body” and “underscores_in_headers” lines for your NextCloud
server’s benefit.
The {location} block determines where the redirection goes.
It can be almost as complex as the {server} block, but in the case
of NextCloud, it’s mercifully simple, comprising just a single line
of code:
location / {
proxy_pass https://192.168.x.y:32770;
}
D>> Substitute “https://192.168.x.y:32770” with your
NextCloud server’s internal IP address and the port
number you’re using to communicate with it securely.
Save, test, and restart nginix, as outlined in step 5.
>> If you followed our guide to setting up NextCloudPi
in our November issue, you’ll also need to log into the
NextCloudPi admin panel (https://192.168.x.y:4443) and
add your subdomain or DDNS domain to “nc-trusted-
domains” under “Config.” Now go to “nc-forward-ports”
under “Networking,” and change the port for HTTPS
from 443 to your chosen port [Image D]. Ignore any
references to DDNS providers—everything is handled
by your reverse proxy.
>> All you need to do now is add a new rule to your
router’s port-forwarding section to direct traffic from
your chosen external por t to the equivalent internal por t
on your reverse proxy’s IP address, and you’re ready to
connect remotely, both through your web browser and
any client apps you have. Congratulations, you’ve got
your first server up and running. We’ll look at more
configurations next issue, or you can Google the name
of your desired server and “nginx” to track down specific
instructions and help for other setups.- ENTER LISTENING PORT
This section defines which port your
reverse proxy is listening on—plus
what protocols it’s listening for:
typically SSL and HTTP2. - DEFINE TRUSTED SERVER
Enter your domain name nex t to the
“server_name” component. If you
planned to use multiple subdomains
(such as nextcloud.domain.com,
bitwarden.domain.com, and so on), you
could use this to redirect each one to the
correct server.
3. HARDEN SECURITY
The “ssl_protocols” flag enables you
to ensure only specific cr yptogr aphic
protocols can access your servers.
Add TLSv1.0 and TLSv1.1 only if your
server doesn’t support the minimum
recommended version (TLSv1.2).
4. OPTIONAL ADD-ONS
Not all server commands are security-
related. These two commands
help ensure your reverse proxy
communicates correctly with the
NextCloud server in step 8, below.
5. SSL CERTIFICATE
This section is crucial—it needs to
be present in each {server} block
to provide the location of your Let’s
Encrypt certificate files to validate any
external connection.
6. FURTHER SECURITY
These final lines provide additional
security: OCSP scaling (ssltrusted
certificate through to resolver) and
HSTS, which forces all communication
with the server through a web browser
to be performed using HTTPS.
CONSTRUCT YOUR SERVER{} BLOCK
1 2 3 4 5 6maximumpc.com JAN 2020 MAXIMUMPC 59