[Solved] HAProxy -> Nextcloud ==> "Bad Request"

PaulePils · June 20, 2022, 03:27:10 PM

Hallo zusammen,

ich habe vor kurzem mein Heimnetzwerk mit einer OPNSense ausgebaut/erweitert und wollte in diesem Zuge weitere Umbauten vornehmen.
Dabei bin ich hier im Forum auf folgendes Tutorial gestoßen: https://forum.opnsense.org/index.php?topic=23339.0
Nach ein paar Anfangsschwierigkeiten und Verständnishürden beim Einrichten hänge ich nun daran, dass meine Nextcloud nicht mehr von extern erreichbar ist.... Ich habe bereits in mehreren Foren nach Lösungen gesucht, aber bisher nichts gefunden. Irgendwie steh ich auf dem Schlauch, welche Einstellungen ich anpassen muss, damit es wieder läuft.

Aus dem internen Netz wird automatisch auf Port 80 umgeleitet, der HAProxy funktioniert also.

Über Android & mobile Daten erhalte ich folgende Fehlermeldung:

QuoteBad Request
Your Browser sent a request that this server could not understand
Apache/2.4.41 (Ubuntu) Server at nextcloud.atw.dedyn.io Port 80

Mein Netzaufbau: ISP -> Kabelmodem (TC-4400) -> OPNSense -> Proxmox -> LXC (Ubuntu) Nextcloud

HAProxy config:

Code Select


#
# Automatically generated configuration.
# Do not edit this file manually.
#

global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbproc                      1
    nbthread                    4
    hard-stop-after             60s
    no strict-limits
    maxconn                     10000
    tune.ssl.default-dh-param   4096
    spread-checks               2
    tune.bufsize                16384
    tune.lua.maxmem             0
    log                         /var/run/log local0 info
    lua-prepend-path            /tmp/haproxy/lua/?.lua

defaults
    log     global
    option redispatch -1
    maxconn 5000
    timeout client 30s
    timeout connect 30s
    timeout server 30s
    retries 3
    default-server init-addr last,libc
    default-server maxconn 5000

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats




# Frontend: 0_SNI_frontend (Listening on 0.0.0.0:80, 0.0.0.0:443)
frontend 0_SNI_frontend
    bind 0.0.0.0:80 name 0.0.0.0:80 
    bind 0.0.0.0:443 name 0.0.0.0:443 
    mode tcp
    default_backend SSL_backend
    # tuning options
    timeout client 30s

    # logging options

# Frontend: 1_HTTP_frontend (Listening on 127.4.4.3:80)
frontend 1_HTTP_frontend
    bind 127.4.4.3:80 name 127.4.4.3:80 accept-proxy 
    mode http
    option http-keep-alive
    option forwardfor
    # tuning options
    timeout client 30s

    # logging options
    # ACL: NoSSL_condition
    acl acl_62a76f360f0732.68695084 ssl_fc

    # ACTION: HTTPtoHTTPS_rule
    http-request redirect scheme https code 301 if !acl_62a76f360f0732.68695084

# Frontend: 2_HTTPS_frontend (Listening on 127.4.4.3:443)
frontend 2_HTTPS_frontend
    http-response set-header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
    bind 127.4.4.3:443 name 127.4.4.3:443 accept-proxy ssl curves secp384r1  no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/62a772caaae308.49400660.certlist 
    mode http
    option http-keep-alive
    option forwardfor
    # tuning options
    timeout client 15m

    # logging options

    # ACTION: PUBLIC_SUBDOMAINS_map-rule
    # NOTE: actions with no ACLs/conditions will always match
    use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/62a76fbf29df39.71162057.txt)] 

# Backend: SSL_backend ()
backend SSL_backend
    # health checking is DISABLED
    mode tcp
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m  
    stick on src
    # tuning options
    timeout connect 30s
    timeout server 30s
    server SSL_server 127.4.4.3 send-proxy-v2 check-send-proxy

# Backend: Nextcloud_backend ()
backend Nextcloud_backend
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m  
    stick on src
    # tuning options
    timeout connect 30s
    timeout server 30s
    http-reuse safe
    server Nextcloud nextcloud.atw.dedyn.io send-proxy-v2 check-send-proxy

Apache config:

Code Select


<VirtualHost *:80>
     DocumentRoot /var/www/nextcloud/
     ServerName http://nextcloud.atw.dedyn.io
     ServerAlias 192.168.10.40


     <Directory /var/www/nextcloud/>
        Options +FollowSymlinks
        AllowOverride All
        Require all granted
          <IfModule mod_dav.c>
            Dav off
          </IfModule>
        SetEnv HOME /var/www/nextcloud
        SetEnv HTTP_HOME /var/www/nextcloud
     </Directory>

     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined


</VirtualHost>

Nextcloud config:

Code Select


  GNU nano 4.8                                                       /var/www/nextcloud/config/config.php                                                                  
<?php$CONFIG = array (  'instanceid' => 'SECRET',  'passwordsalt' => 'SECRET',  'secret' => 'SECRET',  'trusted_domains' =>   array (    0 => 'nextcloud.atw.dedyn.io',    1 => '192.168.10.*',  ),  'trusted_proxies' =>   array (    0 => '192.168.10.1',   ),  'overwriteprotocol' => 'https',  'overwritecondaddr' => '^192.168.10.1$',  'overwrite.cli.url' => 'https://nextcloud.atw.dedyn.io',  'overwritehost' => 'nextcloud.atw.dedyn.io',  'overwritewebroot' => '/',  'forward_for_headers' =>   array (    0 => 'HTTP_XFORWARED_FOR',    1 => 'HTTP_X_FORWARDED',  ),  'datadirectory' => '/mnt/raid/',  'dbtype' => 'mysql',  'version' => '23.0.5.1',  'dbname' => 'nextcloud',  'dbhost' => 'localhost',  'dbport' => '',  'dbtableprefix' => 'oc_',  'mysql.utf8mb4' => true,  'dbuser' => 'SECRET',  'dbpassword' => 'SECRET',  'installed' => true,  'memcache.local' => '\\OC\\Memcache\\APCu',  'filelocking.enabled' => 'true',  'memcache.locking' => '\\OC\\Memcache\\Redis',  'redis' =>   array (    'host' => '/var/run/redis/redis-server.sock',    'port' => 0,    'timeout' => 0.0,  ),  'theme' => '',  'loglevel' => 2,  'default_phone_region' => 'DE',  'has_rebuilt_cache' => true,  'maintenance' => false,  'preview_max_x' => '1024',  'preview_max_y' => '1024',  'jpeg_quality' => '60',  'updater.release.channel' => 'stable',  'updater.secret' => 'SECRET',);

PaulePils · June 24, 2022, 03:34:40 PM

Hab es hinbekommen. Lag an der config der Nextcloud und Apache.

[Solved] HAProxy -> Nextcloud ==> "Bad Request"

PaulePils

June 20, 2022, 03:27:10 PM Last Edit: June 24, 2022, 03:38:44 PM by PaulePils

PaulePils

June 24, 2022, 03:34:40 PM #1