Install nextcloud with docker-compose and nginx

bergbiber · July 25, 2020, 9:49pm

Hi all,

does anyone have a working setup with docker-compose and nginx, mariadb…?

I have an ubuntu machine running docker and i am going crazy. I started with the official example setup on github. Then i adapted my nginx config according to the official config manual on nextcloud. All i get is a redirect error (when using my domain as url) or a 50x error (when calling the local ip directly).

I already tried so many things. Everything failed. I am totally desperate
I prefer to access nextcloud from a subfolder but neither the subfolder config nor the webroot is working for me.

Can anyone please share his/her setup maybe?

Reiner_Nippes · July 25, 2020, 10:42pm

You may try this playbook on a test server. You’ll get a working setup.

bergbiber · July 26, 2020, 10:20am

Hey @Reiner_Nippes, thanks for the fast answer.
Your repo looks like a nice setup but i think it wont fit my needs. Your scripts are doing a lot of magic what is great. But I want to understand how my setup works so i can add additional services/containers later. And i think your approach does not integrate nginx, right?

I thought i understand most parts of the official manuals but they seem to be incomplete or do not work together properly. My usecase is not extraordinary, so there must be someone having a working setup based on the manuals and examples?!

Reiner_Nippes · July 26, 2020, 10:39am

sure. but.

nginx is used as the webserver in front of the php-fpm-nextcloud container to server static content. so this nginx.conf nextcloud_on_docker/roles/docker_container/templates/nginx.conf.j2 at master · ReinerNippes/nextcloud_on_docker · GitHub would just setup a http nextcloud webpage. if you would expose the port of the nginx container to the ourside world.

but we use traefik as an “ingress router” to the container services. so the nginx container gets a label that traefik should route all traffic to https://your.domain.tld/ to its port 80.

github.com

ReinerNippes/nextcloud_on_docker/blob/61db7393477478ef59d16f7941c01db59277730a/roles/docker_container/tasks/nginx.yml#L38


      
          volumes:
            - "{{ nextcloud_nginx_dir }}/nginx.conf:/etc/nginx/nginx.conf"
            - "{{ nextcloud_nginx_dir }}/uploadsize.conf:/etc/nginx/conf.d/uploadsize.conf"
          volumes_from:
            - nextcloud
          labels:
            traefik.enable:         "true"
            traefik.docker.network: backend
            traefik.http.middlewares.nginx-https.redirectscheme.scheme: "https"
            traefik.http.routers.nginx-http.entrypoints: "web"
            traefik.http.routers.nginx-http.rule: "Host(`{{ nextcloud_server_fqdn }}`)"
            traefik.http.routers.nginx-http.middlewares: "nginx-https@docker"
            traefik.http.routers.nginx.entrypoints: "web-secure"
            traefik.http.routers.nginx.rule: "Host(`{{ nextcloud_server_fqdn }}`)"
            traefik.http.routers.nginx.middlewares: "nginx@docker,nginx-red@docker"
            traefik.http.routers.nginx.tls: "true"
            traefik.http.routers.nginx.tls.options: "TLSOptionsDefault@file"
            traefik.http.routers.nginx.tls.certresolver: "certificatesResolverDefault"
            traefik.http.middlewares.nginx.headers.referrerPolicy: "no-referrer"
            traefik.http.middlewares.nginx.headers.SSLRedirect: "true"
            traefik.http.middlewares.nginx.headers.STSSeconds: "315360000"

if you want to add another service you add another container, label it and access it.

of course you do this with a simple reverse nginx proxy configuration + automated letscrypt certificate renewal. that’s what is in the offical nc docker-compose examples. yes.

coming back to traefik and different services, have a look at:

or

the bad news. the later two repos are still based on traefik v1.7. so a bit outdated.

