Install Nginx as a Reverse Proxy on Fedora 27



  • @JaredBusch said in Install Nginx as a Reverse Proxy on Fedora 27:

    Before you can request your SSL certificate, you have to have a valid configuration file in place listening on port 80.
    Nginx stores the configuration files in /etc/nginx/conf.d/, so let's make our nextcloud.conf.
    I am not going to go aver all the pieces here. If you want ot know more about what all these settings mean, go look them up.
    Finally, this is a sample base don Nextcloud. Change it to fit your application needs.
    The structure may look strange at first, but there is a method to my madness. It is based on how certbot --nginx works.

    cat > /etc/nginx/conf.d/nextcloud.conf <<EOF
    server {
        client_max_body_size 40M;
        server_name nc.domain.com;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_redirect off;
        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_pass http://10.150.0.17;
            proxy_redirect off;
            # Socket.IO Support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    ##    ssl_stapling on;
    ##    ssl_stapling_verify on;
    ##    ssl_session_cache shared:SSL:10m;
    ##    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
        listen 80;
    }
    ##server {
    ##    client_max_body_size 40M;
    #    listen 80;
    ##    server_name nc.domain.com;
    ##    return 301 https://$host$request_uri;
    ##}
    EOF
    

    NOTE: This is on purpose only one # while the others have two, # listen 80;.

    Test the config

    nginx -t
    

    When I run this step, I get an error.

    [[email protected] ~]# nginx -t
    nginx: [emerg] invalid number of arguments in "proxy_set_header" directive in /etc/nginx/conf.d/nextcloud.conf:4
    nginx: configuration file /etc/nginx/nginx.conf test failed
    


  • @Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

    @JaredBusch said in Install Nginx as a Reverse Proxy on Fedora 27:

    Before you can request your SSL certificate, you have to have a valid configuration file in place listening on port 80.
    Nginx stores the configuration files in /etc/nginx/conf.d/, so let's make our nextcloud.conf.
    I am not going to go aver all the pieces here. If you want ot know more about what all these settings mean, go look them up.
    Finally, this is a sample base don Nextcloud. Change it to fit your application needs.
    The structure may look strange at first, but there is a method to my madness. It is based on how certbot --nginx works.

    cat > /etc/nginx/conf.d/nextcloud.conf <<EOF
    server {
        client_max_body_size 40M;
        server_name nc.domain.com;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_redirect off;
        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_pass http://10.150.0.17;
            proxy_redirect off;
            # Socket.IO Support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    ##    ssl_stapling on;
    ##    ssl_stapling_verify on;
    ##    ssl_session_cache shared:SSL:10m;
    ##    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
        listen 80;
    }
    ##server {
    ##    client_max_body_size 40M;
    #    listen 80;
    ##    server_name nc.domain.com;
    ##    return 301 https://$host$request_uri;
    ##}
    EOF
    

    NOTE: This is on purpose only one # while the others have two, # listen 80;.

    Test the config

    nginx -t
    

    When I run this step, I get an error.

    [[email protected] ~]# nginx -t
    nginx: [emerg] invalid number of arguments in "proxy_set_header" directive in /etc/nginx/conf.d/nextcloud.conf:4
    nginx: configuration file /etc/nginx/nginx.conf test failed
    

    You've got the same thing in both the server { and location / { sections. If that's not a copy/paste error, remove them from the server { section.



  • I figured out that step. Somehow it only pasted some of the arguments in there. I am still waiting on the DNS A record before I can move on



  • @travisdh1 said in Install Nginx as a Reverse Proxy on Fedora 27:

    @Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

    @JaredBusch said in Install Nginx as a Reverse Proxy on Fedora 27:

    Before you can request your SSL certificate, you have to have a valid configuration file in place listening on port 80.
    Nginx stores the configuration files in /etc/nginx/conf.d/, so let's make our nextcloud.conf.
    I am not going to go aver all the pieces here. If you want ot know more about what all these settings mean, go look them up.
    Finally, this is a sample base don Nextcloud. Change it to fit your application needs.
    The structure may look strange at first, but there is a method to my madness. It is based on how certbot --nginx works.

