS), for which I setup the redirect from Nginx on this current TrueNAS, pointing to the old machine IP, port 443, and it's all working fine without any special advance configuration nor otuching the config.php file at all.
Any idea what is missing or wrong in my Nginx and Nextcloud config? I search many online posts and topics, both here, on Nextcloud communities and documentations, nothing helped so far.
EDIT:
I solve already one issue, the redirect for CalDAV and CardDAV was correct, but DAVx5 give me an error because I have 2FA enabled and I need to login with a one time use app password.
Remain the issue with the HTTP forbidden error that prevent to login on the Android Nextcloud app. I guess I'm super close to the solution, something in the config.php must be missing or wrong.
EDIT2:
OK everything is solved.
The Nginx extra parameters for CalDAV and CardDAV was correct but you must use an app password to login with DAVx5 or other app if you have 2FA enabled, otherwise it says that it cannot reach CalDAV and CardDAV services, which is a bit misleading, even if it also suggest that the password might be wrong, which it was not suggesting if my Nginx redirect was not correctly done, that was made me guess the problem.
For the http error, I was missing some parameters in the config.php of Nextcloud, you can check my anonymized config code below, I think the most important I had to add was:
After that my Nextcloud with Nginx was fully working in every situation without error. I also added Redis on my TrueNAS with some line in the config to remove the memcache warning and the default_phone_region (change XX by your country as in the link from help) and then I was all green from Nextcloud admin settings.
Nextcloud official package is installed with a trusted domain like cloud.domain.tld in addition to local IP. It's on port 9001 locally (default). I can access the it unencrypted on NAS_IP:9001. Then I configured Nginx to point to http NAS_IP 9001 with a *.domain.tld Let's Encrypt Certificate (as for any others app). Now I can access my Nextcloud via https://cloud.domain.tld and login without apparent issues, I can upload files, share file with external link, everything in WebUI look good except when I log out I get a page in http than is not reachable.
In admin panel I have a warning that my reverse proxy is not properly configured and link to this page to solve it: https://docs.nextcloud.com/server/l...ation_server/reverse_proxy_configuration.html
When I try to connect DAVx5 on Android, it says it cannot find CardDAV and CalDAV.
I added this to the custom config tab in Nginx:
Code:
location /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; }
I still have the error in DAVx5. I tried to change in the above $host with $host:$port. Still not working.
I tried to enter the same but in the custom location tab, thus I don't think I'm doing it properly as it ends up with Nextcloud being completely unreachable, when I remove it's working again in WebUI but still all other errors.
Then I tried to login to the Android app, but it fails, I end up logged on the WebUI in a webview within the Nextcloud app but the apps is not connected to the account properly and I cannot sync files or anything.
I didn't try the desktop client yet but I except similar issues as well.
I found someone config online with these more 2 lines before mine in the advanced tab (also on Nextcloud doc):
Code:
rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
No sure what it does but it's not solving the issues and not make it worst either.
I modified the Nextcloud config.php file and added my TrueNAS IP as trusted_proxies, not sure if it's necessary if it's on the same machine but it was mention in Nextcloud help.
It tried to add forwarded_for_headers too, both with x_forwarded_for and without x, as I don't find the forward header in the console (F12) when I connect to Nextcloud though the Nginx reverse proxy address.
I modified the overwrite.cli.url that was pointing to localhost to point to https://cloud.domain.tld (strangely it was working before this change already) but it's not helping either.
I tried to add overwritehost and overwriteprotocol to the config.php but then Nextcloud give an internal server error. When I comment, it's working again. Maybe that's the missing part? I tried IP_TrueNAS:Nginx_port_http, IP_TrueNAS:Nginx_port_https, IP_TrueNAS:Nginx_webUI_port (you never know), IP_TrueNAS:Nextcloud_port. I don't know what else I can try. Even if I set only the overwriteprototcol to https it's then giving the internal server error...
What is super strange is that I still have an old Nextcloud install on an older machine (SynologyNAS), for which I setup the redirect from Nginx on this current TrueNAS, pointing to the old machine IP, port 443, and it's all working fine without any special advance configuration nor otuching the config.php file at all.
Any idea what is missing or wrong in my Nginx and Nextcloud config? I search many online posts and topics, both here, on Nextcloud communities and documentations, nothing helped so far.
