Dear Nextcloud Community,
I am reaching out for assistance regarding my efforts to get Nextcloud up and running using the All-In-One (AIO) setup via Docker Compose and Portainer. Despite following the provided Docker Compose file and adapting the web server configurations as per the Reverse Proxy documentation (all-in-one/reverse-proxy.md at main · nextcloud/all-in-one · GitHub), I encounter an issue when attempting to click on “Submit Domain on the AIO Interface” after entering the password for AIO.
The error message I receive is:
Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. ('sudo docker logs -f nextcloud-aio-mastercontainer')."
Upon inspecting the logs in Portainer, the following information is present:
NOTICE: PHP message: The response of the connection attempt to"https://nextcloud.MYDOMAIN.net:443" was: 404 page not found NOTICE: PHP message: Expected was: c6f055c0da002e392df41c82ba60d4ac8f6b8d198dd101ab NOTICE: PHP message: The error message was: NOTICE: PHP message: Please follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things in order to debug things!
I am seeking assistance to resolve this issue. Initially, during installation, I encountered a problem where Traefik and Nextcloud were both attempting to use port 443. Consequently, I adjusted the Apache port using an ENV variable.
Below, you will find the configurations for FileConfig.yml and traefik.yml as well as the Docker Compose File.
Any guidance or support to troubleshoot and resolve this issue would be greatly appreciated.
Thank you in advance.
Best regards, Kevin
fileConfig.yml:
http:
## EXTERNAL ROUTING - Only use if you want to proxy something manually ##
routers:
nextcloud:
entryPoints:
- https
rule: 'Host(`nextcloud.MYDOMAIN.net`)'
middlewares:
- https-redirect
- nextcloud-secure-headers
service: nextcloud
pve:
entryPoints:
- https
#middlewares:
#- "auth"
homeassistant:
entryPoints:
- https
rule: 'Host(`homeassistant.MYDOMAIN.net`)'
service: homeassistant
# middlewares: chain-ha
dashboard:
rule: 'Host(`traefik.MYDOMAIN.net`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))'
- traefikauth
entryPoints:
- https
## SERVICES ##
services:
nextcloud:
loadBalancer:
servers:
- url: http://192.168.48.5:11000
passHostHeader: true
# Homeassistant service - Remove if not used
pve:
loadBalancer:
servers:
- url: https://10.187.212.55:8006
#serversTransport:
#mytransport:
#insecureSkipVerify: true
homeassistant:
loadBalancer:
servers:
- url: http://10.187.212.90:8123
## MIDDLEWARES ##
middlewares:
https-redirect:
redirectScheme:
scheme: https
permanent: true
nextcloud-secure-headers:
headers:
hostsProxyHeaders:
- "X-Forwarded-Host"
referrerPolicy: "same-origin"
customResponseHeaders:
X-Robots-Tag: "none"
traefikauth:
basicAuth:
users:
- 'traefik:xxxxx'
# Only Allow Local networks
# local-ipwhitelist:
# ipWhiteList:
# sourceRange:
# - 127.0.0.1/32 # localhost
# - 192.168.1.1/24 # LAN Subnet
# Authelia guard
#auth:
# forwardauth:
# trustForwardHeader: true
# authResponseHeaders:
# - Remote-User
# - Remote-Groups
# - Remote-Name
# - Remote-Email
# Authelia basic auth guard
#auth-basic:
# forwardauth:
# trustForwardHeader: true
# authResponseHeaders:
# - Remote-User
# - Remote-Groups
# - Remote-Name
# - Remote-Email
# Security headers
customResponseHeaders:
X-Robots-Tag: "noindex, nofollow"
X-Forwarded-Proto: "https"
server: ""
customRequestHeaders:
X-Forwarded-Proto: "https"
sslProxyHeaders:
X-Forwarded-Proto: "https"
referrerPolicy: "same-origin"
hostsProxyHeaders:
- "X-Forwarded-Host"
contentTypeNosniff: true
browserXssFilter: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 63072000
stsPreload: true
nextcloud-redirect:
redirectRegex:
permanent: true
regex: "https://(.*)/.well-known/(card|cal)dav"
replacement: "https://${1}/remote.php/dav/"
chain-nextcloud:
chain:
middlewares:
- securityHeaders
- nextcloud-redirect
chain-ha:
chain:
middlewares:
- securityHeaders
cloudflare-transform:
plugin:
htransformation:
Rules:
- Name: 'Header join'
Header: 'X-Forwarded-For'
HeaderPrefix: "^"
Values:
- '^CF-Connecting-IP'
Type: 'Join'
# crowdsec-bouncer:
# forwardauth:
# address: http://crowdsec-traefik-bouncer:8080/api/v1/forwardAuth
# trustForwardHeader: true
# Only use secure ciphers - https://ssl-config.mozilla.org/#server=traefik&version=2.6.0&config=intermediate&guideline=5.6
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
traefik.yml:
global:
checkNewVersion: true
sendAnonymousUsage: false
serversTransport:
insecureSkipVerify: true
entryPoints:
# Not used in apps, but redirect everything from HTTP to HTTPS
http:
address: :8081
forwardedHeaders:
trustedIPs: &trustedIps
# Start of Clouflare public IP list for HTTP requests, remove this if you don't use it
- 173.245.48.0/20
- 103.21.244.0/22
- 103.22.200.0/22
- 103.31.4.0/22
- 141.101.64.0/18
- 108.162.192.0/18
- 190.93.240.0/20
- 188.114.96.0/20
- 197.234.240.0/22
- 198.41.128.0/17
- 162.158.0.0/15
- 104.16.0.0/13
- 104.24.0.0/14
- 172.64.0.0/13
- 131.0.72.0/22
- 2400:cb00::/32
- 2606:4700::/32
- 2803:f800::/32
- 2405:b500::/32
- 2405:8100::/32
- 2a06:98c0::/29
- 2c0f:f248::/32
