Nexcloud behind a proxy: fixing mixed-content warnings with SSL
If you've setup Nextcloud to sit behind a proxy, you may encounter the following errors and find not all content loads correctly:
Content Security Policy: The page’s settings blocked the loading of a resource at http://cloud.myserver.com/core/img/background.jpg?v=20 (“img-src https://cloud.myserver.com data: blob:”). Content Security Policy: The page’s settings blocked the loading of a resource at http://cloud.myserver.com/core/img/logo.svg?v=20 (“img-src https://cloud.myserver.com data: blob:”).
Normally this means the proxy is configured for SSL but proxies to Nextcloud over HTTP rather than HTTPS, like this:
ProxyPass / http://126.96.36.199/ ProxyPassReverse / http://188.8.131.52/
Or, in NGINX, like this:
This configuration will terminate SSL on the proxy and have the proxy communicate with Nextcloud over HTTP. Since Nextcloud won't be configured to respond over HTTPS by default, all internal requests for content (like stylesheets, images, etc) will also be made over HTTP, resulting in mixed content warnings.
In order to resolve this, make the following changes to your Nextcloud
'overwrite.cli.url' => 'https://cloud.myserver.com', 'overwriteprotocol' => 'https',
Nextcloud will then ensure all requests are made and returned over
https:// rather than
http://, mitigating the mixed-content errors.
Note: Be aware, if you access Nextcloud internally via IP over HTTP, this will either a) give you SSL errors or b) not work at all - 443 is not configured by default, so it may refuse to connect when it forces, due to that setting, the connection from http:// to https://