Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reverse proxy documentation using nginx #315

Closed
rallisf1 opened this issue Mar 5, 2022 · 12 comments · Fixed by #437
Closed

Reverse proxy documentation using nginx #315

rallisf1 opened this issue Mar 5, 2022 · 12 comments · Fixed by #437
Labels
2. developing Work in progress documentation Improvements or additions to documentation good first issue Small tasks with clear documentation about how and in which place you need to fix things in.
Milestone
v0.9.1

Comments

@rallisf1
Copy link

rallisf1 commented Mar 5, 2022

I understand caddy is a better fit for this but since I already use nginx for all my other containers, I'd appreciate an nginx section in the reverse-proxy documentation, preferabbly with TLS offloading (you'll need to share the certs between the containers).

Cheers!
@szaimen
Copy link
Collaborator

szaimen commented Mar 5, 2022
edited
Loading

Hey, feel free to investigate yourself how it could work behind nginx. I'll gladly add it to the reverse proxy documentation then.

As a starting point simply translate the caddy reverse proxy config into nginx syntax and then follow the rest of the reverse proxy documentation. (of course you need to provide your own certificates in the config for nginx which is not necessary using caddy as reverse proxy)

@szaimen szaimen added documentation Improvements or additions to documentation good first issue Small tasks with clear documentation about how and in which place you need to fix things in. help wanted Extra attention is needed labels Mar 5, 2022
@szaimen szaimen mentioned this issue Mar 7, 2022
Closed
@twwd
Copy link

twwd commented Mar 24, 2022

At the first glance, my Nginx config seems to work. I've startet the AIO container with the custom APACHE_PORT=11000 and then used the following config in my server block (besides the TLS stuff etc.):

location / {
    proxy_pass http://localhost:11000;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

# Websockets for Push
location /push/ {
    proxy_pass http://localhost:11000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;
}

# Websockets for Collabora
location /cool/ {
    proxy_pass http://localhost:11000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;
}

@szaimen
Copy link
Collaborator

szaimen commented Mar 24, 2022
edited
Loading

Thanks @twwd !

Are you sure that the block below is really neded though? (Doesn't it work without?)

# Websockets for Push
location /push/ {
    proxy_pass http://localhost:11000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;
}

# Websockets for Collabora
location /cool/ {
    proxy_pass http://localhost:11000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;
}

Or maybe aren't you able to enable websocket connections for the whole domain? This would eliminate the need to configure every endpoint manually

@twwd
Copy link

twwd commented Mar 28, 2022

My first config was without these parts and it didn't work. I'm not a Nginx pro, but I'm not aware of a method to combine all three blocks.

@szaimen
Copy link
Collaborator

szaimen commented Mar 28, 2022

Thanks! So I guess enabling websocket connections for the whole domain does not work?

@twwd
Copy link

twwd commented Mar 28, 2022

Regarding to SO, it might work. I'll try in the next days and give an update here.

@twwd
Copy link

twwd commented Mar 29, 2022

At the first glance, the combined config seems to work:

location / {
        proxy_pass http://localhost:11000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # Websocket
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }

@szaimen
Copy link
Collaborator

szaimen commented Mar 30, 2022

Nice!

@szaimen szaimen added this to the next milestone Mar 30, 2022
@szaimen szaimen mentioned this issue Mar 30, 2022
Merged
@szaimen szaimen added 2. developing Work in progress and removed help wanted Extra attention is needed labels Mar 30, 2022
@twwd
Copy link

twwd commented Mar 31, 2022
edited
Loading

I'm sorry, I forgot to mention this part that must be declared in the http block (outside a server block):

# From https://www.nginx.com/blog/websocket-nginx/
map $http_upgrade $connection_upgrade {
    default Upgrade;
    ''      close;
}

@happyreacer
Copy link

happyreacer commented Apr 13, 2022
edited
Loading

I used the

location / {
        proxy_pass http://localhost:11000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # Websocket
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }

but no notifications in my android apps work

@szaimen
Copy link
Collaborator

szaimen commented Apr 13, 2022
edited
Loading

Are you sure that this is not due to nextcloud/android#8684?

See e.g.

The NC (and NC Talk) app from f-droid lack in push notifications completely.

@happyreacer
Copy link

happyreacer commented Apr 13, 2022
edited
Loading

@szaimen No, unfortunately it is not. I have taken other parameters. However, this has gone through trying. Unfortunately, I do not know what the individual values have for effects. But it worked as follows with the nginx-proxy docker from linuxserver/swag

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name www.*;

    include /config/nginx/ssl.conf;
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomians; preload;";
    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app nextcloud-aio-apache;
        set $upstream_port 11000;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_max_temp_file_size 2048m;
    }
}

Maybe someone who knows how to do this can optimize it

@szaimen szaimen mentioned this issue Apr 14, 2022
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
2. developing Work in progress documentation Improvements or additions to documentation good first issue Small tasks with clear documentation about how and in which place you need to fix things in.
Projects
None yet
Milestone
v0.9.1
Development

Successfully merging a pull request may close this issue.

improve reverse proxy conf - add nginx nextcloud/all-in-one
4 participants
@happyreacer @rallisf1 @twwd @szaimen