Getting started with docker and https

Hi all,

I am using Nextcloud with success on an ubuntu server vm. But as my capacity runs out, I have bought a new server where I want only docker containers. So I wanted to migrate to docker with a fresh installation. I will export/import calendar and contacts later. But I am a little bit to supid to get https to run. I have zero experience with nginx, but apache. I was using a self signed certificate on my actual setup and it works just fine.
So this setup with docker compose is working, but of course without SSL. I wanted to enable SSL inside this container, but it failed. I don’t want to use Lets Encrpyt - just want to use another self-signed certificate and run this with Nextcloud. On the other side I have seen the standard docker container does not contain all “add-ons” or the “full” installation like ImageMagick. Can you guys share an example how I get a full-installation?

version: '2' 
 
services:
 
  db:
image: mariadb
restart: unless-stopped
volumes:
  - ./database:/var/lib/mysql
environment:
  - MYSQL_ROOT_PASSWORD=pw
  - MYSQL_USER=nextcloud
  - MYSQL_PASSWORD=pw2
  - MYSQL_DATABASE=nextcloud
networks:
  - nextcloudnet

  backup-mysql:
image: dsteinkopf/backup-all-mysql:latest
restart: unless-stopped
environment:
  - BACKUP_INTERVAL=86400
  - BACKUP_FIRSTDELAY=4000
  - 'MYSQL_CONNECTION_PARAMS=--user=root --host=db --password=pw'
links:
  - db
volumes:
  - ./db_backup/mysql-backup:/var/dbdumps
networks:
  - nextcloudnet
 
  nextcloud:
image: nextcloud:apache
restart: unless-stopped
ports:
  - 6005:80
links:
  - db
volumes:
  - ./nextcloud/var_www_html:/var/www/html
  - ./nextcloud/data:/var/www/html/data
  - ./nextcloud/etc_apache2:/etc/apache2
  - /etc/localtime:/etc/localtime:ro
  - /etc/timezone:/etc/timezone:ro
networks:
  - nextcloudnet
 
 
networks:
 
  nextcloudnet:
# empty

Any help would be AWESOME! :slight_smile:

-IceBoosteR

If it is supposed to be a pure docker server, switch to Traefik: https://traefik.io/
It will make everything much easier.
https://portainer.io/ is also useful.

Edit: Why do you not want to use let’s encrypt?

Hi,

thank you for your quick answer.
The server should only be available inside the local network. I suggest that I need permanent internet access with lets encrpyt to validate the certificate. On the other side, I do not have a domain, so I work with static ip adresses.
Maybe I am wrong…

I will have a look on treafic. I am running portainer - awesome container :wink:

-Ice

If you want to extend the nextcloud docker image you have to write your own docker file. and then use this image in your docker compose file.

2 Likes

this (run as root or a user with full sudo rights)

curl -s https://raw.githubusercontent.com/ReinerNippes/nextcloud13/devel/prepare_system.sh | /bin/bash
ansible-pull --clean --force --checkout devel -d ~/nextcloud -i 'nextcloud' -U https://github.com/ReinerNippes/nextcloud13.git nextcloud.yml \
-e "next_archive=https://download.nextcloud.com/server/releases/latest.tar.bz2" \
-e "fqdn=$(hostname -f)" \
-e "ssl_certificate_type=selfsigned" \
-e "talk_install=false" \
-e "install_collabora=false" \
-e "dhparam_numbits=1024"

should setup your new nextcloud in 5-10 minutes. but it’s not docker based.

Thanks for sharing. But it should be dockerized in all circumstances.

-Ice

Hi, is there no way to put this in the compose file, so it is created when the container is started?
Otherwise I need to create my own dockerfile whenever there is an update…
Thanks

no. docker-compose reads the docker composefile and that includes the docker file to create a new image. every time there is a update of next cloud or of the used components (apache, php, etc. pp.). but you have to trigger this.
compose and docker file will remain always the same. only the docker image will be rebuild and started as a new container.

Thank you for your answer. I will have a look into that.

I have tried the lets encrypt solution. without an domain name it is not working. therefore I am still searching for a simple suolutiojn using a self signed certificate. Somewhere I will need to change a config I guess…

building your own image:

i’m not sure but instead of image: nextcloud:apache you have to use build: where_your_docker_file_is_dir .

about certificates

letsencrypt makes no sense without your own domain. letsencrypt will validate if you are the owner of that domain.so your server has to answer request from a letsencrypt validation server. otherwise you could get a certificate for www.google.com. :wink: (there are ‘offline’ methodes to validate that you are the owner of your domain. but still you need a domain.)

to get your certificate. the following is one example

you may also use the ssl generator

quick howto: you generate once the certificates and use the COPY command in the docker file of your nextcloud image to copy them into this image.
or
you include in your compose file a one time run of the generator and write the certificates into a docker volume shared with the nextcloud image.

and have to change the apache config in the nextcloud image (with a COPY statement) to use the certificates.

Thank you guys.
I was able to setup nginx-revers with a self-signed certificate with success. Whoohoo :wink:

I will have a look at these link tomorrow. Enough for today. Thank you guys!^^

-Ice

Hello guys,

I have now build my own docker image based on nextcloud:apache.
Maybe I just needed some time to think about how it works - but I was able to enable SSL and use my “Full” image in docker-compose. I was wondering how much new packages was installed with the “full” isntallation, it needs about 5 min to build the image.

Thank you so much for your help. Very appreciated.
-IceBoosteR