AIO + cloudflare tunnel 502 error

ℹ️ Support 📦 Appliances (Docker, Snappy, VM, NCP, AIO)
,
1
Support intro

Sorry to hear you’re facing problems. :slightly_frowning_face:

The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.

If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.

Getting help

In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.

Before clicking submit: Please check if your query is already addressed via the following resources:

(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can. :heart:

The Basics

  • Nextcloud Server version (e.g., 29.x.x):

    • v11.9.0

  • Operating system and version (e.g., Ubuntu 24.04):

    • Debian GNU/Linux 13 (trixie) x86_64

  • Web server and version (e.g, Apache 2.4.25):
    *

    2.4.65

  • Reverse proxy and version _(e.g. nginx 1.27.2)

    • cloudflared tunnel latest

  • PHP version (e.g, 8.3):

    • 8.4.12

  • Is this the first time you’ve seen this error? (Yes / No):

    • yes

  • When did this problem seem to first start?

    • after updating to v11

  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)

    • AIO installed on docker

  • Are you using CloudfIare, mod_security, or similar? (Yes / No)

    • cloudflare tunnel

Summary of the issue you are facing:

Bad gateway Error code 502 Host Error

Steps to replicate it (hint: details matter!):

  1. I’ve tried different cloudflared tunnel configurations by using localhost, 0.0.0.0, 127.0.0.0. All no dice

  2. I’ve pointed the cloudflare tunnel at 127.0.0.1:8080 and used the same connection and it brings up the containers page, so I know that the cloudflare tunnel is working

  3. I’m almost certain that there is a problem with the apache container, but I cannot figure this one out.

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

2025-10-14T01:13:55.645563846Z Trying to fix docker.sock permissions internally...
2025-10-14T01:13:55.650999924Z Creating docker group internally with id 996
2025-10-14T01:13:56.033274329Z e[0;92mInitial startup of Nextcloud All-in-One complete!
2025-10-14T01:13:56.033314842Z You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
2025-10-14T01:13:56.033326366Z E.g. https://internal.ip.of.this.server:8080
2025-10-14T01:13:56.033336231Z ⚠️ Important: do always use an ip-address if you access this port and not a domain as HSTS might block access to it later!
2025-10-14T01:13:56.033346899Z 
2025-10-14T01:13:56.033355824Z If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
2025-10-14T01:13:56.033365691Z https://your-domain-that-points-to-this-server.tld:8443e[0m
2025-10-14T01:13:56.298543121Z /usr/lib/python3.12/site-packages/supervisor/options.py:13: UserWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html. The pkg_resources package is slated for removal as early as 2025-11-30. Refrain from using this package or pin to Setuptools<81.
2025-10-14T01:13:56.298586092Z   import pkg_resources
2025-10-14T01:13:57.412316463Z [Tue Oct 14 01:13:57.411932 2025] [mpm_event:notice] [pid 140:tid 140] AH00489: Apache/2.4.65 (Unix) OpenSSL/3.5.2 configured -- resuming normal operations
2025-10-14T01:13:57.412336556Z [Tue Oct 14 01:13:57.411975 2025] [core:notice] [pid 140:tid 140] AH00094: Command line: 'httpd -D FOREGROUND'
2025-10-14T01:13:57.414257117Z {"level":"info","ts":1760404437.4140847,"msg":"maxprocs: Leaving GOMAXPROCS=4: CPU quota undefined"}
2025-10-14T01:13:57.414440397Z {"level":"info","ts":1760404437.4143174,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":14993952768,"previous":9223372036854775807}
2025-10-14T01:13:57.414552566Z {"level":"info","ts":1760404437.4143717,"msg":"using config from file","file":"/Caddyfile"}
2025-10-14T01:13:57.416079534Z {"level":"info","ts":1760404437.415933,"msg":"adapted config to JSON","adapter":"caddyfile"}
2025-10-14T01:13:57.417478053Z {"level":"info","ts":1760404437.417325,"msg":"serving initial configuration"}
2025-10-14T01:13:57.421387336Z [14-Oct-2025 01:13:57] NOTICE: fpm is running, pid 145
2025-10-14T01:13:57.421412097Z [14-Oct-2025 01:13:57] NOTICE: ready to handle connections
2025-10-14T01:15:10.174540019Z NOTICE: PHP message: 404 Not Found
2025-10-14T01:15:10.174594259Z Type: Slim\Exception\HttpNotFoundException
2025-10-14T01:15:10.174608947Z Code: 404
2025-10-14T01:15:10.174620884Z Message: Not found.
2025-10-14T01:15:10.174632369Z File: /var/www/docker-aio/php/vendor/slim/slim/Slim/Middleware/RoutingMiddleware.php
2025-10-14T01:15:10.174644187Z Line: 76
2025-10-14T01:15:10.174655724Z Trace: #0 /var/www/docker-aio/php/vendor/slim/slim/Slim/Routing/RouteRunner.php(62): Slim\Middleware\RoutingMiddleware->performRouting(Object(GuzzleHttp\Psr7\ServerRequest))
2025-10-14T01:15:10.174691421Z #1 /var/www/docker-aio/php/vendor/slim/csrf/src/Guard.php(482): Slim\Routing\RouteRunner->handle(Object(GuzzleHttp\Psr7\ServerRequest))
2025-10-14T01:15:10.174703352Z #2 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(178): Slim\Csrf\Guard->process(Object(GuzzleHttp\Psr7\ServerRequest), Object(Slim\Routing\RouteRunner))
2025-10-14T01:15:10.174714288Z #3 /var/www/docker-aio/php/vendor/slim/twig-view/src/TwigMiddleware.php(117): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))
2025-10-14T01:15:10.174724605Z #4 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(129): Slim\Views\TwigMiddleware->process(Object(GuzzleHttp\Psr7\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous))
2025-10-14T01:15:10.174735390Z #5 /var/www/docker-aio/php/src/Middleware/AuthMiddleware.php(36): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))
2025-10-14T01:15:10.174745541Z #6 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(283): AIO\Middleware\AuthMiddleware->__invoke(Object(GuzzleHttp\Psr7\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous))
2025-10-14T01:15:10.174756242Z #7 /var/www/docker-aio/php/vendor/slim/slim/Slim/Middleware/ErrorMiddleware.php(77): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))
2025-10-14T01:15:10.174790247Z #8 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(129): Slim\Middleware\ErrorMiddleware->process(Object(GuzzleHttp\Psr7\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous))
2025-10-14T01:15:10.174801196Z #9 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(73): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))
2025-10-14T01:15:10.174813193Z #10 /var/www/docker-aio/php/vendor/slim/slim/Slim/App.php(209): Slim\MiddlewareDispatcher->handle(Object(GuzzleHttp\Psr7\ServerRequest))
2025-10-14T01:15:10.174823364Z #11 /var/www/docker-aio/php/vendor/slim/slim/Slim/App.php(193): Slim\App->handle(Object(GuzzleHttp\Psr7\ServerRequest))
2025-10-14T01:15:10.174833175Z #12 /var/www/docker-aio/php/public/index.php(198): Slim\App->run()
2025-10-14T01:15:10.174842470Z #13 {main}
2025-10-14T01:15:10.174851129Z Tips: To display error details in HTTP response set "displayErrorDetails" to true in the ErrorHandler constructor.
2025-10-14T01:15:25.592686604Z [14-Oct-2025 01:15:25] NOTICE: Terminating ...
2025-10-14T01:15:25.592742122Z [14-Oct-2025 01:15:25] NOTICE: exiting, bye-bye!
2025-10-14T01:15:27.479531972Z [Tue Oct 14 01:15:27.479304 2025] [mpm_event:notice] [pid 140:tid 140] AH00491: caught SIGTERM, shutting down
2025-10-14T01:40:39.024835506Z e[0;92mInitial startup of Nextcloud All-in-One complete!
2025-10-14T01:40:39.025050570Z You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
2025-10-14T01:40:39.025076888Z E.g. https://internal.ip.of.this.server:8080
2025-10-14T01:40:39.025108984Z ⚠️ Important: do always use an ip-address if you access this port and not a domain as HSTS might block access to it later!
2025-10-14T01:40:39.025120403Z 
2025-10-14T01:40:39.025129024Z If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
2025-10-14T01:40:39.025138194Z https://your-domain-that-points-to-this-server.tld:8443e[0m
2025-10-14T01:40:39.401294710Z /usr/lib/python3.12/site-packages/supervisor/options.py:13: UserWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html. The pkg_resources package is slated for removal as early as 2025-11-30. Refrain from using this package or pin to Setuptools<81.
2025-10-14T01:40:39.401330600Z   import pkg_resources
2025-10-14T01:40:40.514575226Z {"level":"info","ts":1760406040.510719,"msg":"maxprocs: Leaving GOMAXPROCS=4: CPU quota undefined"}
2025-10-14T01:40:40.514593033Z {"level":"info","ts":1760406040.5109413,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":14993949081,"previous":9223372036854775807}
2025-10-14T01:40:40.514597734Z {"level":"info","ts":1760406040.5109875,"msg":"using config from file","file":"/Caddyfile"}
2025-10-14T01:40:40.514600995Z {"level":"info","ts":1760406040.5130014,"msg":"adapted config to JSON","adapter":"caddyfile"}
2025-10-14T01:40:40.516429297Z {"level":"info","ts":1760406040.5162618,"msg":"serving initial configuration"}
2025-10-14T01:40:40.521360605Z [Tue Oct 14 01:40:40.521125 2025] [mpm_event:notice] [pid 131:tid 131] AH00489: Apache/2.4.65 (Unix) OpenSSL/3.5.2 configured -- resuming normal operations
2025-10-14T01:40:40.521549582Z [Tue Oct 14 01:40:40.521389 2025] [core:notice] [pid 131:tid 131] AH00094: Command line: 'httpd -D FOREGROUND'
2025-10-14T01:40:40.554130764Z [14-Oct-2025 01:40:40] NOTICE: fpm is running, pid 136
2025-10-14T01:40:40.554146227Z [14-Oct-2025 01:40:40] NOTICE: ready to handle connections