if you don’t want to use traefik: what’s the output of sudo docker ps what’s the output of sudo docker log <container-ame-here>

bergbiber · July 26, 2020, 11:26am

here are the logs. this is after startup when i try to call nextcloud from another pc via the domain. it causes a redirect error

docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d551735bae82 docker-nextcloud-fpm-nginx-proxy-ssl-mariadb-cron-redis_web "/docker-entrypoint.…" About a minute ago Up About a minute 80/tcp nginx
53d64318b48d nextcloud:fpm-alpine "/entrypoint.sh php-…" About a minute ago Up About a minute 9000/tcp nextcloud-app
77dbe370cccc jrcs/letsencrypt-nginx-proxy-companion "/bin/bash /app/entr…" About a minute ago Up About a minute letsencrypt
38f8d4cea84f nextcloud:fpm-alpine "/cron.sh" About a minute ago Up About a minute 9000/tcp nextcloud-cron
8a8f848fae96 docker-nextcloud-fpm-nginx-proxy-ssl-mariadb-cron-redis_proxy "/app/docker-entrypo…" About a minute ago Up About a minute 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp nginx-proxy
8b79b5e6f9f0 mariadb "docker-entrypoint.s…" About a minute ago Up About a minute 3306/tcp nextcloud-db
d304ac68e3cc redis:alpine "docker-entrypoint.s…" About a minute ago Up About a minute 6379/tcp redis

docker logs nginx
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"

docker logs nginx-proxy
WARNING: /etc/nginx/dhparam/dhparam.pem was not found. A pre-generated dhparam.pem will be used for now while a new one
is being generated in the background. Once the new dhparam.pem is in place, nginx will be reloaded.
forego | starting dockergen.1 on port 5000
Generating DH parameters, 2048 bit long safe prime, generator 2
forego | starting nginx.1 on port 5100
dockergen.1 | 2020/07/26 11:07:24 Generated '/etc/nginx/conf.d/default.conf' from 3 containers
dockergen.1 | 2020/07/26 11:07:24 Watching docker events
dockergen.1 | 2020/07/26 11:07:24 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
dockergen.1 | 2020/07/26 11:07:24 Received event start for container 53d64318b48d
dockergen.1 | 2020/07/26 11:07:24 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
dockergen.1 | 2020/07/26 11:07:24 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
dockergen.1 | 2020/07/26 11:07:25 Received event start for container d551735bae82
dockergen.1 | 2020/07/26 11:07:25 Generated '/etc/nginx/conf.d/default.conf' from 7 containers
dockergen.1 | 2020/07/26 11:07:25 Running 'nginx -s reload'
dockergen.1 | 2020/07/26 11:07:25 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
2020/07/26 11:08:24 [notice] 155#155: signal process started
This is going to take a long time
dhparam generation complete, reloading nginx
nginx.1 | <<my ip>> 85.92.108.246 - - [26/Jul/2020:11:10:02 +0000] "GET / HTTP/1.1" 503 197 "http://<<my ip>>:80/left.html" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my ip>> 45.115.176.99 - - [26/Jul/2020:11:17:57 +0000] "GET / HTTP/1.1" 503 599 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"

docker logs nextcloud-app
Configuring Redis as session handler
Initializing nextcloud 19.0.1.1 ...
Initializing finished
New nextcloud instance
[26-Jul-2020 11:07:26] NOTICE: fpm is running, pid 1
[26-Jul-2020 11:07:26] NOTICE: ready to handle connections

Reiner_Nippes · July 26, 2020, 7:47pm

where did you put this nginx.conf file from the manual?

the docker-compose file should work without any additional files.

you only have to insert here your domain name and email.

github.com

nextcloud/docker/blob/de90bed706d03973c8181b695e0207fa45847c28/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml#L39


      
            depends_on:
              - db
              - redis
          
          web:
            build: ./web
            restart: always
            volumes:
              - nextcloud:/var/www/html:ro
            environment:
              - VIRTUAL_HOST=
              - LETSENCRYPT_HOST=
              - LETSENCRYPT_EMAIL=
            depends_on:
              - app
            networks:
              - proxy-tier
              - default
          
          cron:
            image: nextcloud:fpm-alpine

what to put there is described here: Docker ( Step 3 - proxyed container(s))

bergbiber · July 27, 2020, 5:38pm

i uploaded the docker folder containing the whole config: http://ge.tt/2xWd7t53 (its available for 30 days). Its the config for accessing nextcloud on a subfolder (what is my preferred solution). The config is located inside my home directory. For launching i go into Docker-Nextcloud-FPM-Nginx-Proxy-SSL-MariaDB-Cron-Redis and call docker-compose up -d. I removed the domain, passwords and other stuff for the uploaded archive but its properly set up on my machine. Using kitematic i can see that all containers are running. But i cant see any helpful trace showing why its not working.

