Hi jtr,
Thank your for your help. Ok, here all the informations…
The whole line from dial-up router (provider) to Nextcloud:
- Router from Provider (does the internet connection forwarding to OpenWRT
- OpenWRT Router, forwarding 80/443 to VM1 with Nginx Proxy Manager
- VM 1 with Nginx Proxy Manager (Docker)
- VM 2 with Nextcloud AIO Docker
Nginx Proxy Manager config:
- Proxy Host “mynextclouddomain.org”
Details:
Scheme = http
Forward Hostname / IP = "IP from VM2"
Forward Port = 11000
Block Commons Exploits = active
Websocket Support = active
SSL:
SSL-Certificate = from Lets Encrypt
Force SSL = acitve
HTTP/2 Support = active
Advanced:
Custom NGINX Configuration
client_body_buffer_size 512k;
proxy_read_timeout 86400s;
client_max_body_size 0;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
Docker-Compose File:
services:
nextcloud-aio-mastercontainer:
image: nextcloud/all-in-one:latest
init: true
restart: always
container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
- /var/run/user/1002/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
#- $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro # Variable ĂĽber Portainer nicht verfĂĽgbar
ports:
#- 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- 8080:8080
#- 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
environment: # Is needed when using any of the options below
# - AIO_DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
- APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- APACHE_IP_BINDING=0.0.0.0 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
# - BORG_RETENTION_POLICY=--keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
# - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
# - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
# - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
# - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
# - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
# - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
# - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
# - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
# - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
# - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
# - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
# - NEXTCLOUD_KEEP_DISABLED_APPS=false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
# - TALK_PORT=3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
- WATCHTOWER_DOCKER_SOCKET_PATH=/var/run/user/1002/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
#- APACHE_DISABLE_REWRITE_IP=
- NEXTCLOUD_TRUSTED_DOMAINS=mynextclouddomain.org 192.168.1.10 192.168.1.12 # Your domain name + proxy host IP
- TRUSTED_PROXIES=127.0.0.1 172.18.0.1 172.19.0.1 # proxy host IP
#- SKIP_DOMAIN_VALIDATION=true
- AIO_COMMUNITY_CONTAINERS=fail2ban
# networks: # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
# - nextcloud-aio # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
# # Uncomment the following line when using SELinux
# security_opt: ["label:disable"]
# # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
# # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
# caddy:
# image: caddy:alpine
# restart: always
# container_name: caddy
# volumes:
# - ./Caddyfile:/etc/caddy/Caddyfile
# - ./certs:/certs
# - ./config:/config
# - ./data:/data
# - ./sites:/srv
# network_mode: "host"
volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
# # Optional: If you need ipv6, follow step 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md first and then uncomment the below config in order to activate ipv6 for the internal nextcloud-aio network.
# # Please make sure to uncomment also the networking lines of the mastercontainer above in order to actually create the network with docker-compose
#networks:
# nextcloud-aio:
# name: nextcloud-aio # This line is not allowed to be changed as otherwise the created network will not be used by the other containers of AIO
# driver: bridge
# enable_ipv6: true
# ipam:
# driver: default
# config:
# - subnet: fd12:3456:789a:2::/64 # IPv6 subnet to use
#
My config.php
cat config.php
<?php
$CONFIG = array (
'one-click-instance' => true,
'one-click-instance.user-limit' => 100,
'memcache.local' => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'appsallowlist' =>
array (
),
'check_data_directory_permissions' => false,
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'nextcloud-aio-redis',
'password' => '2356ad740518b7c98aab59bd126e8fa466490d4b73777243',
'port' => 6379,
),
'overwritehost' => 'mynextclouddomain.org',
'overwriteprotocol' => 'https',
'passwordsalt' => 'awY4A6o15wJlonVaZVJxffOGdORiWL',
'secret' => 'MshlNtzxUNQu2tsjsJZd8sQ2VF2DXT1nOuCnbup/kzEkRvYn',
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'mynextclouddomain.org',
2 => '192.168.1.12',
),
'datadirectory' => '/mnt/ncdata',
'dbtype' => 'pgsql',
'version' => '28.0.2.5',
'overwrite.cli.url' => 'https://mynextclouddomain.org/',
'dbname' => 'nextcloud_database',
'dbhost' => 'nextcloud-aio-database',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'oc_nextcloud',
'dbpassword' => 'd41a8e3b30d49aa0113c2d443260a0f42fe76899a6a3bfb9',
'installed' => true,
'instanceid' => 'oc9tmlqpbjqi',
'maintenance' => false,
'maintenance_window_start' => 1,
'default_phone_region' => 'DE',
'updatedirectory' => '/nc-updater',
'loglevel' => '2',
'app_install_overwrite' =>
array (
0 => 'nextcloud-aio',
1 => 'wopi',
2 => 'facerecognition',
),
'log_type' => 'file',
'logfile' => '/var/www/html/data/nextcloud.log',
'log_rotate_size' => '10485760',
'log.condition' =>
array (
'apps' =>
array (
0 => 'admin_audit',
),
),
'preview_max_x' => '2048',
'preview_max_y' => '2048',
'jpeg_quality' => '60',
'enabledPreviewProviders' =>
array (
1 => 'OC\\Preview\\Image',
2 => 'OC\\Preview\\MarkDown',
3 => 'OC\\Preview\\MP3',
4 => 'OC\\Preview\\TXT',
5 => 'OC\\Preview\\OpenDocument',
6 => 'OC\\Preview\\Movie',
7 => 'OC\\Preview\\Krita',
0 => 'OC\\Preview\\Imaginary',
),
'enable_previews' => true,
'upgrade.disable-web' => true,
'mail_smtpmode' => 'smtp',
'trashbin_retention_obligation' => 'auto, 30',
'versions_retention_obligation' => 'auto, 30',
'activity_expire_days' => '30',
'simpleSignUpLink.shown' => false,
'share_folder' => '/Shared',
'one-click-instance.link' => 'https://nextcloud.com/all-in-one/',
'upgrade.cli-upgrade-link' => 'https://github.com/nextcloud/all-in-one/discussions/2726',
'allow_local_remote_servers' => true,
'davstorage.request_timeout' => 3600,
'htaccess.RewriteBase' => '/',
'dbpersistent' => false,
'files_external_allow_create_new_local' => false,
'trusted_proxies' =>
array (
0 => '127.0.0.1',
1 => '::1',
2 => '172.18.0.1',
3 => '172.19.0.1',
4 => '127.0.0.1',
),
'preview_imaginary_url' => 'http://nextcloud-aio-imaginary:9000',
'mail_sendmailmode' => 'smtp',
'mail_from_address' => 'webmaster',
'mail_domain' => 'mydomain.org',
'mail_smtphost' => 'smtp.provider.de',
'mail_smtpport' => '587',
'mail_smtpauth' => 1,
'mail_smtpname' => 'webmaster@mydomain.org',
'mail_smtppassword' => 'password',
'memories.exiftool' => '/var/www/html/custom_apps/memories/bin-ext/exiftool-amd64-musl',
'memories.vod.path' => '/var/www/html/custom_apps/memories/bin-ext/go-vod-amd64',
'memories.vod.ffmpeg' => '/usr/bin/ffmpeg',
'memories.vod.ffprobe' => '/usr/bin/ffprobe',
);
As I was able to determine with my limited knowledge, I believe the remoteip module is not enabled by default in the AIO apache docker.
Regards
mabox