Redirecionamento de endereço Nginx / mudança de nome

2

Eu fiz um servidor nextcloud e quero que ele esteja disponível através do meu servidor proxy reverso Nginx com um endereço www.domain.com/name.

Eu usei diferentes tutoriais para ter o Nexcloud com o servidor da Web NGinx (em vez do apache)

O que eu fiz :

  • Nome do servidor Nexcloud: 192.168.1.111
  • Endereço Nginx: www.domain.com/nextcloud

O que eu espero :

Clique em www.domain.com/nextcloud e entre no servidor nextcloud sem nunca ver o https: // ip

O que eu consegui :

  • link
  • www.domain.com/nextcloud funciona, mas mostra ip

Estou impressionado com o que procurar, verificando se há uma opção no nginx para manter seu endereço, mas não consigo concluir nada, estou correndo em círculos, qualquer sugestão seria ótima.

Configuração do Nexcloud:

# upstream php-handler {
#    server 127.0.0.1:9000;
#    #server unix:/var/run/php5-fpm.sock;
# }

server {
    listen 8080;
    server_name 192.168.1.111;
    return 301 https://$server_name$request_uri; }

server {
    listen 443 ssl;
    server_name 192.168.1.111;
    root /var/www/nextcloud;

    ssl on;
    ssl_certificate /etc/ssl/certs/www.opeq.biz.crt;
    ssl_certificate_key /etc/ssl/private/www.opeq.biz.key;
    ssl_session_timeout 5m;
    ssl_ciphers               'AES128+EECDH:AES128+EDH:!aNULL';
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    access_log  /var/log/nginx/nextcloud.access.log;
    error_log   /var/log/nginx/nextcloud.error.log;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }

    client_max_body_size 10G;
    fastcgi_buffers 64 4K;
    gzip off;

    error_page 403 /nextcloud/core/templates/403.php;
    error_page 404 /nextcloud/core/templates/404.php;
    location / {
        rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/)
{
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        access_log off;
    }

    location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        access_log off;
    }

   location ~ /\.ht {
    deny all;   } }

Nextcloud config.php:

<?php
$CONFIG = array (
  'instanceid' => 'stuff',
  'passwordsalt' => 'more stuff',
  'secret' => 'even more stuff',
  'trusted_domains' => 
  array (
    0 => '192.168.1.111',
    1 => 'domain.com',
    2 => 'share',
    3 => 'nextcloud',
  ),
  'trusted_proxies' => ['192.168.1.5'],
  'datadirectory' => '/home/nextcloud',
  'dbtype' => 'mysql',
  'version' => '11.0.1.2',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'admin-nextcloud',
  'dbpassword' => 'password',
  'logtimezone' => 'UTC',
  'installed' => true,
  'memcache.local' => '\OC\Memcache\APCu',
  'memcache.locking' => '\OC\Memcache\Redis',
  'filelocking.enabled' => 'true',
  'redis' => 
  array (
    'host' => '/var/run/redis/redis.sock',
    'port' => 0,
    'timeout' => 0.0,
  ),
  'htaccess.RewriteBase' => '/',
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => '\OCA\User_LDAP\LDAPProviderFactory',
);

Configuração do NGINX:

server {
     listen 80;
     return 301 https://$host$request_uri; }

 server {

     listen 443;
     server_name nginx.domain.com;

     ssl_certificate           /etc/nginx/ssl/www.domain.com.crt;
     ssl_certificate_key       /etc/nginx/ssl/www.domain.com.key;

     ssl on;
     ssl_session_cache  builtin:1000  shared:SSL:10m;
     ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
     ssl_prefer_server_ciphers on;

     access_log            /var/log/nginx/domain.access.log;

      error_page 404 /custom_404.html;
      location = /custom_404.html {
               root /usr/share/nginx/html;
               internal;
      }

      error_page 500 502 503 504 /custom_50x.html;
      location = /custom_50x.html {
              root /usr/share/nginx/html;
              internal;
      }

     location /nextcloud/ {

 #      proxy_pass        http:// 192.168.1.111:8080/;
       proxy_redirect      http:// 192.168.1.111:8080 https:// 192.168.1.111;

       proxy_set_header        Host $host;
       proxy_set_header        X-Real-IP $remote_addr;
 #      proxy_set_header        X-NginX-Proxy true;
       proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header        X-Forwarded-Proto $scheme;
 #      proxy_set_header X-Forwarded-For $remote_addr;
         proxy_headers_hash_max_size 512;
         proxy_headers_hash_bucket_size 64;

       add_header Front-End-Https on;
       # Fix the “It appears that your reverse proxy set up is broken" error.
 #      proxy_read_timeout  90;

      }

Eu tenho alguns outros sites no proxy que funcionam. Apenas o Nextcloud tem esse problema.