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

2025-10-14T00:58:24.043989347Z Connection to nextcloud-aio-nextcloud (172.18.0.3) 9000 port [tcp/*] succeeded!
2025-10-14T00:58:24.283996469Z /usr/lib/python3.12/site-packages/supervisor/options.py:13: UserWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html. The pkg_resources package is slated for removal as early as 2025-11-30. Refrain from using this package or pin to Setuptools<81.
2025-10-14T00:58:24.284017851Z   import pkg_resources
2025-10-14T00:58:25.364050436Z [Mon Oct 13 19:58:25.363328 2025] [mpm_event:notice] [pid 31:tid 31] AH00489: Apache/2.4.65 (Unix) configured -- resuming normal operations
2025-10-14T00:58:25.364072197Z [Mon Oct 13 19:58:25.363385 2025] [core:notice] [pid 31:tid 31] AH00094: Command line: '/usr/local/apache2/bin/httpd -D FOREGROUND'
2025-10-14T00:58:25.371008679Z {"level":"info","ts":1760403505.369838,"msg":"maxprocs: Leaving GOMAXPROCS=4: CPU quota undefined"}
2025-10-14T00:58:25.371031369Z {"level":"info","ts":1760403505.3700461,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":14993952768,"previous":9223372036854775807}
2025-10-14T00:58:25.371037137Z {"level":"info","ts":1760403505.3700824,"msg":"using config from file","file":"/tmp/Caddyfile"}
2025-10-14T00:58:25.372781441Z {"level":"info","ts":1760403505.3726237,"msg":"adapted config to JSON","adapter":"caddyfile"}
2025-10-14T00:58:25.376067476Z {"level":"info","ts":1760403505.3758638,"msg":"serving initial configuration"}
2025-10-14T01:16:13.862429747Z Waiting for Nextcloud to start...
2025-10-14T01:16:18.868135765Z Waiting for Nextcloud to start...
2025-10-14T01:16:23.870249091Z Waiting for Nextcloud to start...
2025-10-14T01:16:28.872465215Z Waiting for Nextcloud to start...
2025-10-14T01:16:33.877211494Z Waiting for Nextcloud to start...
2025-10-14T01:16:38.880263623Z Waiting for Nextcloud to start...
2025-10-14T01:16:43.888267846Z Waiting for Nextcloud to start...
2025-10-14T01:16:48.892575394Z Connection to nextcloud-aio-nextcloud (172.18.0.4) 9000 port [tcp/*] succeeded!
2025-10-14T01:16:49.327184583Z /usr/lib/python3.12/site-packages/supervisor/options.py:13: UserWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html. The pkg_resources package is slated for removal as early as 2025-11-30. Refrain from using this package or pin to Setuptools<81.
2025-10-14T01:16:49.327204450Z   import pkg_resources
2025-10-14T01:16:50.424779041Z {"level":"info","ts":1760404610.4236212,"msg":"maxprocs: Leaving GOMAXPROCS=4: CPU quota undefined"}
2025-10-14T01:16:50.424798840Z {"level":"info","ts":1760404610.423862,"msg":"GOMEMLIMIT is updated","package":"github.com/KimMachineGun/automemlimit/memlimit","GOMEMLIMIT":14993949081,"previous":9223372036854775807}
2025-10-14T01:16:50.424804275Z {"level":"info","ts":1760404610.4238973,"msg":"using config from file","file":"/tmp/Caddyfile"}
2025-10-14T01:16:50.426979684Z {"level":"info","ts":1760404610.426773,"msg":"adapted config to JSON","adapter":"caddyfile"}
2025-10-14T01:16:50.428472216Z [Mon Oct 13 20:16:50.427075 2025] [mpm_event:notice] [pid 51:tid 51] AH00489: Apache/2.4.65 (Unix) configured -- resuming normal operations
2025-10-14T01:16:50.428483872Z [Mon Oct 13 20:16:50.427133 2025] [core:notice] [pid 51:tid 51] AH00094: Command line: '/usr/local/apache2/bin/httpd -D FOREGROUND'
2025-10-14T01:16:50.433130583Z {"level":"info","ts":1760404610.4328911,"msg":"serving initial configuration"}

