How to Install Nextcloud-AIO with an External Proxy

I would like to start by complimenting the Nextcloud team with their documentation. It is in great depth and has details for every exception to the standard deployment, however, because of this, it can be intimidating for a new comer trying to Nextcloud trying to figure something out. Once I began to understand the Nextcloud ecosystem a bit more, the documentation becuase invaluable. Therefore, I hope this post, can be a bridge to easier consumption of the documentation.

Configuration

This is the basic flow for my configuration.

Important Points to Know

Steps

These steps will mostly be theoretical and have code snippets specific to minor configuration changes. The process is the trickier part as opposed to the technology.

Deploy the Nextcloud-AIO Image

These details will not be included. If you haven't deployed an image before, you should probably start a little more basic for some practice! You will have to do a bunch of port configuring and networking. It is important to understand those concepts!

This is where it is important to note the APACHE_PORT. You will need it.

Also, disable

Configure the Proxy to Connect to the AIO Container

Just reiterating, this is the configuration for Caddy. That is my proxy of choice. Their documentation for other proxies is in great detail, however, like I stated earlier the ecosystem might make it complicated.

This is an example configuration that worked. With the following changes being made:

DOMAIN {
    tls /certs/tls.crt /certs/tls.key
    header {
        Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
    }
    reverse_proxy https://IP:PORT {
        transport http {
            tls_insecure_skip_verify
        }
    }    
}

Now to answer some questions, why are we proxied to an https server? Well, the AIO Container runs with a self signed certificate deployed. This is why we are proxying to it and skipping the verification.

Setup the AIO Container

Go through the setup process. Ensure you are using the domain you want to connect to. From what I remember reading, it isn't very simple to change the domain after the fact (couldn't tell you why, sorry.).

Once you have completed the setup and you go to login, you will notice you get directed to a page that won't let you log in. This is a good sign and very annoying! This is why I wrote this guide.

Configure the Proxy to Connect to the Apache Service

Once you have gotten stuck at the login loop, we re-configure the "end user" connection to the Apache service. Recall the notes, I wrote earlier. Take note of the admin user and initial password before you re-setup the proxy.

DOMAIN {
    tls /certs/tls.crt /certs/tls.key
    header {
        Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
    }
    reverse_proxy http://IP:APACHE_PORT
}

As you can see, we are now connecting via http. That is not a typo.

Login?!

In theory, you should be connecting to the appropriate service now and being prompted to login via a username/password box! This is where we want to be! Congrats!

If you didn't get the lovely login screen, attempt the following:

Limitations

Conclusion

At this point, you should be able to run basic Nextcloud functionality. Things like file operations and using built in tooling of Nextcloud should be fine. As listed in the limitations, operations that require custom, backend services may require some work and tweaking. I think at the end of the day, this might not be the right solution for me, since, I do have a lot of overlapping services and this might be overkilling a simple problem I have. It was definitely an interesting learning experience.

This took way longer to figure out than it should have. It came from a lack of knowledge on the Nextcloud ecosystem. Hopefully this can help speed run people interested in Nextcloud. Also, this was written off the top of my head, so if I missed any useful points or left dead ends feel free to contact me. Happy Clouding!