    cat > /etc/nginx/conf.d/nextcloud.conf <<EOF
    server {
        client_max_body_size 40M;
        server_name nc.domain.com;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_redirect off;
        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_pass http://10.150.0.17;
            proxy_redirect off;
            # Socket.IO Support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    ##    ssl_stapling on;
    ##    ssl_stapling_verify on;
    ##    ssl_session_cache shared:SSL:10m;
    ##    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
        listen 80;
    }
    ##server {
    ##    client_max_body_size 40M;
    #    listen 80;
    ##    server_name nc.domain.com;
    ##    return 301 https://$host$request_uri;
    ##}
    EOF
    

    NOTE: This is on purpose only one # while the others have two, # listen 80;.

    Test the config

    nginx -t
    

    When I run this step, I get an error.

    [[email protected] ~]# nginx -t
    nginx: [emerg] invalid number of arguments in "proxy_set_header" directive in /etc/nginx/conf.d/nextcloud.conf:4
    nginx: configuration file /etc/nginx/nginx.conf test failed
    

    You've got the same thing in both the server { and location / { sections. If that's not a copy/paste error, remove them from the server { section.

    that's not mine, that is from @JaredBusch



  • @Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

    I figured out that step. Somehow it only pasted some of the arguments in there. I am still waiting on the DNS A record before I can move on

    Why do you need an A record?



  • @scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

    @Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

    I figured out that step. Somehow it only pasted some of the arguments in there. I am still waiting on the DNS A record before I can move on

    Why do you need an A record?

    I need an external DNS record. Certbot failed because it said it needed an A record.



  • @Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

    @scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

    @Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

    I figured out that step. Somehow it only pasted some of the arguments in there. I am still waiting on the DNS A record before I can move on

    Why do you need an A record?

    I need an external DNS record. Certbot failed because it said it needed an A record.

    OIC



  • I've got to wait for my DNS provider to put in the record for me, which I am told will be done "sometime today". We will see, but I kinda doubt it.



  • @Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

    I've got to wait for my DNS provider to put in the record for me, which I am told will be done "sometime today". We will see, but I kinda doubt it.

    How long would it take to move to a good DNS provider?



  • Rhetorical question, answer is "about two hours."



  • @scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

    @Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

    I've got to wait for my DNS provider to put in the record for me, which I am told will be done "sometime today". We will see, but I kinda doubt it.

    How long would it take to move to a good DNS provider?

    The problem is that his entire domain is apparently outsource and not in theri control. Or this would be trivial.



  • @scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

    Rhetorical question, answer is "about two hours."

    And then 24 hours for replication 😛



  • So far, all of that external stuff has been under the "marketing" department, and I have no part of it. It also predates me at this company, probably by a decade. The marketing lady can be a PITA sometimes, so I don't want to step into that fire until I actually have to.



  • @JaredBusch said in Install Nginx as a Reverse Proxy on Fedora 27:

    @scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

    @Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

    I've got to wait for my DNS provider to put in the record for me, which I am told will be done "sometime today". We will see, but I kinda doubt it.

    How long would it take to move to a good DNS provider?

    The problem is that his entire domain is apparently outsource and not in theri control. Or this would be trivial.

    It's cutting off the outsourcing that I'm trying to fix 🙂



  • @JaredBusch said in Install Nginx as a Reverse Proxy on Fedora 27:

    client_max_body_size 40M;
    

    One thing I just ran into was having to up this limit to be able to sync larger files. I would suggest flagging that in the first post so someone like me would know to change this if they work with larger files. I set mine to 16G. For some reason, this only effected the NC sync client, the browser upload as increased by other means.