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/____:

2025-10-14T01:15:24Z ERR Serve tunnel error error="accept stream listener encountered a failure while serving" connIndex=0 event=0 ip=198.41.200.73
2025-10-14T01:15:24Z INF Retrying connection in up to 1s connIndex=0 event=0 ip=198.41.200.73
2025-10-14T01:15:24Z ERR failed to run the datagram handler error="context canceled" connIndex=3 event=0 ip=198.41.200.13
2025-10-14T01:15:24Z ERR failed to serve tunnel connection error="accept stream listener encountered a failure while serving" connIndex=3 event=0 ip=198.41.200.13
2025-10-14T01:15:24Z ERR Serve tunnel error error="accept stream listener encountered a failure while serving" connIndex=3 event=0 ip=198.41.200.13
2025-10-14T01:15:24Z INF Retrying connection in up to 1s connIndex=3 event=0 ip=198.41.200.13
2025-10-14T01:15:24Z ERR Connection terminated connIndex=1
2025-10-14T01:15:24Z ERR Connection terminated connIndex=2
2025-10-14T01:15:24Z ERR Connection terminated connIndex=0
2025-10-14T01:15:24Z ERR Connection terminated connIndex=3
2025-10-14T01:15:24Z ERR no more connections active and exiting
2025-10-14T01:15:24Z INF Tunnel server stopped
2025-10-14T01:15:24Z ERR icmp router terminated error="context canceled"
2025-10-14T01:15:24Z INF Metrics server stopped
2025-10-14T01:23:24Z INF Starting tunnel tunnelID=ecab89d0-6e4d-4a57-807d-8776ae6a2a7e
2025-10-14T01:23:24Z INF Version 2025.9.1 (Checksum 67eecdc0ec0c153daee4cd829b42c69623475afd02d84664c32e7b3bf42d3f03)
2025-10-14T01:23:24Z INF GOOS: linux, GOVersion: go1.24.4, GoArch: amd64
2025-10-14T01:23:24Z INF Settings: map[no-autoupdate:true token:*****]
2025-10-14T01:23:24Z INF Generated Connector ID: 555d38c3-8b98-4f70-bbc4-b2853f47db53
2025-10-14T01:23:24Z INF Initial protocol quic
2025-10-14T01:23:24Z INF ICMP proxy will use 172.17.0.2 as source for IPv4
2025-10-14T01:23:24Z INF ICMP proxy will use ::1 in zone lo as source for IPv6
2025-10-14T01:23:24Z ERR Cannot determine default origin certificate path. No file cert.pem in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared]. You need to specify the origin certificate path by specifying the origincert option in the configuration file, or set TUNNEL_ORIGIN_CERT environment variable originCertPath=
2025-10-14T01:23:24Z INF ICMP proxy will use 172.17.0.2 as source for IPv4
2025-10-14T01:23:24Z INF ICMP proxy will use ::1 in zone lo as source for IPv6
2025-10-14T01:23:24Z INF Starting metrics server on [::]:20241/metrics
2025-10-14T01:23:24Z INF Tunnel connection curve preferences: [X25519MLKEM768 CurveP256] connIndex=0 event=0 ip=198.41.192.27
2025/10/14 01:23:24 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details.
2025-10-14T01:23:25Z INF Registered tunnel connection connIndex=0 connection=be7805a0-9e70-4281-88af-9c5489d8d124 event=0 ip=198.41.192.27 location=bna01 protocol=quic
2025-10-14T01:23:25Z INF Tunnel connection curve preferences: [X25519MLKEM768 CurveP256] connIndex=1 event=0 ip=198.41.200.33
2025-10-14T01:23:25Z INF Updated to new configuration config="{\"ingress\":[{\"hostname\":\"sub.my.tld\", \"originRequest\":{}, \"service\":\"http://127.0.0.1:11000\"}, {\"service\":\"http_status:404\"}], \"warp-routing\":{\"enabled\":true}}" version=14
2025-10-14T01:23:25Z INF Registered tunnel connection connIndex=1 connection=5418600c-c259-49e3-8dc7-e5a8c9c74906 event=0 ip=198.41.200.33 location=atl10 protocol=quic
2025-10-14T01:23:26Z INF Tunnel connection curve preferences: [X25519MLKEM768 CurveP256] connIndex=2 event=0 ip=198.41.200.73
2025-10-14T01:23:27Z INF Tunnel connection curve preferences: [X25519MLKEM768 CurveP256] connIndex=3 event=0 ip=198.41.192.167
2025-10-14T01:23:27Z INF Registered tunnel connection connIndex=3 connection=fd3b9f3d-2afd-4cc9-a590-435b7c065c91 event=0 ip=198.41.192.167 location=bna01 protocol=quic
2025-10-14T01:23:31Z WRN Failed to dial a quic connection error="failed to dial to edge with quic: timeout: no recent network activity" connIndex=2 event=0 ip=198.41.200.73
2025-10-14T01:23:31Z INF Retrying connection in up to 2s connIndex=2 event=0 ip=198.41.200.73
2025-10-14T01:23:32Z WRN Connection terminated error="failed to dial to edge with quic: timeout: no recent network activity" connIndex=2
2025-10-14T01:23:33Z INF Tunnel connection curve preferences: [X25519MLKEM768 CurveP256] connIndex=2 event=0 ip=198.41.200.23
2025-10-14T01:23:34Z INF Registered tunnel connection connIndex=2 connection=a7092bca-a106-4615-a883-1e58d6385c40 event=0 ip=198.41.200.23 location=atl11 protocol=quic
2025-10-14T01:24:24Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=2 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:24:24Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=2 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.200.23 type=http
2025-10-14T01:25:25Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=2 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:25:25Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=2 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.200.23 type=http
2025-10-14T01:26:25Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=3 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:26:25Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=3 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.192.167 type=http
2025-10-14T01:27:25Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=1 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:27:25Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=1 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.200.33 type=http
2025-10-14T01:28:25Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:28:25Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.192.27 type=http
2025-10-14T01:29:26Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:29:26Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.192.27 type=http
2025-10-14T01:30:26Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:30:26Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.192.27 type=http
2025-10-14T01:31:26Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=3 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:31:26Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=3 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.192.167 type=http
2025-10-14T01:32:27Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:32:27Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.192.27 type=http
2025-10-14T01:33:27Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:33:27Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.192.27 type=http
2025-10-14T01:34:27Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:34:27Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.192.27 type=http
2025-10-14T01:35:28Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=3 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:35:28Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=3 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.192.167 type=http
2025-10-14T01:35:42Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=1 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:35:42Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=1 dest=https://sub.my.tld/remote.php/dav/calendars/john/app-generated--deck--board-2/ event=0 ip=198.41.200.33 type=http
2025-10-14T01:36:28Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=1 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:36:28Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=1 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.200.33 type=http
2025-10-14T01:36:30Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=2 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:36:30Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=2 dest=https://sub.my.tld/remote.php/dav/calendars/john/app-generated--deck--board-2/ event=0 ip=198.41.200.23 type=http
2025-10-14T01:37:28Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=2 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:37:28Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=2 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.200.23 type=http
2025-10-14T01:38:28Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=2 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:38:28Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=2 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.200.23 type=http
2025-10-14T01:39:13Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=3 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:39:13Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=3 dest=https://sub.my.tld/remote.php/dav/files/john/ event=0 ip=198.41.192.167 type=http
2025-10-14T01:39:14Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=1 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:39:14Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=1 dest=https://sub.my.tld/index.php/204 event=0 ip=198.41.200.33 type=http
2025-10-14T01:39:14Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=3 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:39:14Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=3 dest=https://sub.my.tld/index.php/204 event=0 ip=198.41.192.167 type=http
2025-10-14T01:39:14Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:39:14Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 dest=https://sub.my.tld/index.php/204 event=0 ip=198.41.192.27 type=http
2025-10-14T01:39:29Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:39:29Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.192.27 type=http
2025-10-14T01:40:29Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:40:29Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.192.27 type=http
2025-10-14T01:40:50Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=1 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:40:50Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=1 dest=https://sub.my.tld/ event=0 ip=198.41.200.33 type=http
2025-10-14T01:40:51Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=2 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:40:51Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=2 dest=https://sub.my.tld/favicon.ico event=0 ip=198.41.200.23 type=http
2025-10-14T01:40:51Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=1 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:40:51Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=1 dest=https://sub.my.tld/index.php/apps/files/preview-service-worker.js event=0 ip=198.41.200.33 type=http
2025-10-14T01:41:29Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:41:29Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.192.27 type=http
2025-10-14T01:42:30Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:42:30Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=0 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.192.27 type=http
2025-10-14T01:43:30Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=3 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:43:30Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=3 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.192.167 type=http
2025-10-14T01:44:31Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=3 event=1 ingressRule=0 originService=http://127.0.0.1:11000
2025-10-14T01:44:31Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:11000: connect: connection refused" connIndex=3 dest=https://sub.my.tld/apps/richdocuments/settings/fonts.json event=0 ip=198.41.192.167 type=http

