nextcloud
Upload files with nextcloud clients via nginx reverse proxy not possible
I've tried for a few days now to implement nginx as reverse proxy and came this far:
- [x] Forwarding http -> https
- [x] Connection via browser/clients
- [x] Upload via browser (tested ~1GB)
- [x] Upload via Windows/Android client (tested ~100KB)
- [ ] Upload via Windows/Android client (tested ~10MB) is failing
docker-compose.yml:
version: '3.7'
services:
redis:
image: redis:alpine
command: redis-server --requirepass xxx
restart: always
networks:
- mariadb_db
app:
image: nextcloud:apache
restart: always
expose:
- "80"
# ports:
# - 8080:80
networks:
- mariadb_db
- nginx
volumes:
- ./volumes:/var/www/html
- ./php.ini:/usr/local/etc/php/conf.d/my-custom.ini
environment:
- MYSQL_HOST=db
- REDIS_HOST=redis
- REDIS_HOST_PASSWORD=test
- NEXTCLOUD_TRUSTED_DOMAINS=server.fritz.box:8080
env_file:
- /mnt/hdd2/docker/mariadb/db.env
depends_on:
- redis
cron:
image: nextcloud:apache
restart: always
networks:
- mariadb_db
volumes:
- ./volumes:/var/www/html
entrypoint: /cron.sh
depends_on:
- redis
nginx:
container_name: nginx-rproxy
image: nginx
restart: always
ports:
- 8080:443
networks:
- nginx
volumes:
- ./conf.d:/etc/nginx/conf.d
- ./certs:/etc/nginx/ssl
depends_on:
- app
networks:
mariadb_db:
external: true
nginx:
volumes:
nextcloud:
Nextcloud config.php:
<?php
$CONFIG = array (
'htaccess.RewriteBase' => '/',
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'redis',
'port' => 6379,
'password' => 'xxx',
),
'instanceid' => 'xxx',
'passwordsalt' => 'xxx',
'secret' => 'xxx',
'trusted_domains' =>
array (
0 => '192.168.0.4:8080',
1 => 'server.fritz.box:8080',
),
'trusted_proxies' => ['nginx'],
'overwriteprotocol' => 'https',
'overwritehost' => '192.168.0.4:8080',
'datadirectory' => '/var/www/html/data',
'dbtype' => 'mysql',
'version' => '19.0.1.1',
'dbname' => 'nextcloud',
'dbhost' => 'db',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextclouduser',
'dbpassword' => 'xxx'
'logfile' => '/var/www/html/data/nextcloud.log',
'log_type' => 'file',
'loglevel' => 2,
'installed' => true,
'theme' => '',
'maintenance' => false,
'mysql.utf8mb4' => true,
'overwrite.cli.url' => 'https://192.168.0.4:8080',
);
nginx default.conf:
server {
listen 443 ssl http2 default deferred;
listen [::]:443 ssl http2;
add_header Strict-Transport-Security "max-age=63072000";
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
location / {
proxy_pass http://app:80;
proxy_redirect off;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
client_max_body_size 0;
client_body_timeout 60s;
}
location = /.well-known/carddav {
proxy_pass http://app:80/remote.php/dav;
proxy_redirect off;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
client_max_body_size 0;
client_body_timeout 60s;
}
location = /.well-known/caldav {
proxy_pass http://app:80/remote.php/dav;
proxy_redirect off;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
client_max_body_size 0;
client_body_timeout 60s;
}
error_page 497 301 =307 https://$host:8080$request_uri;
client_max_body_size 0;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
client_max_body_size 0;
}
}
Docker log fail with nginx proxy and Android client:
app_1 | 172.18.0.3 - - [22/Aug/2020:08:35:05 +0000] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 304 190 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0"
nginx-rproxy | 192.168.0.36 - andal [22/Aug/2020:08:35:17 +0000] "GET /ocs/v1.php/cloud/user?format=json HTTP/1.1" 307 171 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0" "-"
app_1 | 172.18.0.3 - andal [22/Aug/2020:08:35:17 +0000] "GET /ocs/v1.php/cloud/user?format=json HTTP/1.1" 200 1287 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0"
nginx-rproxy | 192.168.0.36 - andal [22/Aug/2020:08:35:17 +0000] "GET /ocs/v1.php/cloud/user?format=json HTTP/1.1" 200 584 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0" "-"
nginx-rproxy | 192.168.0.36 - - [22/Aug/2020:08:35:17 +0000] "GET /index.php/204 HTTP/1.1" 307 171 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0" "-"
