Hey Guys im Schwank and finding my way through NC and Homelabbing for a few years now.
This is my first Forum post and im pretty new but tried to get all the important things together, if u need anything just hit me up.
Tank you in advance.

The Basics

• Nextcloud Server version (e.g., 29.x.x):
  • 32.0.0.13
• Operating system and version (e.g., Ubuntu 24.04):
  • Ubuntu 24.04
• Web server and version (e.g, Apache 2.4.25):
  • Apache 2 2.4.58
• Reverse proxy and version _(e.g. nginx 1.27.2)
  • NPM (with webUi)
• PHP version (e.g, 8.3):
  • 8.3.6 / using fpm
• Is this the first time you’ve seen this error? (Yes / No):
  • tried to fix it for the last days
• When did this problem seem to first start?
  • when setting up HaRP
• Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
  • VM GitHub - nextcloud/vm: 💻☁📦 The Nextcloud VM (virtual machine appliance), Home/SME Server and scripts for RPi (4-5). Community developed and maintained.
• Are you using CloudfIare, mod_security, or similar? (Yes / No)
  • im using Cloudflare and Adguard home for DNS im on a Proxmox 8 VM and using Pgsql as db

Summary of the issue you are facing:

I’m having an issue setting up HaRP with AppAPI/ExApps in Nextcloud. Here’s what I did:

1. Followed the official guide for deploying the HaRP AppAPI Docker container:

2. The setup seems to work fine:

The container runs without errors

The connection appears correctly in the Nextcloud UI when registering the HaRP daemon

3. However, when I try to test the deployment using the heartbeat, it fails with a 404 Not Found error

DPS (Docker Socket Proxy) works fine, i think the error is on NPM (Nginx Proxy Manager) (the one with webui)

Steps to replicate it (hint: details matter!):

1. installing NC via the VM Method (using scripts)

2. setting up HaRP docker container and connecting it in the webUI (nc appapi)

3. trying to test-deploy

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

[Fri Oct 03 00:00:01.638343 2025] [ssl:error] [pid 1272:tid 136553269671808] AH02218: ssl_stapling_init_cert: no OCSP URI in certifi>
[Fri Oct 03 00:00:01.638378 2025] [ssl:error] [pid 1272:tid 136553269671808] AH02604: Unable to configure certificate cloud.the-forg>
[Fri Oct 03 00:00:01.640129 2025] [mpm_event:notice] [pid 1272:tid 136553269671808] AH00489: Apache/2.4.58 (Ubuntu) OpenSSL/3.0.13 c>
[Fri Oct 03 00:00:01.640147 2025] [core:notice] [pid 1272:tid 136553269671808] AH00094: Command line: '/usr/sbin/apache2'
[Fri Oct 03 16:32:09.271127 2025] [proxy_fcgi:error] [pid 1000742:tid 136552638310080] [client 192.168.10.230:48446] AH01071: Got er>
[Fri Oct 03 16:35:32.872368 2025] [proxy_fcgi:error] [pid 1000743:tid 136553028105920] [client 192.168.10.230:52804] AH01071: Got er>
[Fri Oct 03 16:43:46.202252 2025] [mpm_event:notice] [pid 1272:tid 136553269671808] AH00492: caught SIGWINCH, shutting down graceful>
[Fri Oct 03 16:44:19.996681 2025] [ssl:error] [pid 1251:tid 133316104308608] AH02218: ssl_stapling_init_cert: no OCSP URI in certifi>
[Fri Oct 03 16:44:19.996971 2025] [ssl:error] [pid 1251:tid 133316104308608] AH02604: Unable to configure certificate cloud.the-forg>
[Fri Oct 03 16:44:20.019604 2025] [ssl:error] [pid 1269:tid 133316104308608] AH02218: ssl_stapling_init_cert: no OCSP URI in certifi>
[Fri Oct 03 16:44:20.019653 2025] [ssl:error] [pid 1269:tid 133316104308608] AH02604: Unable to configure certificate cloud.the-forg>
[Fri Oct 03 16:44:20.023959 2025] [mpm_event:notice] [pid 1269:tid 133316104308608] AH00489: Apache/2.4.58 (Ubuntu) OpenSSL/3.0.13 c>
[Fri Oct 03 16:44:20.024027 2025] [core:notice] [pid 1269:tid 133316104308608] AH00094: Command line: '/usr/sbin/apache2'
[Fri Oct 03 16:59:33.028486 2025] [proxy_fcgi:error] [pid 1271:tid 133314165860032] [client 192.168.10.230:50694] AH01071: Got error>
[Fri Oct 03 16:59:33.927707 2025] [proxy_fcgi:error] [pid 1271:tid 133315489162944] [client 192.168.10.230:60340] AH01071: Got error>
[Fri Oct 03 16:59:40.286688 2025] [proxy_fcgi:error] [pid 1271:tid 133315331856064] [client 192.168.10.230:60366] AH01071: Got error>
[Fri Oct 03 16:59:42.353688 2025] [proxy_fcgi:error] [pid 1272:tid 133315642255040] [client 192.168.10.230:60388] AH01071: Got error>
[Fri Oct 03 17:10:23.723796 2025] [proxy_fcgi:error] [pid 1272:tid 133315871389376] [client 192.168.10.230:48426] AH01071: Got error>
[Fri Oct 03 17:10:34.711928 2025] [proxy_fcgi:error] [pid 1272:tid 133314098751168] [client 192.168.10.230:52938] AH01071: Got error>
[Fri Oct 03 17:10:58.237546 2025] [proxy_fcgi:error] [pid 1272:tid 133315625469632] [client 192.168.10.230:49114] AH01071: Got error>