EDIT: Voltei novamente ao apache e, mesmo com uma instalação limpa, recebo o mesmo problema. Se eu pegar a regra Rewrite / Engine / Cond /, eu posso acessar o site com o bom nome, mas apenas a página padrão do apache. Se eu adicionar o módulo de reescrita, ele para. Ainda tentando descobrir.

    
por Carobell 24.02.2017 / 17:06

1 resposta

0

Eu usei o Nextcloud com o Nginx por um tempo, mas achei que funcionou melhor para mim no Apache e eu acabei de voltar. No entanto, salvei a configuração do servidor Nginx que usei recentemente e isso é testado e funciona com o Nextcloud 11 em execução no 16.04.

Eu removi algumas das personalizações de TLS que eu uso, e este exemplo redireciona example.com para www.example.com, veiculando Nextcloud do domínio raiz e não do diretório / nextcloud. Eu também alterei o tamanho máximo de upload para 1Gb (GB?).

Espero que isso ajude:

upstream php-handler {
  server unix:/run/php/php7.0-fpm.sock;
}


server {

  # The basics
  listen 80;
  server_name example.com www.example.com;

  # Redirect HTTP > HTTPS
  return 301 https://$server_name$request_uri;

}

server {

  # The basics
  listen 443 ssl http2;
  server_name example.com;

  # HTTPS
  ssl_certificate /path/to/cert.pem;
  ssl_certificate_key /path/to/key.pem;

  # Redirect no-www to www
  return 301 https://www.example.com$request_uri;

}

server {

  # The basics
  server_name www.example.com;
  root /var/www/example.com;
  index index.html;

  # HTTPS
  listen 443 ssl http2;
  ssl_certificate /path/to/cert.pem;
  ssl_certificate_key /path/to/key.pem;

  # Security
  server_tokens off;
  add_header X-Content-Type-Options nosniff;
  add_header X-Frame-Options "SAMEORIGIN";
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Robots-Tag none;
  add_header X-Download-Options noopen;
  add_header X-Permitted-Cross-Domain-Policies none;
  # Disallow accessing dotfiles ('/.well-known/' is allowed)
  location ~* /\.(?!well-known\/) {
    deny all;
  }
  # Prevent clients from accessing to backup/config/source files
  location ~* (?:\.(?:build|tests|config|lib|3rdparty|templates|data|bak|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$ {
    deny all;
  }

  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

  location = /.well-known/carddav { 
    return 301 $scheme://$host/remote.php/dav; 
  }

  location = /.well-known/caldav { 
    return 301 $scheme://$host/remote.php/dav; 
  }

  # Max upload size
  client_max_body_size 1G;
  fastcgi_buffers 64 4K;
  gzip off;

  error_page 403 /core/templates/403.php;
  error_page 404 /core/templates/404.php;

  location / {
    rewrite ^ /index.php$uri;
  }

  location ~^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
    include fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    #Avoid sending the security headers twice
    fastcgi_param modHeadersAvailable true;
    fastcgi_param front_controller_active true;
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
    fastcgi_request_buffering off;
  }

  location ~ ^/(?:updater|ocs-provider)(?:$|/) {
    try_files $uri/ =404;
    index index.php;
  }

  location ~* \.(?:css|js)$ {
    try_files $uri /index.php$uri$is_args$args;
    add_header Cache-Control "public, max-age=7200";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    # Optional: Don't log access to assets
    access_log off;
  }

  location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
    try_files $uri /index.php$uri$is_args$args;
    access_log off;
  }

}
    
por Tom Brossman 27.02.2017 / 15:01