Hello !

I’m experiencing troubles on my nextcloud installation with docker-compose which used to run perfectly fine but suddenly stopped working throwing Errors 400 Bad request
The error i get is alternatively

Bad Request

Your browser sent a request that this server could not understand.

Apache/2.4.56 (Debian) Server at 172.19.0.5 Port 80

and

400 Bad Request

nginx/1.23.3

I have 4 containers setup : app, mariadb, nginxproxy and nginxproxy/acme-companion

The only errors i see in the proxy logs wich could relate to this trouble are

2023/03/29 20:07:17 [warn] 38#38: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: “/etc/nginx/certs/my.domain.fr.crt”
nginx.1 | 2023/03/29 20:07:17 [error] 38#38: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 5.XXX.253.XXX, server: my.domain.fr, request: “GET / HTTP/2.0”, upstream: “http : / / 172.19.0.5:80/”, host: “my.domain.fr”

I made a search and tried different configuration things but couldn’t figure out what to do…

Any help ?

if I’m not completely wrong DNS resolution fails while checking certificate status. for some reason it seams to be unable to resolve the DNS record of r3.o.lencr.org…

try running “curl -v http://r3.o.lencr.org” inside of the container and fix the issues… once it works likely your system is up and running again…

• Can you resolve the hostname r3.o.lencr.org from:
  • your local network (the one your Docker host is physically connected to)
  • your Docker host?
  • within your nginxproxy container?
• What do the recent entries from your app container logs indicate? (because the second message suggests your app server is either offline or otherwise unreachable from your nginxproxy container)
• Is your app container running?

A cursory look at the errors messages you posted from your nginxproxy container indicate:

1. The nginxproxy container can’t resolve the DNS entry for one of the Let’s Encrypt URLs used to check your TLS (HTTPS) certificate status
2. The nginxproxy container can’t connect to your app server

The warning about certificate stuff seems unrelated to the second line (nginx.1 | 2023/03/29 20:07:17 [error] 38#38: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 5.XXX.253.XXX, server: my.domain.fr, request: “GET / HTTP/2.0”, upstream: “http : / / 172.19.0.5:80/”, host: “my.domain.fr”) which is probably the issue here.

That line suggests that your nginx reverse proxy is trying to connect to the upstream Apache HTTPd using HTTP/2.0. My guess is that your HTTPd there does not support HTTP/2.0. You can check that by seeing if your HTTPd has the http2 module loaded. Read more here: HTTP/2 guide - Apache HTTP Server Version 2.4

If it doesn’t, it will see a binary blob it doesn’t recognize (instead of text as with HTTP/1.x), and it makes a lot of sense that it would then respond with that message (“Your browser sent a request that this server could not understand”).

Hi @chicoray,
You are missing the required support template. Please fill this form out and edit into your post.

Might also be worth sharing your compose file.

This will give us the technical info and logs needed to help you! Thanks.

Hello,
Thank you all for your tips,

the command curl -v http : / / r3.o.lencr.org run into the proxy container returned

415d15ba82dd:/app# curl -v http: / / r3.o.lencr . org

• Trying 96.17.206.24:80…
• Connected to r3.o.lencr . org (96.17.206.24) port 80 (#0)

GET / HTTP/1.1
Host: r3.o.lencr . org
User-Agent: curl/7.87.0
Accept: /

• Mark bundle as not supporting multiuse
  < HTTP/1.1 200 OK
  < Server: nginx
  < Content-Length: 0
  < Cache-Control: max-age=11999
  < Expires: Thu, 30 Mar 2023 12:25:39 GMT
  < Date: Thu, 30 Mar 2023 09:05:40 GMT
  < Connection: keep-alive
  <
• Connection #0 to host r3.o.lencr . org left intact

Which seems to indicate that my problem doesn’t come from this.

The nextcloud app container is running and last logs of it indicate

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 172.19.0.5. Set the ‘ServerName’ directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 172.19.0.5. Set the ‘ServerName’ directive globally to suppress this message
[Thu Mar 30 11:19:25.675665 2023] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.56 (Debian) PHP/8.1.17 configured – resuming normal operations
[Thu Mar 30 11:19:25.675788 2023] [core:notice] [pid 1] AH00094: Command line: ‘apache2 -D FOREGROUND’
172.19.0.2 - - [30/Mar/2023:11:20:56 +0200] “GET / HTTP/1.1” 400 484 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/111.0”

I can’t figure out if those are relevant errors or just warnings…

Nextcloud version 25.0.3
Operating system and version Ubuntu 18.04:

Here’s my config.php

<?php $CONFIG = array (

‘htaccess.RewriteBase’ => ‘/’,
‘memcache.local’ => ‘\OC\Memcache\APCu’,
‘defaultapp’ => ‘apporder’,
‘apps_paths’ =>
array (
0 =>
array (
‘path’ => ‘/var/www/html/apps’,
‘url’ => ‘/apps’,
‘writable’ => false,
),
1 =>
array (
‘path’ => ‘/var/www/html/custom_apps’,
‘url’ => ‘/custom_apps’,
‘writable’ => true,
),
),
‘instanceid’ => ‘xxxxxx’,
‘passwordsalt’ => ‘xxxxxxxxxx’,
‘secret’ => ‘xxxxxxxxxx’,
‘trusted_domains’ =>
array (
0 => ‘my.domain. fr,
),
‘trusted_proxies’ =>
array (
0 => ‘172.19.0.4’,
1 => ‘172.19.0.3’,
2 => ‘172.19.0.5’,
3 => ‘172.19.0.2’,
),
‘datadirectory’ => ‘/var/www/html/data’,
‘dbtype’ => ‘mysql’,
‘version’ => ‘25.0.3.2’,
‘overwrite.cli.url’ => ‘http : / / my.domain. fr’,
‘overwriteprotocol’ => ‘https’,
‘dbname’ => ‘nextcloud’,
‘dbhost’ => ‘db’,
‘dbport’ => ‘’,
‘dbtableprefix’ => ‘oc_’,
‘mysql.utf8mb4’ => true,
‘dbuser’ => ‘user’,
‘dbpassword’ => ‘xxxxxx’,
‘installed’ => true,
‘mail_from_address’ => ‘me’,
‘mail_smtpmode’ => ‘smtp’,
‘mail_sendmailmode’ => ‘smtp’,
‘mail_domain’ => ‘my.domain . fr’,
‘mail_smtphost’ => ‘my.domain . fr’,
‘mail_smtpauthtype’ => ‘LOGIN’,
‘mail_smtpsecure’ => ‘ssl’,
‘mail_smtpauth’ => 1,
‘mail_smtpname’ => ‘me@my.domain.fr’,
‘mail_smtppassword’ => ‘xxxxxx’,
‘mail_smtpport’ => ‘465’,
‘maintenance’ => true,
‘loglevel’ => 0,
‘app_install_overwrite’ =>
array (
0 => ‘richdocuments’,
1 => ‘richdocumentscode’,
),
‘theme’ => ‘’,
‘default_phone_region’ => ‘FR’,
‘default_language’ => ‘fr’,
‘default_locale’ => ‘fr_FR’,
);

and my docker-compose.yml file

version: ‘3’

services:

proxy:
image: jwilder/nginx-proxy:alpine
logging:
options:
max-size: “10m”
max-file: “3”
labels:
- ‘com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy’
container_name: nextcloud-proxy
networks:
- nextcloud_network
ports:
- 80:80
- 443:443
volumes:
- ./proxy/conf.d:/etc/nginx/conf.d:rw
- ./proxy/vhost.d:/etc/nginx/vhost.d:rw
- ./proxy/html:/usr/share/nginx/html:rw
- ./proxy/certs:/etc/nginx/certs:ro
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
environment:
- VIRTUAL_HOST=my.domain. fr
- LETSENCRYPT_HOST=my.domain. fr
- LETSENCRYPT_EMAIL=me@my.domain. fr
restart: unless-stopped

letsencrypt:
image: nginxproxy/acme-companion
container_name: nextcloud-letsencrypt
depends_on:
- proxy
networks:
- nextcloud_network
environment:
- DEFAULT_EMAIL=me@my.domain.fr
- NGINX_PROXY_CONTAINER=‘nextcloud-proxy’
volumes:
- ./proxy/conf.d:/etc/nginx/conf.d:rw
- ./proxy/certs:/etc/nginx/certs:rw
- ./proxy/vhost.d:/etc/nginx/vhost.d:rw
- ./proxy/html:/usr/share/nginx/html:rw
- acme:/etc/acme.sh
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: unless-stopped

db:
image: mariadb
container_name: nextcloud-mariadb
networks:
- nextcloud_network
volumes:
- db:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
environment:
- MYSQL_ROOT_PASSWORD=xxxxxx
- MYSQL_PASSWORD=Lot=xxxxxxx
- MYSQL_DATABASE=nextclouddb
- MYSQL_USER=nextclouduser
restart: unless-stopped

app:
image: nextcloud:latest
container_name: nextcloud-app
networks:
- nextcloud_network
depends_on:
- letsencrypt
- proxy
- db
volumes:
- nextcloud:/var/www/html
- ./app/config:/var/www/html/config
- ./app/custom_apps:/var/www/html/custom_apps
- ./app/data:/var/www/html/data
- ./app/themes:/var/www/html/themes
- /etc/localtime:/etc/localtime:ro
environment:
- VIRTUAL_HOST=my.domain. fr
- LETSENCRYPT_HOST=my.domain. fr
- LETSENCRYPT_EMAIL=me@my.domain. fr
restart: unless-stopped

volumes:
nextcloud:
db:
acme:

As I tried to fix the config files I’m pretty sure there are some errors in those that you guys can spot in a second…

Again, thanks and have a good day !

@chicoray Did you even read what I wrote? It might very well be the reason for the error you got.

Hello rawtaz,

I did read what you wrote but I couldn’t figure how to investigate on this
I did curl -V in my proxy container which returned

415d15ba82dd:/app# curl -V
curl 7.87.0 (x86_64-alpine-linux-musl) libcurl/7.87.0 OpenSSL/3.0.8 zlib/1.2.13 brotli/1.0.9 nghttp2/1.51.0
Release-Date: 2022-12-21
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets

which seems to indicate http2 is implemented ?

My understanding of this is that config should be set in the docker-compose.yml file ?
Because the proxy/conf.d/default.conf file gets overwritten everytime i restart the containers.

I might be a bit too noob here…

What protocols curl supports has nothing to do with what your Apache HTTPd (the web server that serves the requests to your Nextcloud) supports, and whether or not your Nginx (reverse proxy that sends the requests to your Apache HTTPd) communicate with a protocol that both of them understands.

As it looks now, your reverse proxy is contacting your web server using a protocol (HTTP/2.0) that the web server does not understand. You should 1) verify whether this theory is accurate; 2) if it is, either make your web server understand HTTP/2.0 (preferred), or make the reverse proxy send requests using HTTP/1.1 instead.

You need to make sure you understand what the above means, and a start to do so is to read the article I linked to earlier. Using the information in there you should be able to verify whether the http2 module is loaded in your Apache HTTPd, and also learn how to enable it if it isn’t. Of course you can also use search engines to find more information about these things, using proper search keywords.

Ok thanks i’ll dig into that.

As the apache webserver is included into the nextcloud app container, I supposed it was correctly configured by default or via the docker-compose.yml file.