Hi all,
I’m not sure where to post this, i also created a discussion here, if this is not allowed, please remove the topic. Because of the restrictions of a new user, i was not able to add all the info i wanted, you can find all info here.
I’m stuck on the setup, when i enter the domain i want to use, i see the blue loading circle. After a while it disapears, and nothing happens. When i hit the “Submit domain” button, i don’t see anything in the Traefik logging, which is set to DEBUG.
I have a dedicate VM for Nextcloud, all i have installed is docker compose with portainer. On a other VM i have traefik running.
Some details on my setup:
Internet comes in on my provider modem, the modem forwards 80 and 443 to my VM running pfSense, here 80 and 443 is forwarded to the internal ip of the VM running Traefik. For what it’s worth, i’m using many other apps succesfully with Traefik internal as wel as public.
I already tried the SKIP_DOMAIN_VALIDATION=true option. Which gets me futher in the installation, but then the nextcloud-aio-apache remains unhealthy.
sudo docker exec -it nextcloud-aio-apache bash -x /healthcheck.sh:
nc -z “cloud.fancydomain.tld” 443; echo $ on the vm running nextcloud:
nc: getaddrinfo for host “cloud.fancydomain.tld” port 443: Temporary failure in name resolution
nc -z 192.168.2.6 11000; echo $? from inside Traefik container:
Here is some logging:
docker network inspect nextcloud-aio:
[
{
"Name": "nextcloud-aio",
"Id": "132874a1fdd615ca529d4078fb96c7fcc542924513ecbc7a7232662d3beebf36",
"Created": "2024-01-29T10:12:40.287867748Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.27.0.0/16",
"Gateway": "172.27.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"274c4c53efd25cd2d9541d4ed7892efa677fa4c3bc1e3bb8f59b959822ed3ef5": {
"Name": "nextcloud-aio-domaincheck",
"EndpointID": "947192c496191b77ad3d6d4251c036dba9a1aa650dc431bc42520d1497e55aa6",
"MacAddress": "02:42:ac:1b:00:03",
"IPv4Address": "172.27.0.3/16",
"IPv6Address": ""
},
"dc4e4c6db7637e529feac1cc858d9fca1828b3aa05c9f3697f5f192b519c6c72": {
"Name": "nextcloud-aio-mastercontainer",
"EndpointID": "d30180be4aed0b4303e039fe01851caa40817c5c0697a06cde4d255860f339f8",
"MacAddress": "02:42:ac:1b:00:02",
"IPv4Address": "172.27.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
nextcloud-aio-mastercontainer:
Trying to fix docker.sock permissions internally...
Adding internal www-data to group ping
..+......+...+++++++++++++++++++++++++++++++++++++++++++++*...................+.+......+...+..+.......+..+.+..+...+....+++++++++++++++++++++++++++++++++++++++++++++*..+..+...............................+..+......+.+.....+.+..+.+.....+....+..+.........+.+...+.................+..................+.+.....+............+..........+..+.+..............+..................+......................+........+.......+.....+.......+......+.....+...+....+..+.+........+.......+........+.+.....+...+............+.+.....+..........+....................+...+.........+...+.........+.+.................+......+......+...+......+.+...+..+..................+..........+.....+......+.+........+...+...+................+...............+........+................+.........+.....+...+....+..................+...+...+..+....+.....+.+........+......+.+..+...+.......+...........+......+......+...+......+..........+...+..+...+..................+....+.........+.....+.+.....................+.....+....+...+......+..+.........+.+.....+.......+..+.............+.....+.+.....+.+.....+................+............+.....................+...........+.+...+.........+..+......+..................+.......+..+............+.+........+......................+...+...........+.+..+.+..+...................+...+...+...+.........+.................+...............+.+..+......+.......+........+......+....+...................................+.......+.........+...........+...............+.........+.+.....+.............+.........+........+....+......+........+.+...+.....+.+++++