nandurx · July 27, 2020, 7:17pm

Hey look at DBtech YouTube video on that. Works everything as should be except trusted domain problems. I am doing everything right still not working… If you use same setup then let me know if your domain works.

Reiner_Nippes · July 27, 2020, 9:16pm

i did:

install docker / docker-compose
git clone https://github.com/nextcloud/docker.git
cd ~/docker/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm
vim vim docker-compose.yml # to edit line 39-41 (domain and email)
docker-compose up -d

create admin account and connect to the database on the web site. worked.

from your docker-comose file:

      - NEXTCLOUD_TRUSTED_DOMAINS=localhost <<domain>>
      - TRUSTED_PROXIES=localhost <<domain>>

it should be your domain. not localhost. and trusted proxy should be the name of the proxy container.

app:       - ~/docker/docker/nextcloud:/var/www/html
web:       - ~/docker/docker/nextcloud:/var/www/cloud:ro
cron:      - ~/docker/docker/nextcloud:/var/www/html

that won’t work. one container has an empty /var/www/html.

bergbiber · July 29, 2020, 7:01pm

ok i changed that

can you maybe explain what to adapt in more detail, please?
i can run nextcloud using the plain example, just like you did. Yay thats some progress But i want to make it accessible from a subfolder. So i thought i have to mount the nextcloud folder somewhere at /cloud in nginx

Reiner_Nippes · July 29, 2020, 8:07pm

in the app container fpm-php is running and executing php code in /var/www/html.
in the web container is a nginx running serving the static page content (jpg, pdf, css) in /var/www/html.

when you look at the docker file of app image you find that “on startup” a script checks which nextcloud version is installed in /var/www/html and installs, updates or do nothing.

github.com

nextcloud/docker/blob/abe8cd69a6a3eee4952d4faea9dfbda64c4cdb2b/19.0/fpm/entrypoint.sh#L75


        # check if redis password has been set
        elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
            echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
        else
            echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
        fi
    } > /usr/local/etc/php/conf.d/redis-session.ini
fi

installed_version="0.0.0.0"
if [ -f /var/www/html/version.php ]; then
    # shellcheck disable=SC2016
    installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
fi
# shellcheck disable=SC2016
image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"

if version_greater "$installed_version" "$image_version"; then
    echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
    exit 1
fi

nevertheless the files are writen into /var/www/html. in the container filesystem.

app:       - ~/docker/docker/nextcloud:/var/www/html

maps this folder to your hosts filesystem to ~/docker/docker/nextcloud

btw: use a relative path to the location of the docker-compose file or an absolute path. a path that depends on the user who starts the container might not be a good choice.

web:       - ~/docker/docker/nextcloud:/var/www/cloud:ro

maps this files to /var/www/cloud in the web servers container. unless you didn’t change the following line:

github.com

nextcloud/docker/blob/abe8cd69a6a3eee4952d4faea9dfbda64c4cdb2b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf#L63


add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;

# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;

# Path to the root of your installation
root /var/www/html;

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;

nginx in this container would find no content.

anyhow the web container is not the place to change to subfolder. the web container will only listen to port 80.

github.com

nextcloud/docker/blob/abe8cd69a6a3eee4952d4faea9dfbda64c4cdb2b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf#L39


set_real_ip_from  192.168.0.0/16;
real_ip_header    X-Real-IP;

#gzip  on;

upstream php-handler {
    server app:9000;
}

server {
    listen 80;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
    #
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list

you have to change the proxy settings. so look at:

https://hub.docker.com/r/jwilder/nginx-proxy

unfortunately I couldn’t find a variable to change the settings to a subfolder. so i can’t help you with this.