EDIT:
I solve already one issue, the redirect for CalDAV and CardDAV was correct, but DAVx5 give me an error because I have 2FA enabled and I need to login with a one time use app password.
Remain the issue with the HTTP forbidden error that prevent to login on the Android Nextcloud app. I guess I'm super close to the solution, something in the config.php must be missing or wrong.
EDIT2:
OK everything is solved.
The Nginx extra parameters for CalDAV and CardDAV was correct but you must use an app password to login with DAVx5 or other app if you have 2FA enabled, otherwise it says that it cannot reach CalDAV and CardDAV services, which is a bit misleading, even if it also suggest that the password might be wrong, which it was not suggesting if my Nginx redirect was not correctly done, that was made me guess the problem.
For the http error, I was missing some parameters in the config.php of Nextcloud, you can check my anonymized config code below, I think the most important I had to add was:
- Check that both the local TrueNAS IP+Nextcloud port as well as the Nextcloud domain name was in the trused_domains list.
- 'overwrite.cli.url' => 'http://TRUENAS_LOCAL_IP:9001', #and not to the domain name, one of my mistake
- add: 'overwriteprotocol' => 'https',
- add: 'trusted_proxies' => array (
0 => 'TRUENAS_LOCAL_IP',
), - add forward for headers (not sure if necessary, try without first):
- 'forwarded_for_headers' => array (
0 => 'HTTP_X_FORWARDED',
1 => 'HTTP_FORWARDED_FOR',
),
Code:
<?php $CONFIG = array ( 'htaccess.RewriteBase' => '/', 'memcache.local' => '\\OC\\Memcache\\APCu', 'apps_paths' => array ( 0 => array ( 'path' => '/var/www/html/apps', 'url' => '/apps', 'writable' => false, ), 1 => array ( 'path' => '/var/www/html/custom_apps', 'url' => '/custom_apps', 'writable' => true, ), ), 'passwordsalt' => 'xxx', 'secret' => 'xxx', 'trusted_domains' => array ( 0 => 'localhost', 1 => 'TRUENAS_LOCAL_IP:9001', 2 => 'cloud.domain.tld', ), 'datadirectory' => '/var/www/html/data', 'dbtype' => 'pgsql', 'version' => '27.0.2.1', 'overwrite.cli.url' => 'http://TRUENAS_LOCAL_IP:9001', 'overwriteprotocol' => 'https', 'dbname' => 'nextcloud', 'dbhost' => 'nextcloud-postgres:5432', 'dbport' => '', 'dbtableprefix' => 'oc_', 'dbuser' => 'oc_youradminuser, 'dbpassword' => 'xxx', 'installed' => true, 'instanceid' => 'xxx', 'memories.exiftool' => '/var/www/html/custom_apps/memories/exiftool-bin/exift> 'memories.vod.path' => '/var/www/html/custom_apps/memories/exiftool-bin/go-vo> 'memories.vod.ffmpeg' => '/usr/bin/ffmpeg', 'memories.vod.ffprobe' => '/usr/bin/ffprobe', 'twofactor_enforced' => 'true', 'twofactor_enforced_groups' => array ( 0 => 'admin', ), 'twofactor_enforced_excluded_groups' => array ( ), 'enabledPreviewProviders' => array ( 0 => 'OC\\Preview\\Image', 1 => 'OC\\Preview\\HEIC', 2 => 'OC\\Preview\\TIFF', 3 => 'OC\\Preview\\Movie', ), 'memories.gis_type' => 2, 'trusted_proxies' => array ( 0 => 'TRUENAS_LOCAL_IP', ), 'forwarded_for_headers' => array ( 0 => 'HTTP_X_FORWARDED', 1 => 'HTTP_FORWARDED_FOR', ), 'default_phone_region' => 'XX', 'filelocking.enabled' => true, 'memcache.locking' => '\\OC\\Memcache\\Redis', 'redis' => array ( 'host' => 'TRUENAS_IP_OR_REDIS_SERVER_IP_IF_NOT_ON_TRUENAS', 'port' => REDIS_PORT_HERE, 'timeout' => 0.0, 'password' => 'REDIS_PASSWORD_HERE', ), 'maintenance' => false, );
After that my Nextcloud with Nginx was fully working in every situation without error. I also added Redis on my TrueNAS with some line in the config to remove the memcache warning and the default_phone_region (change XX by your country as in the link from help) and then I was all green from Nextcloud admin settings.
Last edited: