Hello. When checking a domain, an error occurs - 443 port is unavailable.
The port is open, allowed by firewall (443/tcp, 443/udp). DNS records are updated and have an A-record with my IP.
My Golang site is running on port 443. But even if I free the port, the problem remains
# The Linux startup command I use is
sudo docker run \
--init \
--sig-proxy=false \
--name nextcloud-aio-mastercontainer \
--restart always \
--publish 8080:8080 \
--publish 8443:8443 \
--env APACHE_PORT=11000 \
--env APACHE_IP_BINDING=0.0.0.0 \
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
nextcloud/all-in-one:latest
Also, when I try to pass to port 8443, the logs show that I can’t pass .well-known/acme-challange/* (connection refused).
Ask for what you need, I’ve been struggling for a day.
I’m doing something wrong. I think it’s the caddy configuration, but can’t figure out how to configure it. Everything seems to be done according to the instructions
Item 7 produces a 1 instead of a 0. Caddy runs outside the container at the system level.
your logs show ACME validation requests - AiO tries to issue a TLS certificate. to make ACME work your NC must be accessible at port 80 and 443 externally (this is hardcoded ACME requirement)… but this is not the case behind reverse proxy.
In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to specify the port that AIO’s Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port 11000 as example APACHE_PORT which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy.
in other words
you don’t expose AiO ports externally
external ports 80 and 443 goes to the reverse proxy
reverse proxy is responsible for TLS certificates (generation and management)
reverse proxy access AiO with plain http on APACHE_PORT internally
management interface is not relevant for reverse proxy
Hello again… I really read your reply and followed the instructions, but it still doesn’t work, although there are improvements (port 8443 has HTTPS).
When I go to https://nc.example.com:443 it gives something like “c3c664bffwc6c0a2398sc0b5d0fe21fd5feca8ffqc3609610a77a412 ” (I understand it’s apache).
The domain is still not accepted. I don’t understand what the problem is.
Port 443 is open and listening to caddy.
If you don’t mind, could you please directly point out what to do? Perhaps I need to force a domain check to be skipped?
Thank you for your patience and sorry for the long reply.