diff --git a/reverse-proxy.md b/reverse-proxy.md index f0089b63..5f201a6c 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -1,15 +1,16 @@ # Reverse Proxy Documentation -**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 4](#4-optional-get-a-valid-certificate-for-the-aio-interface). +**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface). In order to run Nextcloud behind a reverse proxy, you need to specify the port that the Apache container shall use, add a specific config to your reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example Apache port which will be exposed on the host. Modify it to your needings. -**Attention** The process to run Nextcloud behind a reverse proxy consists of at least these 2 steps: +**Attention** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4: 1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)** 1. **Use the in this document provided startup command! See [point 2](#2-use-this-startup-command)** -1. If the reverse proxy is installed on the same host, you should limit the apache container to only listen on localhost. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost) -- Optional: get a valid certificate for the AIO interface! See [point 4](#4-optional-get-a-valid-certificate-for-the-aio-interface) -- How to debug things? See [point 5](#5-how-to-debug-things) +1. Optional: If the reverse proxy is installed on the same host, you should limit the apache container to only listen on localhost. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost) +1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)** +1. Optional: get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface) +1. How to debug things? See [point 6](#6-how-to-debug-things) ## 1. Add this to your reverse proxy config @@ -471,16 +472,14 @@ nextcloud/all-in-one:latest Simply translate the docker run command into a docker-compose file. You can have a look at [this file](https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml) for some inspiration but you will need to modify it either way. You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588 ---- - -### How to continue? -After using the above command, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container! - ## 3. If the reverse proxy is installed on the same host, you should configure the apache container to only listen on localhost. Use this envorinmental variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `-e APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address, you can either simply skip this step or set it to `0.0.0.0` if you are unsure what the correct value is. -## 4. Optional: get a valid certificate for the AIO interface +## 4. Open the AIO interface. +After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container! + +## 5. Optional: get a valid certificate for the AIO interface If you want to also access your AIO interface publicly with a valid certificate, you can add e.g. the following config to your Caddyfile: @@ -498,7 +497,7 @@ Of course you need to modify `` to the domain on which you want Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://:443` instead of `https://:8443` in the Caddyfile and use that to access the AIO interface. -## 5. How to debug things? +## 6. How to debug things? If something does not work, follow the steps below: 1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom! 1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible, substitute `localhost` in the default configurations by the ip-address that you can easily get when running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (The command only works on Linux)