Nextcloud on apache and nginx as reverse proxy + SSL

Question

I'm having a headache with Apache and Nginx. When I think one is working the other one doesn't and vice versa...

To explain it a bit guy:

I have a server with Nextcloud "installed" on it which is working with Apache2 and MySQL.

I have a Raspberry PI With Nginx on it which is acting as a reverse proxy.

I had this setup working before when it was not a clean one so I ripped off everything and started again with hopefully a clean config.

Router 80/443 => Nginx RP => Nextcloud

I tryed numerous configuration files and documentations and now I'm getting stuck with:

502 Bad Gateway nginx/1.10.3

No matter what changes I make to Apache or Nginx I still get the same message...

Here is my Nginx reverse Config file:

server {

    listen rproxy_IP:80;
    server_name cloud.domain.com;
    return 301 https://$server_name$request_uri;
}

server {

    listen rproxy_IP:443 ssl;
    server_name cloud.domain.com;

    #Log storage
    access_log /var/log/nginx/cloud.domain.access.log;
    error_log /var/log/nginx/cloud.domain.error.log;

    #SSL Configurations
    ssl on;
    ssl_certificate /etc/nginx/ssl/crt.crt;
    ssl_certificate_key /etc/nginx/ssl/key.key;
    ssl_stapling on;
    ssl_stapling_verify on;

    location / {

        add_header Front-End-Https       on;
        proxy_headers_hash_max_size      512;
        proxy_headers_hash_bucket_size   64;
        proxy_set_header                 Host $host;
        proxy_set_header                 X-Forwarded-Proto $scheme;
        proxy_set_header                 X-Real-IP $remote_addr;
        proxy_set_header                 X-Forwarded-For $proxy_add_x_forwarded_for;

        # whatever the IP of your cloud server is
        proxy_pass                       https://nextcloud_IP;
    }
}

When I look at the logs I get this:

2018/08/27 13:42:25 [error] 19756#19756: *1 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: **Public_IP**, server: **cloud.domain.com**, request: "GET / HTTP/1.1", upstream: "https://**nextcloud_IP**:443/", host: "**cloud.domain.com**"

I'm having trouble to understand this because before this morning I had the same exact config and I had no problem.

And now here is my Apache config for Nextcloud:

    
 DocumentRoot "/var/www/nextcloud"
 ServerName cloud.domain.com

Redirect permanent / https://cloud.domain.com/
Alias cloud.domain.com /var/www/nextcloud
 ErrorLog ${APACHE_LOG_DIR}/error.log
 CustomLog ${APACHE_LOG_DIR}/access.log combined


 Options +FollowSymlinks
 AllowOverride All

 
 Dav off
 

 SetEnv HOME /var/www/nextcloud
 SetEnv HTTP_HOME /var/www/nextcloud
 Satisfy Any

And here are the Apache logs:

[Mon Aug 27 13:21:19.874269 2018] [mpm_prefork:notice] [pid 36967] AH00169: caught SIGTERM, shutting down
[Mon Aug 27 13:21:20.899777 2018] [mpm_prefork:notice] [pid 37263] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Aug 27 13:21:20.899811 2018] [core:notice] [pid 37263] AH00094: Command line: '/usr/sbin/apache2'

I have to mention I use a wildcard.

Router have 80/443 forwarding to the reverse proxy Reverse proxy get the http and "upscale" it to https and then forward the request to Apache-Nextcloud. Certificate works well.

Please Help me guys I don't understand what I'm doing wrong or what doesn't work and why it doesn't. Please tell me if you need more info. I cannot disclose the domain name, the internal IP and the Public IP as you can understand.

Thanks in advance for your answers.

mindfl · Accepted Answer

If I clearly understood your schema, then you have:

Client -> Router (NAT) -> Nginx (http/https) -> Apache (http)

And you have 502 error because you are trying to proxy_pass request to 443 Apache port which doesn't exist.

I think you should fix your proxy_pass string like this:

proxy_pass http://nextcloud_IP;

Nextcloud on apache and nginx as reverse proxy + SSL

Answers (2)

Related Questions