Reverse Proxy for EGroupware and Nextcloud Problems

lendl · March 17, 2025, 3:51pm

Hi everyone,
I have a standard EGroupware installation (via Docker) running on a VM and now I want to install Nextcloud (also Docker) on it.
I have Nginx running as a reverse proxy on the VM, and it works fine for EGroupware, but I can’t get Nextcloud to work.
I keep getting a 404 not found.
Here is my /etc/egroupware-docker/nginx.conf

client_max_body_size 1g;

map $http_x_forwarded_proto $redirectscheme {
default $scheme;
https https;
}

server {
server_name myDNS.selfhost.bz;
root /var/www/html;

    index index.php index.nginx-debian.html index.html index.htm;

     location /nextcloud {
            proxy_pass http://127.0.0.1:8081;
            include proxy_params;
            # to allow longer running requests like eg. backup or restore
            proxy_read_timeout    60m;
            # required for push / websocket
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
    }

}

server {

    # ssl config (enable following line plus either include or ssl_certificate* line)
    #listen 443 ssl http2 default_server;
    #include snippets/snakeoil.conf;        # requires ssl-certs package installed!
    # concatenate private key, certificate and intermediate certs to /etc/ssl/private/certificate.pem
    #ssl_certificate /etc/ssl/private/certificate.pem;
    #ssl_certificate_key /etc/ssl/private/certificate.pem;
    # HTTP Strict-Transport-Security header (start with a short max-age!)
    #add_header Strict-Transport-Security max-age=31536000; # 31536000sec=1year

    # A free of charge ssl certificate can be obtained from https://letsencrypt.org
    # Instrunctions for Ubuntu 16.04 are eg. available at
    server_name myDNS.selfhost.bz;
    root /var/www/html;

    index index.php index.nginx-debian.html index.html index.htm;

    # include other EGroupware parts like Collabora
    include app.d/egroupware*.conf;

    # proxy into EGroupware container
    location /egroupware {
            proxy_pass http://127.0.0.1:8080;
            include proxy_params;
            # to allow longer running requests like eg. backup or restore
            proxy_read_timeout    60m;
            # required for push / websocket
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
    }

    # PHP in docroot
    #location ~ \.php {
    #       fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    #       include fastcgi_params;
    #}
   location = /status {
    proxy_pass http://127.0.0.1:8080;
    include proxy_params;
}

    # ActiveSync support
    location /Microsoft-Server-ActiveSync {
            proxy_pass http://127.0.0.1:8080;
            include proxy_params;
            # RB changed to 60m (from 20m) because that is length of zPush ping requests
            proxy_read_timeout    60m;
    }
    # CalDAV/CardDAV & OpenID Connect autoconfig
    location ~ ^/.well-known/(caldav|carddav|openid-configuration)$ {
            proxy_pass http://127.0.0.1:8080;
    include proxy_params;
    }
    location ~ ^(/principals/users/.*)$ {
            return 301 $redirectscheme://$host/egroupware/groupdav.php$1;
    }
    # Nginx does NOT use index for OPTIONS requests breakng WebDAV
    # for Windows, which sends OPTIONS / and stalls on Nginx 405 response!
    # This also redirects all requests to root to EGroupware.
    location = / {
            return 301 $redirectscheme://$host/egroupware/index.php;
    }
    # redirect /egroupware to /egroupware/
    location = /egroupware {
            return 301 $redirectscheme://$host/egroupware/index.php;
    }

listen 443 http2 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/myDNS.selfhost.bz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/myDNS.selfhost.bz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
if ($host = myDNS.selfhost.bz) {
return 301 https://$host$request_uri;
} # managed by Certbot

    listen 80 default_server;

    server_name myDNS.selfhost.bz;
return 404; # managed by Certbot

}

The first “Server” Section ist the one I made, the rest ist from the EGroupware installation.

I can get the nextcloud at localhost:8081, but anything else fails.

Can anybody help me?

Thanks a lot
Michael

Damian_Curry · March 17, 2025, 7:23pm

It looks like the first server block is missing a listen directive, so the request is getting caught by the default_server block and returning a 404 error. Assuming you want the nextcloud to be available via HTTP, adding the line listen 80; under the line server_name mnDNS.selfhost.bz; should fix the issue.

s.miller · March 19, 2025, 6:13pm

Moving this thread to the Troubleshooting category.

lendl · March 31, 2025, 11:53am

I’ve tried a few things, but I can’t get it to work.
The EGroupware configuration works perfectly, both on the host and externally. I just can’t access Nextcloud.

