?i»?
Your IP : 3.21.246.168
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Reverse proxy configuration — Nextcloud 13 Administration Manual 13 documentation</title>
<link rel="stylesheet" href="../_static/" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../_static/main.min.css" type="text/css" />
<link rel="stylesheet" href="../_static/styles.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
VERSION: '13',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<script type="text/javascript" src="../_static/js/jquery-1.11.0.min.js"></script>
<script type="text/javascript" src="../_static/js/jquery-fix.js"></script>
<script type="text/javascript" src="../_static/bootstrap-3.1.0/js/bootstrap.min.js"></script>
<script type="text/javascript" src="../_static/bootstrap-sphinx.js"></script>
<link rel="top" title="Nextcloud 13 Administration Manual 13 documentation" href="../contents.html" />
<link rel="up" title="Server configuration" href="index.html" />
<link rel="next" title="Using third party PHP components" href="thirdparty_php_configuration.html" />
<link rel="prev" title="Hardening and security guidance" href="harden_server.html" />
<meta charset='utf-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="theme-color" content="#1d2d44">
</head>
<body role="document">
<div class="wrap container not-front">
<div class="content row">
<main class="main">
<div class="row">
<div class="col-md-3">
<div class="sidebar">
<h1>Nextcloud 13 Administration Manual</h1>
<div class="sidebar-search">
<form class="headersearch" action="../search.html" method="get">
<input type="text" value="" name="q" id="q" class="form-control" />
<button class="btn btn-default" type="submit" id="searchsubmit">Search</button>
</form>
</div>
<div class="menu-support-container">
<ul id="menu-support" class="menu">
<ul>
<li><a href="../contents.html">Table of Contents</a></li>
</ul>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../index.html">Introduction</a></li>
<li class="toctree-l1"><a class="reference internal" href="../release_notes.html">Release notes</a></li>
<li class="toctree-l1"><a class="reference internal" href="../installation/index.html">Installation</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">Server configuration</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="security_setup_warnings.html">Warnings on admin page</a></li>
<li class="toctree-l2"><a class="reference internal" href="occ_command.html">Using the occ command</a></li>
<li class="toctree-l2"><a class="reference internal" href="activity_configuration.html">Configuring the activity app</a></li>
<li class="toctree-l2"><a class="reference internal" href="caching_configuration.html">Configuring memory caching</a></li>
<li class="toctree-l2"><a class="reference internal" href="background_jobs_configuration.html">Defining background jobs</a></li>
<li class="toctree-l2"><a class="reference internal" href="config_sample_php_parameters.html">Config.php Parameters</a></li>
<li class="toctree-l2"><a class="reference internal" href="email_configuration.html">Email configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="external_sites.html">Linking external sites</a></li>
<li class="toctree-l2"><a class="reference internal" href="language_configuration.html">Language configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="logging_configuration.html">Logging configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="harden_server.html">Hardening and security guidance</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="">Reverse proxy configuration</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#defining-trusted-proxies">Defining trusted proxies</a></li>
<li class="toctree-l3"><a class="reference internal" href="#overwrite-parameters">Overwrite parameters</a></li>
<li class="toctree-l3"><a class="reference internal" href="#example">Example</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="thirdparty_php_configuration.html">Using third party PHP components</a></li>
<li class="toctree-l2"><a class="reference internal" href="automatic_configuration.html">Automatic configuration setup</a></li>
<li class="toctree-l2"><a class="reference internal" href="server_tuning.html">Server tuning</a></li>
<li class="toctree-l2"><a class="reference internal" href="theming.html">Theming</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_user/index.html">User management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_files/index.html">File sharing and management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../file_workflows/index.html">File workflows</a></li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_database/index.html">Database configuration</a></li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_mimetypes/index.html">Mimetypes management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../maintenance/index.html">Maintenance</a></li>
<li class="toctree-l1"><a class="reference internal" href="../issues/index.html">Issues and troubleshooting</a></li>
</ul>
</ul>
</div>
</div>
</div>
<div class="col-md-9">
<div class="page-content">
<ul class="prevnext-title list-unstyled list-inline">
<li class="prev">
<a href="harden_server.html" title="Previous Chapter: Hardening and security guidance"><span class="glyphicon glyphicon-chevron-left visible-sm"></span><span class="hidden-sm">« Hardening and security guidance</span>
</a>
</li>
<li class="next">