.+.........+.......+++++++++++++++++++++++++++++++++++++++++++++*..+.......+....................+......+.+.........+..+....+........+.......+......+..+...+...+.+.....+...+.......+...+++++++++++++++++++++++++++++++++++++++++++++*.....+........................+..............+............+...+.+.................................+...+.........+......+...............+..+...+.........+....+......+........+......+...............+............+++++
-----
Initial startup of Nextcloud All-in-One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. https://internal.ip.of.this.server:8080
If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
https://your-domain-that-points-to-this-server.tld:8443
[Mon Jan 29 10:11:44.121601 2024] [mpm_event:notice] [pid 113:tid 140082845776712] AH00489: Apache/2.4.58 (Unix) OpenSSL/3.1.4 configured -- resuming normal operations
[Mon Jan 29 10:11:44.121811 2024] [core:notice] [pid 113:tid 140082845776712] AH00094: Command line: 'httpd -D FOREGROUND'
INF ts=1706523104.1250885 msg=using provided configuration config_file=/Caddyfile config_adapter=
[29-Jan-2024 10:11:44] NOTICE: fpm is running, pid 119
[29-Jan-2024 10:11:44] NOTICE: ready to handle connections
nextcloud-aio-domaincheck:
2024-01-29 10:12:42: (../src/server.c.1933) server started (lighttpd/1.4.73)
traefik.yaml:
api:
dashboard: true
debug: true
insecure: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
#For Unifi
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
directory: /rules
watch: true
certificatesResolvers:
letsencrypt:
acme:
email: **********
storage: acme.json
dnsChallenge:
provider: transip
log:
level: DEBUG
middlewares.yaml:
http:
middlewares:
redirect:
redirectScheme:
scheme: https
permanent: true
default-headers:
headers:
# frameDeny: true
sslRedirect: true
#browserXssFilter: true
#contentTypeNosniff: true
#forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
default-whitelist:
ipWhiteList:
sourceRange:
# Local network
- "192.168.2.0/24"
# Docker network
- "172.18.0.0/16"
# WireGuard
- "172.16.0.0/24"
# OpenVPN
- "192.168.1.0/24"
public:
chain:
middlewares:
- redirect
- default-headers
secured:
chain:
middlewares:
- redirect
- default-whitelist
- default-headers
nextcloud-regex:
redirectRegex:
permanent: true
regex: https://(.*)/.well-known/(?:card|cal)dav
replacement: https://${1}/remote.php/dav
nextcloud-secure-headers:
headers:
hostsProxyHeaders:
- "X-Forwarded-Host"
referrerPolicy: "same-origin"
https-redirect:
redirectscheme:
scheme: https
nextcloud-chain:
chain:
middlewares:
- https-redirect
- nextcloud-secure-headers
nextcloud.yaml:
http:
routers:
nextcloud-mgmt:
entryPoints:
- "https"
rule: "Host(`nextcloud-mgmt.int.fancydomain.tld`)"
middlewares:
- secured
tls: {}
service: nextcloud-mgmt
nextcloud:
entryPoints:
- "https"
rule: "Host(`cloud.fancydomain.tld`)"
middlewares:
- nextcloud-chain
tls: {}
service: nextcloud
services:
nextcloud-mgmt:
loadBalancer:
servers:
- url: http://192.168.2.6:9000
passHostHeader: true
nextcloud:
loadBalancer:
servers:
- url: http://192.168.2.6:11000
passHostHeader: true
docker-compose.yaml:
services:
nextcloud-aio-mastercontainer:
image: nextcloud/all-in-one:latest
init: true
restart: always
container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
- /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
ports:
- 8080:8080
environment: # Is needed when using any of the options below
- APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- APACHE_IP_BINDING=0.0.0.0 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
- NEXTCLOUD_MEMORY_LIMIT=1024M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
cloud.fancydomain.tld:
Show a token “57********************3b”
192.168.2.6:11000:
Show the same token “57********************3b”
I don’t know what i’m missing, and starting to pull my hair haha. If i missed any info that is needed, let me know. I have read reverse-proxy.md several times, and searched the community endlessly.