Hi all,
i try to install the nextaio docker-compose image behind an apache reverse proxy
after starting i can access port 8080, can add my domain. i uncheck all addons and hit start containers but 2 of them wont start (apache and nextcloud), they remain yellow
find enclosed my yml and the vhost
what do i do wrong there ?
version: "3.8"
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer
services:
nextcloud:
image: nextcloud/all-in-one:latest
restart: always
container_name: nextcloud-aio-mastercontainer
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- 8080:8080
environment:
- APACHE_PORT=11000
- APACHE_IP_BINDING=127.0.0.1
- NEXTCLOUD_DATADIR=/mnt/ncdata
- NEXTCLOUD_MOUNT=/mnt/
- NEXTCLOUD_UPLOAD_LIMIT=10G
- NEXTCLOUD_MEMORY_LIMIT=512M
- NEXTCLOUD_ADDITIONAL_APKS=imagemagick
- NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick
<IfModule mod_ssl.c>
<VirtualHost *:443>
Servername cloud.mydomain.tld
RewriteEngine On
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
ProxyPass / https://localhost:11000/ nocanon
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
RewriteRule .? "ws://localhost:11000/%1" [P,L]
Protocols h2 h2c http/1.1
H2WindowSize 1048576
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/cloud.mydomain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.mydomain.tld/privkey.pem
TraceEnable off
<Files ".ht*">
Require all denied
</Files>
LimitRequestBody 0
</VirtualHost>
</IfModule>
Trying to fix docker.sock permissions internally...
Creating docker group internally with id 998
WARNING: No swap limit support
e[0;92mInitial startup of Nextcloud All In One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. https://internal.ip.of.this.server:8080
If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
https://your-domain-that-points-to-this-server.tld:8443e[0m
{"level":"info","ts":1676104829.7316453,"msg":"using provided configuration","config_file":"/Caddyfile","config_adapter":""}
{"level":"warn","ts":1676104829.733667,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/Caddyfile","line":2}
{"level":"info","ts":1676104829.734808,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"warn","ts":1676104829.735156,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}
{"level":"warn","ts":1676104829.7353225,"logger":"http","msg":"automatic HTTP->HTTPS redirects are disabled","server_name":"srv1"}
{"level":"info","ts":1676104829.735252,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00063e850"}
{"level":"warn","ts":1676104829.7356873,"logger":"tls","msg":"YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place","docs":"https://caddyserver.com/docs/automatic-https#on-demand-tls"}
{"level":"info","ts":1676104829.735944,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/mnt/docker-aio-config/caddy/"}
{"level":"info","ts":1676104829.7359834,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1676104829.7359948,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1676104829.7360363,"logger":"http","msg":"enabling HTTP/3 listener","addr":":8443"}
{"level":"info","ts":1676104829.7361712,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
{"level":"error","ts":1676104829.7363482,"msg":"unable to create folder for config autosave","dir":"/root/.config/caddy","error":"mkdir /root/.config: permission denied"}
{"level":"info","ts":1676104829.7364998,"msg":"serving initial configuration"}
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.48.2. Set the 'ServerName' directive globally to suppress this message
[Sat Feb 11 08:40:29.749166 2023] [ssl:warn] [pid 138] AH01906: 192.168.48.2:8080:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Feb 11 08:40:29.749381 2023] [ssl:warn] [pid 138] AH01909: 192.168.48.2:8080:0 server certificate does NOT include an ID which matches the server name
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.48.2. Set the 'ServerName' directive globally to suppress this message
[Sat Feb 11 08:40:29.768679 2023] [ssl:warn] [pid 138] AH01906: 192.168.48.2:8080:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Feb 11 08:40:29.768898 2023] [ssl:warn] [pid 138] AH01909: 192.168.48.2:8080:0 server certificate does NOT include an ID which matches the server name
[Sat Feb 11 08:40:29.771675 2023] [mpm_prefork:notice] [pid 138] AH00163: Apache/2.4.54 (Debian) PHP/8.1.14 OpenSSL/1.1.1n configured -- resuming normal operations
[Sat Feb 11 08:40:29.771822 2023] [core:notice] [pid 138] AH00094: Command line: 'apache2 -D FOREGROUND'
Deleting duplicate sessions