Hello,

I’m trying to install Nextcloud AIO by deploying a stack using Portainer in an Asustor NAS (AS6704T) which is running the latest version of ADM (Asustor’s OS). I can pass the login screen but in the next screen I get the following error:

Nextcloud AIO v7.6.2

Domaincheck container is not running

This is not expected. Most likely this happened because port 12345 is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the reverse proxy documentation . Advice: have a detailed look at the changed docker run command for AIO.

Here is the entire log in mastercontainer:

Trying to fix docker.sock permissions internally...
Adding internal www-data to group root
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
.+.+.....+.........+.......+...+.....+....+......+...........+...+.+.....+.+......+..+++++++++++++++++++++++++++++++++++++++++++++*.+...+............+++++++++++++++++++++++++++++++++++++++++++++*.+..+....+..........................+...+................+..+...+.+.....................+.....+.............+......+...+.....+.......+..............+..........+...............+.....+....+..+.+..+...+....+.........+...........+...+.+..+.........+.....................+............+.............+............+..+.+........+.+++++
.+...+......+.+......+...............+.....+...+++++++++++++++++++++++++++++++++++++++++++++*...........+...+++++++++++++++++++++++++++++++++++++++++++++*...............+........+......................+...+.........+...+.....+.......+......+..+....+........+.+..+.........+...+.......+.........+......+...............+.....+......+...+............+....+.....+.........+.+......+..+.............+..+.+.....+.........+.......+...+...+............+..+.........+....+...............+......+......+..................+..+..................+.+...........+......+++++
-----
Initial startup of Nextcloud All-in-One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. https://internal.ip.of.this.server:8080
If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
https://your-domain-that-points-to-this-server.tld:8443
INF ts=1700057702.6758084 msg=using provided configuration config_file=/Caddyfile config_adapter=
[Wed Nov 15 14:15:02.677054 2023] [mpm_event:notice] [pid 120:tid 140196131933000] AH00489: Apache/2.4.58 (Unix) OpenSSL/3.1.4 configured -- resuming normal operations
[Wed Nov 15 14:15:02.677104 2023] [core:notice] [pid 120:tid 140196131933000] AH00094: Command line: 'httpd -D FOREGROUND'
[15-Nov-2023 14:15:02] NOTICE: fpm is running, pid 126
[15-Nov-2023 14:15:02] NOTICE: ready to handle connections
NOTICE: PHP message: Could not start domaincheck container: Client error: `POST http://localhost/v1.41/containers/nextcloud-aio-domaincheck/start` resulted in a `400 Bad Request` response:
{"message":"failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process (truncated...)

The “nextcloud-aio-domaincheck” container is in “created” status but it’s log is empty.

If I try to start it manually I get a 400 error.

Here is my docker compose:

services:
  nextcloud-aio-mastercontainer:
    image: nextcloud/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    ports:
      - 49080:8080
    environment:
      - APACHE_PORT=12345
      - APACHE_IP_BINDING=0.0.0.0
      - NEXTCLOUD_DATADIR=/share/nextcloud-data
      - NEXTCLOUD_MOUNT=/share/Datos/
      - SKIP_DOMAIN_VALIDATION=true
volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

I have checked that “docker.sock” is located in “/var/run” in the host:

My intention is to run Nextcloud AIO behind a reverse proxy in Nginx Proxy Manager running in a separate container in the same NAS, but I have tested other methods without reverse proxy and I’m always stuck in the same error.

In the /etc/host file inside the NPM container, the host.docker.internal is pointing to 172.17.0.1.

Here is my NPM configuration:

image947×447 57.7 KB

I don’t think it’s something related to the reverse proxy because in some videos or other threads I have seen searching in Internet, those issues showed a more specific message in log and happened in a further step after the Domain checker runs in the AIO interface.

I have tried almost everything:

• Using the default configuration without a reverse proxy.
• Using the default ports.
• Using different ports in APACHE_PORT env variable.
• Using the default docker compose in order to check if I can get pass this error without a reverse proxy.
• Using docker commands in terminal instead of docker compose nor Portainer.
• Change the IP of the NPM entry by to the host IP instead of the IP provided by “host.docker.internal”.
• Change network mode from NPM container to “host” as suggested in https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adaptation-of-the-respective-sample-configuration

I have figured out that is something related with the network, because every time I try to run a fresh install using different ports (no matter if I map APACHE_PORT or not) the problem remains is the same.

I have made a fresh install of the stack every time I tried something different without succeed.
I hope someone can help me.
Thanks in advance.

Best regards.

Hi, can you follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things?

