## Reverse Proxy Documentation Basically, you need to specify the port that the apache container shall use and modify the startup command a bit. All examples below will use port `11000` as example apache port. Also it is supposed that the reverse proxy runs on the same server like AIO, hence `localhost` is used and not an internal ip-address to point to the AIO instance. Modify both to your needings. **Info:** The instructions below assume that your reverse proxy is installed directly on the host, not inside a separate docker container. If you want to run the reverse proxy inside a docker container, you can do so by using the `--network host` option when starting the reverse proxy container. Or if you don't want to use the networks host option, substituting `localhost` by the internal ip-address of the Host might work. ### Reverse proxy config examples #### Caddy
click here to expand Add this to your Caddyfile: ``` https://:443 { header Strict-Transport-Security max-age=31536000; reverse_proxy localhost:11000 } ``` Of course you need to modify `` to the domain on which you want to run Nextcloud.
#### Nginx
click here to expand **Disclaimer:** the config below is not working 100% correctly, yet. See e.g. https://github.com/nextcloud/all-in-one/issues/450, https://github.com/nextcloud/all-in-one/issues/447 and https://github.com/nextcloud/all-in-one/issues/491. Improvements to it are very welcome! Add this to you nginx config: ``` location / { proxy_pass http://localhost:11000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Websocket proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } ``` Of course SSL needs to be set up as well e.g. by using certbot and your domain must be also added inside the nginx config.
#### Traefik 2
click here to expand **Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome! Add a `nc.toml` to the treafik rules folder with the following content: ```toml [http.routers] [http.routers.nc-rtr] entryPoints = ["https"] rule = "Host()" service = "nc-svc" middlewares = ["chain-no-auth"] [http.routers.nc-rtr.tls] certresolver = "le" [http.services] [http.services.nc-svc] [http.services.nc-svc.loadBalancer] passHostHeader = true [[http.services.nc-svc.loadBalancer.servers]] url = "http://localhost:11000" ``` Of course you need to modify `` to the domain on which you want to run Nextcloud.
### Startup command After adjusting your reverse proxy config, use the following command to start AIO: ``` # For x64 CPUs: sudo docker run -it \ --name nextcloud-aio-mastercontainer \ --restart always \ -p 8080:8080 \ -e APACHE_PORT=11000 \ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ --volume /var/run/docker.sock:/var/run/docker.sock:ro \ nextcloud/all-in-one:latest ```
Command for arm64 CPUs like the Raspberry Pi 4 ``` # For arm64 CPUs: sudo docker run -it \ --name nextcloud-aio-mastercontainer \ --restart always \ -p 8080:8080 \ -e APACHE_PORT=11000 \ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ --volume /var/run/docker.sock:/var/run/docker.sock:ro \ nextcloud/all-in-one:latest-arm64 ```
On macOS see https://github.com/nextcloud/all-in-one#how-to-run-it-on-macos.
Command for Windows ``` docker run -it ^ --name nextcloud-aio-mastercontainer ^ --restart always ^ -p 8080:8080 ^ -e APACHE_PORT=11000 ^ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^ --volume //var/run/docker.sock:/var/run/docker.sock:ro ^ nextcloud/all-in-one:latest ```
After doing so, you should be able to access the AIO Interface via `https://internal.ip.of.this.server:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container! ### Optional If you want to also access your AIO interface publicly with a valid certificate, you can add e.g. the following config to your Caddyfile: ``` https://:8443 { reverse_proxy https://localhost:8080 { transport http { tls_insecure_skip_verify } } } ``` Of course, you also need to modify `` to the domain that you want to use. Afterwards should the AIO interface be accessible via `https://:8443`. You can alternatively change the domain to a different subdomain by using `https://:443` in the Caddyfile and use that to access the AIO interface.