For me it is not really clear what you struggled with and what you finally solved. Is it just having the whole DNS setup with full ipv4/ipv6 support? And then let the pi-hole dns run in your local network?
What is caddy? Why do I need it?
For a howto, there should be a bit more background.
Or if you have a regular post, you have a question, and then a specific solution.
Caddy is a web server that automatically obtains and renews TLS certificates for all your sites
https://caddyserver.com/docs/automatic-https
I need caddy because, it is recommended to
Set up a local DNS-server that allows to automatically connect to the server in the home network via the same domain by using the internal ip-address of the server (see this doc)
https://github.com/nextcloud/all-in-one/discussions/1335
and because
The normal way is the following:
Set up your domain correctly to point to your home network
Set up a reverse proxy by following the reverse proxy documentation but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port).
Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the private ip-address of your reverse proxy …
Enter the ip-address of your local dns-server in the daemon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
https://github.com/nextcloud/all-in-one/blob/main/local-instance.md
What I struggled with, was the number of variants enumerated in the section last mentioned.
What I find comparatively helpful is
Would that be enough background for a HowTo or a Community Anleitung?
Improved version #3
#Newbie setup of AIO for local network access
For AIO performance it is, among others, recommended to
Set up a local DNS-server that allows to automatically connect to the server in the home network via the same domain by using the internal ip-address of the server (see this doc) https://github.com/nextcloud/all-in-one/discussions/1335
And because
The normal way is the following:
Set up your domain correctly to point to your home network
Set up a reverse proxy by following the reverse proxy documentation but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port).
Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the private ip-address of your reverse proxy …
Enter the ip-address of your local dns-server in the daemon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
https://github.com/nextcloud/all-in-one/blob/main/local-instance.md
I here propose a simple solution to comply to that recommendation:
Ensure
before trying anything else.
Turn off DNSListenerStub as documented here: Installing on Ubuntu or Fedora
Turn on ipv6-support in docker: all-in-one/docker-ipv6-support.md at main · nextcloud/all-in-one · GitHub
Differing from the AIO repo readme:
sudo docker compose up -d # in the file's directory
As an aside: I recommend You set Your backup location to BorgBase.org, while You are it.
Advice from the aio repo how to reset Your instance:
#!/bin/bash
docker stop nextcloud-aio-mastercontainer
docker stop nextcloud-aio-domaincheck
docker ps --format {{.Names}}
for cntr in $(docker ps --format {{.Names}})
do
docker stop $cntr
done
docker ps --filter "status=exited"
docker container prune
docker network rm nextcloud-aio
docker volume ls --filter "dangling=true"
docker volume prune --filter all=1
rm -rf /media/mf/kingston/*
docker volume ls --format {{.Name}}
docker image prune -a
services:
nextcloud-aio-mastercontainer:
image: ghcr.io/nextcloud-releases/all-in-one:latest
init: true
restart: always
container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
- /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
network_mode: bridge # add to the same network as docker run would do
ports:
- 8080:8080
- 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
environment: # Is needed when using any of the options below
# AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
# APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
# BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
# COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
# FULLTEXTSEARCH_JAVA_OPTIONS: "-Xms1024M -Xmx1024M" # Allows to adjust the fulltextsearch java options. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-fulltextsearch-java-options
# NEXTCLOUD_DATADIR: /mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
# NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
# NEXTCLOUD_UPLOAD_LIMIT: 16G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
# NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
# NEXTCLOUD_MEMORY_LIMIT: 512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
# NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nextcloud container (Useful e.g. for LDAPS) See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
# NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
# NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
# NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
# NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud
# NEXTCLOUD_ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud.
# NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation
# TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
# WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
# security_opt: ["label:disable"] # Is needed when using SELinux
# # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575
# # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/5439
# # Hint: You need to uncomment APACHE_PORT: 11000 above, adjust cloud.example.com to your domain and uncomment the necessary docker volumes at the bottom of this file in order to make it work
# # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
caddy:
image: caddy:alpine
restart: always
container_name: caddy
volumes:
- caddy_certs:/certs
- caddy_config:/config
- caddy_data:/data
- caddy_sites:/srv
network_mode: "host"
configs:
- source: Caddyfile
target: /etc/caddy/Caddyfile
configs:
Caddyfile:
content: |
# Adjust cloud.example.com to your domain below
https://agdaz.online:443 {
reverse_proxy localhost:11000
}
volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
caddy_certs:
caddy_config:
caddy_data:
caddy_sites:
it’s getting a bit messy here, I think… so what about taking your edited version, edit your starting posting and just overwrite the first posting with the newest one?
for better overview you could give your versions a counter in the beginning
like
“improved version #3” or such.
diese Version ist gut. die mit improved version anfängt
Initial post is overwritten now with a version containing answers to @tflidd 's questions, which I also found helpful.
Ok, it becomes clearer now.
Sorry, that I didn’t know caddy was a reverse proxy. From the links and the context it is clearer now, I’d just add that:
after reverse proxy (caddy)
and
(DNS server).
I think, then we just move our discussion stuff to a separate thread, that here we keep some space for user’s feedback.
I split the first part of discussions from the original howto to create some space for feedback from users.