Skip to main content

NextCloud NGINX Reverse Proxy Site Config

This is the site config I use for my NGINX RP to point my sub to the LXC running NextCloud:

server {
    listen 80;
    server_name cloud.domain.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name cloud.domain.com;

    # SSL certificate and key configuration for the host
    ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;

    # SSL Security Settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256->
    ssl_prefer_server_ciphers on;

    # Strict-Transport-Security    
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;

    # Real IP configuration
    real_ip_header X-Forwarded-For;
    real_ip_recursive on;

    # OTHER THINGS FROM ANOTHER ONLINE SOURCE
    client_max_body_size 0;
    underscores_in_headers on;

    # Logging
    access_log /var/log/nginx/cloud.access.log geoip2;
    error_log /var/log/nginx/cloud.error.log;

    location / {
        proxy_pass https://yourLXCIP/; # Internal IP address of the container, and it's NCP so it must be https
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
        add_header Front-End-Https on;
        proxy_headers_hash_max_size 512;
        proxy_headers_hash_bucket_size 64;
        proxy_buffering off;
        proxy_redirect off;
        #proxy_max_temp_filesize 0;
    }

    location /.well-known/carddav {
        proxy_pass https://yourLXCIP/remote.php/dav; # I used NCP so this must be https
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /.well-known/caldav {
        proxy_pass https://yourLCXIP/remote.php/dav; # I used NCP so this must be https
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

 

Back to top