Setting Up Nginx for Nextcloud: A Known Good Configuration
Setting up Nextcloud with Nginx can seem complex, but with the right configuration, you can achieve a secure and highly efficient environment. In this blog, we’ll go through a working Nginx configuration for Nextcloud, breaking down each section for clarity. We’ll also cover specific considerations such as setting up Collabora Server access and handling .mjs files that are essential for a smooth Nextcloud operation on both ARM and x86 platforms.
Basic Configuration for Nextcloud with Nginx
Before we begin, this tutorial assumes that you already have an Nginx server running with a fully qualified domain name (FQDN) and SSL configured. If not, follow any good tutorial like . With that in place, let’s move on to setting up Nextcloud for maximum performance and security.
Let’s start with a well-tested Nextcloud Nginx configuration. This setup includes HTTP/2, SSL, security headers, gzip compression, and error handling to ensure both performance and security. Here’s the configuration:
The configuration starts by forcing HTTP to HTTPS redirection, ensuring secure communication with the client. Additionally, the HSTS (HTTP Strict Transport Security) header ensures browsers only communicate over HTTPS for future requests:
Various other security headers like X-Content-Type-Options, X-Frame-Options, and X-XSS-Protection help prevent clickjacking, XSS attacks, and MIME sniffing.
2. Collabora Server Access
When integrating Nextcloud with Collabora (used for document editing), you need to configure Nginx to correctly route the Collabora document server requests. If you’re running on an ARM processor, like Ampere Altra or Qualcomm, ensure that you’re using the correct richdocumentscode_arm64 proxy path.
Using richdocumentscode (meant for x86 servers) on an ARM CPU will result in errors. Always verify that you’re using the appropriate Collabora package for your architecture.
3. .mjs File Handling for Nextcloud
Nextcloud can have issues handling .mjs (ES Module JavaScript) files if not properly configured. In the default setup, only .js files are handled. However, .mjs files are critical for the modern JavaScript ecosystem, especially in Nextcloud apps. To avoid errors such as downloads instead of file rendering, add .mjs to the asset handling location:
location ~ \.(?:css|js|mjs|woff2?|svg|gif|map)$ {
Without this addition, Nextcloud may not properly display or render certain files, instead forcing the browser to download them.
Additional Considerations
Caching and Compression
This configuration includes Gzip compression, which reduces the size of files sent over the network, leading to faster load times:
gzip on; gzip_vary on; gzip_comp_level 4;
Make sure to include the most commonly used file types in the gzip_types directive to optimize bandwidth.
Error Handling
Custom error pages are defined in this configuration. For instance, a 404 error will serve a custom page instead of the default Nginx error page:
error_page 404 403 /404.php;
This can be tailored to match your site’s design and branding.
