Mystery with AIO/docker and arbitrary port

sthamster · July 10, 2022, 10:41pm

Hello everyone!

I need to setup AIO within rootless docker to listen for an arbitrary port. After thorough docs investigation and few attempts I ended up with ‘nextcloud/all-in-one:beta’ image (because it allows to use SKIP_DOMAIN_VALIDATION) and apache as a reverse proxy. I almost successfully went through the initial setup but finally got a situation where nextcloud redirects every transition to https://my.server.tld instead of https://my.server.tld:1234 which I am going to use.

I ran docker as
docker run -it --name nextcloud-aio-mastercontainer --restart always -p 8080:8080 -e APACHE_PORT=11000 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config --volume /run/user/1004/docker.sock:/var/run/docker.sock:ro -e NEXTCLOUD_DATADIR="/bucket/nextcloud" -e DOCKER_SOCKET_PATH=/run/user/1004/docker.sock -e SKIP_DOMAIN_VALIDATION=true nextcloud/all-in-one:beta

made apache config like

<VirtualHost _default_:1234>
    SSLEngine on
    SSLCertificateFile      /etc/letsencrypt/live/my.server.tld/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/my.server.tld/privkey.pem
    ProxyPreserveHost On
    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteRule ^/(.*) "ws://localhost:11000/$1" [P,L]
    ProxyPass / http://localhost:11000/
    ProxyPassReverse / http://localhost:11000/
    Protocols h2 h2c http/1.1
    TraceEnable off
    <Files ".ht*">
        Require all denied
    </Files>
    ServerName my.server.tld
    ServerAlias *.my.server.tld
</VirtualHost>

and created /var/www/html/config/myown.config.php within nextcloud-aio-nextcloud container with the following content

<?php
  $CONFIG['overwritehost'] = 'my.server.tld:1234';
  $CONFIG['overwrite.cli.url'] = 'https://my.server.tld:1234/';

But every time I open https://my.server.tld:1234 it redirects me to the https://my.server.tld/login
If then I manually open https://my.server.tld:1234/login I got to the appropriate login page, but after login it brings me to the https://my.server.tld/apps/dashboard/ which obviously does not exist.
After that I can manually open https://my.server.tld:1234/apps/dashboard/ and work normally until some redirect occurs (e.g. at logoff) and it brings me back to https://my.server.tld/* (e.g. with no port)

However the mystery itself is with the following:

user@my:~$ docker exec -it nextcloud-aio-nextcloud grep my.server.tld /var/www/html/config/config.php /var/www/html/config/myown.config.php
/var/www/html/config/config.php:  'overwritehost' => 'my.server.tld',
/var/www/html/config/config.php:    1 => 'my.server.tld',
/var/www/html/config/config.php:  'overwrite.cli.url' => 'https://my.server.tld/',
/var/www/html/config/myown.config.php:  $CONFIG['overwritehost'] = 'my.server.tld:1234';
/var/www/html/config/myown.config.php:  $CONFIG['overwrite.cli.url'] = 'https://my.server.tld:1234/';
user@my:~$ docker exec -it nextcloud-aio-nextcloud php occ config:system:get overwritehost
my.server.tld
user@my:~$ docker exec -it nextcloud-aio-nextcloud php occ config:system:get overwrite.cli.url
https://my.server.tld:1234/
user@my:~$ docker exec -it nextcloud-aio-nextcloud php occ config:system:set overwritehost --value="my.server.tld:1234"
System config value overwritehost set to string my.server.tld:1234
user@my:~$ docker exec -it nextcloud-aio-nextcloud php occ config:system:set overwrite.cli.url --value="https://my.server.tld:1234/"
System config value overwrite.cli.url set to string https://my.server.tld:1234/
user@my:~$ docker exec -it nextcloud-aio-nextcloud php occ config:system:get overwritehost
my.server.tld
user@my:~$ docker exec -it nextcloud-aio-nextcloud php occ config:system:get overwrite.cli.url
https://my.server.tld:1234/
user@my:~$ docker exec -it nextcloud-aio-nextcloud grep my.server.tld /var/www/html/config/config.php /var/www/html/config/myown.config.php
/var/www/html/config/config.php:  'overwritehost' => 'my.server.tld:1234',
/var/www/html/config/config.php:    1 => 'my.server.tld',
/var/www/html/config/config.php:  'overwrite.cli.url' => 'https://my.server.tld:1234/',
/var/www/html/config/myown.config.php:  $CONFIG['overwritehost'] = 'my.server.tld:1234';
/var/www/html/config/myown.config.php:  $CONFIG['overwrite.cli.url'] = 'https://my.server.tld:1234/';

I.e. the value of ‘overwritehost’ seems to be desyncronized with both config.php and value available through the ‘php occ’

How could it ever be???

P.S. My installation otherwise looks ok. I am able to upload/download files etc. through the browser with ‘manual interventions’. But both desktop and mobile clients break in this situation at the very login.

szaimen · July 11, 2022, 8:19am

Hi, AIO is simply not meant to be used with an arbitrary port from the outside. You can fix this by pointing another subdomain to your home network (e.g. by adding a cname entry that points to the existing domain), get a valid certificate for this domain and use that for AIO.

szaimen · July 11, 2022, 8:28am

Apart from doing it correctly, there is this: all-in-one/manual-install at main · nextcloud/all-in-one · GitHub

sthamster · July 11, 2022, 10:43am

Sure, I do understand that my case is slightly different from what is written in docs as requirements (I mean ports 80 and 443 available) and ready to face some consequences. Yet I do not understand what is going on and ask for explanation to be able to overcome them.
Could you point out why overwritehost parameter behaves so unpredictable and how can I finally set it to the desired value?

P.S. If it it due to AIO setup (in comparison to ‘bare’ setup) then there should be some features in AIO that cause that. What are they?

szaimen · July 11, 2022, 11:21am

AIO sets overwritehost and overwrite.cli.url automatically which you can see. Nextcloud itself seems to not be able to deal correctly with multiple overwritehost values provided in different config.php files.

szaimen · July 11, 2022, 12:22pm

As I already pointed out, if you do not want to go the correct way of using a dedicated subdomain for AIO, you are free to choose the manual install where you can modify much more manually. See all-in-one/manual-install at main · nextcloud/all-in-one · GitHub

SilleBille · December 19, 2023, 2:43am

I was bummed recently with this issue. I still don’t understand why this was not considered as a feature?

For instance, I do want to provide some level of layering around my instance and avoid exposing 443 or 80. Instead i want to expose a random port that only I want to access.

I know it’s been a year since this question was asked. But, with recent NC version, was this addressed – to support a random port from outside?