Nextcloud version: 29.0.6
Operating system and version: Ubuntu 22.04.5 LTS
Caddy version: v2.8.4
The issue you are facing:
I am not able to activate Notify_Push with Nextcloud 29.0.6-fpm and Caddy.
The error message in the terminal reads:
$ docker compose exec app sh -c 'php occ notify_push:setup https://${OVERWRITEHOST}/push'
β redis is configured
π΄ can't connect to push server: cURL error 52: Empty reply from server (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://nextcloud.example.com/push/test/cookie
The Docker container of notify_push reports:
app-1 | 172.19.0.4 - 18/Sep/2024:11:50:55 +0200 βGET /index.phpβ 200
notify_push-1 | [2024-09-18 11:51:01.017412 +02:00] DEBUG [notify_push] /build/source/src/lib.rs:439: Test cookie received 895376949
app-1 | 172.19.0.4 - 18/Sep/2024:11:51:01 +0200 βGET /index.phpβ 200
Differentiation between FPM and non-FPM setup:
The basis is the guide βNextcloud docker-compose setup with notify_push (2024)β.
To use Nextcloud with FPM, I perform the following steps:
- change the variable
NEXTCLOUD_VERSION=29.0.6toNEXTCLOUD_VERSION=29.0.6-fpmin.env - add Caddy to the Nextcloud docker-compose and create the subfolder
docker/nextcloud/web, with Caddyfile as web server. The separate Caddy under/docker/caddyremains, it continues to serve as a reverse proxy.
File structure:
/docker/
βββ caddy
β βββ Caddyfile
β βββ config
β βββ data
β βββ docker-compose.yml
β βββ .env
β βββ logs
βββ nextcloud
βββ apps
βββ web
β βββ Caddyfile
β βββ config
β βββ data
βββ config
βββ cron.sh
βββ data
βββ db
βββ docker-compose.yaml
βββ .env
βββ nextcloud
βββ nextcloud.env
βββ redis-session.ini
βββ remoteip.conf
βββ secrets
βββ nextcloud_admin_password
βββ nextcloud_admin_user
βββ postgres_db
βββ postgres_password
βββ postgres_user
βββ redis_password
[FPM] Docker compose:
networks:
proxy:
external: true
secrets:
nextcloud_admin_password:
file: ./secrets/nextcloud_admin_password # put admin password in this file
nextcloud_admin_user:
file: ./secrets/nextcloud_admin_user # put admin username in this file
postgres_db:
file: ./secrets/postgres_db # put postgresql db name in this file
postgres_password:
file: ./secrets/postgres_password # put postgresql password in this file
postgres_user:
file: ./secrets/postgres_user # put postgresql username in this file
redis_password:
file: ./secrets/redis_password # put redis password in this file
services:
web:
image: Caddy:alpine
pull_policy: always
restart: unless-stopped
volumes:
- ./web/Caddyfile:/etc/caddy/Caddyfile
- ./web/data:/data
- ./web/config:/config
- ./nextcloud:/var/www/html:ro
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
logging:
options:
max-size: ${DOCKER_LOGGING_MAX_SIZE:?DOCKER_LOGGING_MAX_SIZE not set}
max-file: ${DOCKER_LOGGING_MAX_FILE:?DOCKER_LOGGING_MAX_FILE not set}
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "127.0.0.1:2019/metrics"]
interval: 10s
retries: 3
start_period: 5s
timeout: 5s
networks:
- default
- proxy
app:
image: nextcloud:${NEXTCLOUD_VERSION}
restart: unless-stopped
user: ${UID}:${GID}
ports:
- 127.0.0.1:9000:9000
depends_on:
db:
condition: service_healthy
redis:
condition: service_healthy
env_file:
- ./nextcloud.env
secrets:
- postgres_db
- postgres_password
- postgres_user
- nextcloud_admin_user
- nextcloud_admin_password
- redis_password
volumes:
- ./nextcloud:/var/www/html
- ./apps:/var/www/html/custom_apps
- ./data:/var/www/html/data
- ./config:/var/www/html/config
# https://github.com/nextcloud/docker/issues/182
- ./redis-session.ini:/usr/local/etc/php/conf.d/redis-session.ini
- ./remoteip.conf:/etc/apache2/conf-available/remoteip.conf:ro
- ./apache2.conf:/etc/apache2/apache2.conf
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
networks:
- default
