Modify the following NC config to accommodate its needs for being behind a proxy
'overwrite.cli.url' => 'https://nextcloud.domain.com',
'overwritehost' => 'nextcloud.domain.com',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/',
'overwritecondaddr' => '^<proxy-ip-address>$',
'trusted_proxies' =>
array (
0 => '<proxy-ip-address>',
),
'trusted_domains' =>
array (
0 => 'nextcloud.int.domain.com',
1 => 'nextcloud.domain.com',
), server {
server_name nextcloud.domain.com;
listen 443 http2 ssl;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
location / {
proxy_pass http://nextcloud.int.domain.com/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_read_timeout 60;
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains";
}
location /.well-known/carddav {return 301 $scheme://$host/remote.php/dav;}
location /.well-known/caldav {return 301 $scheme://$host/remote.php/dav;}
location /.well-known/webfinger {return 301 $scheme://$host/index.php/.well-known/webfinger;}
location /.well-known/nodeinfo {return 301 $scheme://$host/index.php/.well-known/nodeinfo;}
client_max_body_size 5000M;
}