bergbiber · July 30, 2020, 2:48pm

thanks for your kind and detailed explanation. this is absolutely comprehensible

but i think i already set up everything as expected. maybe you can have one more look on my previously uploaded config.
as you said ~/docker/docker/nextcloud is mounted to /var/www/cloud for nginx. inside the nginx config itself i already modified the root parameter to /var/www (inside the section for port 443) and refer to /cloud as location as explained here: https://docs.nextcloud.com/server/19/admin_manual/installation/nginx.html#nextcloud-in-a-subdir-of-the-nginx-webroot

so according to your comment, everything is in place except the proxy settings for the webroot. do i still need to configure the proxy although nginx shall already listen to /var/www/cloud?

bergbiber · July 31, 2020, 10:02pm

so i made some more tests:

if i use the example from git, everything works fine. but the included nginx config is without ssl what is obviously not sensible

so i tried to combine the docker-compose from git with the nginx config from the install guide. I put everything in place, set all the variables correctly (like server_name) and mount the volumes to the expected paths. because i follow the guide for having nextcloud in the webroot, i set the root to var/www/html.

and finally it… still fails having the same redirect error like before
even if i prevent redirecting by calling /index.php directly will fail with that error.

as a conclusion i dont think it is an issue in my personal changes. instead the install guide must contain errors doing some faulty redirect with ssl.
ignoring the subfolder stuff temporary, which config will provide a valid https set up for nginx?

DevConram · August 7, 2020, 5:42pm

Similar issues here. The “official” installation instructions are confusing, so I will follow and pitch in to this thread since we seem to have similar original issues @bergbiber, but I am still starting out. I’ll just write a quick summary of my scenario…

What I want to do? Primary usage for Nextcloud for me right now is to pull media from mobile devices via the app.
In what environment? I run Fedora Server 32 on a HPE Proliant machine and have Docker 19.3 ready to go, all in a local only network.

One question. I tried something else and it led to issues due to the SELinux configuration that can block things from running. I do not know how that works in Ubuntu though. Since I have remove SELinux. Could that cause issues as described above?

I have read through this above and will get back with any result once I tried the other guides posted…

DevConram · August 7, 2020, 5:52pm

How would you go about this in your guide if you only want to access this on local network

First of all you must define the server fqdn. If you want to get a Let’s Encrypt certificate this must be a valid DNS record pointing to your server. Port 80+443 must be open to the internet.
If you have a private server or if you use an AWS domain name like ec2-52-3-229-194.compute-1.amazonaws.com, you'll end up with a self-signed certificate. This is fine but annoying, because you have to accept this certificate manually in your browser. If you don't have a fqdn use the server IP address.
Important: You will only be able to access Nextcloud through this address.

I will use the IP by DHCP and port defined by me locally to access this to begin with, at least until I get 2FA to work.

No traefik or anything else that can’t be added from inside nextcloud… at least not on this server…

Reiner_Nippes · August 8, 2020, 11:26am

well. thats not possible. you won’t get a le certificate for your ip adress.

DevConram · August 8, 2020, 12:14pm

Not possible? I don’t need the certificate anyhow… not for a local address… I have plenty of domains I could tie in at a later stage, but right now I only need a local setup.

It’s your setup script on Github that assumes one want a LE, so all I am asking is whether I can just skip that step and be fine or if some other changes has to be done.

Reiner_Nippes · August 8, 2020, 1:56pm

no. but it will alway put traefik in front. and by the playbook traefik will be setup to run nextcloud on https/tls. with le certs if available or traefik will create selfsigned certs.

unless you don’t know some ansible and traefik basics it will be hard to change that behaviour.

if you just want to start nextcloud in a container use the example docker-compose files here:

DevConram · August 8, 2020, 1:59pm

yeah, on that… now failing due to something else… at this rate it would be easier to just setup a LAMP in a VM

Reiner_Nippes · August 8, 2020, 2:00pm

but you would never learn docker.