Hello,
First of all, thanks for your response. Yes, I have followed those steps several and rechecked again. I will try to explain what I have done in each step:

1. I have done several times before posting in case I skipped something. I have also tried with the default docker compose, which uses default ports, or other configs more easy without reverse proxy.

2. APACHE_PORT env variable match in the docker compose with the port showed in the error message:

Nextcloud AIO v7.6.2

Domaincheck container is not running

This is not expected. Most likely this happened because port 12345 is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the reverse proxy documentation . Advice: have a detailed look at the changed docker run command for AIO.

3. These are the ENV variables of the mastercontainer:
   

   

   image1277×732 81.9 KB

4. In the NPM screenshots of my first post is visible that the port pointed is the same as the env variable and the error message. The scheme is http as stated in the documentation.

5. This is the stack for Nginx Proxy Manager: Ports 80 are 443 are required by NPM so they are opened since other services behind the proxy are working fine.

version: '3'
services:
  app:
    image: jc21/nginx-proxy-manager
    restart: always #unless-stopped
    hostname: npm
    ports:
      - '80:80'
      - '22081:81'
      - '443:443'
    environment:
      DB_SQLITE_FILE: "/data/database.sqlite"
    volumes:
      - '/share/DockerServices/AppData/npm/data:/data'
      - '/share/DockerServices/AppData/npm/letsencrypt:/etc/letsencrypt'

    extra_hosts:
      - "host.docker.internal:host-gateway"

In the screenshots of my first post you can see I’m pointing to the same IP that appears in the /etc/hosts for “host-docker-internal” entry in the NPM container. I have also tried changing the network driver to host, and the rest of services still works, but the error in Nextcloud AIO remains.

6. This is the one I have more doubts. The permissions of docker.sock inside the container are shown in the following screenshot (due to limitations of 2 images for new users, I had to put the screenshot for the check 5 and this one in the same picture). The docker.sock file is in the same location in host filesystem whit the same permissions (as I showed in the first post).

image1240×620 155 KB

The nextcloud-aio-domaincheck is created in Portainer, but remains in created status with an empty log.

In mastercontainer log appears this entry at the beginning, but I don’t know if it’s something normal.

