Setting up NGINX Reverse-Proxy, Cloudflare Let’s Encrypt SSL for NextCloud, DDNS on Truenas 12.0 Core

Nginx Reverse Proxy on Truenas 12.0 Core

Provide Extra layer of Abstraction to your hosted services!

By Fahad Usman

I have previously written about it in detail which you can access here. In this post I will just focus on changing some settings to my nginx config and Nextcloud settings that are relevant to Truenas 12.0 core.


“Note: I have already created the reverse proxy jail in my previous post. Please refer to it here if you need to create it before continuing with next cloud part!”

Just like previously, Please do the following first (Refer to this link for more detailed version):

1- Create a new dataset in one of your pools

2- Install Nextcloud Plugin available from the Plugins section in Truenas.

One you have created the reverse proxy jail and installed the nextcloud plugin. Then you can proceed!


My Setup looks like this:

reverse proxy setup

If you want to expose multiple services then you will need to create multiple sub-domains and point them to the duck dns server via CNAME DNS ONLY as show below:

Multiple domains

“DuckDNS will help us to keep track of our WAN IP address.”

Step 1 – Get your admin username/password:

I was literally stumped at why the install notes of nextcloud plugin never showed any username/password after completing the installation.

To get those details, you will have to ssh into your TrueNas box and run some commands:

If you do:

iocage list

You should see reverse-proxy and the newly created nextcloud plugin in the list.

To get the username/password, you need to type:

iocage console nextcloud

And run the following command:

cat /root/PLUGIN_INFO

Step 2 – Goto Web Browser and complete the installation:

If for some reason NextCloud login page won’t load or stuck then look at Step 3 first. You might have to edit the config.php file in nextcloud jail and add trusted domains.

Once you got your login details, then open up the browser and goto your nextcloud plugin IP address. After that just type those in those credentials and complete the setup.

Once you’re done then goto:

Settings -> Overview

Via your admin profile, it will complaint about few things. We will deal with the last two complaints just now. For that, you will need to ssh into your reverse-proxy jail and find the nginx.config for nextcloud in the vdomains folder. (For more, refer to my detailed instructions here.)

Add the following lines just before the main location block. This will look something like this:

 location /.well-known/carddav {
               return 301 $scheme://$host/remote.php/dav;
 location /.well-known/caldav {
               return 301 $scheme://$host/remote.php/dav;
            } location / { include snippets/proxy_params.conf; proxy_pass http://nextcloud_local_IP; }
Once done then add the following line in the ssl_conf file located in the snippets folder in reverse-proxy jail:
add_header Referrer-Policy "no-referrer" always;
# HSTS Support
add_header Strict-Transport-Security "max-age=15552000;includeSubdomains; preload";
once done then reload nginx by: service nginx reload Exit out of reverse-proxy jail and log back in to nextcloud jail now

Step 3 – Configure NextCloud:

The last step is to configure next cloud to work with our reverse-proxy. For that you need to edit the config/config.php file which is located at: /usr/local/www/nextcloud/config/config.php

We need to add the trusted trusted domains. (This is will fix the issue if nextcloud is unable to load)

'trusted_domains' =>
  array (
    0 => 'your_nextcloud_ip_here',
    1 => '',

Now, because you’re behind a reverse-proxy. You will need to add the following in the same config.php file:

'overwriteprotocol => "https"',
  'overwrite.cli.url' => '',
  'overwritehost' => '',
  'trusted_proxies' =>
  array (
    0 => 'pihole/adguard IP here if you have one',
    1 => 'reverse_proxy_jail_IP_here',

Reload the NGINX by


system nginx reload

Now restart nextcloud Plugin and login to make sure everything works. 

You can also install the apps on your mobile devices and connect the nextcloud service with them.

Leave a Reply

Close Menu