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

PASTE HERE

Apps

The output of occ app:list (if possible).

Tips for increasing the likelihood of a response

  • Use the preformatted text formatting option in the editor for all log entries and configuration output.
  • If screenshots are useful, feel free to include them.
    • If possible, also include key error output in text form so it can be searched for.
  • Try to edit log output only minimally (if at all) so that it can be ran through analyzers / formatters by those trying to help you.
2

it looks you try to make a connection to your localhost which fails

this might be due to the tunnel config or other networking problems.

Please review all-in-one/reverse-proxy.md at main · nextcloud/all-in-one · GitHub especially the the cloudflare part - likely you find some hints

1 Like
3

that’s just the thing, I followed all those steps when I setup my installation to begin with and it was working all the way until nextcloud updated to v11. I don’t know what changed there to break the communication between apache and cloudflared. I’ve tried configuring the tunnel multiple ways (0.0.0.0, localhost, various 127.0.0.x) and they all fail. When I point my tunnel to :8080 it works and brings up the containers page when the apache container is down and “The login is blocked since Nextcloud is running” page when the apache container is running. running through cloudflare support and they determined that the problem is on my nextcloud deployment’s side.

I’m 95% sure something is wrong in the apache container and don’t know where to start looking. If there is a way to redeploy the apache container, I’d love to have the guide. I’ve already redeployed the master container with no dice.

4

successful connect to :8080 doesn’t proof nothing as this port is bind to mastercontainer management interface but the application runs in apache container

flowchart LR
  
   fritz.box(router<br>192.168.179.1);
   
   fritz.box-- port forward<br>tcp/3478<br>udp/3478 -->TALK
   fritz.box-- port forward<br>tcp/443 -->NC;
		subgraph intLAN[internal_network]
		 subgraph docker
				master[mastercontainer<br>:8080 - mgmt interface <br>:8443 - mgmt interface<br>:80 - ACME http challenge];
				NC[APACHE_PORT<br><br>https:// nc.mydomain.tld:443];
				TALK[TALK_PORT<br>:tcp/3478<br>:udp/3478];
			end
		end

you must analyze your system using docker ps and docker inspect looking which ports are exposed on which interface and see if routing and firewall rules allow connection from cloudflare tunnel to the application container.

as long you didn’t mangle with the container hard to imagine something is wrong. but yes there is a way to reset everything: stop all containers, run docker system prune and restart them using same command line/compose file - all containers will be recreated from scratch - procedure is described in details in the docs.

