First time Nextcloud user and docker newbie here.
I followed the instructions for the official AIO docker image install on a fairly vanilla Ubuntu 22.04 LTS install on a Dell T320 and ran into domain validation and subsequent access issues.
My Setup
- Symmetric GB Fiber internet with static IP
- Public DNS A-record for nextcloud.. set to this static IP
- Port forwarding for TCP+UDP in ISP Router to my Security Gateway (which is the only device plugged into the ISP Router)
- Ubiquiti Security Gateway Pro 4 with Port forwarding rule for port 443 TCP/UDP to Dell T320 server, which has static IP 192.168.3.18
- Public port scan confirms that this port is now open
- nslookup nextcloud.. resolves accurately and returns my public static IP properly
The only other things that runs on this server is a minecraft instance and I used the exact same method for port fortwarding inside the ISP router and the Security appliance that worked like a charme for Minecraft.
The Basics
- Nextcloud Server version (e.g., 29.x.x): Nextcloud Hub 9 (30.0.4-30.0.4.1)
- Operating system and version (e.g., Ubuntu 24.04): Ubuntu 22.04.5 LTS"
- Web server and version (e.g, Apache 2.4.25): Apache/2.4.62
- Reverse proxy and version _(e.g. nginx 1.27.2): not sure
- PHP version (e.g, 8.3): 8.3.14
- Is this the first time you’ve seen this error? (Yes / No): Yes
- When did this problem seem to first start?: During the AIO install process / domain validation
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.): AIO
- Are you using CloudfIare, mod_security, or similar? (Yes / No): Not that I know of
Summary of the issue you are facing:
- Error “The domain is not reachable on Port 443 from within this container” during domain validation of new AIO instance install
- Ability to use my smartphone (not connected to wifi) to log into web interface of NC if AIO installed with SKIP_DOMAIN_VALIDATION=true
- Inability to use my Windows PC to log into web interface of NC (even if I use a VPN to access the Public IP)
- Inability to access the web interface of NC via https://192.168.3.18/
I assume it MUST be a network error, but the very same method worked for minecraft (and - with an older version of the OS before I wiped it again - with other software such as Splunk). So I know that the server itself can be reached, ports are open, etc.
It may be some issue with Docker, but I am new to Docker and I just followed the instructions given in the official documentation.
Steps to replicate it (hint: details matter!):
-
Install Ubuntu 22.04 LTS server on bare metal server Dell T320, pretty much with default settings. Very basic install.
-
apt-get update / upgrade of course
-
Set timezone to UTC
-
add common ports such as 22, 80, 443 etc. to ALLOW list of ufw
-
but deactivate ufw for the purposes of this install
-
Install Docker as per Ubuntu | Docker Docs
-
This includes running that command from step 3 in GitHub - nextcloud/all-in-one: 📦 The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance.
-
Use a Chrome browser to open 192.168.3.18:8080
-
copy the pass phrase and go to next page
-
Enter passphrase to log in
-
Enter nextcloud.. as new AIO instance name
-
Click “Submit”
-
Observe the error message [The domain is not reachable on Port 443 from within this container]
–
I then removed the two NC containers (docker stop , docker rm ) and issued the installation command again, but this time with SKIP_DOMAIN_VALIDATION:
sudo docker run
–init
–sig-proxy=false
–name nextcloud-aio-mastercontainer
–restart always
–publish 80:80
–publish 8080:8080
–publish 8443:8443
–volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config
–volume /var/run/docker.sock:/var/run/docker.sock:ro
-e SKIP_DOMAIN_VALIDATION=true
nextcloud/all-in-one:latest
Now I can use my smart phone (not connected to Wifi) to access the web interface of NC as admin.
BUT I can not use my Windows PC, not even if I use a VPN.
I also created local DNS records pointing nextcloud.. to 192.168.3.18 and my public IP respectively. I use pihole for that purpose and pointed the Security Appliance to pihole as primary DNS server for the purpose of that test. No change to the issue.
