Nextcloud docs - haproxy and ssl

You will need to create SSL certificates. This guide takes you through the process with Letsencrypt.

If you already have your SSL certificate (fullchain) + private key in PEM format. You can skip the creation of the certificate and just deploy move to the deployment step.

1. Create cert with letsencrypt.

sudo certbot certonly --standalone -d --non-interactive --agree-tos --email

This will produce a fullchain.pem and privkey.pem file which we need for haproxy ssl-termination.

2. Deploy haproxy

juju deploy haproxy

3. Get the fullchain cert + privkey and base64 encode them as config.

juju config haproxy ssl_cert="$(base64 fullchain.pem)"
juju config haproxy ssl_key="$(base64 privkey.pem)"

Create config + services options.

Easiest is to create a config file.

cat my-cloud.yaml 
- service_name: nextcloud
  service_host: ""
  service_port: 443
  crts: [DEFAULT]
      - balance leastconn
      - reqadd X-Forwarded-Proto:\ https
  server_options: maxconn 100 cookie S{i} check
juju config haproxy services="$(cat my-cloud.yaml)"