# - proxy
db:
# https://hub.docker.com/_/postgres
image: postgres:15
restart: unless-stopped
user: ${UID}:${GID}
environment:
- POSTGRES_DB_FILE=/run/secrets/postgres_db
- POSTGRES_USER_FILE=/run/secrets/postgres_user
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
volumes:
- ./db:/var/lib/postgresql/data
- /etc/passwd:/etc/passwd:ro
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
healthcheck:
test: ["CMD-SHELL", "pg_isready -d `cat $$POSTGRES_DB_FILE` -U `cat $$POSTGRES_USER_FILE`"]
start_period: 15s
interval: 30s
retries: 3
timeout: 5s
secrets:
- postgres_db
- postgres_password
- postgres_user
cron:
image: nextcloud:${NEXTCLOUD_VERSION}
restart: unless-stopped
# special UID handling https://github.com/nextcloud/docker/issues/1740
environment:
- UID=${UID}
depends_on:
- app
env_file:
- ./nextcloud.env
entrypoint: /cron.sh
volumes:
- ./nextcloud:/var/www/html
- ./apps:/var/www/html/custom_apps
- ./data:/var/www/html/data
- ./config:/var/www/html/config
- ./cron.sh:/cron.sh
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
redis:
image: redis:bookworm
command: bash -c 'redis-server --requirepass "$$(cat /run/secrets/redis_password)"'
secrets:
- redis_password
healthcheck:
test: ["CMD-SHELL", "redis-cli --no-auth-warning -a \"$$(cat /run/secrets/redis_password)\" ping | grep PONG"]
start_period: 10s
interval: 30s
retries: 3
timeout: 3s
notify_push:
image: nextcloud:${NEXTCLOUD_VERSION}
restart: unless-stopped
user: ${UID}:${GID}
ports:
- 7867:7867
depends_on:
- app
environment:
- PORT=7867
- NEXTCLOUD_URL=http://web # don't go through the proxy to contact the nextcloud server
entrypoint: /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php
volumes:
# :ro ?
- ./apps:/var/www/html/custom_apps
- ./config:/var/www/html/config
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
networks:
- proxy
- default
imaginary:
image: nextcloud/aio-imaginary:latest
restart: unless-stopped
user: ${UID}:${GID}
expose:
- "9000"
depends_on:
- app
#environment:
# - TZ=${TIMEZONE} # e.g. Europe/Berlin
cap_add:
- SYS_NICE
tmpfs:
- /tmp
[FPM] Caddyfile as the web server /docker/nextcloud/web:
# Nextcloud
:80 {
handle_path /push/* {
reverse_proxy http://notify_push:7867
}
root * /var/www/html
file_server
php_fastcgi app:9000
# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
}
respond @forbidden 404
}
[FPM] Caddyfile as the proxy /docker/caddy
{
servers {
trusted_proxies static 192.168.80.1/32
}
email info@example.com
}
# Nextcloud
nextcloud.example.com {
reverse_proxy http://web:80
handle_path /push/* {
reverse_proxy http://notify_push:7867
}
}
[FPM] config.php
<?php
$CONFIG = array (
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'redis',
'password' => 'omitted',
'port' => 6379,
),
'overwritehost' => 'nextcloud.example.com',
'overwriteprotocol' => 'https',
'trusted_proxies' =>
array (
0 => '172.16.0.0/12',
1 => '192.168.0.0/16',
2 => '10.0.0.0/8',
3 => 'fc00::/7',
4 => 'fe80::/10',
5 => '2001:db8::/32',
),
'upgrade.disable-web' => true,
'passwordsalt' => 'omitted',
'secret' => 'omitted',
'overwrite.cli.url' => 'https://nextcloud.example.com',
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'nextcloud.example.com',
),
'datadirectory' => '/var/www/html/data',
'dbtype' => 'pgsql',
'version' => '29.0.6.1',
'dbname' => 'nextcloud',
'dbhost' => 'db',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'oc_admin',
'dbpassword' => 'omitted',
'installed' => true,
'instanceid' => 'omitted',
);
What works is the following setup with image 29.0.6
- I followed the instructions βNextcloud docker-compose setup with notify_push (2024)β.
- docker compose is located under
/docker/nextcloud/docker-compose.yaml.
- docker compose is located under
- I use Caddy as a reverse proxy.