Log entries
Using my smart phone to log into the admin interface of NC, I was able to generate the following report:
Server configuration detail
Operating system: Linux 5.15.0-127-generic #137-Ubuntu SMP Fri Nov 8 15:21:01 UTC 2024 x86_64
Webserver: Apache/2.4.62 (Unix) (fpm-fcgi)
Database: pgsql PostgreSQL 16.6 on x86_64-pc-linux-musl, compiled by gcc (Alpine 14.2.0) 14.2.0, 64-bit
PHP version: 8.3.14
Modules loaded: Core, date, libxml, openssl, pcre, sqlite3, zlib, ctype, curl, dom, fileinfo, filter, hash, iconv, json, mbstring, SPL, session, PDO, pdo_sqlite, bz2, posix, random, readline, Reflection, standard, SimpleXML, tokenizer, xml, xmlreader, xmlwriter, mysqlnd, cgi-fcgi, apcu, bcmath, Phar, exif, ftp, gd, gmp, igbinary, imagick, imap, intl, ldap, memcached, pcntl, pdo_pgsql, pgsql, redis, smbclient, sodium, sysvsem, zip, libsmbclient, Zend OPcache
Nextcloud version: 30.0.4 - 30.0.4.1
Updated from an older Nextcloud/ownCloud or fresh install:
Where did you install Nextcloud from: unknown
Signing status
List of activated apps
Enabled:
- activity: 3.0.0
- admin_audit: 1.20.0
- app_api: 4.0.3
- bruteforcesettings: 3.0.0
- calendar: 5.0.8
- circles: 30.0.0
- cloud_federation_api: 1.13.0
- comments: 1.20.1
- contacts: 6.1.2
- contactsinteraction: 1.11.0
- dashboard: 7.10.0
- dav: 1.31.1
- deck: 1.14.2
- federatedfilesharing: 1.20.0
- federation: 1.20.0
- files: 2.2.0
- files_downloadlimit: 3.0.0
- files_pdfviewer: 3.0.0
- files_reminders: 1.3.0
- files_sharing: 1.22.0
- files_trashbin: 1.20.1
- files_versions: 1.23.0
- firstrunwizard: 3.0.0
- logreader: 3.0.0
- lookup_server_connector: 1.18.0
- nextcloud-aio: 0.7.0
- nextcloud_announcements: 2.0.0
- notes: 4.11.0
- notifications: 3.0.0
- notify_push: 0.7.0
- oauth2: 1.18.1
- password_policy: 2.0.0
- photos: 3.0.2
- privacy: 2.0.0
- provisioning_api: 1.20.0
- recommendations: 3.0.0
- related_resources: 1.5.0
- richdocuments: 8.5.3
- serverinfo: 2.0.0
- settings: 1.13.0
- sharebymail: 1.20.0
- spreed: 20.1.1
- support: 2.0.0
- survey_client: 2.0.0
- systemtags: 1.20.0
- tasks: 0.16.1
- text: 4.1.0
- theming: 2.5.0
- twofactor_backupcodes: 1.19.0
- twofactor_totp: 12.0.0-dev
- user_status: 1.10.0
- viewer: 3.0.0
- weather_status: 1.10.0
- webhook_listeners: 1.1.0-dev
- workflowengine: 2.12.0
Disabled:
- encryption
- files_external
- suspicious_login
- twofactor_nextcloud_notification
- user_ldap
Configuration (config/config.php)
{
"one-click-instance": true,
"one-click-instance.user-limit": 100,
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"check_data_directory_permissions": false,
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"password": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"overwritehost": "nextcloud.qunnect.ca",
"overwriteprotocol": "https",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
"nextcloud.qunnect.ca"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "pgsql",
"version": "30.0.4.1",
"overwrite.cli.url": "https:\/\/nextcloud.qunnect.ca\/",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"maintenance": false,
"loglevel": 2,
"log_type": "file",
"logfile": "\/var\/www\/html\/data\/nextcloud.log",
"log_rotate_size": 10485760,
"log.condition": {
"apps": [
"admin_audit"
]
},
"preview_max_x": 2048,
"preview_max_y": 2048,
"jpeg_quality": 60,
"enabledPreviewProviders": {
"1": "OC\\Preview\\Image",
"2": "OC\\Preview\\MarkDown",
"3": "OC\\Preview\\MP3",
"4": "OC\\Preview\\TXT",
"5": "OC\\Preview\\OpenDocument",
"6": "OC\\Preview\\Movie",
"7": "OC\\Preview\\Krita",
"0": "OC\\Preview\\Imaginary",
"23": "OC\\Preview\\ImaginaryPDF"
},
"enable_previews": true,
"upgrade.disable-web": true,
"mail_smtpmode": "smtp",
"trashbin_retention_obligation": "auto, 30",
"versions_retention_obligation": "auto, 30",
"activity_expire_days": 30,
"simpleSignUpLink.shown": false,
"share_folder": "\/Shared",
"one-click-instance.link": "https:\/\/nextcloud.com\/all-in-one\/",
"upgrade.cli-upgrade-link": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/2726",
"updatedirectory": "\/nc-updater",
"maintenance_window_start": 100,
"allow_local_remote_servers": true,
"davstorage.request_timeout": 3600,
"documentation_url.server_logs": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/5425",
"htaccess.RewriteBase": "\/",
"dbpersistent": false,
"auth.bruteforce.protection.enabled": true,
"ratelimit.protection.enabled": true,
"files_external_allow_create_new_local": false,
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
"preview_imaginary_key": "***REMOVED SENSITIVE VALUE***",
"DOMAIN": "nextcloud.qunnect.ca"
}
Cron Configuration: Array ( [backgroundjobs_mode] => cron [lastcron] => 1735508404 )
External storages: files_external is disabled
Encryption: no
User-backends:
- OC\User\Database
Subscription:
- No valid subscription key set
Talk configuration:
STUN servers
TURN servers
- turn:nextcloud.qunnect.ca:3478 - udp,tcp
Signaling servers (mode: default):
- SIP dialin is disabled
- SIP dialout is disabled
- https://nextcloud.qunnect.ca/standalone-signaling/ - error: cURL error 28: Connection timed out after 30002 milliseconds (see libcurl - Error Codes) for https://nextcloud.qunnect.ca/standalone-signaling/api/v1/welcome
Recording servers:
- Recording is enabled
- Recording consent is set to “default”
- no recording server configured
Browser: Mozilla/5.0 (iPhone; CPU iPhone OS 18_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Mobile/15E148 Safari/604.1
Ia