Maximum PC - UK (2020-01)

(Antfer) #1

body” and “underscores_in_headers” lines for your NextCloud
server’s benefit.




The {location} block determines where the redirection goes.
It can be almost as complex as the {server} block, but in the case
of NextCloud, it’s mercifully simple, comprising just a single line
of code:
location / {
proxy_pass https://192.168.x.y:32770;
}




D

>> Substitute “https://192.168.x.y:32770” with your
NextCloud server’s internal IP address and the port
number you’re using to communicate with it securely.
Save, test, and restart nginix, as outlined in step 5.
>> If you followed our guide to setting up NextCloudPi
in our November issue, you’ll also need to log into the
NextCloudPi admin panel (https://192.168.x.y:4443) and
add your subdomain or DDNS domain to “nc-trusted-
domains” under “Config.” Now go to “nc-forward-ports”
under “Networking,” and change the port for HTTPS
from 443 to your chosen port [Image D]. Ignore any
references to DDNS providers—everything is handled
by your reverse proxy.
>> All you need to do now is add a new rule to your
router’s port-forwarding section to direct traffic from
your chosen external por t to the equivalent internal por t
on your reverse proxy’s IP address, and you’re ready to
connect remotely, both through your web browser and
any client apps you have. Congratulations, you’ve got
your first server up and running. We’ll look at more
configurations next issue, or you can Google the name
of your desired server and “nginx” to track down specific
instructions and help for other setups.


  1. ENTER LISTENING PORT
    This section defines which port your
    reverse proxy is listening on—plus
    what protocols it’s listening for:
    typically SSL and HTTP2.

  2. DEFINE TRUSTED SERVER
    Enter your domain name nex t to the
    “server_name” component. If you
    planned to use multiple subdomains
    (such as nextcloud.domain.com,
    bitwarden.domain.com, and so on), you
    could use this to redirect each one to the
    correct server.
    3. HARDEN SECURITY
    The “ssl_protocols” flag enables you
    to ensure only specific cr yptogr aphic
    protocols can access your servers.
    Add TLSv1.0 and TLSv1.1 only if your
    server doesn’t support the minimum
    recommended version (TLSv1.2).
    4. OPTIONAL ADD-ONS
    Not all server commands are security-
    related. These two commands
    help ensure your reverse proxy
    communicates correctly with the
    NextCloud server in step 8, below.
    5. SSL CERTIFICATE
    This section is crucial—it needs to
    be present in each {server} block
    to provide the location of your Let’s
    Encrypt certificate files to validate any
    external connection.
    6. FURTHER SECURITY
    These final lines provide additional
    security: OCSP scaling (ssltrusted
    certificate through to resolver) and
    HSTS, which forces all communication
    with the server through a web browser
    to be performed using HTTPS.


CONSTRUCT YOUR SERVER{} BLOCK


1 2 3 4 5 6

maximumpc.com JAN 2020 MAXIMUMPC 59

Free download pdf