I am trying to get Nextcloud AIO running behind Traefik2 on Debian Bookworm. Docker is installed via the PiBuilder script for IOTstack (not on a Pi though). Setup worked mostly so far and I can log into NC, but the Collabora and the Docker Socket Proxy container perpetually show as starting in the AIO web interface.
Collabora log (end of a very long log)
Summary
wsd-00007-00007 2023-12-30 11:08:21.056831 +0100 [ coolwsd ] WRN #-1: Failed setsockopt TCP_NODELAY. Will not report further failures to set TCP_NODELAY: Bad file descriptor| net/Socket.hpp:212
wsd-00007-00007 2023-12-30 11:08:21.056902 +0100 [ coolwsd ] TRC #-1: Created socket. Thread affinity set to 0x7fcdbf255880| net/Socket.hpp:382
wsd-00007-00007 2023-12-30 11:08:21.056913 +0100 [ coolwsd ] ERR #-1: Failed setsockopt SO_REUSEADDR: Bad file descriptor (EBADF: Bad file descriptor)| net/Socket.cpp:826
wsd-00007-00007 2023-12-30 11:08:21.056926 +0100 [ coolwsd ] ERR #-1: Failed set ipv6 socket to 0 (EBADF: Bad file descriptor)| net/Socket.cpp:857
wsd-00007-00007 2023-12-30 11:08:21.056935 +0100 [ coolwsd ] ERR #-1: Failed to bind to: IPv6 port: 9980 (EBADF: Bad file descriptor)| net/Socket.cpp:864
Failed to listen on Server port(s) (9980-9980). Exiting
wsd-00007-00007 2023-12-30 11:08:21.056943 +0100 [ coolwsd ] TRC #-1: Socket dtor| net/Socket.hpp:147
wsd-00007-00007 2023-12-30 11:08:21.056949 +0100 [ coolwsd ] DBG #-1: Closed socket to | net/Socket.hpp:152
wsd-00007-00007 2023-12-30 11:08:21.056977 +0100 [ coolwsd ] FTL Failed to listen on Server port(s) (9980-9980). Exiting| wsd/COOLWSD.cpp:5742
Forced Exit with code: 70
wsd-00007-00007 2023-12-30 11:08:21.056990 +0100 [ coolwsd ] FTL Forced Exit with code: 70| common/Util.cpp:1140
Docker Socket Proxy log (end of a very long log)
Summary
[NOTICE] (23) : haproxy version is 2.9.0-fddb8c1
[ALERT] (23) : Binding [/tmp/haproxy.cfg:13] for frontend http: cannot create receiving socket (Address family not supported by protocol) for [:::2375]
[ALERT] (23) : [haproxy.main()] Some protocols failed to start their listeners! Exiting.
This is the docker-compose section of AIO and Traefik
Summary
nextcloud-aio-mastercontainer:
image: nextcloud/all-in-one:latest
init: true
restart: always
container_name: nextcloud-aio-mastercontainer
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 8442:80
- 7080:8080
- 8443:8443
environment:
- AIO_DISABLE_BACKUP_SECTION=false
- APACHE_PORT=11000
- APACHE_IP_BINDING=0.0.0.0
- NEXTCLOUD_DATADIR=/mnt/workhdd/ncdatadir
- NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts notes
- NEXTCLOUD_ADDITIONAL_APKS=imagemagick
- NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick
- NEXTCLOUD_ENABLE_DRI_DEVICE=true
networks:
- default
- proxy
traefik:
image: ‘traefik:2.8.1’
container_name: ‘traefik’
restart: ‘unless-stopped’
command:
- “–log.level=ERROR”
- “–api.insecure=true”
- “–providers.docker=true”
- “–providers.docker.exposedbydefault=false”
- “–providers.file.directory=/etc/traefik”
- “–entrypoints.web.address=:80”
- “–entrypoints.websecure.address=:443”
- “–entrypoints.websecure.http.tls=true”
- “–entrypoints.websecure.http.tls.domains[0].main=(mydomain)”
- “–entrypoints.websecure.http.tls.domains[0].sans=*.(mydomain)”
- “–certificatesresolvers.myresolver.acme.dnschallenge=true”
- “–certificatesresolvers.myresolver.acme.dnschallenge.provider=(provider)”
- “–certificatesresolvers.myresolver.acme.email=(email)”
- “–certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json”
#- “–log.level=DEBUG”
#- “–accesslog=true”
secrets:
- (token)
environment:
- (tokenfile)
ports:
- ‘80:80’
- ‘443:443’
- ‘8080:8080’
volumes:
- ‘/var/run/docker.sock:/var/run/docker.sock:ro’
- ‘$PWD/volumes/traefik/config:/etc/traefik’
- “$PWD/volumes/traefik/letsencrypt:/letsencrypt”
labels:
- (stuff for internal traefik interface)
extra_hosts:
- “host.docker.internal:host-gateway”
networks:
proxy:
ipv4_address: 172.100.100.1
Dynamic configuration of Traefik analogous to the reverse proxy example in all-in-one/reverse-proxy.md at main · nextcloud/all-in-one · GitHub :
Summary
http:
routers:
nextcloud:
rule: "Host(`[mydomain]`)"
entrypoints:
- "websecure"
service: nextcloud
middlewares:
- nextcloud-chain
tls:
certresolver: "myresolver"
services:
nextcloud:
loadBalancer:
servers:
- url: "http://host.docker.internal:11000"
middlewares:
nextcloud-secure-headers:
headers:
hostsProxyHeaders:
- "X-Forwarded-Host"
referrerPolicy: "same-origin"
https-redirect:
redirectscheme:
scheme: https
nextcloud-chain:
chain:
middlewares:
- https-redirect
- nextcloud-secure-headers
I also logged incoming requests from my IP in traefik after stopping and starting the containers in the AIO interface:
Summary
“GET /index.php/apps/notify_push/test/version HTTP/2.0” 200 4 “-” “-” 1915 “nextcloud@file” “http://host.docker.internal:11000” 613ms
“GET /hosting/discovery HTTP/1.1” 502 0 “-” “-” 1929 “nextcloud@file” “http://host.docker.internal:11000” 3001ms
“GET /index.php/204 HTTP/2.0” 404 19 “-” “-” 2145 “-” “-” 0ms
“GET /index.php/204 HTTP/2.0” 404 19 “-” “-” 2164 “-” “-” 0ms
The connectivity pings to index.php/204 are probably from mobile clients that are waiting for NC to be migrated (still calling another subdomain).
The failed call to /hosting/discovery seems to be associated with Collabora (as discussed here: Missing public hostname in /hosting/discovery, documents don't load - #2 by wwe).
Anyone ideas?