The Dual Kingdom Setup: Nginx + Apache Nextcloud Harmony
- Atul
- Technology , Web , Free software , The big o community , Nextcloud , Self hosting , Apache , Nginx
- May 28, 2025
Table of Contents
The Dual Kingdom Setup: Nginx + Apache Nextcloud Harmony
๐ฐ The Dual Kingdom Setup: Nginx + Apache Nextcloud Harmony
Why choose between kingdoms when you can rule them both? Let Nginx be the gatekeeper and Apache be the Nextcloud specialist! โ๏ธ๐ค
๐ญ Chapter 1: The Master Plan
The Strategy:
- ๐ฐ Nginx (Port 80/443) - The main fortress, handling all incoming requests
- ๐๏ธ Apache (Port 8080) - The Nextcloud specialist, running your cloud
- ๐ Reverse Proxy - Nginx forwards
cloud.thebigocommunity.orgto Apache
๐ Internet โ ๐ฐ Nginx (80/443) โ ๐๏ธ Apache (8080) โ โ๏ธ Nextcloud
๐ง Chapter 2: Revive the Apache Kingdom
๐ Wake Up Apache (But on a Different Port!)
# Check if Apache is installed but just stopped
sudo systemctl status apache2
# If stopped, don't start it yet! We need to configure first
# sudo systemctl start apache2 # DON'T DO THIS YET!
# If not installed, install it
sudo apt update
sudo apt install apache2 php libapache2-mod-php
โ๏ธ Configure Apache to Use Port 8080
# Edit Apache ports configuration
sudo nano /etc/apache2/ports.conf
Change the ports.conf file:
# /etc/apache2/ports.conf
# Listen on port 8080 instead of 80
Listen 8080
<IfModule ssl_module>
Listen 8443
</IfModule>
<IfModule mod_gnutls.c>
Listen 8443
</IfModule>
๐๏ธ Configure Your Nextcloud Apache Site
# Edit your existing Nextcloud Apache configuration
sudo nano /etc/apache2/sites-available/nextcloud.conf
Nextcloud Apache Configuration:
# /etc/apache2/sites-available/nextcloud.conf
<VirtualHost *:8080>
ServerName cloud.thebigocommunity.org
DocumentRoot /var/www/html/nextcloud
# Enable required modules for Nextcloud โจ
<Directory /var/www/html/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
# Security headers (though Nginx will add more) ๐ก๏ธ
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "no-referrer"
# Logs for debugging ๐
ErrorLog ${APACHE_LOG_DIR}/nextcloud_error.log
CustomLog ${APACHE_LOG_DIR}/nextcloud_access.log combined
# PHP configuration for large file uploads ๐ค
php_value upload_max_filesize 16G
php_value post_max_size 16G
php_value max_input_time 3600
php_value max_execution_time 3600
php_value memory_limit 512M
</VirtualHost>
๐ Find Your Existing Nextcloud Installation
# Let's find where your Nextcloud is hiding
find /var/www -name "config.php" -path "*/nextcloud/config/*" 2>/dev/null
find /var/www -name "index.php" -path "*/nextcloud*" 2>/dev/null
# Check common locations
ls -la /var/www/html/nextcloud/ 2>/dev/null
ls -la /var/www/nextcloud/ 2>/dev/null
ls -la /var/www/html/ | grep -i next 2>/dev/null
๐ Update DocumentRoot in Apache Config
Once you find your Nextcloud directory, update the Apache config:
# If Nextcloud is in /var/www/html/nextcloud
sudo sed -i 's|DocumentRoot /var/www/nextcloud|DocumentRoot /var/www/html/nextcloud|g' /etc/apache2/sites-available/nextcloud.conf
# If it's somewhere else, edit manually
sudo nano /etc/apache2/sites-available/nextcloud.conf
๐ Chapter 3: Launch Apache Nextcloud Service
โจ Enable Required Apache Modules
# Enable essential modules for Nextcloud
sudo a2enmod rewrite
sudo a2enmod headers
sudo a2enmod env
sudo a2enmod dir
sudo a2enmod mime
sudo a2enmod ssl
# Enable your Nextcloud site
sudo a2ensite nextcloud.conf
# Disable default site on port 8080 if it exists
sudo a2dissite 000-default.conf
# Test Apache configuration
sudo apache2ctl configtest
๐ Start Apache Kingdom
# Start Apache on port 8080
sudo systemctl start apache2
sudo systemctl enable apache2
# Check if it's running correctly
sudo systemctl status apache2