The main difference is that EGroupware is accessible at localhost:8080/egroupware, but Nextcloud is directly accessible at localhost:8081.

All my attempts so far have been unsuccessful. I couldn’t make Nextcloud accessible via Docker at localhost:8081/nextcloud, and nginx doesn’t seem to like it without /nextcloud.

Maybe someone has an idea before I finally give up…

Here’s the current nginx.conf again:

#/etc/nginx/sites-available/egroupware.conf
#need to be symlinked to /etc/nginx/sites-enabled/ and nginx -s reload (after removing default!)
#stuff for http block
client_max_body_size 1g;
#redirects needs to use X-Forwarded-Proto too
map $http_x_forwarded_proto $redirectscheme {
default $scheme;
https https;
}
server {

    server_name myDomain.selfhost.bz;
    root /var/www/html;

    index index.php index.nginx-debian.html index.html index.htm;

    # include other EGroupware parts like Collabora
    include app.d/egroupware*.conf;

    # proxy into EGroupware container
    location /egroupware {
            proxy_pass http://127.0.0.1:8080;
            include proxy_params;
            # to allow longer running requests like eg. backup or restore
            proxy_read_timeout    60m;
            # required for push / websocket
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
    }

#this should be for the Nextcloud
location /nextcloud {
proxy_pass http://127.0.0.1:8081;
include proxy_params;
# to allow longer running requests like eg. backup or restore
proxy_read_timeout 60m;
# required for push / websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “Upgrade”;
}

    #fpm-status page (need to be enabled in egroupware:/etc/php/*/pool.d/www.conf: pm.status_path=/status
    location = /status {
    proxy_pass http://127.0.0.1:8080;
    include proxy_params;
}
    # ActiveSync support
    location /Microsoft-Server-ActiveSync {
            proxy_pass http://127.0.0.1:8080;
            include proxy_params;
            # RB changed to 60m (from 20m) because that is length of zPush ping requests
            proxy_read_timeout    60m;
    }
    # CalDAV/CardDAV & OpenID Connect autoconfig
    location ~ ^/.well-known/(caldav|carddav|openid-configuration)$ {
            proxy_pass http://127.0.0.1:8080;
    include proxy_params;
    }
    location ~ ^(/principals/users/.*)$ {
            return 301 $redirectscheme://$host/egroupware/groupdav.php$1;
    }
    # Nginx does NOT use index for OPTIONS requests breakng WebDAV
    # for Windows, which sends OPTIONS / and stalls on Nginx 405 response!
    # This also redirects all requests to root to EGroupware.
    location = / {
            return 301 $redirectscheme://$host/egroupware/index.php;
    }
    # redirect /egroupware to /egroupware/
    location = /egroupware {
            return 301 $redirectscheme://$host/egroupware/index.php;
    }
    location = /nextcloud {
            return 301 $redirectscheme://$host/apps/index.php;
    }
listen 443 http2 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/myDomain.selfhost.bz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/myDomain.selfhost.bz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
if ($host = myDomain.selfhost.bz) {
return 301 https://$host$request_uri;
} # managed by Certbot

    listen 80 default_server;

    server_name myDomain.selfhost.bz;
return 404; # managed by Certbot

}

Thanx a lot
Michael

Topic		Replies	Views
Collabora & Nextcloud -> NGINX & Local Domains & Arambian & NanoPi R4S ARM64 "How Do I...?" reverse-proxy	1	26	April 14, 2025
Can someone help me creating NGINX with https "How Do I...?" docker , reverse-proxy	5	122	April 29, 2025
Reverse proxy return "NOT Found" Troubleshooting reverse-proxy	3	107	March 7, 2025
How to debug SSL_do_handshake() failed errors Troubleshooting reverse-proxy	3	95	March 24, 2025
How to use "Https" URLs as upstream backend services "How Do I...?" reverse-proxy	1	101	February 28, 2025

Reverse Proxy for EGroupware and Nextcloud Problems

Related topics