Domain does not point to this server or reverse proxy not configured correctly

Hello,
Im trying to get nextcloud aio to work.
But when i enter my domain i get this error:
Domain does not point to this server or reverse proxy not configured correctly.

Im running apache 2.4.37 on rocky linux as a reverse proxy.
Nextcloud aio is running in docker on the same machine as apache is running.
Nextcloud aio have been started with this command:

docker run -it
–name nextcloud-aio-mastercontainer
–restart always
-p 8200:8080
-e APACHE_PORT=11000
–volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config
–volume /var/run/docker.sock:/var/run/docker.sock:ro
nextcloud/all-in-one:latest

Here is my apache config:

<VirtualHost *:80>
    ServerName cloud.domain.com
    ServerAlias cloud.domain.com
    LogFormat "%v - %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" comonvhost
    CustomLog /var/log/httpd/access_log comonvhost

  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

RewriteCond %{SERVER_NAME} =cloud.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName cloud.domain.com
    ServerAlias cloud.domain.com
    LogFormat "%v - %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" comonvhost
    CustomLog /var/log/httpd/access_log comonvhost

    Protocols h2 http/1.1
    RewriteEngine on
    ProxyPreserveHost On
    ProxyPass / https://127.0.0.1:8200/
    ProxyPassReverse / https://127.0.0.1:8200/
    SSLProxyEngine On
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off
    Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
    <Files ".ht*">
        Require all denied
    </Files>
    TraceEnable off
 
   Include /etc/letsencrypt/options-ssl-apache.conf
   SSLCertificateFile /etc/letsencrypt/live/cloud.domain.com/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/cloud.domain.com/privkey.pem
</VirtualHost>
</IfModule>

I have tried to set the reverse proxy port in the apache config to 11000 but then i just get a string of numbers and letters.

Hope some one can help me fix this error.

Regards
JPix

Hello, you need to changes this to

    ProxyPass / https://127.0.0.1:11000/
    ProxyPassReverse / https://127.0.0.1:11000/

And access the AIO interface locally via port 8200 and type cloud.domain.com in. Then it should work

Thanks that worked!
I have a new problem though.
Im stuck at Containers are currently starting.

In the nextcloud container im getting this error:
Waiting for database to start…

In the nextcloud database container it looks like everything is fine:

2022-05-19 20:45:00.897 UTC [10] LOG:  starting PostgreSQL 14.2 on x86_64-pc-linux-musl, compiled by gcc (Alpine 10.3.1_git20211027) 10.3.1 20211027, 64-bit
2022-05-19 20:45:00.897 UTC [10] LOG:  listening on IPv4 address "0.0.0.0", port 5432
2022-05-19 20:45:00.897 UTC [10] LOG:  listening on IPv6 address "::", port 5432
2022-05-19 20:45:00.902 UTC [10] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2022-05-19 20:45:00.908 UTC [17] LOG:  database system was shut down at 2022-05-19 20:44:59 UTC
2022-05-19 20:45:00.912 UTC [10] LOG:  database system is ready to accept connections

Any chance you can help with that or should i make a new topic?

For all containers or only specific ones?

BTW, am I allowed to add some of your apache config to our reverse proxy documentation? (Apache is still missing)

For all containers.
Yep that is okay to add it to the documentation.
I set it to http on port 11000 instead of https. so it looks like this:

ProxyPass / http://127.0.0.1:11000/
ProxyPassReverse / http://127.0.0.1:11000/

Do you have a firewall active? There might be some firewall settings active on your instance that block the mastercontainer from connecting to the other container which would explain why it thinks that they are still starting. What do the logs of the apache container say?

Thanks, will do!

i have firewalld, but not sure if it does anything in the local docker network.

The nextcloud apache container log just says:
Waiting for Nextcloud to start…

I can ping between apache and database containers.

# docker exec nextcloud-aio-database ping nextcloud-aio-apache
PING nextcloud-aio-apache (172.24.0.9): 56 data bytes
64 bytes from 172.24.0.9: seq=0 ttl=42 time=0.190 ms

And also between database and nextcloud

# docker exec nextcloud-aio-database ping nextcloud-aio-nextcloud
PING nextcloud-aio-nextcloud (172.24.0.8): 56 data bytes
64 bytes from 172.24.0.8: seq=0 ttl=42 time=0.128 ms

And they are all connected to nextcloud-aio network.

EDIT:
I just tried to disable firewalld and it still didnt work

What do the nextcloud container logs then say?

