Install nextcloud with docker-compose and nginx

Hi all,

does anyone have a working setup with docker-compose and nginx, mariadb…?

I have an ubuntu machine running docker and i am going crazy. I started with the official example setup on github. Then i adapted my nginx config according to the official config manual on nextcloud. All i get is a redirect error (when using my domain as url) or a 50x error (when calling the local ip directly).

I already tried so many things. Everything failed. I am totally desperate :tired_face:
I prefer to access nextcloud from a subfolder but neither the subfolder config nor the webroot is working for me.

Can anyone please share his/her setup maybe?

You may try this playbook on a test server. You’ll get a working setup.

Hey @Reiner_Nippes, thanks for the fast answer.
Your repo looks like a nice setup but i think it wont fit my needs. Your scripts are doing a lot of magic what is great. But I want to understand how my setup works so i can add additional services/containers later. And i think your approach does not integrate nginx, right?

I thought i understand most parts of the official manuals but they seem to be incomplete or do not work together properly. My usecase is not extraordinary, so there must be someone having a working setup based on the manuals and examples?!

sure. but.

nginx is used as the webserver in front of the php-fpm-nextcloud container to server static content. so this nginx.conf https://github.com/ReinerNippes/nextcloud_on_docker/blob/master/roles/docker_container/templates/nginx.conf.j2 would just setup a http nextcloud webpage. if you would expose the port of the nginx container to the ourside world.

but we use traefik as an “ingress router” to the container services. so the nginx container gets a label that traefik should route all traffic to https://your.domain.tld/ to its port 80.

if you want to add another service you add another container, label it and access it.

of course you do this with a simple reverse nginx proxy configuration + automated letscrypt certificate renewal. that’s what is in the offical nc docker-compose examples. yes.

coming back to traefik and different services, have a look at:


or

the bad news. the later two repos are still based on traefik v1.7. so a bit outdated.

if you don’t want to use traefik: what’s the output of sudo docker ps what’s the output of sudo docker log <container-ame-here>

here are the logs. this is after startup when i try to call nextcloud from another pc via the domain. it causes a redirect error

docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d551735bae82 docker-nextcloud-fpm-nginx-proxy-ssl-mariadb-cron-redis_web "/docker-entrypoint.…" About a minute ago Up About a minute 80/tcp nginx
53d64318b48d nextcloud:fpm-alpine "/entrypoint.sh php-…" About a minute ago Up About a minute 9000/tcp nextcloud-app
77dbe370cccc jrcs/letsencrypt-nginx-proxy-companion "/bin/bash /app/entr…" About a minute ago Up About a minute letsencrypt
38f8d4cea84f nextcloud:fpm-alpine "/cron.sh" About a minute ago Up About a minute 9000/tcp nextcloud-cron
8a8f848fae96 docker-nextcloud-fpm-nginx-proxy-ssl-mariadb-cron-redis_proxy "/app/docker-entrypo…" About a minute ago Up About a minute 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp nginx-proxy
8b79b5e6f9f0 mariadb "docker-entrypoint.s…" About a minute ago Up About a minute 3306/tcp nextcloud-db
d304ac68e3cc redis:alpine "docker-entrypoint.s…" About a minute ago Up About a minute 6379/tcp redis

docker logs nginx
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"
84.162.160.67 - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" "84.162.160.67"

docker logs nginx-proxy
WARNING: /etc/nginx/dhparam/dhparam.pem was not found. A pre-generated dhparam.pem will be used for now while a new one
is being generated in the background. Once the new dhparam.pem is in place, nginx will be reloaded.
forego | starting dockergen.1 on port 5000
Generating DH parameters, 2048 bit long safe prime, generator 2
forego | starting nginx.1 on port 5100
dockergen.1 | 2020/07/26 11:07:24 Generated '/etc/nginx/conf.d/default.conf' from 3 containers
dockergen.1 | 2020/07/26 11:07:24 Watching docker events
dockergen.1 | 2020/07/26 11:07:24 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
dockergen.1 | 2020/07/26 11:07:24 Received event start for container 53d64318b48d
dockergen.1 | 2020/07/26 11:07:24 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
dockergen.1 | 2020/07/26 11:07:24 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
dockergen.1 | 2020/07/26 11:07:25 Received event start for container d551735bae82
dockergen.1 | 2020/07/26 11:07:25 Generated '/etc/nginx/conf.d/default.conf' from 7 containers
dockergen.1 | 2020/07/26 11:07:25 Running 'nginx -s reload'
dockergen.1 | 2020/07/26 11:07:25 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
2020/07/26 11:08:24 [notice] 155#155: signal process started
This is going to take a long time
dhparam generation complete, reloading nginx
nginx.1 | <<my ip>> 85.92.108.246 - - [26/Jul/2020:11:10:02 +0000] "GET / HTTP/1.1" 503 197 "http://<<my ip>>:80/left.html" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my domain>> <<my ip>> - - [26/Jul/2020:11:10:23 +0000] "GET / HTTP/2.0" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0"
nginx.1 | <<my ip>> 45.115.176.99 - - [26/Jul/2020:11:17:57 +0000] "GET / HTTP/1.1" 503 599 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"

docker logs nextcloud-app
Configuring Redis as session handler
Initializing nextcloud 19.0.1.1 ...
Initializing finished
New nextcloud instance
[26-Jul-2020 11:07:26] NOTICE: fpm is running, pid 1
[26-Jul-2020 11:07:26] NOTICE: ready to handle connections

where did you put this nginx.conf file from the manual?

