Install Nginx as a Reverse Proxy on Fedora 27

travisdh1

@Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

@JaredBusch said in Install Nginx as a Reverse Proxy on Fedora 27:

Before you can request your SSL certificate, you have to have a valid configuration file in place listening on port 80.
Nginx stores the configuration files in /etc/nginx/conf.d/, so let's make our nextcloud.conf.
I am not going to go aver all the pieces here. If you want ot know more about what all these settings mean, go look them up.
Finally, this is a sample base don Nextcloud. Change it to fit your application needs.
The structure may look strange at first, but there is a method to my madness. It is based on how certbot --nginx works.

cat > /etc/nginx/conf.d/nextcloud.conf <<EOF
server {
    client_max_body_size 40M;
    server_name nc.domain.com;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_redirect off;
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://10.150.0.17;
        proxy_redirect off;
        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
##    ssl_stapling on;
##    ssl_stapling_verify on;
##    ssl_session_cache shared:SSL:10m;
##    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    listen 80;
}
##server {
##    client_max_body_size 40M;
#    listen 80;
##    server_name nc.domain.com;
##    return 301 https://$host$request_uri;
##}
EOF

NOTE: This is on purpose only one # while the others have two, # listen 80;.

Test the config

nginx -t

When I run this step, I get an error.

[root@nginx ~]# nginx -t
nginx: [emerg] invalid number of arguments in "proxy_set_header" directive in /etc/nginx/conf.d/nextcloud.conf:4
nginx: configuration file /etc/nginx/nginx.conf test failed

You've got the same thing in both the server { and location / { sections. If that's not a copy/paste error, remove them from the server { section.

Donahue

I figured out that step. Somehow it only pasted some of the arguments in there. I am still waiting on the DNS A record before I can move on

Donahue

@travisdh1 said in Install Nginx as a Reverse Proxy on Fedora 27:

@Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

@JaredBusch said in Install Nginx as a Reverse Proxy on Fedora 27:

Before you can request your SSL certificate, you have to have a valid configuration file in place listening on port 80.
Nginx stores the configuration files in /etc/nginx/conf.d/, so let's make our nextcloud.conf.
I am not going to go aver all the pieces here. If you want ot know more about what all these settings mean, go look them up.
Finally, this is a sample base don Nextcloud. Change it to fit your application needs.
The structure may look strange at first, but there is a method to my madness. It is based on how certbot --nginx works.

cat > /etc/nginx/conf.d/nextcloud.conf <<EOF
server {
    client_max_body_size 40M;
    server_name nc.domain.com;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_redirect off;
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://10.150.0.17;
        proxy_redirect off;
        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
##    ssl_stapling on;
##    ssl_stapling_verify on;
##    ssl_session_cache shared:SSL:10m;
##    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    listen 80;
}
##server {
##    client_max_body_size 40M;
#    listen 80;
##    server_name nc.domain.com;
##    return 301 https://$host$request_uri;
##}
EOF

NOTE: This is on purpose only one # while the others have two, # listen 80;.

Test the config

nginx -t

When I run this step, I get an error.

[root@nginx ~]# nginx -t
nginx: [emerg] invalid number of arguments in "proxy_set_header" directive in /etc/nginx/conf.d/nextcloud.conf:4
nginx: configuration file /etc/nginx/nginx.conf test failed

You've got the same thing in both the server { and location / { sections. If that's not a copy/paste error, remove them from the server { section.

that's not mine, that is from @JaredBusch

scottalanmiller

@Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

I figured out that step. Somehow it only pasted some of the arguments in there. I am still waiting on the DNS A record before I can move on

Why do you need an A record?

Donahue

@scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

@Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

I figured out that step. Somehow it only pasted some of the arguments in there. I am still waiting on the DNS A record before I can move on

Why do you need an A record?

I need an external DNS record. Certbot failed because it said it needed an A record.

scottalanmiller

@Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

@scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

@Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

I figured out that step. Somehow it only pasted some of the arguments in there. I am still waiting on the DNS A record before I can move on

Why do you need an A record?

I need an external DNS record. Certbot failed because it said it needed an A record.

