Nextcloud AIO behind npm: "Domain does not point to this server or the reverse proxy is not configured correctly."

Hello guys,
sorry to be next one who has problems with running nc-aio behind a reverse proxy. I have no idea what else to try and am therefore looking for help here.

Setup:

  • AlmaLinux 9.4 running on a physical machine in my LAN
  • Client: Docker Engine - Community
    • Version: 27.1.1
    • API version: 1.46
    • OS/Arch: linux/amd64
  • Nextcloud-AIO and nginx-reverse-proxy are running on the same host

Problem: When doing the domain validation I get the following error: Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. ('sudo docker logs -f nextcloud-aio-mastercontainer')

When I have a look in the logs it says:

Initial startup of Nextcloud All-in-One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. https://internal.ip.of.this.server:8080
⚠ Important: do always use an ip-address if you access this port and not a domain as HSTS might block access to it later!

If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
https://your-domain-that-points-to-this-server.tld:8443
[27-Jul-2024 09:46:10] NOTICE: fpm is running, pid 163
[27-Jul-2024 09:46:10] NOTICE: ready to handle connections
[Sat Jul 27 09:46:10.105485 2024] [mpm_event:notice] [pid 157:tid 157] AH00489: Apache/2.4.61 (Unix) OpenSSL/3.3.1 configured -- resuming normal operations
[Sat Jul 27 09:46:10.105504 2024] [core:notice] [pid 157:tid 157] AH00094: Command line: 'httpd -D FOREGROUND'
{"level":"info","ts":1722073570.109382,"msg":"using config from file","file":"/Caddyfile"}
{"level":"info","ts":1722073570.1100562,"msg":"adapted config to JSON","adapter":"caddyfile"}
</html>nter>openresty</center>1></center>d>nnection attempt to "https://cloud.fhoyer.de:443" was: <html>
NOTICE: PHP message: Expected was: ...
NOTICE: PHP message: The error message was: 
NOTICE: PHP message: Please follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things in order to debug things!

I went through the given Debugging-List:

  1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom! - I went through it several times and I can not find a mistake.
  2. Make sure that you used the docker run command that is described in this reverse proxy documentation. Hint: make sure that you have set the APACHE_PORT via e.g. --env APACHE_PORT=11000 during the docker run command! - :white_check_mark:
  3. Make sure to set the APACHE_IP_BINDING variable correctly. If in doubt, set it to --env APACHE_IP_BINDING=0.0.0.0 - :white_check_mark:
  4. Make sure that all ports to which your reverse proxy is pointing match the chosen APACHE_PORT. - :white_check_mark:
  5. Make sure to follow this to adapt the example configurations to your specific setup - :white_check_mark:
  6. Make sure that the mastercontainer is able to spawn other containers. You can do so by checking that the mastercontainer indeed has access to the Docker socket which might not be positioned in one of the suggested directories like /var/run/docker.sock but in a different directory, based on your OS and the way how you installed Docker. The mastercontainer logs should help figuring this out. You can have a look at them by running sudo docker logs nextcloud-aio-mastercontainer after the container is started the first time. - as “aio-domaincheck” is spawned I think this shoul not be the problem
  7. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running nc -z localhost 11000; echo $? from inside the reverse proxy container. If the output is 0, everything works. Alternatively you can of course use instead of localhost the ip-address of the host here for the test. - netcat is not shipped with npm. But I used docker run -it --net host nicolaka/netshoot to run nc -z localhost 11000; echo $? and that worked.
  8. Make sure that you are not behind CGNAT. If that is the case, you will not be able to open ports properly. In that case you might use a Cloudflare Tunnel. - not applicable
  9. If you use Cloudflare, you might need to skip the domain validation anyways since it is known that Cloudflare might block the validation attempts. In that case, see the last option below. - not applicable
  10. If your reverse proxy is configured to use the host network (as recommended in the above docs) or running on the host, make sure that you’ve configured your firewall to open port 443 and 80. - the firewall still confuses me, but I am pretty sure the ports are open :sweat_smile:. I also followed the advice for distros using firewalld
  11. Check if you have a public IPv4- and public IPv6-address. If you only have a public IPv6-address (e.g. due to DS-Lite), make sure to enable IPv6 in Docker and your whole networking infrastructure (e.g. also by adding an AAAA DNS-entry to your domain). - :white_check_mark:
  12. Try to configure everything from scratch if it still does not work by following GitHub - nextcloud/all-in-one: 📦 The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance.. - :white_check_mark:
  13. As last resort, you may disable the domain validation by adding --env SKIP_DOMAIN_VALIDATION=true to the docker run command. But only use this if you are completely sure that you’ve correctly configured everything! - as I am not sure that I did not make a mistake I did not try this option

My docker-compose.yml for nc-aio:

services:
  nextcloud-aio-mastercontainer:
    image: nextcloud/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
    network_mode: bridge # add to the same network as docker run would do
    ports:
      # - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
      - 8080:8080
      # - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
    environment: # Is needed when using any of the options below
      # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
      APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
      APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/ma>
      # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
      # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
      NEXTCLOUD_DATADIR: /mnt/md0/nc-data/ # Allows to set the host directory for Nextcloud's datadir. ⚠⚠⚠ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/al      # NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
      # NEXTCLOUD_UPLOAD_LIMIT: 10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
      # NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
      NEXTCLOUD_MEMORY_LIMIT: 2048M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
      # NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-use>
      # NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-ne>
      # NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all>
      # NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextc>
      # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device in the Nextcloud container. ⚠⚠⚠ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don'      # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-k>
      # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
      # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs >
    security_opt: ["label:disable"] # Is needed when using SELinux

volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work

My docker-compose.yml fpr npm:

services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    network_mode: host
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP

    # Uncomment the next line if you uncomment anything in the section
    environment:
      # Uncomment this if you want to change the location of
      # the SQLite DB file within the container
      # DB_SQLITE_FILE: "/data/database.sqlite"

      # Uncomment this if IPv6 is not enabled on your host
      DISABLE_IPV6: 'true'

    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt

And my settings in npm:


npm2
npm3

Can you help me with telling me what I did wrong or giving me hints on how to debug this?

Hi, your config looks good afaics. See GitHub - nextcloud/all-in-one: 📦 The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance.

I tried without domain validation and I still get “502 Bad Gateway” when I try to visit my domain. Do you have an idea how to solve or debug that?

Do you have a firewall running that blocks access to port 11000 maybe?

Good idea. I opened port 11000. But I still get the same message.

It is working now. I had to stop and delete the npm-container and start it again and then it worked! Thank you for your help.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.