# Test Apache is responding on port 8080
curl -I http://localhost:8080
๐ฐ Chapter 4: Configure Nginx Reverse Proxy
๐ฏ Create Nginx Configuration for Nextcloud Proxy
# Create the Nginx proxy configuration
sudo nano /etc/nginx/sites-available/nextcloud-proxy
The Ultimate Nginx โ Apache Proxy Configuration:
# /etc/nginx/sites-available/nextcloud-proxy
# The bridge between kingdoms! ๐
server {
listen 80;
server_name cloud.thebigocommunity.org;
# Redirect HTTP to HTTPS ๐
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name cloud.thebigocommunity.org;
# SSL Configuration ๐
ssl_certificate /etc/letsencrypt/live/cloud.thebigocommunity.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.thebigocommunity.org/privkey.pem;
# Modern SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
# Security headers ๐ก๏ธ
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "no-referrer" always;
# Increase upload size for large files ๐ค
client_max_body_size 16G;
client_body_timeout 300s;
client_body_buffer_size 512k;
# Proxy settings for Apache backend ๐
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
# Important for Nextcloud! ๐ฏ
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect off;
# Timeouts for large file operations โฑ๏ธ
proxy_connect_timeout 60s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
# Buffer settings for better performance ๐
proxy_buffering on;
proxy_buffer_size 8k;
proxy_buffers 32 8k;
proxy_busy_buffers_size 16k;
}
# Special handling for WebDAV (Nextcloud sync) ๐ฑ
location ~* ^/remote\.php/(dav|webdav|caldav|carddav) {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
# WebDAV specific headers ๐๏ธ
proxy_set_header Destination $http_destination;
proxy_set_header Authorization $http_authorization;
proxy_pass_request_headers on;
# Longer timeouts for sync operations
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
# Well-known paths for clients ๐
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# Let's Encrypt ACME challenge ๐
location /.well-known/acme-challenge {
root /var/www/html;
try_files $uri $uri/ =404;
}
# Logging for debugging ๐
access_log /var/log/nginx/nextcloud-proxy.access.log;
error_log /var/log/nginx/nextcloud-proxy.error.log;
}
๐ Enable Nginx Proxy Configuration
# Enable the proxy site
sudo ln -s /etc/nginx/sites-available/nextcloud-proxy /etc/nginx/sites-enabled/
# Remove any conflicting configurations
sudo rm -f /etc/nginx/sites-enabled/default
# Test Nginx configuration
sudo nginx -t
# If test passes, reload Nginx
sudo systemctl reload nginx
๐ Chapter 5: SSL Certificate Quest
๐ฏ Get SSL Certificate for Your Domain
# Install Certbot if needed
sudo apt install certbot python3-certbot-nginx
# Get SSL certificate
sudo certbot --nginx -d cloud.thebigocommunity.org
# Test auto-renewal
sudo certbot renew --dry-run
โ๏ธ Chapter 6: Nextcloud Configuration Updates
๐ง Update Nextcloud Trusted Domains
# Find your Nextcloud config directory
find /var/www -name "config.php" -path "*/nextcloud/config/*" 2>/dev/null
# Edit the config (replace path with your actual path)
sudo nano /var/www/nextcloud/config/config.php
Update the trusted_domains section:
<?php
$CONFIG = array (
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'cloud.thebigocommunity.org',
2 => '127.0.0.1:8080', // Add this for direct Apache access
),
// Add these lines for proper proxy handling ๐
'trusted_proxies' => array('127.0.0.1'),
'overwritehost' => 'cloud.thebigocommunity.org',
'overwriteprotocol' => 'https',
'overwritewebroot' => '',
'overwrite.cli.url' => 'https://cloud.thebigocommunity.org',
// ... rest of your config
);
๐งช Chapter 7: Testing Your Dual Kingdom
๐ Test Everything Works
# Test Apache directly (should work)
curl -I http://localhost:8080
