Docker AIO with nginx reverse proxy on docker network

🚧 Installation
, , ,
1

I’ve been trying to get the aio container running behind nginx that’s running in a separate container, with both containers sharing a docker network with no luck.

Installing NextCloud AIO behind a reverse proxy (nginx) with a Docker network - :construction: Installation - Nextcloud community seems somewhat similar but it looks like they got through to the server and got an error there.

Going through the reverse-proxy tutorial I got these configs

version: "3.9"

services:
  cloud:
    container_name: "nextcloud-aio-mastercontainer"
    image: nextcloud/all-in-one:latest
    init: true
    restart: always

    ports:
      - "8000:8080"
    environment:
      - APACHE_PORT=11000
      - APACHE_IP_BINDING=0.0.0.0
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - defnet

volumes:
  nextcloud_aio_mastercontainer:
    name: "nextcloud_aio_mastercontainer"

networks:
  defnet:
    name: defnet
    external: true

server {
    listen 443 ssl;
    server_name www.example.com;

    ssl_certificate /etc/certbot/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/certbot/live/example.com/privkey.pem;

    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
    ssl_session_tickets off;

    location / {
        proxy_pass http://cloud:11000$request_uri;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Accept-Encoding "";
        proxy_set_header Host $host;

        client_body_buffer_size 512k;
        proxy_read_timeout 86400s;
        client_max_body_size 0;

        # Websocket
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
}

Where is the 11000 port supposed to be opened? Running docker ps it’s not exposed normally through docker, and trying netcap I got through to all the expected ports at the container’s ip except for 11000

Trying other hosts for the proxy_pass also got me nothing

2

You’re exposing port 8000 but set the APACHE_PORT to 11000 so that exposed port does nothing

    ports:
      - "8000:8080"
    environment:
      - APACHE_PORT=11000

You’ll need to verify that your Nginx container is a part of the defnet network. If it’s part of that network you don’t need to expose the APACHE_PORT because they have access to anything in the same network.

One issue I had in my deployment was Nginx not resolving the internal domain ( cloud in your case nextcloud_app in mine). Setting the resolver in your Nginx to the docker 127.0.0.11 helped e.g.:

location / {
    resolver 127.0.0.11 valid=10s;
    set $upstream_app nextcloud_app;
    set $upstream_port 80;
    set $upstream_proto http;
    proxy_pass $upstream_proto://$upstream_app:$upstream_port;

  }
3

Sorry the 8000 was a left over from me wanting to check if at least directly connecting works. nginx is working fine for all the other srvices through the docker domains so that’s working fine.

Shuold I just try to connect to 8080 if the APACHE_PORT is not necessary?

Trying it now with just https://cloud:8080/ I got

Nextcloud AIO v7.5.1

Domaincheck container is not running

This is not expected. Most likely this happened because port 443 is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the reverse proxy documentation . Advice: have a detailed look at the changed docker run command for AIO.

as nginx is running at 443

4

Hi, can you follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md?

5

Hi, I’ve tried to follow it but the steps for

Running the Reverse Proxy in a Docker container on the same server

Didn’t get me anywhere, none of the docer internal ips I tried connected on the port, and I’d like to keep everything in the docker network instead of going through the host