5

pruning did not resolve the issue. here’s the docker inspect

{
    "AppArmorProfile": "docker-default",
    "Args": [
        "/usr/bin/supervisord",
        "-c",
        "/supervisord.conf"
    ],
    "Config": {
        "AttachStderr": false,
        "AttachStdin": false,
        "AttachStdout": false,
        "Cmd": [
            "/usr/bin/supervisord",
            "-c",
            "/supervisord.conf"
        ],
        "Domainname": "",
        "Entrypoint": [
            "/start.sh"
        ],
        "Env": [
            "NC_DOMAIN=sub.my.tld",
            "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
            "APACHE_HOST=nextcloud-aio-apache",
            "COLLABORA_HOST=nextcloud-aio-collabora",
            "TALK_HOST=nextcloud-aio-talk",
            "APACHE_PORT=11000",
            "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
            "TZ=America/Chicago",
            "APACHE_MAX_SIZE=17179869184",
            "APACHE_MAX_TIME=3600",
            "NOTIFY_PUSH_HOST=nextcloud-aio-notify-push",
            "WHITEBOARD_HOST=nextcloud-aio-whiteboard",
            "PATH=/usr/local/apache2/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
            "HTTPD_PREFIX=/usr/local/apache2",
            "HTTPD_VERSION=2.4.65",
            "HTTPD_SHA256=58b8be97d9940ec17f7656c0c6b9f41b618aac468b894b534148e3296c53b8b3",
            "HTTPD_PATCHES="
        ],
        "ExposedPorts": {
            "11000/tcp": {},
            "80/tcp": {}
        },
        "Healthcheck": {
            "Test": [
                "CMD-SHELL",
                "/healthcheck.sh"
            ]
        },
        "Hostname": "nextcloud-aio-apache",
        "Image": "ghcr.io/nextcloud-releases/aio-apache:latest",
        "Labels": {
            "com.centurylinklabs.watchtower.enable": "false",
            "diun.enable": "false",
            "org.label-schema.vendor": "Nextcloud"
        },
        "OnBuild": null,
        "OpenStdin": false,
        "StdinOnce": false,
        "StopSignal": "SIGWINCH",
        "Tty": false,
        "User": "33",
        "Volumes": {
            "/mnt/data": {}
        },
        "WorkingDir": "/usr/local/apache2"
    },
    "Created": "2025-10-15T18:18:45.027501332Z",
    "Driver": "overlay2",
    "ExecIDs": null,
    "GraphDriver": {
        "Data": {
            "ID": "96429006fdcbe367bfba3e8cfa654e4d84c862a8647358964ece20ea8b1cfb1a",
            "LowerDir": "/var/lib/docker/overlay2/7e40aca5aa7b075bdf76e1975a8b13a2ac9d61f499b48619a1e24c140f312f7b-init/diff:/var/lib/docker/overlay2/c9ff4bab0638ae3c00322459f03e566600be9041e8223b39a86648a0c47aa9c1/diff:/var/lib/docker/overlay2/f9a09a1bbb78d6f2d083a0968011050ea953ea1dba38391d3518e3cba77aa9c7/diff:/var/lib/docker/overlay2/ba158e6f375ca8f8a6f513a09958fc385fb036a107bddabd12a9e878f4f6cdae/diff:/var/lib/docker/overlay2/6bab6f46ed9a6a044aecdddb5cebc17e6c005df069cdd05ef0d8853e052465a4/diff:/var/lib/docker/overlay2/8b2c1fa8ff420041a68ad270500c192af398ad9ee254a1670634a4414b2a2da3/diff:/var/lib/docker/overlay2/df540414c678f6d91c198233193a7ec2fd3e49feaec6dbf551db1dd5439e47b1/diff:/var/lib/docker/overlay2/1ed8991c64777188b30c545df0c1231dec5682fd1ceb644608789d98bc2d12fe/diff:/var/lib/docker/overlay2/faf6c34aade02ac080e004118a25e7a659d54c4e6fbbc9ccfc623e7756655c56/diff:/var/lib/docker/overlay2/757b7b39edcdfe5a95447842a6362dde327710e92b30be4f81cc8395acc323f5/diff:/var/lib/docker/overlay2/da746b7371ea5ff4fb853fecde24ca99ef2827a11bf147ab8ab477604237aed4/diff:/var/lib/docker/overlay2/6f336576bccf714536481e9a52cede2c695f5c69d0c25e866f68a27aac930bdf/diff:/var/lib/docker/overlay2/923337daa4adc38e54ceadbd3d8010983124a35aaf7ad0f747dff34e33686631/diff:/var/lib/docker/overlay2/004476d5d239311ff25d97a80db6849c0a375072a62647ef391a9c4afc75e39e/diff:/var/lib/docker/overlay2/b87d1156307f01da041294a637e3febb9c6b0fac1c5255b236b768b9bdb5d5ab/diff",
            "MergedDir": "/var/lib/docker/overlay2/7e40aca5aa7b075bdf76e1975a8b13a2ac9d61f499b48619a1e24c140f312f7b/merged",
            "UpperDir": "/var/lib/docker/overlay2/7e40aca5aa7b075bdf76e1975a8b13a2ac9d61f499b48619a1e24c140f312f7b/diff",
            "WorkDir": "/var/lib/docker/overlay2/7e40aca5aa7b075bdf76e1975a8b13a2ac9d61f499b48619a1e24c140f312f7b/work"
        },
        "Name": "overlay2"
    },
    "HostConfig": {
        "AutoRemove": false,
        "Binds": [
            "nextcloud_aio_nextcloud:/var/www/html:ro",
            "nextcloud_aio_apache:/mnt/data:rw"
        ],
        "BlkioDeviceReadBps": null,
        "BlkioDeviceReadIOps": null,
        "BlkioDeviceWriteBps": null,
        "BlkioDeviceWriteIOps": null,
        "BlkioWeight": 0,
        "BlkioWeightDevice": null,
        "CapAdd": null,
        "CapDrop": [
            "NET_RAW"
        ],
        "Cgroup": "",
        "CgroupParent": "",
        "CgroupnsMode": "private",
        "ConsoleSize": [
            0,
            0
        ],
        "ContainerIDFile": "",
        "CpuCount": 0,
        "CpuPercent": 0,
        "CpuPeriod": 0,
        "CpuQuota": 0,
        "CpuRealtimePeriod": 0,
        "CpuRealtimeRuntime": 0,
        "CpuShares": 0,
        "CpusetCpus": "",
        "CpusetMems": "",
        "DeviceCgroupRules": null,
        "DeviceRequests": null,
        "Devices": null,
        "Dns": null,
        "DnsOptions": null,
        "DnsSearch": null,
        "ExtraHosts": null,
        "GroupAdd": null,
        "IOMaximumBandwidth": 0,
        "IOMaximumIOps": 0,
        "Init": true,
        "IpcMode": "private",
        "Isolation": "",
        "Links": null,
        "LogConfig": {
            "Config": {},
            "Type": "json-file"
        },
        "MaskedPaths": [
            "/proc/asound",
            "/proc/acpi",
            "/proc/interrupts",
            "/proc/kcore",
            "/proc/keys",
            "/proc/latency_stats",
            "/proc/timer_list",
            "/proc/timer_stats",
            "/proc/sched_debug",
            "/proc/scsi",
            "/sys/firmware",
            "/sys/devices/virtual/powercap",
            "/sys/devices/system/cpu/cpu0/thermal_throttle",
            "/sys/devices/system/cpu/cpu1/thermal_throttle",
            "/sys/devices/system/cpu/cpu2/thermal_throttle",
            "/sys/devices/system/cpu/cpu3/thermal_throttle"
        ],
        "Memory": 0,
        "MemoryReservation": 0,
        "MemorySwap": 0,
        "MemorySwappiness": null,
        "NanoCpus": 0,
        "NetworkMode": "nextcloud-aio",
        "OomKillDisable": null,
        "OomScoreAdj": 0,
        "PidMode": "",
        "PidsLimit": null,
        "PortBindings": {
            "11000/tcp": [
                {
                    "HostIp": "0.0.0.0",
                    "HostPort": "11000"
                }
