Accessing Nextcloud from local network (NextCloud Docker + nginx reverse proxy)

GreatNewHope · December 17, 2022, 3:06am

Nextcloud version: 25.0.0
Operating system and version : Docker Image running on Windows' WSL2
Apache or nginx version : Reverse Proxy nginx 1.21.6-1~bullseye → Nextcloud apache2 2.4.54-1~deb11u1
PHP version : 8.1.12

Hi everyone! Thanks for this support forum

I am running Nextcloud with the docker image and an nginx reverse proxy as explained in this tutorial I found

This setup works fantastic when accessed from outside my lan (through my dyndns wonderfuldns.ddns.net) but I am absolutely unable to access it from inside my lan, ie, https://localhost:443, as it says: 503 Service Temporarily Unavailable

It certainly must be something related to docker-compose.yaml configuration or config.php settings, but I am no expert on docker, so I can’t debug much

This is my NextCloud’s docker configuration

version: "3.7"

services:

    NCDatabase:
        image: "mariadb:latest"
        
        volumes:
            - "NCMariaDB:/var/lib/mysql"

        environment:
            - MYSQL_ROOT_PASSWORD
            - MYSQL_RANDOM_ROOT_PASSWORD
            - MYSQL_DATABASE
            - MYSQL_USER
            - MYSQL_PASSWORD

        restart: "on-failure"
        networks: ["common"]

    NCFrontend:
        image: "nextcloud:latest"

        volumes: 
          - "NCData:/var/www/html"
          - "E:\\:/prodDrive"

        environment:
            - LETSENCRYPT_HOST
            - VIRTUAL_HOST
            - TRUSTED_PROXIES
            - OVERWRITEPROTOCOL
            - MYSQL_DATABASE
            - MYSQL_USER
            - MYSQL_PASSWORD
            - MYSQL_HOST
            - SMTP_HOST
            - SMTP_PORT
            - SMTP_NAME
            - SMTP_PASSWORD
            - MAIL_FROM_ADDRESS
            - NEXTCLOUD_TRUSTED_DOMAINS
            - NEXTCLOUD_ADMIN_USER
            - NEXTCLOUD_ADMIN_PASSWORD

        depends_on:
            - "NCDatabase"
        restart: "on-failure"
        networks: ["net", "common"]

volumes:
    NCMariaDB:
    NCData:

networks:
    net:
        external: true
    common:
        internal: true

And this is my reverse proxy configuration. Notice how Nextcloud is not visible on any port, but the reverse proxy has both http and https ports open:

version: "3.3"

services:

    NginxProxy:
        image: "jwilder/nginx-proxy:latest"

        volumes:
            - "NPhtml:/usr/share/nginx/html"
            - "NPdhparam:/etc/nginx/dhparam"
            - "NPvhost:/etc/nginx/vhost.d"
            - "NPcerts:/etc/nginx/certs:ro"
            - "/var/run/docker.sock:/tmp/docker.sock:ro"
            - "./client_max_upload_size.conf:/etc/nginx/conf.d/client_max_upload_size.conf"

        labels:
            - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
        restart: "on-failure"
        networks: ["net"]

        ports:
            - "80:80"
            - "443:443"

    LetsencryptCompanion:
        image: "jrcs/letsencrypt-nginx-proxy-companion:latest"

        volumes:
            - "LCacme:/etc/acme.sh"
            - "NPvhost:/etc/nginx/vhost.d"
            - "NPcerts:/etc/nginx/certs"
            - "NPhtml:/usr/share/nginx/html"
            - "/var/run/docker.sock:/var/run/docker.sock:ro"

        environment:
            - DEFAULT_EMAIL

        depends_on: ["NginxProxy"]
        restart: "on-failure"
        networks: ["net"]


volumes:
    NPhtml:
    NPdhparam:
    NPvhost:
    NPcerts:
    LCacme:

networks:
    net:
        external: true

And this is my config.php configuration. Be careful when looking at trusted_proxies number 1. That localhost has been included after the installation of the system with occ. It was a desperate attempt to make this setup work on my localnet (at least on my localhost), but didn’t work:

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'overwriteprotocol' => 'https',
  'trusted_proxies' => 
  array (
    0 => '172.18.0.0/16',
    1 => 'localhost',
  ),
  'instanceid' => 'ocap8kq864m1',
  'passwordsalt' => '<password>',
  'secret' => '<password>',
  'trusted_domains' => 
  array (
    0 => 'wonderfuldns.ddns.net',
    1 => 'localhost',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '25.0.0.18',
  'overwrite.cli.url' => 'https://wonderfuldns.ddns.net',
  'dbname' => 'NC',
  'dbhost' => 'NCDatabase',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => '<password>',
  'installed' => true,
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
);
#

In case you need to know the values for the env variables, they are these:

MYSQL_ROOT_PASSWORD=<password>
MYSQL_DATABASE=NC
MYSQL_USER=nextcloud
MYSQL_PASSWORD=<password>
MYSQL_HOST=NCDatabase
LETSENCRYPT_HOST=wonderfuldns.ddns.net
VIRTUAL_HOST=wonderfuldns.ddns.net
TRUSTED_PROXIES=172.18.0.0/16
OVERWRITEPROTOCOL=https
NEXTCLOUD_TRUSTED_DOMAINS=wonderfuldns.ddns.net

I am really sorry for not being able to offer much more info about my problem and I am very grateful for your help. Thank you very much

KarlF12 · December 17, 2022, 3:54am

Don’t use localhost with Docker. Use the IP if you really must, but ideally you should have LAN DNS set up to point to the LAN IP.

GreatNewHope · December 18, 2022, 6:47pm

Hi! Thanks for answering!

I added 192.168.x.x (the computer that is running the reverse proxy and the nextcloud container) but still I can’t acces NC’s user interface from that computer…

Could you explain what did you mean with setting up lan dns to point to the lan ip?

Thank you very much for answering

KarlF12 · December 18, 2022, 8:08pm

I was referring to split-horizon DNS, but it sounds like maybe your issue is with the reverse proxy. Not sure I can help with that because I don’t use nginx.

What do your reverse proxy logs say when it gives you the 503?

GreatNewHope · December 18, 2022, 11:27pm

It just gives some lazy error logs…

2022-12-18 21:45:28 nginx.1     | localhost 172.18.0.1 - - [18/Dec/2022:20:45:28 +0000] "GET / HTTP/2.0" 503 592 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" "-"
2022-12-18 21:45:28 nginx.1     | localhost 172.18.0.1 - - [18/Dec/2022:20:45:28 +0000] "GET /favicon.ico HTTP/2.0" 503 592 "https://localhost/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" "-"

I think you are right. Maybe the problem is with the reverse proxy. I will try to get some information from the people that run the reverse nginx image.

@KarlF12 thank you very much for taking the time to answer all these questions. I will post my findings in this thread.

KarlF12 · December 19, 2022, 12:26am

But again, don’t use localhost at all with a Docker system. Use the DNS name if you can, or alternatively the IP address as a last resort.

The 503 error I get, but I don’t know what the 592 is. Doesn’t seem to be a standard HTTP code.

Can you show your reverse proxy config?

GreatNewHope · December 19, 2022, 1:05am

My reverse proxy configuration is the second docker-compose.yaml that I shared on the first message. It’s an nginx reverse proxy. You must define a env variable named VIRTUAL_HOST in each dependant container to be able to use them. Requests made asking for organization.org will be redirected to the container having that value in VIRTUAL_HOST