Trying to fix docker.sock permissions internally…
Adding internal www-data to group root
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
.+…+…+…+…+++++++++++++++++++++++++++++++++++++++++++++…+.+…+…+…+.+…+…+…+…+…+…+…+…+…+…+…+.+…+…+++++++++++++++++++++++++++++++++++++++++++++…+…+.+…+…+…+…+…+…+…+…+…+…+…+…+…+.+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+.+…+…+…+…+…+…+…+…+…+.+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+.+…+…+.+…+…+…+…+…+…+…+.+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+.+…+…+…+…+…+.+…+…+…+…+…+…+.+…+…+…+…+…+…+…+…+…+…+.+…+…+…+…+…+…+…+…+…+…+…+…+…+…+.+…+…+…+.+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+.+…+…+…+…+…+…+…+…+…+…+…+…+.+…+…+…+…+…+.+…+…+…+…+…+…+…+…+.+…+…+…+…+…+.+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+.+…+…+…+…+…+…+.+…+…+…+…+…+…+…+.+…+…+…+…+…+…+.+…+…+.+…+…+…+…+…+…+…+…+…+.+…+…+…+…+.+…+…+.+…+…+…+…+…+…+…+…+.+…+…+…+…+…+…+.+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+.+…+.+…+…+.+…+…+…+…+…+.+…+…+…+…+…+…+…+…+…+…+…+…+.+…+.+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+.+…+…+…+…+.+…+…+…+…+…+…+…+…+…+.+…+.+…+…+…+…+.+…+…+…+…+…+.+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+…+.+…+…+…+…+.+…+…+…+…+…+…+…+…+…+…+.+…+…+…+…+…+…+.+…+…+…+…+.+…+…+…+…+.+…+…+…+…+…+…+…+…+…+…+++++
…+.+…+.+…+…+…+…+.+…+…+…+++++++++++++++++++++++++++++++++++++++++++++.+…+…+…+…+…+…+…+…+.+…+…+…+.+++++++++++++++++++++++++++++++++++++++++++++…+…+.+…+.+…+…+…+…+…+…+…+…+…+…+…+…+++++
Initial startup of Nextcloud All-in-One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. http s://internal.ip.of.this.server:8080
If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
http s://your-domain-that-points-to-this-server.tld:8443
[Wed Nov 15 15:05:09.265995 2023] [mpm_event:notice] [pid 123:tid 140335280229192] AH00489: Apache/2.4.58 (Unix) OpenSSL/3.1.4 configured – resuming normal operations
[Wed Nov 15 15:05:09.266361 2023] [core:notice] [pid 123:tid 140335280229192] AH00094: Command line: ‘httpd -D FOREGROUND’
INF INF INF INF INF INF INF INF ts=1700060709.2670052 INF INF INF INF INF INF INF INF ts=1700060709.2670052 msg=using provided configuration INF INF INF INF INF INF INF INF ts=1700060709.2670052 INF INF INF INF INF INF INF INF ts=1700060709.2670052 msg=using provided configuration config_file=/Caddyfile INF INF INF INF INF INF INF INF ts=1700060709.2670052 INF INF INF INF INF INF INF INF ts=1700060709.2670052 msg=using provided configuration INF INF INF INF INF INF INF INF ts=1700060709.2670052 INF INF INF INF INF INF INF INF ts=1700060709.2670052 msg=using provided configuration config_file=/Caddyfile config_adapter=
[15-Nov-2023 15:05:09] NOTICE: fpm is running, pid 133
[15-Nov-2023 15:05:09] NOTICE: ready to handle connections
NOTICE: PHP message: Could not start domaincheck container: Client error: POST http://localhost/v1.41/containers/nextcloud-aio-domaincheck/start resulted in a 400 Bad Request response:
{“message”:"failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process (truncated…)
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Initial startup of Nextcloud All-in-One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. https://internal.ip.of.this.server:8080
If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
http s://your-domain-that-points-to-this-server.tld:8443
[Wed Nov 15 16:06:54.807023 2023] [mpm_event:notice] [pid 112:tid 139647097916232] AH00489: Apache/2.4.58 (Unix) OpenSSL/3.1.4 configured – resuming normal operations
[Wed Nov 15 16:06:54.807505 2023] [core:notice] [pid 112:tid 139647097916232] AH00094: Command line: ‘httpd -D FOREGROUND’
[15-Nov-2023 16:06:54] NOTICE: fpm is running, pid 118
[15-Nov-2023 16:06:54] NOTICE: ready to handle connections
INF INF INF INF INF INF INF INF ts=1700064414.8241704 INF INF INF INF INF INF INF INF ts=1700064414.8241704 msg=using provided configuration INF INF INF INF INF INF INF INF ts=1700064414.8241704 INF INF INF INF INF INF INF INF ts=1700064414.8241704 msg=using provided configuration config_file=/Caddyfile INF INF INF INF INF INF INF INF ts=1700064414.8241704 INF INF INF INF INF INF INF INF ts=1700064414.8241704 msg=using provided configuration INF INF INF INF INF INF INF INF ts=1700064414.8241704 INF INF INF INF INF INF INF INF ts=1700064414.8241704 msg=using provided configuration config_file=/Caddyfile config_adapter=

7. The command shows “1” fine with localhost, with the internal address of the NAS and with 172.17.0.1 (the IP pointed by host.docker.internal).

8. I’m not behind CGNAT.

9. The domain is in OVH but I have created an specific subdomain from Nextcloud in Cloudflare (not proxied, only for DNS). Nevertheless, I have set the SKIP_DOMAIN_VALIDATION to true in the env variables as you can see in my first screenshot (I also think this is for further steps, after I can pass this error and put my domain in the domain input field from AIO interface).

10. Ports 80 and 443 are opened as NPM requires them and the rest of services are working, as I said before.

11. I have public IPv4 address in my domain.

12. I have done several times attempting to change some parameters, as I said in the first post.

13. SKIP_DOMAIN_VALIDATION is already set to true.

Thanks for your help, and sorry for my bad English, maybe I don’t explain well some of the points. Please let me know if you need some additional about some specific step.

Regards.

I found this: "failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process" - Google-haku

I can’t figure out the reason because in the google results you posted, the message is complete since in the log appears truncated:

{“message”:"failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process (truncated…)

I don’t know if there is a way to get a more detailed message. Or maybe it’s related with the previous one:

NOTICE: PHP message: Could not start domaincheck container: Client error: POST http://localhost/v1.41/containers/nextcloud-aio-domaincheck/start resulted in a 400 Bad Request response:
{“message”:"failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process (truncated…)

To add more info. Inspecting the domaincheck container I have found a more detailed description of the issue:

• Error failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: eaccess /sbin/docker-init: permission denied: unknown

image1091×256 19 KB

Checking the file which is mapped to the volume in the NAS, I see it is in the path where the Asustor NAS install all the applications downloaded from the Application Central and it has the following permissions:

image1035×509 48.5 KB

See https://github.com/nextcloud/all-in-one/discussions/3372#discussioncomment-7033145 then