            ]
        },
        "Privileged": false,
        "PublishAllPorts": false,
        "ReadonlyPaths": [
            "/proc/bus",
            "/proc/fs",
            "/proc/irq",
            "/proc/sys",
            "/proc/sysrq-trigger"
        ],
        "ReadonlyRootfs": true,
        "RestartPolicy": {
            "MaximumRetryCount": 0,
            "Name": "unless-stopped"
        },
        "Runtime": "runc",
        "SecurityOpt": [
            "label:disable"
        ],
        "ShmSize": 67108864,
        "Tmpfs": {
            "/home/www-data": "",
            "/tmp": "",
            "/usr/local/apache2/logs": "",
            "/var/log/supervisord": "",
            "/var/run/supervisord": ""
        },
        "UTSMode": "",
        "Ulimits": null,
        "UsernsMode": "",
        "VolumeDriver": "",
        "VolumesFrom": null
    },
    "HostnamePath": "/var/lib/docker/containers/96429006fdcbe367bfba3e8cfa654e4d84c862a8647358964ece20ea8b1cfb1a/hostname",
    "HostsPath": "/var/lib/docker/containers/96429006fdcbe367bfba3e8cfa654e4d84c862a8647358964ece20ea8b1cfb1a/hosts",
    "Id": "96429006fdcbe367bfba3e8cfa654e4d84c862a8647358964ece20ea8b1cfb1a",
    "Image": "sha256:f5b11db4d39c8943f3854886fc810a21d9ccd9261dd20a300231a5d9fe3d06ce",
    "LogPath": "/var/lib/docker/containers/96429006fdcbe367bfba3e8cfa654e4d84c862a8647358964ece20ea8b1cfb1a/96429006fdcbe367bfba3e8cfa654e4d84c862a8647358964ece20ea8b1cfb1a-json.log",
    "MountLabel": "",
    "Mounts": [
        {
            "Destination": "/var/www/html",
            "Driver": "local",
            "Mode": "ro",
            "Name": "nextcloud_aio_nextcloud",
            "Propagation": "",
            "RW": false,
            "Source": "/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data",
            "Type": "volume"
        },
        {
            "Destination": "/mnt/data",
            "Driver": "local",
            "Mode": "rw",
            "Name": "nextcloud_aio_apache",
            "Propagation": "",
            "RW": true,
            "Source": "/var/lib/docker/volumes/nextcloud_aio_apache/_data",
            "Type": "volume"
        }
    ],
    "Name": "/nextcloud-aio-apache",
    "NetworkSettings": {
        "Bridge": "",
        "EndpointID": "",
        "Gateway": "",
        "GlobalIPv6Address": "",
        "GlobalIPv6PrefixLen": 0,
        "HairpinMode": false,
        "IPAddress": "",
        "IPPrefixLen": 0,
        "IPv6Gateway": "",
        "LinkLocalIPv6Address": "",
        "LinkLocalIPv6PrefixLen": 0,
        "MacAddress": "",
        "Networks": {
            "nextcloud-aio": {
                "Aliases": null,
                "DNSNames": [
                    "nextcloud-aio-apache",
                    "96429006fdcb"
                ],
                "DriverOpts": null,
                "EndpointID": "4c43b7b1adbaf50a297c97baa9f543ad5ed88c2f20225a723201419bddb584af",
                "Gateway": "172.18.0.1",
                "GlobalIPv6Address": "",
                "GlobalIPv6PrefixLen": 0,
                "GwPriority": 0,
                "IPAMConfig": null,
                "IPAddress": "172.18.0.12",
                "IPPrefixLen": 16,
                "IPv6Gateway": "",
                "Links": null,
                "MacAddress": "6a:37:42:0e:95:1c",
                "NetworkID": "e8e6863a13ead5697144b186f096f6fe3e124b93c8b7baddf0ad561a5a191425"
            }
        },
        "Ports": {
            "11000/tcp": [
                {
                    "HostIp": "0.0.0.0",
                    "HostPort": "11000"
                }
            ],
            "80/tcp": null
        },
        "SandboxID": "7b516978411cfe410e2c10556b5b962be555ebe04999954908b516da5791adcb",
        "SandboxKey": "/var/run/docker/netns/7b516978411c",
        "SecondaryIPAddresses": null,
        "SecondaryIPv6Addresses": null
    },
    "Path": "/start.sh",
    "Platform": "linux",
    "ProcessLabel": "",
    "ResolvConfPath": "/var/lib/docker/containers/96429006fdcbe367bfba3e8cfa654e4d84c862a8647358964ece20ea8b1cfb1a/resolv.conf",
    "RestartCount": 0,
    "State": {
        "Dead": false,
        "Error": "",
        "ExitCode": 0,
        "FinishedAt": "0001-01-01T00:00:00Z",
        "Health": {
            "FailingStreak": 0,
            "Log": [
                {
                    "End": "2025-10-15T13:23:16.007202794-05:00",
                    "ExitCode": 0,
                    "Output": "Connection to nextcloud-aio-nextcloud (172.18.0.11) 9000 port [tcp/*] succeeded!\nConnection to 127.0.0.1 8000 port [tcp/*] succeeded!\nConnection to 127.0.0.1 11000 port [tcp/*] succeeded!\n",
                    "Start": "2025-10-15T13:23:15.928085263-05:00"
                },
                {
                    "End": "2025-10-15T13:23:46.119777975-05:00",
                    "ExitCode": 0,
                    "Output": "Connection to nextcloud-aio-nextcloud (172.18.0.11) 9000 port [tcp/*] succeeded!\nConnection to 127.0.0.1 8000 port [tcp/*] succeeded!\nConnection to 127.0.0.1 11000 port [tcp/*] succeeded!\n",
                    "Start": "2025-10-15T13:23:46.008439339-05:00"
                },
                {
                    "End": "2025-10-15T13:24:16.198003614-05:00",
                    "ExitCode": 0,
                    "Output": "Connection to nextcloud-aio-nextcloud (172.18.0.11) 9000 port [tcp/*] succeeded!\nConnection to 127.0.0.1 8000 port [tcp/*] succeeded!\nConnection to 127.0.0.1 11000 port [tcp/*] succeeded!\n",
                    "Start": "2025-10-15T13:24:16.121166999-05:00"
                },
                {
                    "End": "2025-10-15T13:24:46.296084375-05:00",
                    "ExitCode": 0,
                    "Output": "Connection to nextcloud-aio-nextcloud (172.18.0.11) 9000 port [tcp/*] succeeded!\nConnection to 127.0.0.1 8000 port [tcp/*] succeeded!\nConnection to 127.0.0.1 11000 port [tcp/*] succeeded!\n",
                    "Start": "2025-10-15T13:24:46.198938531-05:00"
                },
                {
                    "End": "2025-10-15T13:25:16.394981092-05:00",
                    "ExitCode": 0,
                    "Output": "Connection to nextcloud-aio-nextcloud (172.18.0.11) 9000 port [tcp/*] succeeded!\nConnection to 127.0.0.1 8000 port [tcp/*] succeeded!\nConnection to 127.0.0.1 11000 port [tcp/*] succeeded!\n",
                    "Start": "2025-10-15T13:25:16.297400764-05:00"
                }
            ],
            "Status": "healthy"
        },
        "OOMKilled": false,
        "Paused": false,
        "Pid": 1667992,
        "Restarting": false,
        "Running": true,
        "StartedAt": "2025-10-15T18:18:45.127800048Z",
        "Status": "running"
    }
}

