Can't connect to nextcloud-aio-mastercontainer

Using:

  • nextcloud/all-in-one:latest
  • Arch Linux with kernel 6.12.1
  • Caddy (latest) as reverse proxy

Summary of the issue you are facing:

  1. Main issue: the Nextcloud container doesn’t seem to be using the specified port, 11000, despite setting the env variables in the Docker compose file.
  2. Is setting APACHE_PORT and the other variables supposed to disable built-in HTTPS? Or is there something I need to do to trigger that? Or will that always be running and the 11000 thing is a bypass?
  3. Is setting APACHE_PORT and the other variables supposed to disable built-in caddy? Or is the Caddyfile in the root directory of the container and in the logs not indicative that Caddy in being used?
  4. I am not seeing any other spawned containers, is that supposed to happen yet?
  5. Also: I can wget the initial startup page on the host machine at 48080 as mapped in the compose file, but both Firefox and Chrome (navigating to https://localhost:48080, same URL as with curl and wget) get a connection refused. Might be an unrelated issue.

I am probably forgetting something, I’ve been at this awhile and I’m tired and so is Claude.

Config

relevant section of docker-compose.yaml:

  nextcloud-aio-mastercontainer:
    container_name: nextcloud-aio-mastercontainer
    image: nextcloud/all-in-one:latest
    init: true
    restart: always
    networks:
      liyuannet:
    ports:
      - "48080:8080"
    environment:
      APACHE_PORT: 11000
      APACHE_IP_BINDING: 0.0.0.0
      APACHE_ADDITIONAL_NETWORK: liyuannet
      NEXTCLOUD_DATADIR: /mnt/nextclouddata
      # SKIP_DOMAIN_VALIDATION: true
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /mnt/fs/host/nextcloud:/mnt/nextclouddata
    depends_on:
      - caddy

relevant section of Caddyfile (subbing in example for actual domain):

mywebsite.com {
	reverse_proxy nextcloud-aio-mastercontainer:11000
}

This config works with all the other sites I am using with caddy in this way.

Logs

docker logs nextcloud-aio-mastercontainer gives:

Trying to fix docker.sock permissions internally...
Creating docker group internally with id 971
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
........+....+......+......+.....+......+....+.........+..+++++++++++++++++++++++++++++++++++++++++++++*........+........+...+...+.......+........+.+...+...+.........+.....+.+.....+.........+.+++++++++++++++++++++++++++++++++++++++++++++*......................+.+......+..+......+.+......+...+..............+.......+...+++++
.+...+.....+.......+.....+.+++++++++++++++++++++++++++++++++++++++++++++*.................+....+.....+.+.....+...............+.+.....+.+..............+...+......+......+.........+....+..+.+..+...+.........+................+...+.....+......+.+..+.+...............+..+....+......+.....+.........+.+++++++++++++++++++++++++++++++++++++++++++++*..........................+...+.+......+......+........+......+...............+...+......+.......+.....+........................+......+....+...+..+....+..............+.+...........+...................+..+....+......+++++
-----
Initial startup of Nextcloud All-in-One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. https://internal.ip.of.this.server:8080
⚠️ Important: do always use an ip-address if you access this port and not a domain as HSTS might block access to it later!

If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
https://your-domain-that-points-to-this-server.tld:8443
[Mon Nov 25 01:42:17.393272 2024] [mpm_event:notice] [pid 192:tid 192] AH00489: Apache/2.4.62 (Unix) OpenSSL/3.3.2 configured -- resuming normal operations
[Mon Nov 25 01:42:17.393295 2024] [core:notice] [pid 192:tid 192] AH00094: Command line: 'httpd -D FOREGROUND'
{"level":"info","ts":1732498937.4002242,"msg":"using config from file","file":"/Caddyfile"}
[25-Nov-2024 01:42:17] NOTICE: fpm is running, pid 202
[25-Nov-2024 01:42:17] NOTICE: ready to handle connections
{"level":"info","ts":1732498937.4011843,"msg":"adapted config to JSON","adapter":"caddyfile"}

output of sudo netstat -tulpn in the nextcloud aio container:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:2019          0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:9876          0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.11:46791        0.0.0.0:*               LISTEN      -
tcp        0      0 :::8000                 :::*                    LISTEN      192/httpd
tcp        0      0 :::8080                 :::*                    LISTEN      192/httpd
tcp        0      0 :::80                   :::*                    LISTEN      -
tcp        0      0 :::8443                 :::*                    LISTEN      -
tcp        0      0 :::9000                 :::*                    LISTEN      202/php-fpm.conf)
udp        0      0 127.0.0.11:42803        0.0.0.0:*                           -

I don’t see any relevant-looking logs in the container other than access logs showing my successful curl and wget connections. The caddy container’s logs show that when I’m trying to connect to my domain, caddy isn’t getting a connection on port 11000, which is expected given that the port isn’t being set correctly.

I really, really appreciate any ideas anyone has on this!

Hi @etd, welcome to Nextcloud community :handshake:

please review AiO reverse proxy

you seem confused because of the AiO concept which has an AiO management page hosted at nextcloud-aio-mastercontainer port :8080 (or :48080 in your case) and the Nextcloud application which is hosted by Apache container behind APACHE_PORT (but only available once Apache container has started). you’ll see the status on the AiO container on the management page.

2 Likes

Ah ok that actually makes a lot of sense.

So at this point I really just need to figure out why Firefox and Chrome cannot connect to localhost:48080 when curl can from the same host. This doesn’t sound like a Nextcloud problem to me but I’m not currently looking at it, at least I have some clarity now. Thank you!

OK NEVER MIND I am so sorry, I was running curl on the server and Firefox on another computer on my network. Absolute rookie mistake. Please disregard