# cloudflared container IP
# - 172.26.0.2/16
# End of Cloudlare public IP list
http:
redirections:
entryPoint:
to: :443
scheme: https
# HTTPS endpoint, with domain wildcard
https:
address: :10443
forwardedHeaders:
# Reuse list of Cloudflare Trusted IP's above for HTTPS requests
trustedIPs: *trustedIps
http:
tls:
# Generate a wildcard domain certificate
certResolver: letsencrypt
domains:
- main: MYDOMAIN.net
sans:
- '*.MYDOMAIN.net'
middlewares:
- securityHeaders@file
# - crowdsec-bouncer@file
ssh:
address: :2222/tcp
providers:
providersThrottleDuration: 2s
# File provider for connecting things that are outside of docker / defining middleware
file:
filename: /etc/traefik/fileConfig.yml
watch: true
# Docker provider for connecting all apps that are inside of the docker network
docker:
watch: true
network: proxy # Add Your Docker Network Name Here
# Default host rule to containername.domain.example
defaultRule: "Host(`{{ lower (trimPrefix `/` .Name )}}.MYDOMAIN.net`)" # Replace with your domain
swarmModeRefreshSeconds: 15s
exposedByDefault: false
endpoint: "tcp://dockerproxy:2375" # Uncomment if you are using docker socket proxy
# Enable traefik ui
api:
dashboard: true
insecure: false
# Log level INFO|DEBUG|ERROR
log:
level: Info
accessLog:
filePath: "/var/log/crowdsec/traefik.log"
bufferingSize: 50
# Use letsencrypt to generate ssl serficiates
certificatesResolvers:
letsencrypt:
acme:
email: MYEMAIL@icloud.com
storage: /etc/traefik/acme.json
dnsChallenge:
provider: cloudflare
# Used to make sure the dns challenge is propagated to the rights dns servers
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
experimental:
plugins:
htransformation:
moduleName: "github.com/tomMoulard/htransformation"
version: "v0.2.7"
Docker compose file:
services:
nextcloud-aio-mastercontainer:
image: nextcloud/all-in-one:latest
init: true
restart: always
container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
- /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
ports:
- 89:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- 8099:8080
- 8499:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
environment: # Is needed when using any of the options below
# - AIO_DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
- APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
# - BORG_RETENTION_POLICY=--keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
# - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
- NEXTCLOUD_DATADIR=/mnt/data/podman/nextcloud # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
# - NEXTCLOUD_MOUNT=/mnt # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
# - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
# - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
# - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
# - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
# - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
# - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
# - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
# - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
# - NEXTCLOUD_KEEP_DISABLED_APPS=false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
# - TALK_PORT=3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
# - WATCHTOWER_DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
# networks: # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
# - nextcloud-aio # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
# # Uncomment the following line when using SELinux
# security_opt: ["label:disable"]
# # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
# # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
# caddy:
# image: caddy:alpine
# restart: always
# container_name: caddy
# volumes:
# - ./Caddyfile:/etc/caddy/Caddyfile
# - ./certs:/certs
# - ./config:/config
# - ./data:/data
# - ./sites:/srv
# network_mode: "host"
volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
# # Optional: If you need ipv6, follow step 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md first and then uncomment the below config in order to activate ipv6 for the internal nextcloud-aio network.
# # Please make sure to uncomment also the networking lines of the mastercontainer above in order to actually create the network with docker-compose
# networks:
# nextcloud-aio:
# name: nextcloud-aio # This line is not allowed to be changed as otherwise the created network will not be used by the other containers of AIO
# driver: bridge
# enable_ipv6: true
# ipam:
# driver: default
# config:
# - subnet: fd12:3456:789a:2::/64 # IPv6 subnet to use
Further Infos:
I have noticed that after accessing Nextcloud at https://INTERNAL-IP:8099, the loading bar spins for an extended period before progressing to the part where I can enter the domain.
The DNS entries are correctly configured on Cloudflare. Additionally, Home Assistant, also included in the configuration, functions without any issues.
It’s worth mentioning that I would prefer to store all data in /mnt/data/podman/nextcloud, which is why I have set this ENV variable. Is this setup sufficient and correct?
Hi! Yeah I read this, but don’t get what the problem is.