OIC

Donahue

I've got to wait for my DNS provider to put in the record for me, which I am told will be done "sometime today". We will see, but I kinda doubt it.

scottalanmiller

@Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

I've got to wait for my DNS provider to put in the record for me, which I am told will be done "sometime today". We will see, but I kinda doubt it.

How long would it take to move to a good DNS provider?

scottalanmiller

Rhetorical question, answer is "about two hours."

JaredBusch

@scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

@Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

I've got to wait for my DNS provider to put in the record for me, which I am told will be done "sometime today". We will see, but I kinda doubt it.

How long would it take to move to a good DNS provider?

The problem is that his entire domain is apparently outsource and not in theri control. Or this would be trivial.

JaredBusch

@scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

Rhetorical question, answer is "about two hours."

And then 24 hours for replication

Donahue

So far, all of that external stuff has been under the "marketing" department, and I have no part of it. It also predates me at this company, probably by a decade. The marketing lady can be a PITA sometimes, so I don't want to step into that fire until I actually have to.

scottalanmiller

@JaredBusch said in Install Nginx as a Reverse Proxy on Fedora 27:

@scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

@Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

I've got to wait for my DNS provider to put in the record for me, which I am told will be done "sometime today". We will see, but I kinda doubt it.

How long would it take to move to a good DNS provider?

The problem is that his entire domain is apparently outsource and not in theri control. Or this would be trivial.

It's cutting off the outsourcing that I'm trying to fix

Donahue

@JaredBusch said in Install Nginx as a Reverse Proxy on Fedora 27:

client_max_body_size 40M;

One thing I just ran into was having to up this limit to be able to sync larger files. I would suggest flagging that in the first post so someone like me would know to change this if they work with larger files. I set mine to 16G. For some reason, this only effected the NC sync client, the browser upload as increased by other means.

brandon220

Trying to get this to work tonight. The nextcloud.conf is copied on the Nginx server. I changed the server_name and the proxy_pass. Everything else is unchanged. When I run the nginx-t to verify, it returns

nginx: [emerg] invalid number of arguments in "proxy_set_header" directive in /etc/nginx/conf.d/nextcloud.conf:4
nginx: configuration file /etc/nginx/nginx.conf test failed

I have researched for a few hours and cannot "see" where the issue is. I am in need of some guidance.

JaredBusch

@brandon220 said in Install Nginx as a Reverse Proxy on Fedora 27:

Trying to get this to work tonight. The nextcloud.conf is copied on the Nginx server. I changed the server_name and the proxy_pass. Everything else is unchanged. When I run the nginx-t to verify, it returns

nginx: [emerg] invalid number of arguments in "proxy_set_header" directive in /etc/nginx/conf.d/nextcloud.conf:4
nginx: configuration file /etc/nginx/nginx.conf test failed

I have researched for a few hours and cannot "see" where the issue is. I am in need of some guidance.

You likely missed a semicolon to close a line.

brandon220

@JaredBusch I looked at the config till my eyes went cross and didn’t notice that. I’ll check again later and see. I looked at the logs and they don’t really give any clues.

JaredBusch

@brandon220 said in Install Nginx as a Reverse Proxy on Fedora 27:

@JaredBusch I looked at the config till my eyes went cross and didn’t notice that. I’ll check again later and see. I looked at the logs and they don’t really give any clues.

That error you posted tells you that. On that line you didn’t close it, so it thinks you next line is another parameter of the command.

brandon220

The problem was the items such as $remote_addr did not copy at all. They were missing. The config passed. Did the certbot and all went fine. If I go to https://nc.domain.com the site loads properly. If I go to http://nc.domain.com the site redirects and loads fine. Both work and cert loads in browser. However, if I go to nc.domain.com, it returns a blank page and shows https://localhost in the browser. I have the fqdn set up on the NC server and the Nginx. Not sure where this is coming from.

brandon220

Another question:
When you access Nextcloud with https and the site check shows that everything passes

But, when you place it behind Nginx, it "breaks"

I am trying to understand what is happening behind the scenes to cause the error. Is anyone else seeing this happen on their instances?