Docker Compose with External Firewall

docker
#1

I have a Nextcloud 16 ( dockerised install) running on top of my Synology. I have configured this to run http traffic in port 8080
This is on a 10.x.x.x based network. Everything seems to function properly.
I also have a hardware Sophos UTM firewall. I have applied a WAF policy mapping cloud.domain.com( with a signed cert ) on 443 through to the docker nextcloud instance.

Logging in and uploading files etc works as expected.
When i try and connect the nextcloud app it fails to connect. I suspect this is because the server address ( taken from the settings section) reports its internal address.

environment:
- VIRTUAL_HOST=cloud.domain.com
- VIRTUAL_PROTO=https

I have the above settings in the docker compose file but no dice.

Im clearly missing something but cant work out what

#2

Which client are you referring to? iOS, Android, Windows, Mac, Linux?

#3

This is with the Mac Client.

#4

My first suspicion is that because you’re not listing on port 80, the client may be attempting to connect first with http and not getting redirected. Can you manually specify https:// when setting the server address?

#5

Its actually the other way round. The connection in the app works at some point over https and then somewhere is attempting to connect via http.

I think what I am going to try is to add a self signed cert on the apache instance and then map 443 external to an internal port with HTTPS

#6

@jameskilbynet do you have a ‘overwrite.cli.url’ => ‘https://nextcloud.example.tld’ in your config.php?

#7

Yes it is set to http://nextcloud.example.tld

I suspect it is setting this on first run. If i trash everything and run the create admin account by the internal IP. it gets set to that.

If i run the first run wizard from external its set to http://nextcloud.example.tld

How do i set this to https://nextcloud.example.tld in the docker compose file? ( I Realise i could just edit the config.php file )

#8

there is also a occ command to set config.php values. something like docker exec --user www-data <container-id> php occ config:system:set ....