Hi,
I have a NAS called ruby on which I have a nextcloud instance. I also have a VPS called blueberry to route the traffic to the NAS.
I use tailscale, with a custom dns to access ruby from the VPS through ruby.infra.my.domain.
I want to access nextcloud with drive.my.domain which points to the VPS, and then proxy that to ruby at ruby.infra.my.domain/nextcloud.
Ruby is running Nixos (blueberry is not but at some point I will make the switch), and I have the following config for nextcloud :
services.nextcloud = {
enable = true;
hostName = "nextcloud";
settings =
let
prot = "https";
host = "ruby.infra.my.domain";
dir = "/nextcloud";
in
{
overwriteprotocol = prot;
overwritehost = host;
overwritewebroot = dir;
overwrite.cli.url = "${prot}://${host}/${dir}/";
htaccess.RewriteBase = dir;
trusted_proxies = ["100.64.0.5"];
};
};
services.nginx = {
enable = true;
virtualHosts."nextcloud".listen = [
{
addr = "127.0.0.1";
port = 9001; # NOT an exposed port
}
];
virtualHosts."ruby.infra.my.domain" = {
locations."/nextcloud/" = {
priority = 9999;
extraConfig = ''
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto http;
proxy_pass http://127.0.0.1:9001/; # tailing / is important!
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
'';
};
};
};
The nginx file in blueberry
server {
server_name drive.my.domain;
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/my.domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.domain/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
keepalive_timeout 70;
location / {
proxy_pass https://ruby.infra.my.domain/nextcloud/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $server_name;
proxy_redirect http:// https://;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
}
}
The issue is that drive.my.domain redirect my to ruby.infra.my.domain/nextcloud which is not what I want (I want people not having tailscale, like my familly, being able to access it).
Do you have any idea of how to do it ?
Thanks