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

tried firefox and chrome based browsers

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/apache2/error.log:

[Fri Oct 03 00:00:01.638343 2025] [ssl:error] [pid 1272:tid 136553269671808] AH02218: ssl_stapling_init_cert: no OCSP URI in certifi>
[Fri Oct 03 00:00:01.638378 2025] [ssl:error] [pid 1272:tid 136553269671808] AH02604: Unable to configure certificate cloud.the-forg>
[Fri Oct 03 00:00:01.640129 2025] [mpm_event:notice] [pid 1272:tid 136553269671808] AH00489: Apache/2.4.58 (Ubuntu) OpenSSL/3.0.13 c>
[Fri Oct 03 00:00:01.640147 2025] [core:notice] [pid 1272:tid 136553269671808] AH00094: Command line: '/usr/sbin/apache2'
[Fri Oct 03 16:32:09.271127 2025] [proxy_fcgi:error] [pid 1000742:tid 136552638310080] [client 192.168.10.230:48446] AH01071: Got er>
[Fri Oct 03 16:35:32.872368 2025] [proxy_fcgi:error] [pid 1000743:tid 136553028105920] [client 192.168.10.230:52804] AH01071: Got er>
[Fri Oct 03 16:43:46.202252 2025] [mpm_event:notice] [pid 1272:tid 136553269671808] AH00492: caught SIGWINCH, shutting down graceful>
[Fri Oct 03 16:44:19.996681 2025] [ssl:error] [pid 1251:tid 133316104308608] AH02218: ssl_stapling_init_cert: no OCSP URI in certifi>
[Fri Oct 03 16:44:19.996971 2025] [ssl:error] [pid 1251:tid 133316104308608] AH02604: Unable to configure certificate cloud.the-forg>
[Fri Oct 03 16:44:20.019604 2025] [ssl:error] [pid 1269:tid 133316104308608] AH02218: ssl_stapling_init_cert: no OCSP URI in certifi>
[Fri Oct 03 16:44:20.019653 2025] [ssl:error] [pid 1269:tid 133316104308608] AH02604: Unable to configure certificate cloud.the-forg>
[Fri Oct 03 16:44:20.023959 2025] [mpm_event:notice] [pid 1269:tid 133316104308608] AH00489: Apache/2.4.58 (Ubuntu) OpenSSL/3.0.13 c>
[Fri Oct 03 16:44:20.024027 2025] [core:notice] [pid 1269:tid 133316104308608] AH00094: Command line: '/usr/sbin/apache2'
[Fri Oct 03 16:59:33.028486 2025] [proxy_fcgi:error] [pid 1271:tid 133314165860032] [client 192.168.10.230:50694] AH01071: Got error>
[Fri Oct 03 16:59:33.927707 2025] [proxy_fcgi:error] [pid 1271:tid 133315489162944] [client 192.168.10.230:60340] AH01071: Got error>
[Fri Oct 03 16:59:40.286688 2025] [proxy_fcgi:error] [pid 1271:tid 133315331856064] [client 192.168.10.230:60366] AH01071: Got error>
[Fri Oct 03 16:59:42.353688 2025] [proxy_fcgi:error] [pid 1272:tid 133315642255040] [client 192.168.10.230:60388] AH01071: Got error>
[Fri Oct 03 17:10:23.723796 2025] [proxy_fcgi:error] [pid 1272:tid 133315871389376] [client 192.168.10.230:48426] AH01071: Got error>
[Fri Oct 03 17:10:34.711928 2025] [proxy_fcgi:error] [pid 1272:tid 133314098751168] [client 192.168.10.230:52938] AH01071: Got error>
[Fri Oct 03 17:10:58.237546 2025] [proxy_fcgi:error] [pid 1272:tid 133315625469632] [client 192.168.10.230:49114] AH01071: Got error>

