Reverse Proxy with Nextcloud

I have a Nextcloud server I got setup, but is showing up as not secure.
I have a cert from LetsEncrypt on the server, it looks like I need to add Cloudflares IP to the “trusted_proxies” in the config.php file. How do I find that?
I was also messing with the Cloudflare Orgin cert. Do I need to put that on my server as well?
Thanks!

You should have these lines in your Nextcloud’s config file:

  'trusted_proxies' => 
  array (
    0 => '10.42.0.0/16',
    1 => '103.21.244.0/22',
    2 => '103.22.200.0/22',
    3 => '103.31.4.0/22',
    4 => '104.16.0.0/12',
    5 => '108.162.192.0/18',
    6 => '131.0.72.0/22',
    7 => '141.101.64.0/18',
    8 => '162.158.0.0/15',
    9 => '172.64.0.0/13',
    10 => '173.245.48.0/20',
    11 => '188.114.96.0/20',
    12 => '190.93.240.0/20',
    13 => '197.234.240.0/22',
    14 => '198.41.128.0/17',
    15 => '2400:cb00::/32',
    16 => '2606:4700::/32',
    17 => '2803:f800::/32',
    18 => '2405:b500::/32',
    19 => '2405:8100::/32',
    20 => '2c0f:f248::/32',
  ),
  'forwarded_for_headers' => 
  array (
    0 => 'HTTP_CF_CONNECTING_IP',
  ),

If you already have Let’s Encrypt on the server, you won’t need the Origin certificate as well. Unless you want to replace your certificate with the Origin one that can have a 15 year expiration date.

1 Like

Thanks for the reply, is that the trusted_proxies array?
What exactly are all those addresses and where did you find them?

I just edited my reply since the first line got cut off.

Those addresses are from cloudflare.com/ips
They’re the addresses of the servers Cloudflare uses to connect to your site.

Ah, I see, thanks!
Unfortunately, I still can’t connect over HTTPS. Is there anything else I would be missing?
I am a bit confused why I only need the one Let’s Encrypt cert. My understanding is that secures from Cloudflare to server, but not Cloudflare to client.

For future reference, it looks like 10.42.0.0/16 is 104.24.0.0/14, and 104.16.0.0/12, 104.16.0.0/13, and there is the IPv6 address of 2a06:98c0::/29.

Are you saying your site wasn’t working with HTTPS before you added it to Cloudflare? You just said you had a cert from Let’s Encrypt on the server.

Yes, it does a cert from Let’s Encrypt. The server is running on Linode, I used the default add SSL cert from Lets Encrypt option when setting up.
It was never running without Cloudflare. The domain registrar was Cloudflare before the server was setup.

Give it a look without Cloudflare and see if you can track down why it’s not secure. Start with the “Pause Cloudflare on Site” option from the Overview tab for your domain at dash.cloudflare.com. The link is in the lower right corner of that page. Give it five minutes to take effect, then make sure site is working as expected with HTTPS. Only then should you un-pause Cloudflare and double-check your SSL/TLS setting to make sure it’s Full (Strict).

Hmm, still does not work. I take it my Let’s Encrypt cert is not working?

So it seems.

Thanks for the help! I was able to get it sorted out!

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.