After spending some time on these forums it seems everyone is WAAY ahead of me in terms of knowledge. I find my way around most challenges by using guides/videos/anything I can find but am struggling to understand what I need to do to acheive using Nextcloud behind a Sophos XG Firewall.
I have been using letsencrypt as a docker on my unraid server for some years but it obviously installs itself and I just fill in the blanks, this has been working great as I used PfSense with it and all has been good. For a completely seperate issue I have moved from PfSense to Sophos who provide a WAF Server and I am being told not to use NGINX or reverse proxy with port forwarding. Please see my last communication with support below. I have a Ubuntu 18.04 VM on my unraidserver, can I use that to generate the certificate with letsencrypt? if so, can anyone recommend a guide/help on how to achieve this please?
------THIS IS THE CONVERSATION WITH SOPHOS SUPPORT-----
Now instead of forwarding the HTTP/HTTPS ports, you will be using WAF in XG. So, if you were to use WAF, you would remove let’s encrypt from the Unraid machine, and do it on the XG. I’ve read some tutorials on Unraid, when using Let’s encrypt you will pretty much create a reverse proxy with nginx there; Instead of doing this you would just map the port to the host, and make XG WAF communicate with that port.
Client => XG WAF (Here is doing the face-fronting encryption with the Let’s encrypt certificate) => Directly to Nextcloud on docker.
On your current setup is goes:
Client => XG WAF (Also doing face-fronting encryption with the Let’s Encrypt certificate) => Let’s encrypt running Nginx as reverse proxy on Unraid => And then Nextcloud
What you want is:
Client => XG WAF (Also doing face-fronting encryption with the Let’s Encrypt certificate) => Directly to Nextcloud on Unraid.