Output of Nginx when looking for my cloud cert (same host where nc and harp runs)

root@nginx-prod-1:~# curl -vk https://cloud.the-forge.design/ -H "Host: cloud.the-forge.design"
* Host cloud.the-forge.design:443 was resolved.
* IPv6: 2606:4700:3031::6815:237e, 2606:4700:3033::ac43:dd2f
* IPv4: 104.21.35.126, 172.67.221.47
*   Trying 104.21.35.126:443...
* Connected to cloud.the-forge.design (104.21.35.126) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=the-forge.design
*  start date: Aug  9 13:42:11 2025 GMT
*  expire date: Nov  7 14:39:47 2025 GMT
*  issuer: C=US; O=Google Trust Services; CN=WE1
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
*   Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 2: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://cloud.the-forge.design/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: cloud.the-forge.design]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: cloud.the-forge.design
> User-Agent: curl/8.5.0
> Accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/2 302 
< date: Fri, 03 Oct 2025 22:45:40 GMT
< content-type: text/html; charset=UTF-8
< location: https://cloud.the-forge.design/login
< server: cloudflare
< content-security-policy: default-src 'self'; script-src 'self' 'nonce-tO0hHfSFPXo/LcLY8UDgAhZ4o8pvYNwmKOywdr/ZTMY='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
< nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-permitted-cross-domain-policies: none
< x-robots-tag: noindex, nofollow
< referrer-policy: no-referrer
< strict-transport-security: max-age=15552000;includeSubdomains
< strict-transport-security: max-age=63072000; preload
< x-served-by: cloud.the-forge.design
< cf-cache-status: DYNAMIC
< report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=REMOVED SENSIBLE DATA"}]}
< set-cookie: oc_sessionPassphrase=x8UXw8liqdQ0rlgueKy7FARO0gKAysy8YwoZTmEad86kG780W0GJCQ1fbYQoq%2BmQv6%2BuQtDWBSJG3pKfU5Ig5aNROcIPBM25xFyPO7wXDBS8hLCB8Jb4MafJqHh2QSeS; HttpOnly; SameSite=Lax; Secure; Path=/
< set-cookie: __Host-nc_sameSiteCookielax=true; HttpOnly; SameSite=Lax; Secure; Path=/; Expires=Fri, 31 Dec 2100 23:59:59 GMT
< set-cookie: __Host-nc_sameSiteCookiestrict=true; HttpOnly; SameSite=Strict; Secure; Path=/; Expires=Fri, 31 Dec 2100 23:59:59 GMT
< set-cookie: oc53kavqa7ad=9v4jlq9hkptg8d9hie3c24lmps; HttpOnly; SameSite=Lax; Secure; Path=/
< cf-ray: 988ff89ebc5258d8-TXL
< alt-svc: h3=":443"; ma=86400
< 
* Connection #0 to host cloud.the-forge.design left intact
root@nginx-prod-1:~# 

HaRP Docker Container Logs

root@cloud:~# docker logs -f appapi-harp
INFO: /certs/frp directory created.
INFO: Generating self-signed certificates in /certs/frp...
Certificate request self-signature ok
subject=CN=harp.nc
Certificate request self-signature ok
subject=CN=harp.client.nc
INFO: Certificate generation completed.
INFO: Creating /haproxy.cfg from haproxy.cfg.template...
INFO: No /certs/cert.pem found, disabling HTTPS frontends...
INFO: Final /haproxy.cfg:
# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later

