If you want to use Let’s Encrypt certs – (which I recommend) – it’s actually pretty easy to do.
You need to install an acme client (certbot or acme.sh or a docker container that runs either certbot or acme). It just depends on what you want to do. I personally just install acme.sh on the docker host and obtain certs that method, however I’m aware many use a docker container. For example one container you could use is: https://hub.docker.com/r/linuxserver/letsencrypt/.
It just depends on you how want to install your certs.
I’ve seen a few different ways people have enabled (or tried to enable) certbot with Docker. My solution to this was to run a reverse proxy and certbot on the host. I wrote a guide for this type of setup if you want to have a look.
I’m sorry I’ll have to defer to @devnull about that.
He (she? not sure!) picked it up when helping me get it accessible.
I know my way around a PC but Linux is a little bit beyond me but I am trying to learn.
What I can say is;
I have nextcloud, mariadb and letscert installed in docker on UnRaid.
I can access the nextcloud over the web but it isn’t secured.
I don’t know if there is something up with ports maybe?
I figured a snapshot of my docker might help.
I don’t think there is any info in here that puts me at risk. All the IPs seem to be internal to my network…
I hope you’ll tell me if I left something in I didn’t notice!
Ok… I don’t know how someone writes a guide for running a website without mentioning the web server, but I guess that’s beside the point.
So Nextcloud is a website. A web server is what actually “runs” a website. In the Nextcloud Docker container, there is a web server called Apache that is “running” Nextcloud. This is already running on your system.
Apache is what ultimately needs to use the Let’s Encrypt certificate to provide HTTPS for the site.
# Section for Apache 2.4 to 2.6
Require all denied
Deny from all
# Section for Apache 2.2
Deny from all
# Section for Apache 2.2 to 2.6
Ok I think i might know what I’m looking for now, I just have no idea how to find it…
In the container, under /etc/apache2/sites-available is probably where you’ll find the site configs.
Apache needs to use the certificate that’s being pulled by the Let’s Encrypt container. I’m wondering if that’s where this is getting messed up because I don’t see a mount in common between them in your containers. I don’t use unraid so it may just be that I’m not seeing it, but somehow that cert would have to be getting from one container to the other.
But yes, to answer your question, there is a web server running in the Nextcloud container (actually the only “program” being executed, Docker calls it an entrypoint). If you want to see some more about that, you can check out the official image documentation. They have quite a few versions of the Nextcloud image, but the default one uses Apache.