Nextcloud version: latest (8.1.0?)
Operating system and version : Debian 12.5
nginx version: 1.22.1
The issue you are facing:
I鈥檝e tried setting up Nextcloud AIO according to all-in-one/reverse-proxy.md at main 路 nextcloud/all-in-one 路 GitHub
I initially had it working and I could open the page for the initial setup but I then faced an issue similar to this one where clicking the Open Nextcloud button would just redirect me back to the same page.
I tried applying the fix suggested in that post by changing my nginx proxy_pass from proxy_pass https://127.0.0.1:8080$request_uri;
to proxy_pass http://127.0.0.1:11000$request_uri;
but that didn鈥檛 help.
I then noticed that the original poster was also passing the environment variable APACHE_IP_BINDING=127.0.0.1
which I wasn鈥檛, so I added that in my docker compose file.
Regardless of what I do, I just can鈥檛 seem to get the service running in the container to be available through port 11000:
# nc -z 127.0.0.1 11000; echo $?
1
I鈥檝e also tried resetting everything according to this guidance and recreated everything from scratch.
This is my docker-compose file:
services:
nextcloud:
container_name: nextcloud-aio-mastercontainer
image: nextcloud/all-in-one:latest
restart: always
ports:
- 8080:8080
environment:
- APACHE_PORT=11000
- APACHE_IP_BINDING=127.0.0.1
- SKIP_DOMAIN_VALIDATION=true
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer
I also tried setting APACHE_IP_BINDING=0.0.0.0
but it didn鈥檛 help.
This is my nginx config, with nginx running on the host machine:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80; # comment to disable IPv6
if ($scheme = "http") {
return 301 https://$host$request_uri;
}
listen 443 ssl http2; # for nginx versions below v1.25.1
listen [::]:443 ssl http2; # for nginx versions below v1.25.1 - comment to disable IPv6
# listen 443 ssl; # for nginx v1.25.1+
# listen [::]:443 ssl; # for nginx v1.25.1+ - keep comment to disable IPv6
# http2 on; # uncomment to enable HTTP/2 - supported on nginx v1.25.1+
# http3 on; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
# quic_retry on; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
# add_header Alt-Svc 'h3=":443"; ma=86400'; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
# listen 443 quic reuseport; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport
# listen [::]:443 quic reuseport; # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+ - please remove "reuseport" if there is already another quic listener on port 443 with enabled reuseport - keep comment to disable IPv6
server_name redacted.net;
location / {
proxy_pass http://127.0.0.1:11000$request_uri;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
client_body_buffer_size 512k;
proxy_read_timeout 86400s;
client_max_body_size 0;
# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
# If running nginx on a subdomain (eg. nextcloud.example.com) of a domain that already has an wildcard ssl certificate from certbot on this machine,
# the <your-nc-domain> in the below lines should be replaced with just the domain (eg. example.com), not the subdomain.
# In this case the subdomain should already be secured without additional actions
ssl_certificate /etc/letsencrypt/live/redacted.net/fullchain.pem; # managed by certbot on host machine
ssl_certificate_key /etc/letsencrypt/live/redacted.net/privkey.pem; # managed by certbot on host machine
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers on;
}
These are the container logs:
Trying to fix docker.sock permissions internally...
Creating docker group internally with id 109
Initial startup of Nextcloud All-in-One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. https://internal.ip.of.this.server:8080
鈿狅笍 Important: do always use an ip-address if you access this port and not a domain as HSTS might block access to it later!
If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
https://your-domain-that-points-to-this-server.tld:8443
[07-Apr-2024 21:07:39] NOTICE: fpm is running, pid 112
[07-Apr-2024 21:07:39] NOTICE: ready to handle connections
[Sun Apr 07 21:07:39.663739 2024] [mpm_event:notice] [pid 107:tid 281472958975232] AH00489: Apache/2.4.58 (Unix) OpenSSL/3.1.4 configured -- resuming normal operations
[Sun Apr 07 21:07:39.663785 2024] [core:notice] [pid 107:tid 281472958975232] AH00094: Command line: 'httpd -D FOREGROUND'
{"level":"info","ts":1712524059.6670475,"msg":"using provided configuration","config_file":"/Caddyfile","config_adapter":""}
I鈥檓 not sure what else to try.
Any help would be appreciated. Thanks!