###############################################################################
# haproxy.cfg.template
#
# This template is processed by envsubst in start.sh to replace variables:
#   HP_EXAPPS_ADDRESS,
#   HP_EXAPPS_HTTPS_ADDRESS,
#   HP_TIMEOUT_CONNECT,
#   HP_TIMEOUT_CLIENT,
#   HP_TIMEOUT_SERVER,
#
## If /certs/cert.pem is not found, lines containing "_HTTPS_FRONTEND_" are
# commented out automatically in start.sh.
###############################################################################

global
    log stdout local0 warning
    maxconn 8192
    ca-base /etc/ssl/certs

defaults
    log global
    option httplog
    option dontlognull
    timeout connect 30s
    timeout client 30s
    timeout server 1800s


###############################################################################
# FRONTEND: ex_apps (HTTP)
###############################################################################
frontend ex_apps
    mode http
    bind 192.168.10.177:8780

    filter spoe engine exapps-spoe config /etc/haproxy/spoe-agent.conf
    http-request silent-drop if { var(txn.exapps.bad_request) -m int eq 1 }
    http-request return status 401 content-type text/plain string "401 Unauthorized" if { var(txn.exapps.unauthorized) -m int eq 1 }
    http-request return status 403 content-type text/plain string "403 Forbidden" if { var(txn.exapps.forbidden) -m int eq 1 }
    http-request return status 404 content-type text/plain string "404 Not Found" if { var(txn.exapps.not_found) -m int eq 1 }
    use_backend %[var(txn.exapps.backend)]

###############################################################################
# FRONTEND: ex_apps_https (only enabled if /certs/cert.pem exists)
###############################################################################
#_HTTPS_FRONTEND_ frontend ex_apps_https
#_HTTPS_FRONTEND_     mode http
#_HTTPS_FRONTEND_     bind 0.0.0.0:8781 ssl crt /certs/cert.pem

#_HTTPS_FRONTEND_     filter spoe engine exapps-spoe config /etc/haproxy/spoe-agent.conf
#_HTTPS_FRONTEND_     http-request silent-drop if { var(txn.exapps.bad_request) -m int eq 1 }
#_HTTPS_FRONTEND_     http-request return status 401 content-type text/plain string "401 Unauthorized" if { var(txn.exapps.unauthorized) -m int eq 1 }
#_HTTPS_FRONTEND_     http-request return status 403 content-type text/plain string "403 Forbidden" if { var(txn.exapps.forbidden) -m int eq 1 }
#_HTTPS_FRONTEND_     http-request return status 404 content-type text/plain string "404 Not Found" if { var(txn.exapps.not_found) -m int eq 1 }
#_HTTPS_FRONTEND_     use_backend %[var(txn.exapps.backend)]

###############################################################################
# BACKENDS: ex_apps & ex_apps_backend_w_bruteforce
###############################################################################
backend ex_apps_backend
    mode http
    server frp_server 0.0.0.0
    http-request set-path %[var(txn.exapps.target_path)]
    http-request set-dst var(txn.exapps.target_ip)
    http-request set-dst-port var(txn.exapps.target_port)
    http-request set-header EX-APP-ID %[var(txn.exapps.exapp_id)]
    http-request set-header EX-APP-VERSION %[var(txn.exapps.exapp_version)]
    http-request set-header AUTHORIZATION-APP-API %[var(txn.exapps.exapp_token)]
    http-request set-header AA-VERSION "32"  # TO-DO: temporary, remove it after we update all ExApps.

backend ex_apps_backend_w_bruteforce
    mode http
    server frp_server 0.0.0.0
    http-request set-path %[var(txn.exapps.target_path)]
    http-request set-dst var(txn.exapps.target_ip)
    http-request set-dst-port var(txn.exapps.target_port)
    http-request set-header EX-APP-ID %[var(txn.exapps.exapp_id)]
    http-request set-header EX-APP-VERSION %[var(txn.exapps.exapp_version)]
    http-request set-header AUTHORIZATION-APP-API %[var(txn.exapps.exapp_token)]
    http-request set-header AA-VERSION "32"  # TO-DO: temporary, remove it after we update all ExApps.
    filter spoe engine exapps-bruteforce-protection-spoe config /etc/haproxy/spoe-agent.conf

###############################################################################
# BACKEND: nextcloud_control (HTTP)
###############################################################################
backend nextcloud_control_backend
    mode http
    server nextcloud_control 127.0.0.1:8200
    http-request set-path %[var(txn.exapps.target_path)]