  • Trying to get this to work tonight. The nextcloud.conf is copied on the Nginx server. I changed the server_name and the proxy_pass. Everything else is unchanged. When I run the nginx-t to verify, it returns

    nginx: [emerg] invalid number of arguments in "proxy_set_header" directive in /etc/nginx/conf.d/nextcloud.conf:4
    nginx: configuration file /etc/nginx/nginx.conf test failed

    I have researched for a few hours and cannot "see" where the issue is. I am in need of some guidance.



  • @brandon220 said in Install Nginx as a Reverse Proxy on Fedora 27:

    Trying to get this to work tonight. The nextcloud.conf is copied on the Nginx server. I changed the server_name and the proxy_pass. Everything else is unchanged. When I run the nginx-t to verify, it returns

    nginx: [emerg] invalid number of arguments in "proxy_set_header" directive in /etc/nginx/conf.d/nextcloud.conf:4
    nginx: configuration file /etc/nginx/nginx.conf test failed

    I have researched for a few hours and cannot "see" where the issue is. I am in need of some guidance.

    You likely missed a semicolon to close a line.



  • @JaredBusch I looked at the config till my eyes went cross and didn’t notice that. I’ll check again later and see. I looked at the logs and they don’t really give any clues.



  • @brandon220 said in Install Nginx as a Reverse Proxy on Fedora 27:

    @JaredBusch I looked at the config till my eyes went cross and didn’t notice that. I’ll check again later and see. I looked at the logs and they don’t really give any clues.

    That error you posted tells you that. On that line you didn’t close it, so it thinks you next line is another parameter of the command.



  • The problem was the items such as $remote_addr did not copy at all. They were missing. The config passed. Did the certbot and all went fine. If I go to https://nc.domain.com the site loads properly. If I go to http://nc.domain.com the site redirects and loads fine. Both work and cert loads in browser. However, if I go to nc.domain.com, it returns a blank page and shows https://localhost in the browser. I have the fqdn set up on the NC server and the Nginx. Not sure where this is coming from.



  • Another question:
    When you access Nextcloud with https and the site check shows that everything passes

    passed.PNG

    But, when you place it behind Nginx, it "breaks"

    fail.PNG

    I am trying to understand what is happening behind the scenes to cause the error. Is anyone else seeing this happen on their instances?



  • @brandon220 said in Install Nginx as a Reverse Proxy on Fedora 27:

    Another question:
    When you access Nextcloud with https and the site check shows that everything passes

    passed.PNG

    But, when you place it behind Nginx, it "breaks"

    fail.PNG

    I am trying to understand what is happening behind the scenes to cause the error. Is anyone else seeing this happen on their instances?

    This is not broken. it is simply a warnign about something..

    What do you mean broken?



  • @JaredBusch I should not have said "broken". It is not causing any issues that I can see. Just not sure what changes that makes it give the warning. Is this one to ignore?



  • @brandon220 said in Install Nginx as a Reverse Proxy on Fedora 27:

    @JaredBusch I should not have said "broken". It is not causing any issues that I can see. Just not sure what changes that makes it give the warning. Is this one to ignore?

    Read the message.

    It says that it does not see a configuration related to LetsEncrypt.

    If you are using a proxy, the proxy handles the cert.



  • @brandon220 said in Install Nginx as a Reverse Proxy on Fedora 27:

    @JaredBusch I should not have said "broken". It is not causing any issues that I can see. Just not sure what changes that makes it give the warning. Is this one to ignore?

    Purely a warning, and not really a good one. It doesn't apply to you, so that makes it a bad warning.



  • @brandon220 said in Install Nginx as a Reverse Proxy on Fedora 27:

    Another question:
    When you access Nextcloud with https and the site check shows that everything passes

    passed.PNG

    But, when you place it behind Nginx, it "breaks"

    fail.PNG

    I am trying to understand what is happening behind the scenes to cause the error. Is anyone else seeing this happen on their instances?

    If you want to remove that warning, add the following in the server block

    location = /.well-known/carddav {
          return 301 $scheme://$host/remote.php/dav;
        }
        location = /.well-known/caldav {
          return 301 $scheme://$host/remote.php/dav;
        }