<a href="thirdparty_php_configuration.html" title="Next Chapter: Using third party PHP components"><span class="glyphicon glyphicon-chevron-right visible-sm"></span><span class="hidden-sm">Using third party PHP components »</span>
</a>
</li>
</ul>
<div class="section" id="reverse-proxy-configuration">
<h1>Reverse proxy configuration<a class="headerlink" href="#reverse-proxy-configuration" title="Permalink to this headline">¶</a></h1>
<p>Nextcloud can be run through a reverse proxy, which can cache static assets such
as images, CSS or JS files, move the load of handling HTTPS to a different
server or load balance between multiple servers.</p>
<div class="section" id="defining-trusted-proxies">
<h2>Defining trusted proxies<a class="headerlink" href="#defining-trusted-proxies" title="Permalink to this headline">¶</a></h2>
<p>For security, you must explicitly define the proxy servers that Nextcloud is to
trust. Connections from trusted proxies will be specially treated to get the
real client information, for use in access control and logging. Parameters are
configured in <code class="file docutils literal"><span class="pre">config/config.php</span></code></p>
<p>Set the <strong>trusted_proxies</strong> parameter as an array of IP address to define the
servers Nextcloud should trust as proxies. This parameter provides protection
against client spoofing, and you should secure those servers as you would your
Nextcloud server.</p>
<p>A reverse proxy can define HTTP headers with the original client IP address,
and Nextcloud can use those headers to retrieve that IP address. Nextcloud uses
the de-facto standard header ‘X-Forwarded-For’ by default, but this can be
configured with the <strong>forwarded_for_headers</strong> parameter. This parameter is an
array of PHP lookup strings, for example ‘X-Forwarded-For’ becomes
‘HTTP_X_FORWARDED_FOR’. Incorrectly setting this parameter may allow clients
to spoof their IP address as visible to Nextcloud, even when going through the
trusted proxy! The correct value for this parameter is dependent on your
proxy software.</p>
</div>
<div class="section" id="overwrite-parameters">
<h2>Overwrite parameters<a class="headerlink" href="#overwrite-parameters" title="Permalink to this headline">¶</a></h2>
<p>The automatic hostname, protocol or webroot detection of Nextcloud can fail in
certain reverse proxy situations. This configuration allows the automatic detection
to be manually overridden.</p>
<p>If Nextcloud fails to automatically detect the hostname, protocol or webroot
you can use the <strong>overwrite</strong> parameters inside the <code class="file docutils literal"><span class="pre">config/config.php</span></code>.
The <strong>overwritehost</strong> parameter is used to set the hostname of the proxy. You
can also specify a port. The <strong>overwriteprotocol</strong> parameter is used to set the
protocol of the proxy. You can choose between the two options <strong>http</strong> and
<strong>https</strong>. The <strong>overwritewebroot</strong> parameter is used to set the absolute web
path of the proxy to the Nextcloud folder. When you want to keep the automatic
detection of one of the three parameters you can leave the value empty or don’t
set it. The <strong>overwritecondaddr</strong> parameter is used to overwrite the values
dependent on the remote address. The value must be a <strong>regular expression</strong> of
the IP addresses of the proxy. This is useful when you use a reverse SSL proxy
only for https access and you want to use the automatic detection for http
access.</p>
</div>
<div class="section" id="example">
<h2>Example<a class="headerlink" href="#example" title="Permalink to this headline">¶</a></h2>
<div class="section" id="multiple-domains-reverse-ssl-proxy">
<h3>Multiple domains reverse SSL proxy<a class="headerlink" href="#multiple-domains-reverse-ssl-proxy" title="Permalink to this headline">¶</a></h3>
<p>If you want to access your Nextcloud installation <strong>http://domain.tld/nextcloud</strong>
via a multiple domains reverse SSL proxy
<strong>https://ssl-proxy.tld/domain.tld/nextcloud</strong> with the IP address <strong>10.0.0.1</strong>
you can set the following parameters inside the <code class="file docutils literal"><span class="pre">config/config.php</span></code>.</p>
<div class="highlight-python"><div class="highlight"><pre><?php
$CONFIG = array (
'trusted_proxies' => ['10.0.0.1'],
'overwritehost' => 'ssl-proxy.tld',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/domain.tld/nextcloud',
'overwritecondaddr' => '^10\.0\.0\.1$',
);
</pre></div>
</div>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">If you want to use the SSL proxy during installation you have to
create the <code class="file docutils literal"><span class="pre">config/config.php</span></code> otherwise you have to extend the existing
<strong>$CONFIG</strong> array.</p>
</div>
</div>
</div>
</div>
<ul class="prevnext-title list-unstyled list-inline">
<li class="prev">
<a href="harden_server.html" title="Previous Chapter: Hardening and security guidance"><span class="glyphicon glyphicon-chevron-left visible-sm"></span><span class="hidden-sm">« Hardening and security guidance</span>
</a>
</li>
<li class="next">
<a href="thirdparty_php_configuration.html" title="Next Chapter: Using third party PHP components"><span class="glyphicon glyphicon-chevron-right visible-sm"></span><span class="hidden-sm">Using third party PHP components »</span>
</a>
</li>
</ul>
</div>
</div>
</div>
</main>
</div>
</div>
</body>
</html>