Hi,
I am trying to setup Nextcloud AIO Docker container publicly on my domain behind Nginx and Cloudflare Zero Trust tunnel.
I successfully set up Jellyfin, but can’t seem to figure out how to correctly configure Nextcloud.
The Cloudflare tunnel is configured to redirect https://nextcloud.mydomain to http://nginx:80.
The docker compose file looks like this:
networks:
media_network:
driver: bridge
services:
jellyfin:
image: lscr.io/linuxserver/jellyfin:latest
container_name: jellyfin
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Prague
volumes:
- ./jellyfin/config:/config
- /mnt/primary/media/movies:/media/movies
- /mnt/primary/media/shows:/media/shows
ports:
- 8096:8096
- 8920:8920 #optional
- 7359:7359/udp #optional
- 1900:1900/udp #optional
restart: unless-stopped
networks:
- media_network
cloudflared:
image: cloudflare/cloudflared:latest
container_name: cloudflared
restart: unless-stopped
command: tunnel --no-autoupdate run --token xxx
networks:
- media_network
nginx:
image: nginx:latest
container_name: nginx
restart: unless-stopped
networks:
- media_network
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d:ro
nextcloud-aio-mastercontainer:
image: ghcr.io/nextcloud-releases/all-in-one:latest
init: true
container_name: nextcloud-aio-mastercontainer
restart: always
ports:
- 8080:8080 # AIO management interface (use only locally)
environment:
- APACHE_PORT=11000
- APACHE_IP_BINDING=0.0.0.0
- APACHE_ADDITIONAL_NETWORK=media_network
- TZ=Europe/Prague
- SKIP_DOMAIN_VALIDATION=true # Needed because of Cloudflare tunnel!
- NEXTCLOUD_DATADIR=/mnt/nextcloud/data
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- /var/run/docker.sock:/var/run/docker.sock:ro
- /mnt/primary/nextcloud/data:/mnt/nextcloud/data
networks:
- media_network
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer
My nginx config file for Nextcloud looks like this:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80; # comment to disable IPv6
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 0;
client_body_buffer_size 512k;
proxy_read_timeout 86400s;
server_name nextcloud.mydomain.com;
location / {
proxy_pass http://127.0.0.1:11000$request_uri;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Early-Data $ssl_early_data;
# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
I was able to go through the setup in web UI, but that was using the internal IP address.
When I try to visit the nextcloud subdomain I get Cloudflares Error 502 site.
Docker logs for nginx look like this:
2025/07/22 17:11:45 [error] 20#20: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.13, server: nextcloud.mydomain.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:11000/", host: "nextcloud.mydomain.com"
172.18.0.13 - - [22/Jul/2025:17:11:45 +0000] "GET / HTTP/1.1" 502 157 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0" "185.47.220.46"
172.18.0.13 - - [22/Jul/2025:17:11:46 +0000] "GET /favicon.ico HTTP/1.1" 502 157 "https://nextcloud.mydomain.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0" "185.47.220.46"
2025/07/22 17:11:46 [error] 20#20: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.13, server: nextcloud.mydomain.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:11000/favicon.ico", host: "nextcloud.mydomain.com", referrer: "https://nextcloud.mydomain.com/"
I tried to debug it, but couldn’t figure out, how to fix this.
Does anybody know what am I doing wrong and how can I fix this?
Thank you very much!