app_1 | 172.18.0.3 - - [22/Aug/2020:08:35:17 +0000] "GET /index.php/204 HTTP/1.1" 204 1207 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0"
nginx-rproxy | 192.168.0.36 - - [22/Aug/2020:08:35:18 +0000] "GET /index.php/204 HTTP/1.1" 204 0 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0" "-"
nginx-rproxy | 192.168.0.36 - andal [22/Aug/2020:08:35:18 +0000] "PROPFIND /remote.php/webdav/Test/ HTTP/1.1" 307 171 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0" "-"
nginx-rproxy | 192.168.0.36 - andal [22/Aug/2020:08:35:18 +0000] "HEAD /remote.php/webdav/Test/IMG_20200822_084806.jpg HTTP/1.1" 307 0 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0" "-"
app_1 | 172.18.0.3 - andal [22/Aug/2020:08:35:18 +0000] "HEAD /remote.php/webdav/Test/IMG_20200822_084806.jpg HTTP/1.1" 404 536 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0"
nginx-rproxy | 192.168.0.36 - andal [22/Aug/2020:08:35:18 +0000] "HEAD /remote.php/webdav/Test/IMG_20200822_084806.jpg HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0" "-"
nginx-rproxy | 192.168.0.36 - andal [22/Aug/2020:08:35:18 +0000] "MKCOL /remote.php/dav/uploads/andal/563a60454989a4c8d5bd44edfcf97540 HTTP/1.1" 307 171 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0" "-"
app_1 | 172.18.0.3 - andal [22/Aug/2020:08:35:18 +0000] "MKCOL /remote.php/dav/uploads/andal/563a60454989a4c8d5bd44edfcf97540 HTTP/1.1" 405 894 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0"
nginx-rproxy | 192.168.0.36 - andal [22/Aug/2020:08:35:18 +0000] "MKCOL /remote.php/dav/uploads/andal/563a60454989a4c8d5bd44edfcf97540 HTTP/1.1" 405 247 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0" "-"
nginx-rproxy | 192.168.0.36 - andal [22/Aug/2020:08:35:18 +0000] "PROPFIND /remote.php/dav/uploads/andal/563a60454989a4c8d5bd44edfcf97540 HTTP/1.1" 307 171 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0" "-"
app_1 | 172.18.0.3 - andal [22/Aug/2020:08:35:18 +0000] "PROPFIND /remote.php/dav/uploads/andal/563a60454989a4c8d5bd44edfcf97540 HTTP/1.1" 207 2075 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0"
nginx-rproxy | 192.168.0.36 - andal [22/Aug/2020:08:35:18 +0000] "PROPFIND /remote.php/dav/uploads/andal/563a60454989a4c8d5bd44edfcf97540 HTTP/1.1" 207 1360 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0" "-"
nginx-rproxy | 192.168.0.36 - andal [22/Aug/2020:08:35:18 +0000] "MOVE /remote.php/dav/uploads/andal/563a60454989a4c8d5bd44edfcf97540/.file HTTP/1.1" 307 171 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0" "-"
Docker log pass without nginx proxy:
app_1 | 192.168.0.36 - - [22/Aug/2020:08:46:20 +0000] "GET /index.php/204 HTTP/1.1" 204 1207 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0"
app_1 | 192.168.0.36 - andal [22/Aug/2020:08:46:21 +0000] "HEAD /remote.php/webdav/Bilder%20Videos/Camera/IMG_20200821_160149.jpg HTTP/1.1" 404 635 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0"
app_1 | 192.168.0.36 - andal [22/Aug/2020:08:46:21 +0000] "MKCOL /remote.php/dav/uploads/andal/e5c3b4b22437d89e8e87c1a18d855ed7 HTTP/1.1" 405 993 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0"
app_1 | 192.168.0.36 - andal [22/Aug/2020:08:46:23 +0000] "PROPFIND /remote.php/dav/uploads/andal/e5c3b4b22437d89e8e87c1a18d855ed7 HTTP/1.1" 207 1880 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0"
app_1 | 192.168.0.36 - andal [22/Aug/2020:08:46:24 +0000] "MOVE /remote.php/dav/uploads/andal/e5c3b4b22437d89e8e87c1a18d855ed7/.file HTTP/1.1" 201 970 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0"
app_1 | 192.168.0.36 - andal [22/Aug/2020:08:46:34 +0000] "PROPFIND /remote.php/webdav/Bilder%20Videos/Camera/IMG_20200821_160149.jpg HTTP/1.1" 207 1605 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0"
app_1 | 192.168.0.36 - andal [22/Aug/2020:08:46:35 +0000] "GET /index.php/apps/files/api/v1/thumbnail/256/256/Bilder%20Videos/Camera/IMG_20200821_160149.jpg HTTP/1.1" 200 12837 "-" "Mozilla/5.0 (Android) Nextcloud-android/3.13.0"
So I did researches but couldn't find a solution for that problem and hope someone can give me an advice.
