Help to set up OwnCloud with nginx proxy to apache

I’m attempting to set up OwnCloud 10.0.8 on an nginx proxy + apache + php-fpm with https. I know this is not a supported setup, but I’m just wondering if anybody else has gotten it to work? The web interface seems to work without any issues but I can’t seem to connect via the desktop client or android client.

My username and password is just plain text with no symbols.

The desktop client tells me Access forbidden by server. To verify that you have proper access, click here to access the service with your browser. Clicking on “click here” opens up the web interface which I can log in and use without any issues. I can also access the webdav url in my browser and I will see the message This is the WebDAV interface. It can only be accessed by WebDAV clients such as the ownCloud desktop sync client. When I attempt to login, no error message or any message of any kind is shown in data/owncloud.log.

The nginx access log when I attempt to login with the desktop client shows a PROPFIND request being made.

27.99.96.78 - Moult [09/Jun/2018:02:04:51 +0200] "PROPFIND /remote.php/webdav/ HTTP/1.1" 401 424 "-" "Mozilla/5.0 (Linux) mirall/2.4.1"

… and the apache access log:

[09/Jun/2018:02:06:03 +0200] "PROPFIND /remote.php/webdav/ HTTP/1.1" 401 412

The nginx error log shows this after attempting to log in:

2018/06/09 01:44:44 [info] 21763#0: *403976 client 27.99.96.78 closed keepalive connection

No message in the apache error log.

Here is a simplified and censored nginx configuration.

server {
        listen 80;
        server_name mysite.com;
        root /path/to/owncloud/www;
        dav_methods PUT DELETE MKCOL COPY MOVE;
        dav_ext_methods PROPFIND OPTIONS;
        location / {
            proxy_set_header Destination $http_destination;
                    proxy_set_header X-Forwarded-For $remote_addr;
                    proxy_pass_header Authorization;
                proxy_set_header Host $host;
                proxy_set_header X-Real-Ip $remote_addr;
                proxy_http_version 1.1;
                proxy_set_header Connection "";
                proxy_buffering off;
                proxy_read_timeout 36000s;
                proxy_redirect off;
                    more_set_input_headers 'Authorization: $http_authorization';
                    more_set_headers -s 401 'WWW-Authenticate: Basic realm="ownCloud"';
                proxy_pass http://X.X.X.X:8005; <-- this is the apache vhost
        }
}

Any ideas?

Maybe you can strip down the nginx configuration to a minimum? I see a lot of special configuration like the dav_ ones or more_set which i think could make this config too complex and error prone.

I also did the following search:

https://doc.owncloud.org/server/latest/admin_manual/search.html?q=proxy

and found the following documentation which could be related:

https://doc.owncloud.org/server/latest/admin_manual/configuration/server/reverse_proxy_configuration.html?highlight=proxy

I have exactly the same issue using v10.0.4.4: I can access WebDAV through the browser getting the message as above and I see the same messages in the logs. My owncloud runs in a docker container and it’s on the same network as nginx (which is just another docker container). The owncloud is setup on a subdomain (myowncloud.com/owncloud/). I had to do some modifications within owncloud’s config.php to get this working and that looks as follows:

...
'overwritehost' => 'xy',
'overwritewebroot' => '/owncloud',
'trusted_domains' => array(0 => '172.18.0.5',),
'overwrite.cli.url' => 'http://172.18.0.5/owncloud',
...

With the above setup everything works but WebDAV. I tried several options with no avail. I’ve started with the basic nginx.conf with which owncloud was already working:

  location /owncloud/ {
        proxy_pass http://172.18.0.5/;
  }

Then I did added many random things I found elsewhere and finished up with something that to me seems should do the job:

  location /owncloud/ {
        dav_methods     PUT DELETE MKCOL COPY MOVE;
        dav_access      group:rw  all:r;
        dav_ext_methods PROPFIND OPTIONS;
        proxy_pass http://172.18.0.5/;
  }

However, when I try to log-in via Finder -> Go -> Connect to server and I type my username and password it just says “There was a problem connection to the server ‘xy’”. I also checked the owncloud container which is running on apache and is pre-compiled with the dav module. Within the owncloud’s apache configuration Dav is not set to “Dav On” as I read that owncloud has it’s own Dav. I tried with “Dav On” too but it didn’t work anyway. I hope I covered all details…

Since I’m not alone, and WebDAV appears to work through a web browser, I really wonder what is wrong?