How to Configure HAProxy for Docker-based Nextcloud AIO

Purpose

Configure HAProxy on pfSense to terminate SSL and securely reverse-proxy public HTTPS traffic to an internal Docker Nextcloud AIO server behind your firewall.


1. HAProxy Package Installation on pfSense

On pfSense, go to:


2. Create SSL Certificate (or Import)

In pfSense:


3. HAProxy Settings

Go to Services → HAProxy and configure:

Global Settings

Frontend (Public Side)

Name: frontend-https Bind address: WAN Address (or "any") Port: 443 Type: SSL Offloading (HTTPS) SSL Certificate: [Select imported Let's Encrypt or custom cert] 

Actions:

Optional:


4. HAProxy Backend (Internal Docker Host)

Name: backend-nextcloud Mode: HTTP (or HTTPS if you terminate SSL at the container) Server list: Name: nextcloud-docker Address: 192.168.100.19 Port: 11000 Health Check Method: HTTP-OPTIONS 

Important Backend Options:


5. Nextcloud Trusted Proxy Configuration

On the Nextcloud server, we modified the trusted proxies:

sudo docker exec -it nextcloud-aio-nextcloud bash cd /var/www/html/config nano config.php 

Add or verify these lines inside config.php:

'trusted_proxies' => ['192.168.100.1'], 'overwritehost' => 'nextcloud.mydomain.com', 'overwriteprotocol' => 'https', 'overwrite.cli.url' => 'https://nextcloud.mydomain.com', 

Note: Replace 192.168.100.1 with your pfSense LAN IP if different.


6. Restart Docker Nextcloud Container

docker restart nextcloud-aio-nextcloud 

✅ Summary


🛠️ Additional Notes


Revision #3
Created 27 April 2025 02:52:47 by joliveira
Updated 27 April 2025 03:01:13 by joliveira