###############################################################################
# BACKEND: docker_engine (HTTP)
###############################################################################
backend docker_engine_backend
    mode http
    server frp_server 127.0.0.1
    http-request set-dst-port var(txn.exapps.target_port)
    http-request set-path %[var(txn.exapps.target_path)]

    # docker system _ping
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping$ } METH_GET
    # docker inspect image
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images/.*/json } METH_GET
    # container inspect: GET containers/%s/json
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/json } METH_GET
    # container inspect: GET containers/%s/logs
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/logs } METH_GET

    # image pull: POST images/create?fromImage=%s
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images/create } METH_POST
    http-request deny


backend agents
    mode tcp
    timeout connect 5s
    timeout server  3m
    option spop-check
    server agent1 127.0.0.1:9600 check
INFO: FRP server configuration generated at /frps.toml.
INFO: Detected /var/run/docker.sock, generating /frpc-docker.toml configuration file...
INFO: Starting Python HaProxy Agent on 127.0.0.1:8200 and 127.0.0.1:9600...
INFO: Starting FRP server on 0.0.0.0:8782...
INFO: Starting FRP client for Docker Engine...
INFO: Starting HAProxy...
2025-10-03 14:58:48.532 [I] [sub/root.go:142] start frpc service for config file [/frpc-docker.toml]
2025-10-03 14:58:48.532 [I] [client/service.go:295] try to connect to server...
[NOTICE]   (1) : Initializing new worker (49)
2025-10-03 14:58:48.559 [I] [client/service.go:287] [41b394d042deb03a] login to server success, get run id [41b394d042deb03a]
2025-10-03 14:58:48.560 [I] [proxy/proxy_manager.go:173] [41b394d042deb03a] proxy added: [bundled-deploy-daemon]
2025-10-03 14:58:48.563 [I] [client/control.go:168] [41b394d042deb03a] [bundled-deploy-daemon] start proxy success
[NOTICE]   (1) : Loading success.
[2025-10-03T15:19:04+0000] [ERROR] Invalid request path, cannot find AppID: /

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "192.168.178.123",
            "cloud.my-domain.test",
            "192.168.178.123",
            "192.168.178.123"
        ],
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "version": "32.0.0.13",
        "overwrite.cli.url": "https:\/\/cloud.my-domain.test",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": "0",
            "dbindex": "0",
            "timeout": "0.5",
            "password": "***REMOVED SENSITIVE VALUE***"
        },
        "memcache.local": "\\OC\\Memcache\\Redis",
        "filelocking.enabled": "true",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "upgrade.disable-web": true,
        "log_type": "file",
        "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
        "loglevel": 1,
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "maintenance_window_start": 2,
        "mail_smtpmode": "smtp",
        "remember_login_cookie_lifetime": "43200",
        "log_rotate_size": "0",
        "trashbin_retention_obligation": "auto, 60",
        "versions_retention_obligation": "auto, 180",
        "activity_expire_days": "120",
        "simpleSignUpLink.shown": false,
        "default_phone_region": "de",
        "logtimezone": "Europe\/Berlin",
        "htaccess.RewriteBase": "\/",
        "session_lifetime": "43200",
        "session_keepalive": "false",
        "share_folder": "\/Shared",
        "preview_concurrency_new": "8",
        "preview_concurrency_all": "16",
        "enabledPreviewProviders": [
            "OC\\Preview\\Imaginary",
            "OC\\Preview\\Image",
            "OC\\Preview\\MarkDown",
            "OC\\Preview\\MP3",
            "OC\\Preview\\TXT",
            "OC\\Preview\\OpenDocument",
            "OC\\Preview\\Movie",
            "OC\\Preview\\Krita",
            "OC\\Preview\\ImaginaryPDF"
        ],
        "preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
        "preview_max_x": "2048",
        "preview_max_y": "2048",
        "preview_max_memory": "256",
        "preview_format": "webp",
        "maintenance": false,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauth": true,
        "mail_smtpport": "465",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpsecure": "ssl",
        "forbidden_filename_basenames": [
            "con",
            "prn",
            "aux",
            "nul",
            "com0",
            "com1",
            "com2",
            "com3",
            "com4",
            "com5",
            "com6",
            "com7",
            "com8",
            "com9",
            "com\u00b9",
            "com\u00b2",
            "com\u00b3",
            "lpt0",
            "lpt1",
            "lpt2",
            "lpt3",
            "lpt4",
            "lpt5",
            "lpt6",
            "lpt7",
            "lpt8",
            "lpt9",
            "lpt\u00b9",
            "lpt\u00b2",
            "lpt\u00b3"
        ],
        "forbidden_filename_characters": [
            "<",
            ">",
            ":",
            "\"",
            "|",
            "?",
            "*",
            "\\",
            "\/"
        ],
        "forbidden_filename_extensions": [
            " ",
            ".",
            ".filepart",
            ".part"
        ],
        "config_preset": 9,
        "app_install_overwrite": [
            "fulltextsearch",
            "fulltextsearch_elasticsearch",
            "files_fulltextsearch",
            "rocketchat_nextcloud"
        ],
        "defaultapp": "files"
    }
}

