Hi,
I’ve been using NextCloudPi for months and decided to migrate to a docker installation. I’ve managed to get the insecure version working, and can make it available at localhost:8080 as stated in the main github readme.
Previously I had rented a subdomain at freedns.afraid.org and was able to access my NextCloudPi server through the rented subdomain. At some point this required both opening a port on my home router (80 and 443) and telling my router to send this traffic to the Raspberry Pi. I managed certificates through NextCloudPi console using sudo ncp-config → Networking → letsencrypt.
Attempting to replace the NextCloudPi available outside LAN with a docker deployment, I started with the github nginx-reverse-proxy example. I have created a modified docker-compose.yml. VIRTUAL_HOST and LETSENCRYPT_HOST are my rented subdomain. LETSENCRYPT_EMAIL is my email address.
Since I am no longer accessing my NextCloudPi through the rented subdomain, I first deleted the NAT port forwarding of 80 and 443. I then reopened my NAT ports 80 and 443, this time pointing to my docker host machine’s local IP.
- On my first attempt,
sudo docker-compose up -d
and navigating to my rented subdomain resulted in a generic nginx 503: service is temporarily unavailable. - Using
sudo docker-compose up
and looking at the logs, I realized that letsencrypt-companion wanted the certificate volume to be writable, and made that change. - This resulted in
ERR_CERT_AUTHORITY_INVALID
, cannot visit this site because it uses HSTS. A previous fix of this problem had been to run ncp-config and renew the certificate.
I believe I need to fix my certificates, which I unintentionally broke. I may simply need to wait for letsencrypt to refresh the certificates. If not, I may need to fix the certificate error somehow. How do I do that?
docker-compose.yml
version: '3.9'
services:
db:
image: mariadb:10.6
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
restart: always
volumes:
- './db:/var/lib/mysql'
environment:
- MYSQL_ROOT_PASSWORD=REDACTED
- MARIADB_AUTO_UPGRADE=1
env_file:
- db.env #MYSQL_PASSWORD, MYSQL_DATABASE, MYSQL_USER
app:
image: nextcloud:apache
restart: always
volumes:
- './nextcloud:/var/www/html'
- './data:/var/www/html/data'
environment:
- VIRTUAL_HOST=REDACTED
- LETSENCRYPT_HOST=REDACTED
- LETSENCRYPT_EMAIL=REDACTED
- MYSQL_HOST=db
env_file:
- db.env #MYSQL_PASSWORD, MYSQL_DATABASE, MYSQL_USER
depends_on:
- db
networks:
- proxy-tier
- default
proxy:
build: ./proxy
restart: always
ports:
- 80:80
- 443:443
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
volumes:
- './certs:/etc/nginx/certs:ro'
- './vhost.d:/etc/nginx/vhost.d'
- './html:/usr/share/nginx/html'
- '/var/run/docker.sock:/tmp/docker.sock:ro'
networks:
- proxy-tier
letsencrypt-companion:
image: nginxproxy/acme-companion
restart: always
volumes:
- './certs:/etc/nginx/certs'
- './acme:/etc/acme.sh'
- './vhost.d:/etc/nginx/vhost.d'
- './html:/usr/share/nginx/html'
- '/var/run/docker.sock:/var/run/docker.sock:ro'
networks:
- proxy-tier
depends_on:
- proxy
networks:
proxy-tier:
volumes:
nextcloud:
db:
data:
acme:
vhost.d:
html: