Scenario:
In an Ubuntu server, NextCloud has been setup following the steps shown in the tutorial How to configure Nextcloud using Docker.
Following domain has been registered pointing to the public IP of the Ubuntu server.
cloudnepal.ddns.net
Steps to setup a free SSL certificate from letsencrypt for the above domain:
1. Update package repositories.
apt update -y
2. Install the necessary Linux packages.
apt-get install apache2 certbot python3-certbot-apache
Note: Along with other packages, we are also installing Apache to run on port 80 on the Linux server. This is required to obtain the SSL certificates.
3. Run the following command to only obtain the certificates. Rest of the configuration will be done manually.
certbot certonly --apache
During this process, user will be asked to input the domain name for the SSL certificate. Enter your domain name:
cloudnepal.ddns.net
Certificates will be installed in following directory: /etc/letsencrypt/live/cloudnepal.ddns.net/
4. Enable following apache2 modules
a2enmod proxy proxy_http ssl rewrite headers
After enabling the SSL module, a default configuration file will be available at /etc/apache2/sites-available/default-ssl.conf .
5. Edit the default SSL configuration file.
vim /etc/apache2/sites-available/default-ssl.conf
Update the file with following code:
<IfModule mod_ssl.c>
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
<VirtualHost *:443>
ServerAdmin its@cloudnepal.ddns.net
#Update with your email account
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/cloudnepal.ddns.net/cert.pem
#Update with path to your SSL Certificate
SSLCertificateChainFile /etc/letsencrypt/live/cloudnepal.ddns.net/chain.pem
#Update with path to your SSL Certificate Chain FIle
SSLCertificateKeyFile /etc/letsencrypt/live/cloudnepal.ddns.net/privkey.pem
#Update with path to your private Key
ProxyPreserveHost On
ProxyPass / http://localhost:4000/
#The above command will proxy the connections received on port 443 to port 4000 which will forward the request to the Docker container running the Apache web server.
ProxyPassReverse / http://localhost:4000/
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
Save and exit
6. Enable the configuration file
cd /etc/apache2/sites-available/
a2ensite default-ssl.conf
7. To forward http to https, edit the default configuration file for http
vim /etc/apache2/sites-enabled/000-default.conf
Update the file with following code:
<VirtualHost *:80>
ServerName cloudnepal.ddns.net
#Update with your domain name
ServerAdmin its@cloudnepal.ddns.net
#Update with your email account
DocumentRoot /var/www/html
Redirect permanent / https://cloudnepal.ddns.net
#Update with your domain name
# The above code will redirect the requests from http to https
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
8. Restart Apache server
systemctl restart apache2
The final part is to update nextcloud's configuration file to force https
9. Enter the docker container running the nextcloud web server
docker exec -it nextsrv bash
10. Edit the config.php file
vim /var/www/html/config/config.php
( Note: Containers by default do not have vim. Before running the above command run the following command to install vim: apt update -y && apt install -y vim )
Add following lines to the config file
'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://cloudnepal.ddns.net'
#Update with your domain name
Save and exit
Done !