HaRP Docker Container Command i used for creation / launch

root@cloud:~# docker run   -e HP_SHARED_KEY=“***REMOVED SENSITIVE VALUE***”   -e NC_INSTANCE_URL=“``https://mydomain-test.com``(domain is the same just for privacy)”   -e HP_EXAPPS_ADDRESS=“192.168.10.177:8780”   -v /var/run/docker.sock:/var/run/docker.sock   -v /mnt/pool/docker/certs:/certs   --name appapi-harp -h appapi-harp   --restart unless-stopped   --network host   -d ``ghcr.io/nextcloud/nextcloud-appapi-harp:release

Apps

The output of occ app:list (if possible):

Enabled:
  - activity: 5.0.0-dev.0
  - admin_audit: 1.22.0
  - app_api: 32.0.0
  - assistant: 2.8.0
  - bruteforcesettings: 5.0.0-dev.0
  - calendar: 6.0.0
  - call_summary_bot: 3.1.0
  - circles: 32.0.0
  - cloud_federation_api: 1.16.0
  - collectives: 3.1.2
  - comments: 1.22.0
  - contacts: 8.0.2
  - contactsinteraction: 1.13.1
  - context_chat: 4.5.0
  - cospend: 3.1.3
  - dashboard: 7.12.0
  - dav: 1.34.2
  - deck: 1.16.0
  - federatedfilesharing: 1.22.0
  - federation: 1.22.0
  - files: 2.4.0
  - files_downloadlimit: 5.0.0-dev.0
  - files_external: 1.24.0
  - files_fulltextsearch: 31.0.0
  - files_pdfviewer: 5.0.0-dev.0
  - files_reminders: 1.5.0
  - files_sharing: 1.24.0
  - files_trashbin: 1.22.0
  - files_versions: 1.25.0
  - firstrunwizard: 5.0.0-dev.0
  - forms: 5.2.1
  - fulltextsearch: 31.0.0
  - fulltextsearch_elasticsearch: 31.0.0
  - guests: 4.5.2
  - integration_openai: 3.7.1
  - intros: 1.1.2
  - logreader: 5.0.0-dev.0
  - lookup_server_connector: 1.20.0
  - mail: 5.5.6
  - nextcloud_announcements: 4.0.0-dev.0
  - notifications: 5.0.0-dev.0
  - notify_push: 1.2.0
  - oauth2: 1.20.0
  - password_policy: 4.0.0-dev.0
  - photos: 5.0.0-dev.1
  - privacy: 4.0.0-dev.0
  - profile: 1.1.0
  - provisioning_api: 1.22.0
  - quota_warning: 1.22.0
  - recommendations: 5.0.0-dev.0
  - related_resources: 3.0.0-dev.0
  - richdocuments: 9.0.0
  - richdocumentscode: 25.4.504
  - serverinfo: 4.0.0-dev.0
  - settings: 1.15.1
  - sharebymail: 1.22.0
  - spreed: 22.0.0
  - support: 4.0.0-dev.0
  - survey_client: 4.0.0-dev.0
  - suspicious_login: 10.0.0-dev.0
  - systemtags: 1.22.0
  - tables: 0.9.5
  - terms_of_service: 4.6.0
  - text: 6.0.0-dev.0
  - theming: 2.7.0
  - twofactor_backupcodes: 1.21.0
  - twofactor_nextcloud_notification: 6.0.0-dev.0
  - twofactor_totp: 14.0.0
  - updatenotification: 1.22.0
  - user_status: 1.12.0
  - viewer: 5.0.0-dev.0
  - weather_status: 1.12.0
  - webhook_listeners: 1.3.0
  - welcome: 1.3.0
  - whiteboard: 1.2.1
  - workflowengine: 2.14.0
Disabled:
  - encryption: 2.20.0
  - user_ldap: 1.23.0