and the docker ps

CONTAINER ID   IMAGE                                               COMMAND                  CREATED         STATUS                   PORTS                                                                                                  NAMES
96429006fdcb   ghcr.io/nextcloud-releases/aio-apache:latest        "/start.sh /usr/bin/…"   2 minutes ago   Up 2 minutes (healthy)   80/tcp, 0.0.0.0:11000->11000/tcp                                                                       nextcloud-aio-apache
37d082d5cfea   ghcr.io/nextcloud-releases/aio-nextcloud:latest     "/start.sh /usr/bin/…"   2 minutes ago   Up 2 minutes (healthy)   9000/tcp                                                                                               nextcloud-aio-nextcloud
9ac33cf35602   ghcr.io/nextcloud-releases/aio-imaginary:latest     "/start.sh"              3 minutes ago   Up 3 minutes (healthy)                                                                                                          nextcloud-aio-imaginary
c3e080e1bcf0   ghcr.io/nextcloud-releases/aio-redis:latest         "/start.sh"              3 minutes ago   Up 3 minutes (healthy)   6379/tcp                                                                                               nextcloud-aio-redis
ca70830546c6   ghcr.io/nextcloud-releases/aio-postgresql:latest    "/start.sh"              3 minutes ago   Up 3 minutes (healthy)   5432/tcp                                                                                               nextcloud-aio-database
12274604abfa   ghcr.io/nextcloud-releases/aio-whiteboard:latest    "/start.sh"              3 minutes ago   Up 3 minutes (healthy)   3002/tcp                                                                                               nextcloud-aio-whiteboard
827cb1f6e8cd   ghcr.io/nextcloud-releases/aio-notify-push:latest   "/start.sh"              3 minutes ago   Up 3 minutes (healthy)                                                                                                          nextcloud-aio-notify-push
c84e6e106dbe   ghcr.io/nextcloud-releases/aio-talk:latest          "/start.sh superviso…"   3 minutes ago   Up 3 minutes (healthy)   0.0.0.0:3478->3478/tcp, 0.0.0.0:3478->3478/udp, [::]:3478->3478/tcp, [::]:3478->3478/udp               nextcloud-aio-talk
2c8daf914a9c   ghcr.io/nextcloud-releases/aio-collabora:latest     "/start-collabora-on…"   3 minutes ago   Up 3 minutes (healthy)   9980/tcp                                                                                               nextcloud-aio-collabora
59aafc13f84c   waja/calcardbackup:latest                           "/run.sh"                4 minutes ago   Up 4 minutes                                                                                                                    nextcloud-aio-calcardbackup
4e13e0040ab9   nextcloud/all-in-one:latest                         "/start.sh"              6 minutes ago   Up 6 minutes (healthy)   0.0.0.0:80->80/tcp, [::]:80->80/tcp, 8443/tcp, 0.0.0.0:8080->8080/tcp, [::]:8080->8080/tcp, 9000/tcp   nextcloud-aio-mastercontainer
9403ccf4a1bc   cloudflare/cloudflared:latest                       "cloudflared --no-au…"   41 hours ago    Up 41 hours                                                                                                                     musing_rubin
758f4d8bb7fa   portainer/agent:2.31.3                              "./agent"                3 months ago    Up 41 hours              0.0.0.0:9001->9001/tcp, [::]:9001->9001/tcp                                                            portainer_agent
6

so your Apache binds to the default AiO port :11000

...
 "APACHE_PORT=11000",
...
        "PortBindings": {
            "11000/tcp": [
                {
                    "HostIp": "0.0.0.0",
                    "HostPort": "11000"
                }
...
CONTAINER ID   IMAGE {...} PORTS 
96429006fdcb   ghcr.io/nextcloud-releases/aio-apache:latest {...} 80/tcp, 0.0.0.0:11000->11000/tcp

did you try to connect to the port :11000 locally and through the tunnel?