# Test Nginx proxy (should redirect to HTTPS)
curl -I http://cloud.thebigocommunity.org
# Test final HTTPS endpoint
curl -I https://cloud.thebigocommunity.org
# Check service status
sudo systemctl status nginx
sudo systemctl status apache2
๐ Browser Test
- Go to
https://cloud.thebigocommunity.org - You should see your Nextcloud login page! ๐
- Login and check that everything works as expected
๐ฑ Test Mobile Apps
- Try connecting with Nextcloud mobile apps
- Use the URL:
https://cloud.thebigocommunity.org
๐จ Chapter 8: Troubleshooting Common Issues
๐ง If Nextcloud Shows “Trusted Domain” Error
# Add your domain to trusted domains
sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 1 --value=cloud.thebigocommunity.org
๐ Check Logs for Issues
# Nginx proxy logs
sudo tail -f /var/log/nginx/nextcloud-proxy.error.log
# Apache Nextcloud logs
sudo tail -f /var/log/apache2/nextcloud_error.log
# Nextcloud logs
sudo tail -f /var/www/nextcloud/data/nextcloud.log
๐ Port Conflicts Check
# Make sure no other service is using port 8080
sudo netstat -tuln | grep :8080
sudo lsof -i :8080
๐ฅ If Apache Won’t Start on Port 8080
# Check what's using port 8080
sudo ss -tlnp | grep :8080
# Check Apache error logs
sudo tail -f /var/log/apache2/error.log
# Try a different port (like 8081) if needed
sudo sed -i 's/8080/8081/g' /etc/apache2/ports.conf
sudo sed -i 's/8080/8081/g' /etc/apache2/sites-available/nextcloud.conf
sudo sed -i 's/8080/8081/g' /etc/nginx/sites-available/nextcloud-proxy
๐ฏ Chapter 9: Performance Optimization
โก Apache Performance Tuning
# Edit Apache configuration
sudo nano /etc/apache2/apache2.conf
Add these optimizations:
# Performance settings for Nextcloud ๐
<IfModule mpm_prefork_module>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxRequestWorkers 256
MaxConnectionsPerChild 0
</IfModule>
# Enable compression
LoadModule deflate_module modules/mod_deflate.so
<Location />
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \
\.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
</Location>
๐ Nginx Optimization
Add to your Nginx config:
# Inside http block in /etc/nginx/nginx.conf
client_body_buffer_size 512k;
client_max_body_size 16G;
proxy_buffering on;
proxy_buffer_size 8k;
proxy_buffers 32 8k;
๐ Chapter 10: Victory Celebration!
โ Your Dual Kingdom is Now Live!
You now have the best of both worlds:
- ๐ฐ Nginx handling SSL/TLS, security headers, and acting as a powerful reverse proxy
- ๐๏ธ Apache doing what it does best - serving your Nextcloud with all its PHP magic
- ๐ Seamless integration that users never see
- ๐ก๏ธ Enhanced security with Nginx as the front-facing fortress
- ๐ Better performance with optimized proxy settings
๐ Quick Status Check Commands
# Check both services
sudo systemctl status nginx apache2
# Monitor real-time logs
sudo tail -f /var/log/nginx/nextcloud-proxy.access.log /var/log/apache2/nextcloud_access.log
# Test the complete chain
curl -IL https://cloud.thebigocommunity.org
๐ What You’ve Achieved:
- โ Nextcloud running on Apache (port 8080)
- โ Nginx reverse proxy (port 443)
- โ SSL/TLS encryption
- โ Security headers
- โ Large file upload support
- โ WebDAV/CalDAV/CardDAV support
- โ Mobile app compatibility
Your Nextcloud kingdom is restored and more powerful than ever! The dual monarchy of Nginx and Apache shall serve your cloud for ages to come! ๐โ๏ธโจ
๐ Pro Tips:
- Both services run independently - if one goes down, you can troubleshoot separately
- Apache handles all Nextcloud-specific stuff (PHP, .htaccess rules, etc.)
- Nginx handles modern web stuff (HTTP/2, SSL, security, caching)
- Perfect for scaling - you can add more Apache instances later and load balance them through Nginx!