Nginx npm config

I tried diffrent things like adding it to the custom config section at the last tab or doing it split up or setting it all up on the locations tab, nothing worked, ironically my whiteboard backend is working without “npm locations” or anything

domain: cloud.my-domain.test (just for privacy reasons)
scheme: https
Forward Hostname / IP: 192.168.178.123
Forward Port: 443
Websocket support: on

Custom Location:

location: /exapps/
scheme: http
Forward Hostname / IP: 127.0.0.1
Forward Port: 8780
custom config:

        proxy_pass http://127.0.0.1:8780;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

Hello @OnkelSchwank,

welcome to the Nextcloud community!

seems there is an issue with your TLS cert. please review if you use valid public CA TLS cert.. if you for any reason choose self-signed cert go the long path injecting your trusted local CA everywhere

Any way to Check this? Im Pretty inconvinient with that and just use npm my cert for nextcloud ( same Host and ip as Harp etc) works just Fine could it be that there is a missconfig in my nginx.

Thank you for Ur time!

Hey, how did you start the HaRP docker container?

root@cloud:~# docker run -e HP_SHARED_KEY=“***REMOVED SENSITIVE VALUE***” -e NC_INSTANCE_URL=“``https://mydomain-test.com``(domain is the same just for privacy)” -e HP_EXAPPS_ADDRESS=“192.168.10.177:8780” -v /var/run/docker.sock:/var/run/docker.sock -v /mnt/pool/docker/certs:/certs --name appapi-harp -h appapi-harp --restart unless-stopped --network host -d ``ghcr.io/nextcloud/nextcloud-appapi-harp:release

i hope that helps, thank you for ur time!

I also checked if the key is the same, the domain, and the ip. Like I said, the connection test in the nextcloud webui works (as it did for the normal docker socket proxy (the old one without harp) but the test-deploy wont work on harp (it works on DSP even with exapps geployed)

I’m having the same issue here with a similar setup.
Initially my daemon container wouldn’t start until I added –security-opt apparmor=unconfined \ to the docker run command.

Any more thoughts or ideas would be very much appreciated.

The Nginx configuration as per HaRP’s README.md is deficient.
The complete proxy_pass directive would be:

proxy_pass http://127.0.0.1:8780/exapps/;

Also make sure to wait for the blacklist timeout (By default 5 minutes) of the HaRP container after the test deploy status page has retried the old URL past the no route blacklist failure threshold mechanism. (Visible with “docker logs -f appapi-harp“ if you create the appapi-harp container with the -e HP_LOG_LEVEL=“debug” -e HP_VERBOSE_START=”1” options)
Also the “Check connection” button for the Deploy Daemon will fail if the blacklist is active.

Im unsing NPM so i configure proxy pass over the web ui, i also tried traefik but diddnt work either.

The check connection button works without any problems and the test deploay container also seems to start but somehow the healthcheck wont get trough. Any logs or infos i could send you to get further assistance?

Thank you for ur time
Greetings from Dresden
Domenic

Hallo, ich antworte mal auf Deutsch, sollte wohl klappen, wenn du aus Dresden kommst .

Ich habe bei meinem Nginx Proxy Manager unter Advanced folgendes eingetragen:

location /exapps/ {
  proxy_pass http://IP:PORT; # interne IP-Adresse des Docker-Servers
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
}

Du musst auch prüfen, dass die Einstellungen bei der Erstellung richtig waren.

HP_EXAPPS_ADDRESS = Interne IP : PORT
NC_INSTANCE_URL = Web-Adresse

Dabei darauf achten, dass die NC_INSTANCE_URL als HTTP angegeben wird.

Ich hatte auch so meine Problemchen, aber mit diesen Einstellungen läuft es.
Hatte mich auch an der offiziellen Seite entlanggehangelt und war am Ende auf die gleichen Fehler und Probleme gestoßen.

Hey Thomas, danke dir für deine ausführliche Antwort, ich teste das ganze übers Wochenende mal. Vielen Dank!