Config help for Docker Nextcloud AIO

DerDominik · November 7, 2024, 8:49pm

Hi all,

after my last question (seperate nextcloud and nginx/php docker) I wanted to test the Nextcloud AIO docker package, but I’m facing some problems.

Situation:
I want to use Nextcloud AIO only in my local network on my rpi4, no access from Internet. And no NGinx Proxy manager or similar.
Only the AIO package.

I’ve taken the example docker-compose and adjusted it on my setup (or what I think it could be right).
But it’s not working and I don’t know what is wrong.

Sometimes I could start the install, but nextcloud itself was not reachable. Also the certificate seems to be wrong created (everytime detected as not safe certificate)
Before I start the next try. It is possible that somechecks my configs, if there are any mistakes? Or what could be improved?

compose.yaml

services:
  nextcloud:
    image: nextcloud/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    ports:
      - 8080:8080
    environment:
      - APACHE_PORT=11000
      - APACHE_IP_BINDING=127.0.0.1
      - NEXTCLOUD_DATADIR=/home/pi/docker/nextcloud/nextcloud-data
      - SKIP_DOMAIN_VALIDATION=true

  caddy:
    image: caddy:alpine
    container_name: caddy
    restart: always
    ports:
      - 80:80
      - 443:443
    volumes:
      - /home/pi/docker/nextcloud/caddy-files/caddy:/usr/bin/caddy
      - /home/pi/docker/nextcloud/caddy-certs:/certs
      - /home/pi/docker/nextcloud/caddy-config:/config
      - /home/pi/docker/nextcloud/caddy-data:/data
      - /home/pi/docker/nextcloud/caddy-certs:/srv
      - /home/pi/docker/nextcloud/caddy-files/Caddyfile:/etc/caddy/Caddyfile
    environment:
      DOMAIN: "xxx.duckdns.org"
      EMAIL: "xxx@googlemail.com"
      DUCKDNS_TOKEN: "xx-xx-xx-xx-xx"
      LOG_FILE: "/data/access.log"

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

Caddyfile:

xxx.duckdns.org:443 {
	tls {
		dns duckdns xx-xx-xx-xx-xx
	}
  reverse_proxy localhost:11000
}

The caddy file was downloaded from the caddy homepage and should work (executing is possible).

Shouldn’t be a problem, that I created another certificate at a duckdns-subdomain with my email-address?

Thanks for your support

Best regards,
Dominik

szaimen · November 7, 2024, 9:12pm

Hi, please check and adjust this:

github.com

nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below

# Reverse Proxy Documentation

> [!NOTE]  
> The maintainers of AIO noticed that this documentation could be improved to make it easier to follow. All contributions that improve this are very welcome!

A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is a software service that acts as a gateway between services and a client. It is commonly used to allow a client connected to the Internet to access a website located in the [private subnet](https://en.wikipedia.org/wiki/Private_network) of that web server.

**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface).

In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to:
1. specify the port that AIO's integrated Apache container shall use
2. add a specific config to your web server or reverse proxy
3. modify the startup command a bit.
All examples below will use port `11000` as `APACHE_PORT`. This port will be exposed in the private network to receive unencrypted HTTP traffic from the reverse proxy.
> [!IMPORTANT] 
> If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.

**Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
1. **Configure the reverse proxy! See [point 1](#1-configure-the-reverse-proxy)**
1. **Use this startup command! See [point 2](#2-use-this-startup-command)**

This file has been truncated. show original

DerDominik · November 7, 2024, 9:43pm

Thanks for your fast help
After adding “network_mode: host” to my caddy part it is directly working.
Seems that also a certifcate was generated before

Thanks, thanks, thanks

system · November 15, 2024, 9:44pm

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.