Connection timed out when trying to access AIO behind Traefik

I’ve recently migrated to Traefik from Nginx Proxy Manager, but have been having issues accessing the AIO container behind Traefik. I’ve done my best to follow the instructions on the GitHub page (link) and these community posts (1, 2, 3, 4, 5, 6), but haven’t been able to get things set up. I’ve included my config files below. Would love some help getting this working, as I’ve been banging my head against this for a couple days now.

## nextcloud compose.yaml

services:
  nextcloud-aio-mastercontainer:
    image: nextcloud/all-in-one:latest
    init: true
    restart: unless-stopped
    container_name: nextcloud-aio-mastercontainer
    ports:
      - 16001:8080
      # have also tried with the following:
      # - 16000:80
      # - 16002:8443
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      APACHE_PORT: 11000
      # have not tried setting APACHE_BIND_IP_ADDRESS, see provided config files in link #4
    networks:
      - proxy

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer
    external: true

networks:
  proxy:
    external: true

## traefik compose.yaml

services:
  traefik:
    container_name: traefik
    image: traefik:v3.1
    ports:
      - "80:80"
      - "8080:8080"
      - "443:443"
    volumes:
      - ./static.yaml:/etc/traefik/traefik.yaml
      - ./dynamic:/etc/traefik/dynamic
      - ./letsencrypt:/letsencrypt
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.[my-domain].com`)"
      - "traefik.http.routers.dashboard.tls.certresolver=cloudflare"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.middlewares=traefik_auth"
      - "traefik.http.middlewares.traefik_auth.digestauth.users=justin:traefik:[password hash]"
    environment:
      CF_DNS_API_TOKEN_FILE: /run/secrets/cf_dns_api
    secrets:
      - "cf_dns_api"

networks:
  proxy:
    external: true

secrets:
  cf_dns_api:
    file: ./secrets/cf_dns_api.secret

## traefik static.yaml

global:
  checkNewVersion: true
  sendAnonymousUsage: true

entryPoints:
  http:
    address: :80
  https:
    address: :443

log:
  level: DEBUG

api:
  insecure: false
  dashboard: true

providers:
  docker:
    # from traefik documentation
    endpoint: tcp://socket-proxy:2375
    watch: true
    exposedByDefault: false
  file:
    directory: /etc/traefik/dynamic/
    watch: true

certificatesresolvers:
  cloudflare:
    acme:
      dnschallenge:
        provider: cloudflare
      email: justin@[my-domain].com
      storage: /letsencrypt/acme.json

## nextcloud dynamic config (dynamic/nextcloud.yaml)

http:
  routers:
    nextcloud:
      rule: "Host(`cloud.[my-domain].com`)"
      entrypoints:
        - "https"
      service: nextcloud
      middlewares:
        - nextcloud-chain
      tls:
        certresolver: "cloudflare"

  services:
    nextcloud:
      loadBalancer:
        servers:
          # have tried localhost, 0.0.0.0
          - url: "http://[VPS IP]:11000" # Use the host's IP address if Traefik runs outside the host network

  middlewares:
    nextcloud-secure-headers:
      headers:
        hostsProxyHeaders:
          - "X-Forwarded-Host"
        referrerPolicy: "same-origin"

    https-redirect:
      redirectscheme:
        scheme: https

    nextcloud-chain:
      chain:
        middlewares:
          # - ... (e.g. rate limiting middleware)
          - https-redirect
          - nextcloud-secure-headers

Hi, does this video help maybe to make it work?

I’m a bit further along now, I could access the AIO interface and start all the containers, but trying to access Nextcloud from cloud.[my-domain].com gives “502 Bad Gateway”. Traefik logs say “no route to host”. I’ve added the new config files I’m using below. I’ve also lost access to the dashboard at traefik.[my-domain].com because of the changes and would like to avoid that if possible.

## nextcloud compose.yaml

services:
  nextcloud-aio-mastercontainer:
    image: nextcloud/all-in-one:latest
    init: true
    restart: unless-stopped
    container_name: nextcloud-aio-mastercontainer
    ports:
      - 8080:8080
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      APACHE_PORT: 11000
    networks:
      - proxy

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer
    external: true

networks:
  proxy:
    external: true

## traefik compose.yaml

services:
  traefik:
    container_name: traefik
    image: traefik:v3.1
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./static.yaml:/etc/traefik/traefik.yaml
      - ./dynamic:/etc/traefik/dynamic
      - ./letsencrypt:/letsencrypt
      - /etc/localtime:/etc/localtime:ro
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.dashboard.tls.certresolver=cloudflare"
      - "traefik.http.routers.dashboard.tls.domains[0].main=[my-domain]"
      - "traefik.http.routers.dashboard.tls.domains[0].sans=*.[my-domain]"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.middlewares=traefik_auth"
      - "traefik.http.middlewares.traefik_auth.digestauth.users=justin:traefik:[password hash]"
    environment:
      CF_DNS_API_TOKEN_FILE: /run/secrets/cf_dns_api
    secrets:
      - "cf_dns_api"

networks:
  proxy:
    external: true

secrets:
  cf_dns_api:
    file: ./secrets/cf_dns_api.secret

## traefik static.yaml

global:
  checkNewVersion: true
  sendAnonymousUsage: true

entryPoints:
  http:
    address: :80
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: :443

# not a fan of this
serversTransport:
  insecureSkipVerify: true

log:
  level: DEBUG

api:
  insecure: false
  dashboard: true

providers:
  docker:
    endpoint: tcp://socket-proxy:2375
    watch: true
    exposedByDefault: false
  file:
    directory: /etc/traefik/dynamic/
    watch: true

certificatesresolvers:
  cloudflare:
    acme:
      dnschallenge:
        provider: cloudflare
      email: justin@[my-domain].com
      storage: /letsencrypt/acme.json

http:
  routers:
    nextcloud:
      rule: "Host(`cloud.[my-domain].com`)"
      entrypoints:
        - "https"
      service: nextcloud
      middlewares:
        - nextcloud-chain
      tls:
        domains:
          - main: "cloud.[my-domain].com"
        certresolver: "cloudflare"

  services:
    nextcloud:
      loadBalancer:
        servers:
          # from hostname -I
          - url: "http://10.0.0.93:11000" # Use the host's IP address if Traefik runs outside the host network
        passHostHeader: true

  middlewares:
    nextcloud-secure-headers:
      headers:
        hostsProxyHeaders:
          - "X-Forwarded-Host"
        referrerPolicy: "same-origin"
        customResponseHeaders:
          X-Robots-Tag: "none"

    https-redirect:
      redirectscheme:
        scheme: https
        permanent: true

    nextcloud-chain:
      chain:
        middlewares:
          # - ... (e.g. rate limiting middleware)
          - https-redirect
          - nextcloud-secure-headers

I managed to get it working by changing the dynamic config to use my VPS’ server IP (i.e., the public facing IP address for the server).

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.