the docker-compose file should work without any additional files.

you only have to insert here your domain name and email.

what to put there is described here: https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion ( Step 3 - proxyed container(s))

i uploaded the docker folder containing the whole config: http://ge.tt/2xWd7t53 (its available for 30 days). Its the config for accessing nextcloud on a subfolder (what is my preferred solution). The config is located inside my home directory. For launching i go into Docker-Nextcloud-FPM-Nginx-Proxy-SSL-MariaDB-Cron-Redis and call docker-compose up -d. I removed the domain, passwords and other stuff for the uploaded archive but its properly set up on my machine. Using kitematic i can see that all containers are running. But i cant see any helpful trace showing why its not working.

Hey look at DBtech YouTube video on that. Works everything as should be except trusted domain problems. I am doing everything right still not working… If you use same setup then let me know if your domain works.

i did:

  • install docker / docker-compose
  • git clone https://github.com/nextcloud/docker.git
  • cd ~/docker/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm
  • vim vim docker-compose.yml # to edit line 39-41 (domain and email)
  • docker-compose up -d

create admin account and connect to the database on the web site. worked.

from your docker-comose file:

      - NEXTCLOUD_TRUSTED_DOMAINS=localhost <<domain>>
      - TRUSTED_PROXIES=localhost <<domain>>

it should be your domain. not localhost. and trusted proxy should be the name of the proxy container.

app:       - ~/docker/docker/nextcloud:/var/www/html
web:       - ~/docker/docker/nextcloud:/var/www/cloud:ro
cron:      - ~/docker/docker/nextcloud:/var/www/html

that won’t work. one container has an empty /var/www/html. :wink:

ok i changed that :+1:

can you maybe explain what to adapt in more detail, please?
i can run nextcloud using the plain example, just like you did. Yay thats some progress :slight_smile: But i want to make it accessible from a subfolder. So i thought i have to mount the nextcloud folder somewhere at /cloud in nginx

in the app container fpm-php is running and executing php code in /var/www/html.
in the web container is a nginx running serving the static page content (jpg, pdf, css) in /var/www/html.

when you look at the docker file of app image you find that “on startup” a script checks which nextcloud version is installed in /var/www/html and installs, updates or do nothing.

nevertheless the files are writen into /var/www/html. in the container filesystem.

app:       - ~/docker/docker/nextcloud:/var/www/html

maps this folder to your hosts filesystem to ~/docker/docker/nextcloud

btw: use a relative path to the location of the docker-compose file or an absolute path. a path that depends on the user who starts the container might not be a good choice.

web:       - ~/docker/docker/nextcloud:/var/www/cloud:ro

maps this files to /var/www/cloud in the web servers container. unless you didn’t change the following line:


nginx in this container would find no content.

anyhow the web container is not the place to change to subfolder. the web container will only listen to port 80.

you have to change the proxy settings. so look at:

https://hub.docker.com/r/jwilder/nginx-proxy

unfortunately I couldn’t find a variable to change the settings to a subfolder. so i can’t help you with this.

thanks for your kind and detailed explanation. this is absolutely comprehensible :slight_smile:

but i think i already set up everything as expected. maybe you can have one more look on my previously uploaded config.
as you said ~/docker/docker/nextcloud is mounted to /var/www/cloud for nginx. inside the nginx config itself i already modified the root parameter to /var/www (inside the section for port 443) and refer to /cloud as location as explained here: https://docs.nextcloud.com/server/19/admin_manual/installation/nginx.html#nextcloud-in-a-subdir-of-the-nginx-webroot

so according to your comment, everything is in place except the proxy settings for the webroot. do i still need to configure the proxy although nginx shall already listen to /var/www/cloud?

so i made some more tests:

if i use the example from git, everything works fine. but the included nginx config is without ssl what is obviously not sensible

so i tried to combine the docker-compose from git with the nginx config from the install guide. I put everything in place, set all the variables correctly (like server_name) and mount the volumes to the expected paths. because i follow the guide for having nextcloud in the webroot, i set the root to var/www/html.

and finally it… still fails having the same redirect error like before :face_with_symbols_over_mouth:
even if i prevent redirecting by calling /index.php directly will fail with that error.

as a conclusion i dont think it is an issue in my personal changes. instead the install guide must contain errors doing some faulty redirect with ssl.
ignoring the subfolder stuff temporary, which config will provide a valid https set up for nginx?