Hello, I’m following the local guide, and built upon this jellyfin/caddy/tailscale project which works flawlessly. I really am stuck on why nextcloud wouldn’t work the same way as the error is vague, if you could please direct me. Here’s my nextcloud config:
networks:
# network created via docker
# all other containers are also on it
proxy-network:
name: "proxy-network"
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
# shared volumes any container in the same docker-compose file can access
# used to share the tailscaled.sock file with caddy
sock_volume:
# you do not have to use the same local filepaths that I do for volume mapping in the containers,
# but you do have to make sure whatever filepath you use is mapped to the correct filepath in the container
services:
caddy:
image: caddy
container_name: "caddyn"
hostname: caddy
networks:
# caddy is in the network with the other containers
- proxy-network
depends_on:
# wait for tailscale to boot
# to communicate to it using the tailscaled.sock
- tailscale
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- ~/nextcloud/caddy/Caddyfile:/etc/caddy/Caddyfile
- ~/nextcloud/caddy/data:/data
- ~/nextcloud/caddy/config:/config
# get socket tailscale created in the shared volume and share it with caddy
# caddy expects the socket to be at /var/run/tailscale/tailscaled.sock
- sock_volume:/var/run/tailscale
restart: unless-stopped
tailscale:
container_name: tailscalen #tailscale n (nextcloud)
image: tailscale/tailscale
network_mode: host
# tailscale sets new machine names to the OS hostname
# docker-desktop is the default hostname for docker
# if you modify this and recreate the container, the machine name will be updated automatically
# make sure this matches the machine name you set in the Caddyfile
hostname: nextcloud
cap_add:
- NET_ADMIN
- NET_RAW
volumes:
# saves container state after container is recreated
# used varlib because var folder isn't needed locally
- ~/nextcloud/varlib:/var/lib
# containerized version of tailscale uses /tmp/tailscaled.sock
# binds the socket to a docker volume so it can be accessed by other containers
# this can't be a local directory because the socket is created by the container
- sock_volume:/tmp
environment:
# if you add a command key, it will override environment key variables with default values!
# info: https://tailscale.com/kb/1282/docker#ts_socks5_server
# set the authkey to reusable when generating it from tailscale #share old key?
#- TS_AUTHKEY=
# prevents a new machine from being added each time the container is restarted
- TS_STATE_DIR=/var/lib/tailscale
# https://tailscale.com/kb/1112/userspace-networking
- TS_USERSPACE_NETWORKING=userspace-networking
restart: unless-stopped
nextcloud:
image: nextcloud/all-in-one:latest
restart: always
container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
networks: #I'm adding this, maybe that's why it's not working with caddy?
- proxy-network
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
- /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
ports:
#- 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- 8080:8080
#- 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
environment: # Is needed when using any of the options below
# - AIO_DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
#- SKIP_DOMAIN_VALIDATION=true #might not be helping?
- APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- APACHE_IP_BINDING=0.0.0.0 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
# - BORG_RETENTION_POLICY=--keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
# - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
# - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
# - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
- NEXTCLOUD_UPLOAD_LIMIT=1G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
- NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
- NEXTCLOUD_MEMORY_LIMIT=1024M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
# - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
# - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
# - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
# - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
# - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
- TALK_PORT=3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
# - WATCHTOWER_DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
# networks: # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
# - nextcloud-aio # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
depends_on: #needs to be in same stack? Just start after jellyfin
- caddy
# Steps
#1. run the command: docker-compose up -d
#2. run the command: docker exec tailscaled tailscale --socket /tmp/tailscaled.sock cert <machine-name>.<tailnet-name>.ts.net
#3. remove the auth key from docker-compose.yaml, save the file, you can keep the container running
#4. run the command: docker-compose up -d
# Filepath
# .
# ├── caddy
# │ ├── Caddyfile
# │ ├── config
# │ └── data
# ├── docker-compose.yaml
# └── tailscale
# └── varlib
and caddyfile:
nextcloud.wallaby-gopher.ts.net {
header Strict-Transport-Security max-age=31536000; #would this stop timeout?
reverse_proxy nextcloud:11000
}
# set to loopback address so it works on the host machine
127.0.0.1 {
reverse_proxy nextcloud:11000
}
Here’s the error I get in the domain checker:
Here’s that log:
Here’s caddy:
I’d really like to stay off the main web the same way I did with jellyfin. Thanks.