Tag Archives: ownCloud

Host ownCloud behind your nginx reverse proxy

If you’re like me your public IP space is limited (/28 in my case) and your hosting needs are diverse. Lot’s of websites behind my 1 nginx reverse proxy that you’re using right now to load this site’s content.

My configuration is pretty simple and really cool in my opinion. All of my SSL is terminated on my reverse proxy so I don’t have to manage certificates inside my network at all. While this configuration isn’t particularly exotic, I thought it might be worth sharing anyway. I bet someone will someday find good use from it:

server {
   listen  80;
   server_name     owncloud.example.net;
   rewrite ^       https://$server_name$request_uri? permanent;
}

server {
        listen       443;
        server_name  owncloud.example.net;

        ssl                  on;
        ssl_certificate      /etc/nginx/conf.d/ssl/owncloud.example.net.bundle.crt;
        ssl_certificate_key  /etc/nginx/conf.d/ssl/owncloud.example.net.key;
# Ridiculously high timeout due to long requests for uploads
        ssl_session_timeout  5m;

        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;

        access_log  /var/log/nginx/owncloud.example.net.log main;

        proxy_redirect  off;
        proxy_set_header        Host    $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_buffering         off;
        proxy_set_header Connection     "Keep-Alive";

# Allow uploads up to 16GB in size
        client_max_body_size    16000m;

# transparently handle requests to server root
        location / {
                rewrite ^ https://owncloud.example.net/owncloud$request_uri redirect;
        }

        location /owncloud {
# owncloud.example.local is your actual owncloud server inside your network
                proxy_pass http://owncloud.example.local:80/owncloud;
        }

}

This works, not only the web client but also the mobile and desktop clients. I put in the neat rewrite rule so that users can just type the server name and don’t have to get excited about the owncloud URI component. ownCloud is installed using default configurations on the internal server, no complex configurations or anything there. I love nginx reverse proxying.