How to Configure HAProxy for Docker-based Nextcloud AIO

Purpose

Configure HAProxy to act as a secure reverse proxy for services like Nextcloud AIO inside Docker containers.

---

1. Install HAProxy

sudo apt update sudo apt install haproxy -y 

---

2. Edit the HAProxy Configuration

Open and edit the HAProxy config file:

sudo nano /etc/haproxy/haproxy.cfg 

Add or modify the following:

Frontend Configuration

frontend https_front bind *:443 ssl crt /etc/ssl/private/my-certificate.pem mode http option forwardfor option http-server-close default_backend nextcloud_backend 

Backend Configuration

backend nextcloud_backend mode http server nextcloud 127.0.0.1:11000 check 

Adjust the certificate path and internal ports to match your deployment. 11000 is used by Nextcloud AIO Apache container by default.

---

3. Obtain and Place Certificates

Use Let's Encrypt or your internal CA to generate certificates. Combine fullchain and private key into a single .pem file:

cat fullchain.pem privkey.pem > /etc/ssl/private/my-certificate.pem 

Make sure permissions are secure:

sudo chmod 600 /etc/ssl/private/my-certificate.pem 

---

4. Restart HAProxy

sudo systemctl restart haproxy 

Check that it’s running:

sudo systemctl status haproxy 

---

5. Verify Access

Access your Nextcloud instance over HTTPS and verify the secure connection works:

• Check browser padlock.
• Ensure your Nextcloud instance shows HTTPS correctly in "Settings > Overview".

---

✅ Summary

• HAProxy terminates SSL at the proxy.
• Certificates must be correctly formatted (.pem combined file).
• Forward traffic internally to Docker containers using private ports (e.g., 11000 for Nextcloud AIO Apache).
• Secure permissions on certificates to avoid access issues.
• After updates to HAProxy config or certificates, restart the service.