The mastercontainer log just has a bunch of apache access logs. But here is a almost complete log since start:

Initial startup of Nextcloud All In One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. https://internal.ip.of.this.server:8080

If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatially by opening the Nextcloud AIO Interface via:
https://your-domain-that-points-to-this-server.tld:8443
2022-05-19 20:45:23,101 CRIT Supervisor is running as root.  Privileges were not dropped because no user is specified in the config file.  If you intend to run as root, you can set user=root in the config file to avoid this message.
{"level":"info","ts":1652993124.1680648,"msg":"using provided configuration","config_file":"/Caddyfile","config_adapter":""}
{"level":"warn","ts":1652993124.1695216,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/Caddyfile","line":2}
{"level":"info","ts":1652993124.1705313,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"warn","ts":1652993124.1707819,"logger":"http","msg":"automatic HTTP->HTTPS redirects are disabled","server_name":"srv0"}
{"level":"info","ts":1652993124.170871,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00020da40"}
{"level":"warn","ts":1652993124.1710413,"logger":"tls","msg":"YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place","docs":"https://caddyserver.com/docs/automatic-https#on-demand-tls"}
{"level":"info","ts":1652993124.1712224,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/mnt/docker-aio-config/caddy/"}
{"level":"info","ts":1652993124.1712606,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"error","ts":1652993124.1712642,"msg":"unable to create folder for config autosave","dir":"/var/www/.config/caddy","error":"mkdir /var/www/.config: permission denied"}
{"level":"info","ts":1652993124.17129,"msg":"serving initial configuration"}
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using fd00:dead:beef:c0:0:242:ac11:4. Set the 'ServerName' directive globally to suppress this message
[Thu May 19 20:45:24.179706 2022] [ssl:warn] [pid 99] AH01906: fd00:dead:beef:c0:0:242:ac11:4:8080:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 19 20:45:24.179782 2022] [ssl:warn] [pid 99] AH01909: fd00:dead:beef:c0:0:242:ac11:4:8080:0 server certificate does NOT include an ID which matches the server name
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using fd00:dead:beef:c0:0:242:ac11:4. Set the 'ServerName' directive globally to suppress this message
[Thu May 19 20:45:24.211105 2022] [ssl:warn] [pid 99] AH01906: fd00:dead:beef:c0:0:242:ac11:4:8080:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 19 20:45:24.211144 2022] [ssl:warn] [pid 99] AH01909: fd00:dead:beef:c0:0:242:ac11:4:8080:0 server certificate does NOT include an ID which matches the server name
[Thu May 19 20:45:24.214647 2022] [mpm_prefork:notice] [pid 99] AH00163: Apache/2.4.53 (Debian) PHP/8.0.18 OpenSSL/1.1.1n configured -- resuming normal operations
[Thu May 19 20:45:24.214686 2022] [core:notice] [pid 99] AH00094: Command line: 'apache2 -D FOREGROUND'
fd00:dead:beef:c0:0:242:ac11:4:8000 localhost - - [19/May/2022:20:45:40 +0000] "GET /containers HTTP/1.1" 200 1781 "https://172.16.1.6:8200/containers" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36"
localhost - - [19/May/2022:20:45:40 +0000] "GET /containers HTTP/1.1" 200 1781 "https://172.16.1.6:8200/containers" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36"
fd00:dead:beef:c0:0:242:ac11:4:8080 10.10.10.102 - - [19/May/2022:20:45:40 +0000] "GET /containers HTTP/1.1" 200 4573 "https://172.16.1.6:8200/containers" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36"
10.10.10.102 - - [19/May/2022:20:45:40 +0000] "GET /containers HTTP/1.1" 200 4573 "https://172.16.1.6:8200/containers" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36"
fd00:dead:beef:c0:0:242:ac11:4:8000 localhost - - [19/May/2022:20:45:44 +0000] "GET /img/favicon.png HTTP/1.1" 200 90310 "https://172.16.1.6:8200/containers" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36"
10.10.10.102 - - [19/May/2022:21:43:49 +0000] "GET /img/favicon.png HTTP/1.1" 200 90684 "https://172.16.1.6:8200/containers" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36"

(I had to remove some of the same access lines before being able to post)

And what do the Nextxloud container logs say? (Not the masterfontainer logs)

It just says:
Waiting for database to start…

Can you try if you can reach the database from the nextcloud container?

e.g. nc -z nextcloud-aio-database 5432; echo $?. If it returns 0 the connection works, if not it doesn’t.

Hello @jpix I just added apache to our reverse proxy documentation. Does this look good to you?
https://github.com/nextcloud/all-in-one/blob/enh/676/apache/reverse-proxy.md#apache

Hi @szaimen I’ve been looking for why my NextCloud AIO docker image was not initializing, and I came across this thread because I have the same "Waiting for database to start..." log message.
When I ran this command I got :

"Ncat: Could not resolve hostname "nextcloud-aio-database": Name or service not known. QUITTING.
2"

It seems like I need to do something with firewalld, any tips on how I should proceed?

I think this is a different problem than the reported one?

It returns 1. So no connection.
I think it might be because i already have a PostgreSQL server running on the host.
No sure if thats a problem or not.

The documentation looks good.

Edit:
But when i shutdown postgresql and restart all the nextcloud docker containers it still returns a 1.

Yes, this should not be the problem here…

I suppose for you is also this answer valid: AIO: waiting for Database container to start - but it looks like it started, no errors - #35 by szaimen

That worked, thanks!
No issues when running manual install.
I will set your initial solution as the solution to the topic.