Nextcloud AIO behind Reverse Proxy

Hi, I am trying to get Nextcloud AIO to work behind a reverse proxy (Caddy) and VPN (provided through Gluetun). I am unable to get any connectivity to the nextcloud container - I also believe I’ve followed the reverse proxy documentation, however I may have missed something.

# stacks/caddy/compose.yml
volumes:
  caddy_data:
  caddy_config:

services:
  caddy:
    network_mode: "service:gluetun"
    image: caddy:latest
    restart: unless-stopped
    volumes:
      - ./config:/etc/caddy
      - caddy_data:/data
      - caddy_config:/config
      - ${SSL_FULLCHAIN}:/certs/fullchain.pem
      - ${SSL_PRIVATE}:/certs/privkey.pem

# stacks/caddy/config/Caddyfile
music.MYDOMAIN.dev:VPNFORWARDEDPORT {
        tls /certs/fullchain.pem /certs/privkey.pem
        reverse_proxy localhost:4533
}

nc.MYDOMAIN.dev:VPNFORWARDEDPORT {
        tls /certs/fullchain.pem /certs/privkey.pem
        reverse_proxy localhost:11000
}

# stacks/nextcloud/compose.yml
services:
  nextcloud-aio-mastercontainer:
    image: ghcr.io/nextcloud-releases/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer
    network_mode: "service:gluetun"
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      APACHE_PORT: 11000
      APACHE_IP_BINDING: 0.0.0.0
      NEXTCLOUD_DATADIR: "/mass_storage/ncdata"
      SKIP_DOMAIN_VALIDATION: true

volumes:
  nextcloud_data:
    name: nextcloud_data #dont change
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

In my docker-compose.yml in the base directory, I’m simply including the above compose files. When I up the stack, I can access the navidrome instance from my domain. Using nc in the gluetun container, I can access localhost:4533 but not localhost:11000.

I then tried disconnecting the services from gluetun and then tried the different steps in the reverse proxy docs to no avail.

It may also be relevant that I had to originally open 8080 on the nextcloud container to localhost (by disconnecting gluetun) so I could access the admin backend. The domain I typed was the same as my caddy file, minus the port. After this was completed, I downed the stack and then reconnected to gluetun.

I’m a bit unsure of how to continue from here - any help would be greatly appreciated!

At first glance, I think you need to explore the “On the same server in a Docker container” part of the AIO reverse proxy config options, likely utilizing options ii or iii.

I assume you are missing the

--env APACHE_ADDITIONAL_NETWORK="" \

to define which network the apache container must connect to.

I didn’t dig deeper but I believe there is no such network_mode:

don’t forget how AiO looks like ( docker ps, docker ls, docker inspect help understand the technology)

flowchart LR
  fritz.box-- port forward<br>http tcp/80<br>https tcp/443 -->RP;
   fritz.box(router<br>192.168.179.1);
   subgraph intLAN[internal_network]
			RP[reverse proxy<br>https:// nc.mydomain.tld] 
			subgraph docker
				master[mastercontainer<br>:8080];
				NC[APACHE_PORT<br>:11000];
				TALK[TALK_PORT<br>:tcp/3478<br>:udp/3478];
			end
			management[management interface]-->master
		end
		RP--http-->NC
		fritz.box--port forward<br>:tcp/3478<br>:udp/3478-->TALK

@jtr @wwe I have tried both of those. Putting “service:gluetun” as the network mode brings a container into the gluetun network. See the example I posted. For APACHE_ADDITIONAL_NETWORK, I get this error:

nextcloud-aio-mastercontainer    | You've set APACHE_ADDITIONAL_NETWORK but not to an allowed value.
nextcloud-aio-mastercontainer    | It needs to be a string with letters, numbers, hyphens and underscores.
nextcloud-aio-mastercontainer    | It is set to 'service:gluetun'.

I’m not familiar with ‘service:gluetun’ but this is IMO not native Docker functionality which explains why it fails the config check. Either develop and send a pull request for AiO or replace with a supported service.