Help installing NC via AIO on VPS

Hi, I’m trying to install NC on a VPS instance and am running into problems when trying to do the domain check. I have followed the guide on Github to install docker and launch the mastercontainer. In the logs of the mastercontainer I see errors about Caddy(?) failing to bind to ports 80 and 443 with permission denied and I can only access the AIO interface on doimain.co.uk:8080. When going to domain.co.uk or domain.co.uk:8443 it doesn’t resolve. Using the portcheck site that the AIO suggests show that ports 443 and 8443 are indeed closed.

I have tried using UFW to allow these ports and this doesn’t seem to make a difference.
I have also tried skipping the domain check, but then once the containers are spun up nextcloud-apchce shows the same errors as the AIO in failing to bind to ports and I can never get to the NC web interface.

I am new to webhosting but not to Linux so I thought the AIO would be a good way to go and this is baffling me a bit.

Thanks for any help.

Hi, see Apache cannot start because listen tcp :443: bind: permission denied · Discussion #1267 · nextcloud/all-in-one · GitHub

I’ll double check the docker install, but I’m running on Ubuntu 22.04 so I doubt an old kernel is the issue.

True Ubuntu 22.04 should cause this issue.
I suppose you are also not using docker-rootless?
Then maybe your VPS provider is the problem. What provider are you using?

No, I’m using a standard docker install, not rootless. I’m running on hostinger.

hm… then I don’t have a good explanation why binding these ports inside the container fails. It should work with kernel 4.11 or higher.

Since I cannot reproduce your issue, it is however still likely infrastructure related.

E.g. there also recently was a problem with a different provider named Strato: GitHub - nextcloud/all-in-one: Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.

I have contacted support at Hostinger and they suggesting it is a problem with unprivileged containers not being able to bind with ports lower than 1024. Could this be it?

No, this cannot be the reason. If you click the link, you should find out that binding ports below 1024 should work correctly inside containers even for unprivileged containers due to a kernel featue that is present in kernels higher than 4.11. However maybe that kernel feature is deactivated on Hostinger? But really not clue, sorry. As I said, it works fine over here.

I have just tried running the caddy example from Docker hub to test that the server config is good and it works. If i run the below I get a site available on the domain and port 80 and 443 are open. This kind of implies to me that the problem is to do specifically with the AIO container or how I’m running it and not the server itself.

echo "hello world" > index.html
docker run -d -p 80:80 -p 443:443 -p 443:443/udp -v $PWD/index.html:/srv/index.html -v caddy_data:/data caddy caddy file-server --domain domain.co.uk

No, you got it wrong. Based on caddy-docker/Dockerfile at master · caddyserver/caddy-docker · GitHub it looks like the caddy docker image runs as root user which the AIO container does not (it runs caddy as non-root user). This is exactly what the kernel feature that I was talking about allows (allowing non-root user inside containers to bind ports below 1024). So it seems this kernel feature does not work on your server somehow.

My recommendation for you would be to try out a different hoster and check if it works there.

I ended up switching to Linode and using their marketplace app with no issues. Must be something wrong at Hostingers end.

Yes indeed.