Hello everyone,
I’m facing a “502 Bad Gateway” error (served by OpenResty, which is Nginx Proxy Manager’s base) when trying to access my Nextcloud AIO instance through my domain. I’m trying to figure out why NPM can’t reach the Nextcloud backend.
My Setup Details:
Nextcloud AIO: Running as a Docker stack on Portainer.
Port Forwarding: My ISP allows public access on port 8443, which is then forwarded on my router to 443 on my server’s internal IP. Therefore, NPM listens on 443.
DNS: Cloudflare is my DNS provider, configured in “DNS only” mode (grey cloud), meaning no Cloudflare proxying or SSL termination is happening there.
SSL: Let’s Encrypt certificates for cloud.example.com are successfully obtained by NPM using a Cloudflare API token.
Nextcloud AIO docker-compose.yaml (as deployed in Portainer):
services:
nextcloud-aio-mastercontainer:
image: ghcr.io/nextcloud-releases/all-in-one:latest
init: true
restart: always
container_name: nextcloud-aio-mastercontainer
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- /var/run/docker.sock:/var/run/docker.sock:ro
network_mode: bridge # Using Docker's default bridge network
ports:
# - 80:80 # Commented out, NPM handles this
- 8080:8080 # For AIO admin interface access (access with server IP only)
# - 8443:8443 # Commented out, NPM handles this
environment:
APACHE_PORT: 11000
APACHE_IP_BINDING: 127.0.0.1 # AIO's internal Apache binds to its container's localhost
NEXTCLOUD_DATADIR: /volume1/docker/nextcloud/data
SKIP_DOMAIN_VALIDATION: true
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer
Nginx Proxy Manager Configuration (Proxy Host for cloud.example.com): (Referring to the screenshot provided)
SSL: Configured with Let’s Encrypt, “Force SSL” enabled.
When performing the initial AIO setup via https://<server_ip>:8080, I enter cloud.example.com as the domain. The AIO setup interface does not permit entering a port number (e.g., cloud.example.com:8443).
The “502 Bad Gateway” error suggests that Nginx Proxy Manager cannot connect to the backend Nextcloud AIO service. I suspect this might be due to the APACHE_IP_BINDING: 127.0.0.1 preventing external access from NPM’s container, or a general Docker networking issue between the AIO stack and NPM.
Any insights on how to resolve this 502 error would be greatly appreciated! Thank you.
I think you’re on the right track. Expand the docs section labeled On the same server in a Docker container (as well as some of the surrounding doc bits) in the Configure a reverse proxy section of the AIO RP docs.
I’m running a very similar setup – Nextcloud AIO in Docker behind Nginx Proxy Manager. The only difference is that I don’t use Cloudflare or any DNS proxy service, since I have a public IP and everything goes directly through it. That way I avoid many of the issues that can appear with NPM + Cloudflare (timeouts, restrictions, or misrouting).
I documented my configuration in detail here:
It might help if you take a look. I describe the exact settings I’m using, for example:
setting client_max_body_size 0; so uploads don’t fail on proxy limits,
some details on how I route AIO containers through NPM,
and notes about performance when handling larger files as well as limits within Proxmox.
Not sure if your issue is the same as what I had, but comparing your setup with mine could give you some ideas on where to look for the cause of the 502 error.
Having nextcloud-aio and npm on same host, both with docker.
On NPM side => Error 502 Bad gateway accessing by nc.mydomaine.fr
On Nextcloud-AIO side => verifying domain => Error : Domain does not point to this server or the reverse proxy is not configured correctly.
Here is my nextcloud-AIO docker compose file :
services:
nextcloud-aio-mastercontainer:
image: ghcr.io/nextcloud-releases/all-in-one:latest
init: true
restart: always
container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
- /var/run/docker.sock:/var/run/docker.sock:ro
network_mode: bridge
ports:
- 8080:8080 # This is the AIO interface, served via https and self-signed certificate.
environment:
APACHE_PORT: 11000 # Is needed when running behind a reverse proxy
APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a reverse proxy running on the same host.
APACHE_ADDITIONAL_NETWORK: nginx-network # Needed when behind a reverse proxy running in a different docker network on same server.
NEXTCLOUD_DATADIR: /mnt/ncdata # Allows to set the host directory for Nextcloud's datadir
NEXTCLOUD_UPLOAD_LIMIT: 16G
NEXTCLOUD_MAX_TIME: 3600
NEXTCLOUD_MEMORY_LIMIT: 2000M
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
And here is my NPM docker compose file :
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
# These ports are in format <host-port>:<container-port>
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '127.0.0.1:81:81' # Admin Web Port
# Add any other Stream port you want to expose
# - '21:21' # FTP
environment:
# Use nginx service under this account (not root) inside docker container
# Need to be 0 or ROOT for nextcloud-aio
PUID: 0
PGID: 0
# Postgres parameters:
DB_POSTGRES_HOST: 'db'
DB_POSTGRES_PORT: '5432'
DB_POSTGRES_USER: 'nginx-pm'
DB_POSTGRES_PASSWORD: 'xxxxxxxxxx'
DB_POSTGRES_NAME: 'npm-db'
DISABLE_IPV6: 'true'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
depends_on:
- db
db:
image: postgres:latest
restart: always
environment:
POSTGRES_USER: 'nginx-pm'
POSTGRES_PASSWORD: 'xxxxxxxxxxxxxxxx'
POSTGRES_DB: 'npm-db'
volumes:
- ./postgres:/var/lib/postgresql/data
networks:
default:
external: true
name: nginx-network
nextcloud-aio:
external: true
As you can see, I have followed instructions for having reverse proxy in an another docker container :
NPM should be pointed at http://nextcloud-aio-apache:$APACHE_PORT (not 127.0.0.1 or localhost - see On the same server in a Docker container in the previously linked AIO Reverse Proxy documentation. Also may need to adjust your APACHE_IP_BINDING.
Hi Josh, thanks a lot for your answer, which is the correct one !
I was just had to tell NPM to point to http://nextcloud-aio-apache:11000 and now the domain verification is working ! Thanks a lot to have take time to help me.
I remember I had tried this was no luck, but perhaps there was something else wrong at the same time.
APACHE_IP_BINDING is still in 127.0.0.1 which seem to be a good way to not expose it more than necessary.