7

yeah it redirects to my cloudflare tunnel domain, which I’m fairly certain is by design. when I curl localIP:11000 i get this:

*   Trying 10.10.10.3:11000...
* Established connection to 10.10.10.3 (10.10.10.3 port 11000) from 10.10.10.127 port 60758 
* using HTTP/1.x
> GET / HTTP/1.1
> Host: 10.10.10.3:11000
> User-Agent: curl/8.16.0
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 302 Found
< Content-Length: 0
< Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-vKXROq8KxzN83g1kPuR11jDT3Iyx8zq4A+TTK+q8XmM='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
< Content-Type: text/html; charset=UTF-8
< Date: Thu, 16 Oct 2025 19:45:40 GMT
< Location: https://sub.my.tld/login
< Referrer-Policy: no-referrer
< Set-Cookie: oc_sessionPassphrase=RHuc0txHcNF1e40L%2BVcPemy1gkOBkuG%2F2dMH5ZQqdMSgkmQlPIu3Nltqt9dnk2e2NcZqnqfxUWSl7yNqNrn5Ya8cDMhMoboquCvSnJ47sT5Tv3owVb5KS%2BOc3Tv%2FwGku; path=/; secure; HttpOnly; SameSite=Lax
< Set-Cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
< Set-Cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
< Set-Cookie: oc332y1gr3az=21a587e361adc5f0c50646594f6360c7; path=/; secure; HttpOnly; SameSite=Lax
< Strict-Transport-Security: max-age=31536000;
< Via: 1.1 Caddy
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Permitted-Cross-Domain-Policies: none
< X-Robots-Tag: noindex, nofollow
< X-Xss-Protection: 1; mode=block
< 
* Connection #0 to host 10.10.10.3:11000 left intact

and here is when I curl to https://sub.my.tld

 Host sub.my.tld:443 was resolved.
* IPv6: 2606:4700:3030::ac43:ae5a, 2606:4700:3033::6815:5033
* IPv4: 104.21.80.51, 172.67.174.90
*   Trying [2606:4700:3030::ac43:ae5a]:443...
* Immediate connect fail for 2606:4700:3030::ac43:ae5a: Network is unreachable
*   Trying 104.21.80.51:443...
*   Trying [2606:4700:3033::6815:5033]:443...
* Immediate connect fail for 2606:4700:3033::6815:5033: Network is unreachable
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=my.tld
*  start date: Oct  2 15:36:52 2025 GMT
*  expire date: Dec 31 16:11:36 2025 GMT
*  subjectAltName: host "sub.my.tld" matched cert's "*.my.tld"
*  issuer: C=US; O=Google Trust Services; CN=WE1
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
*   Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 2: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
* Established connection to sub.my.tld (104.21.80.51 port 443) from 10.10.10.127 port 36632 
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://sub.my.tld/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: sub.my.tld]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.16.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: sub.my.tld
> User-Agent: curl/8.16.0
> Accept: */*
> 
* Request completely sent off
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/2 502 
< date: Thu, 16 Oct 2025 19:53:32 GMT
< content-type: text/plain; charset=UTF-8
< content-length: 15
< cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< expires: Thu, 01 Jan 1970 00:00:01 GMT
< referrer-policy: same-origin
< x-frame-options: SAMEORIGIN
< server: cloudflare
< cf-ray: 98fa1a587a7ed633-IAD
< 
* Connection #0 to host sub.my.tld:443 left intact
error code: 502
8

this try goes to CF I assume..

and we are back at the start where we see CF can’t access Nextcloud on 127.0.0.1:11000 ..

did you check similar posts like 502 Bad Gateway from Nginx Proxy Manager when accessing Nextcloud AIO - #4 by cdlp34 already?

9

I’ve tried both http and https of local ip:11000, nextcloud-aio-apache:11000, nextcloud-aio-apache, internal docker ip address, internal docker ip address:11000, localhost:11000, 0.0.0.0:11000, 127.0.0.0:11000, and 127.0.0.1:11000 all to no avail. The only thing I know is if I point the cloudflare tunnel to the master container, it works resolving to the master container site.

on a personal note, I’ve had about enough of this problem and am looking for more reliable file hosting/sharing, caldav, and carddav servers. If anyone has any suggestions, I’m all ears.

10

funny you ask that question in a Nextcloud forum… well you could try Nextcloud :rofl:

11

I’m on my 2nd deployment on nextcloud. first was a truenas app deployment and that got borked because of some problem with the way data was stored wasn’t compatible with a new version. I tried fixing that and only made it unrecoverable. So I spun up a machine dedicated to nextcloud aio and well here I am.

12

there are other methods of installing Nextcloud… I’m not a docker fan personally :open_mouth:
I’m a snap man myself, they call me “Mr. Snap” so I’d be a fool not to recommend the snap to you.

so if you have a dedicated machine running Ubuntu, kill the AIO docker, remove the image (make sure its shut down) then follow the installation instructions: How to install Nextcloud snap and don’t forget to read the docs first and check out the wiki, there’s plenty information in there!

you’ll bump into this sooner or later if you want to share your NAS in the snap;

and see this if you’re sharing NAS over samba

so now you’ve got plenty to study and know where to find stuff to help yourself… Nextcloud is the way to go, there’s no doubt about that.

13

given the fact the user didn’t manage to make 2 different installation methods work especially the AiO I don’t believe simply switching to another one would help.

I believe redcustom requires more education in terms of system administration and would recommend learning all the basics described in 101: Self-hosting information for beginners - once you know how it becomes easier to troubleshoot things rather simply trying different values like here: