System details
Nextcloud version: 22.2.3
Operating system and version: OpenMediaVault 5.6
Apache or nginx version: NPM 2.9.11
PHP version: 8.0.13
The issue
Iāve recently started running NextCloud for testing on a local server using Docker-compose. Iāve managed to get this running properly using Nginx Proxy Manager for reverse proxy, with only some minor issues indicated by the Security & Setup self-check. Following this, I changed my upstream DNS setup (a local PiHole) to a new device with a different corresponding IP address (correspondingly changing this on my router). All my local devices changed accordingly to the new upstream DNS, but in my NextCloud installation I started seeing the following problems in my installation:
-
App overview was no longer showing installable apps, only installed apps.
-
Security & Setup self-check gives the error Error occurred while checking server setup
-
A variety of errors in the logs, including:
Error: dns_get_record(): A temporary server error occurred. at /var/www/html/lib/private/Http/Client/DnsPinMiddleware.php#83
and
GuzzleHttp\Exception\ConnectException: cURL error 6: Could not resolve host: www.eff.org (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for http://www.eff.org/
This all indicated to me that inbound traffic was somehow compromised, but only for my NextCloud container (my other containers did change to the new upstream DNS). After redeploying my old upstream DNS setup on the old local IP address, I was once again seeing a normally behaving NextCloud installation (not giving the above problems). In fact, the only client that was doing requests to my old DNS upstream was the NextCloud installation. Note that I can still access my installation via reverse proxy from outside of my network (so it seems to be unrelated to Nginx).
To this, the only thing I can conclude is that my NextCloud installation is āstuckā to the upstream DNS server it was initially deployed with, which seems quite unusual. I tried finding some hardcoded upstream DNS IP in configs and whatnot, but I was not able to find any.
Any advice on how to change the upstream DNS server for my installation?
Replication steps
- Have a PiHole or similar running as main and only upstream DNS provider
- Setup Docker-compose installation
- Change PiHole IP (I changed it from a PiZero to a freshly installed PiHole container running on the same system as NextCloud, not sure if this is relevant but other containers seem to be able to cope with this)
- Revert PiHole IP to āoldā IP address to resolve the issue
NextCloud log
Literally overflowing with the same errors over and over again.
[internet_connection_check] Error: Cannot connect to: www.edri.org
GET /settings/ajax/checksetup
from x.x.x.x by xxx at 2021-11-23T09:00:18+00:00
[PHP] Error: dns_get_record(): A temporary server error occurred. at /var/www/html/lib/private/Http/Client/DnsPinMiddleware.php#83
GET /settings/ajax/checksetup
from x.x.x.x by xxx at 2021-11-23T09:00:08+00:00
[OC\Log\Rotate] Warning: Log file "/var/www/html/data/nextcloud.log" was over 104857600 bytes, moved to "/var/www/html/data/nextcloud.log.1"
at 2021-11-23T09:00:01+00:00
Config.php
<?php
$CONFIG = array (
'htaccess.RewriteBase' => '/',
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'redis',
'password' => '',
'port' => 6379,
),
'passwordsalt' => 'xxx',
'secret' => 'xxx',
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'my.domain.com',
2 => '192.168.xxx.xxx',
3 => '192.168.xxx.0/24',
),
'datadirectory' => '/var/www/html/data',
'dbtype' => 'pgsql',
'version' => '22.2.3.0',
'overwrite.cli.url' => 'https://my.domain.com',
'dbname' => 'nextcloud',
'dbhost' => 'db',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'xxx',
'dbpassword' => 'xxx',
'installed' => true,
'instanceid' => 'xxx',
'maintenance' => false,
'overwritehost' => 'my.domain.com',
'overwriteprotocol' => 'https',
);
Docker-compose.yaml
My docker-compose (based on the examples provided by the NextCloud docker github page):
version: '3.2'
services:
db:
container_name: nc_postgres
image: postgres
restart: always
volumes:
- db:/var/lib/postgresql/data
environment:
- POSTGRES_DB_FILE=/run/secrets/postgres_db
- POSTGRES_USER_FILE=/run/secrets/postgres_user
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
secrets:
- postgres_db
- postgres_password
- postgres_user
networks:
- backend
redis:
container_name: nc_redis
image: redis
restart: always
volumes:
- redis:/data
networks:
- backend
nextcloud:
container_name: nextcloud
image: nextcloud
restart: always
ports:
- 8080:80
volumes:
- nextcloud:/var/www/html
- nc_data:/var/www/html/data
environment:
- POSTGRES_HOST=db
- POSTGRES_DB_FILE=/run/secrets/postgres_db
- POSTGRES_USER_FILE=/run/secrets/postgres_user
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
- NEXTCLOUD_ADMIN_PASSWORD_FILE=/run/secrets/nextcloud_admin_password
- NEXTCLOUD_ADMIN_USER_FILE=/run/secrets/nextcloud_admin_user
- REDIS_HOST=redis
depends_on:
- db
- redis
secrets:
- nextcloud_admin_password
- nextcloud_admin_user
- postgres_db
- postgres_password
- postgres_user
networks:
- npm_default
- backend
# Cronjob executed by host OS: docker exec --user www-data nextcloud php -f /var/www/html/cron.php
volumes:
db:
nextcloud:
nc_data:
driver: local-persist
driver_opts:
mountpoint: /location/to/data/
redis:
networks:
npm_default:
external: true
backend:
secrets:
nextcloud_admin_password:
file: ./nextcloud_admin_password.txt # put admin password to this file
nextcloud_admin_user:
file: ./nextcloud_admin_user.txt # put admin username to this file
postgres_db:
file: ./postgres_db.txt # put postgresql db name to this file
postgres_password:
file: ./postgres_password.txt # put postgresql password to this file
postgres_user:
file: ./postgres_user.txt # put postgresql username to this file
Apache/Nginx logs
Canāt provide this at the moment as Iām not in my local network. Will share if necessary at a later moment.