- In the setup, Caddy is a separate docker-compose under
/docker/caddy/docker-compose.yaml. - Unlike in the setup with
FPM, I donβt need a web server. Therefore, Caddy only exists once in this constellation.
- In the setup, Caddy is a separate docker-compose under
The following docker compose and the Caddyfile work in the constellation. And I can configure notify_push with the command $ docker compose exec app sh -c 'php occ notify_push:setup https://${OVERWRITEHOST}/push'.
[non-FPM] Docker compose:
networks:
proxy:
external: true
secrets:
nextcloud_admin_password:
file: ./secrets/nextcloud_admin_password # put admin password in this file
nextcloud_admin_user:
file: ./secrets/nextcloud_admin_user # put admin username in this file
postgres_db:
file: ./secrets/postgres_db # put postgresql db name in this file
postgres_password:
file: ./secrets/postgres_password # put postgresql password in this file
postgres_user:
file: ./secrets/postgres_user # put postgresql username in this file
services:
app:
image: nextcloud:${NEXTCLOUD_VERSION}
restart: unless-stopped
user: ${UID}:${GID}
depends_on:
db:
condition: service_healthy
redis:
condition: service_healthy
env_file:
- ./nextcloud.env
secrets:
- postgres_db
- postgres_password
- postgres_user
- nextcloud_admin_user
- nextcloud_admin_password
volumes:
- ./nextcloud:/var/www/html
- ./apps:/var/www/html/custom_apps
- ./data:/var/www/html/data
- ./config:/var/www/html/config
# https://github.com/nextcloud/docker/issues/182
- ./redis-session.ini:/usr/local/etc/php/conf.d/redis-session.ini
- ./remoteip.conf:/etc/apache2/conf-available/remoteip.conf:ro
- ./apache2.conf:/etc/apache2/apache2.conf
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
networks:
- proxy
- default
db:
# https://hub.docker.com/_/postgres
image: postgres:15
restart: unless-stopped
user: ${UID}:${GID}
environment:
- POSTGRES_DB_FILE=/run/secrets/postgres_db
- POSTGRES_USER_FILE=/run/secrets/postgres_user
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
volumes:
- ./db:/var/lib/postgresql/data
- /etc/passwd:/etc/passwd:ro
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
healthcheck:
test: ["CMD-SHELL", "pg_isready -d `cat $$POSTGRES_DB_FILE` -U `cat $$POSTGRES_USER_FILE`"]
start_period: 15s
interval: 30s
retries: 3
timeout: 5s
secrets:
- postgres_db
- postgres_password
- postgres_user
cron:
image: nextcloud:${NEXTCLOUD_VERSION}
restart: unless-stopped
# special UID handling https://github.com/nextcloud/docker/issues/1740
environment:
- UID=${UID}
depends_on:
- app
env_file:
- ./nextcloud.env
entrypoint: /cron.sh
volumes:
- ./nextcloud:/var/www/html
- ./apps:/var/www/html/custom_apps
- ./data:/var/www/html/data
- ./config:/var/www/html/config
- ./cron.sh:/cron.sh
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
redis:
image: redis:bookworm
restart: unless-stopped
# doesn't work so far :(
#user: ${UID}:${GID}
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 10s
interval: 30s
retries: 3
timeout: 3s
notify_push:
image: nextcloud:${NEXTCLOUD_VERSION}
restart: unless-stopped
user: ${UID}:${GID}
depends_on:
- app
environment:
- PORT=7867
- NEXTCLOUD_URL=http://app # don't go through the proxy to contact the nextcloud server
entrypoint: /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php
volumes:
- ./apps:/var/www/html/custom_apps
- ./config:/var/www/html/config
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
networks:
- proxy
- default
imaginary:
image: nextcloud/aio-imaginary:latest
restart: unless-stopped
user: ${UID}:${GID}
expose:
- "9000"
depends_on:
- app
#environment:
# - TZ=${TIMEZONE} # e.g. Europe/Berlin
cap_add:
- SYS_NICE
tmpfs:
- /tmp
[non-FPM] Caddyfile as the proxy /docker/caddy
{
servers {
trusted_proxies static 192.168.80.1/32
}
email info@example.com
}
# Nextcloud
nextcloud.example.com {
header Strict-Transport-Security max-age=15552000;
encode zstd gzip
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
handle_path /push/* {
reverse_proxy http://notify_push:7867
}
reverse_proxy http://app:80 # :9001
@forbidden {
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
}
respond @forbidden 404
}