view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
If my understanding of how "force SSL" works for most proxies, it just simply issues a HTTP 300 redirect message for all http traffic coming in on port 80. It then sends everything to port 443 https.
Do you get a 502 when you try to connect with the force SSL turned off? It might me less of an issue with SSL and more that your proxy is not pointing to the right host / port of your nextcloud server.
When I connect with it off, I am able to connect. If I use https://cloud... It connects, when I use http://cloud... The address bar changes to https and connects like normal.
It just feels weird using it with force SSL off, as if even though I'm always connecting with https I'm still leaking passwords
“Force SSL” forces your browser to redirect http://example.com to https://example.com, it doesn’t “force” SSL into the connection. As long as you’re connecting through HTTPS, the traffic is encrypted.
If your browser redirects you from http to https after you turn off Force SSL, there could be two things going on, both related to caching:
You can check both of these by clearing your browser cache for example.com (or in general).
Thanks for the reply, yeah that's what I thought it was meant to do, sorry for the confusion
Do you have any idea why setting it on would lead to "this page isn't redirecting properly" in firefox?
Usually it's due to the webapp not knowing that the request is actually already served under https by the reverse proxy, it think the request is still served over http so it issues a redirect to https, which leads to a redirect loop.
Alright that makes sense, do you know how to solve that if that webapp is nextcloud aio?
I'm not sure what happened in your setup, but here is how https handling should works:
HTTP_X_FORWARDED_PROTO
header to let the upstream server know that even though the request is over http, the end user actually served over https so it should assume the connection as httpsI think this chain is broken somewhere in your setup and cause nextcloud to not receive the
HTTP_X_FORWARDED_PROTO
header from nginx proxy.I just remember nextcloud has
trusted_proxies
option located inconfig/config.php
file. Not configuring it (or configured it wrong) can cause nextcloud to not trust theHTTP_X_FORWARDED_PROTO
header it received (it assumed to be spoofed).https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html