Thank you!
There's an example that does exactly what you want here. Try the various configurations from there.
nginx is an unnecessary middle man here, since you're using the Apache image. If you'd like to use nginx, stick to the -fpm image. If you do so, don't expose ports on the nextcloud service, this is supposed to happen entirely through nginx.
Finally, the issue you're seeing is usually a client_max_body_size problem. Check that your host isn't set to have a lower value for this, and maybe try setting it to 10G as in the examples instead of 0. 0 should disable the check, but in my experience that doesn't work as expected (and you probably should have a max size anyway).
If the examples don't help, share the nginx error log as well.
Well there's no config which fits my needs. I took at first the insecure apache one and after that runs, I looked for the secure methods, but they all depend on nginx proxy. So I tried to build a HTTPS-proxy for that apache build with nginx for an only local nextcloud. Yep, you're right, the expose was unnecessary, thanks!
And I set the client_max_body_size to 512MB, 1G, 10G, etc., but it simply doesn't work and the error persists.
The nginx error.log just says:
2020/10/17 17:04:41 [warn] 1#1: "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/nginx/ssl/cert.crt"
And in the access.log you can just find the infos, I already pasted in my initial post.
~~The access log and error logs are separate if I'm not mistaken.~~ Sorry, I'm blind...
You're supposed to see a message like:
*25019 client intended to send too large body: 3881539 bytes,
In the error log. Your configuration here is not the problem.
Have you verified you're not trying to run this image on a host that has other restrictions, i.e. by an nginx service running on a load balancer in-between? You could verify the image is working by pushing a file directly from the host with curl.
~~And besides, the configuration you're sharing still uses the Apache image and tries to put nginx on top of that. Is that really what you're trying to do? Why?~~ Nevermind! Wow, I'm sorry, in my defense it is late.
You're supposed to see a message like:
*25019 client intended to send too large body: 3881539 bytes,
In the error log. Your configuration here is not the problem.
That's not the case and I played around with the values without any success. The thing is, upload via browser is okay, I tested up to 1GB, so it normally can't be that for other clients it isn't working?
Have you verified you're not trying to run this image on a host that has other restrictions, i.e. by an nginx service running on a load balancer in-between? You could verify the image is working by pushing a file directly from the host with
curl.
Normally not, the build works just fine without the nginx proxy in-between, that's why I'm using it at the moment without nginx. There has to be something, which stops me from uploading bigger files than ~600MB only from the Windows Nextcloud client and Android client. But I don't know what and where to search anymore.
Also I don't know why there aren't some builds in the example with working Apache HTTPS. Maybe there's a reason for that?
The thing is, upload via browser is okay, I tested up to 1GB, so it normally can't be that for other clients it isn't working?
Is this browser running on the host?
Nope, on a Windows client, which is also running the Nextcloud client, which doesn't work at the same time.
Hi @andi448 - Trying to clear out some old issues. This one is ~4 years old. Hopefully you found a solution either yourself or through another channel.
I'm going to close this out here for the following reasons:
- age without additional reports (we'd have a lot at this point)
- seems to be a general troubleshooting matter rather than a bug in the image
- we have other examples these days: https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml
A good follow-up channel would probably be the Nextcloud Help Forum - https://help.nextcloud.com
