Windows 11
Docker 4.16.2
CADDY_VERSION v2.6.2
Nextcloud Version 25.0.3
Nextcloud AIO v4.2.0 (latest channel)
I got Nextcloud AIO up and running last night after much troubleshooting with the caddy reverse-proxy.
Note: that fix was switching reverse_proxy nextcloud:11000
or reverse_proxy localhost:11000
to reverse_proxy 172.30.255.19:11000
and removing --network host
option. I suspect this may be an issue though because that WSL IP keeps changing.
Everything was going well and I was installing apps and uploading a user backup file, and next I look back at it my browser wasn’t running and the site was down almost like it had crashed but the docker containers were still running. Reboots and restarts didn’t seem to fix it.
AIO Interface is up and shows containers up as well
Caddyfile
$ docker exec -it caddy cat /etc/caddy/Caddyfile
https://nextcloud.weme.wtf:443 {
header Strict-Transport-Security max-age=31536000;
reverse_proxy 172.17.165.11:11000
# reverse_proxy nextcloud:11000
# reverse_proxy 127.0.0.1:11000;
# reverse_proxy 172.30.255.19:11000
}
https://weme.wtf:443 { # This still works fine so I suspect the format (mentioned in logs) isn't the issue.
header Strict-Transport-Security max-age=31536000;
respond "weme.wtf"
}
docker-compose.yml
$ cat .\weme.wtf\docker-compose.yml
services:
caddy:
image: caddy:alpine
restart: unless-stopped
container_name: caddy
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- ./certs:/certs
- ./config:/config
- ./data:/data
- ./sites:/srv
ports:
- "80:80"
- "443:443"
nextcloud:
image: nextcloud/all-in-one:latest
restart: unless-stopped
container_name: nextcloud-aio-mastercontainer
ports:
- "8080:8080"
environment:
- APACHE_PORT=11000
# - APACHE_IP_BINDING=127.0.0.1 # Originally got nextcloud working without this but if it allows me to use localhost or 127.0.0.1 then that would work
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- //var/run/docker.sock:/var/run/docker.sock:ro
depends_on:
- caddy
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer
Logs
Trying to fix docker.sock permissions internally...
Adding internal www-data to group root
WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support
e[0;92mInitial startup of Nextcloud All In One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. https://internal.ip.of.this.server:8080
If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
https://your-domain-that-points-to-this-server.tld:8443e[0m
{"level":"info","ts":1674939914.8545473,"msg":"using provided configuration","config_file":"/Caddyfile","config_adapter":""}
{"level":"warn","ts":1674939914.855257,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/Caddyfile","line":2}
{"level":"info","ts":1674939914.8557281,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//[::1]:2019","//127.0.0.1:2019","//localhost:2019"]}
{"level":"warn","ts":1674939914.8558178,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}
{"level":"warn","ts":1674939914.855823,"logger":"http","msg":"automatic HTTP->HTTPS redirects are disabled","server_name":"srv1"}
{"level":"warn","ts":1674939914.855925,"logger":"tls","msg":"YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place","docs":"https://caddyserver.com/docs/automatic-https#on-demand-tls"}
{"level":"info","ts":1674939914.85594,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00080eaf0"}
{"level":"info","ts":1674939914.855988,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1674939914.8560016,"logger":"http","msg":"enabling HTTP/3 listener","addr":":8443"}
{"level":"info","ts":1674939914.8559995,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/mnt/docker-aio-config/caddy/"}
{"level":"info","ts":1674939914.856027,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1674939914.8560448,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
{"level":"info","ts":1674939914.8561196,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
{"level":"error","ts":1674939914.8561325,"msg":"unable to create folder for config autosave","dir":"/root/.config/caddy","error":"mkdir /root/.config: permission denied"}
{"level":"info","ts":1674939914.8561423,"msg":"serving initial configuration"}
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.20.0.3. Set the 'ServerName' directive globally to suppress this message
[Sat Jan 28 21:05:14.884152 2023] [ssl:warn] [pid 122] AH01906: 172.20.0.3:8080:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Jan 28 21:05:14.884190 2023] [ssl:warn] [pid 122] AH01909: 172.20.0.3:8080:0 server certificate does NOT include an ID which matches the server name
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.20.0.3. Set the 'ServerName' directive globally to suppress this message
[Sat Jan 28 21:05:14.897459 2023] [ssl:warn] [pid 122] AH01906: 172.20.0.3:8080:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Jan 28 21:05:14.897484 2023] [ssl:warn] [pid 122] AH01909: 172.20.0.3:8080:0 server certificate does NOT include an ID which matches the server name
[Sat Jan 28 21:05:14.899298 2023] [mpm_prefork:notice] [pid 122] AH00163: Apache/2.4.54 (Debian) PHP/8.1.14 OpenSSL/1.1.1n configured -- resuming normal operations
[Sat Jan 28 21:05:14.899314 2023] [core:notice] [pid 122] AH00094: Command line: 'apache2 -D FOREGROUND'
WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support
e[0;92mInitial startup of Nextcloud All In One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. https://internal.ip.of.this.server:8080
If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
https://your-domain-that-points-to-this-server.tld:8443e[0m
{"level":"info","ts":1674940370.4664526,"msg":"using provided configuration","config_file":"/Caddyfile","config_adapter":""}
{"level":"warn","ts":1674940370.4672103,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/Caddyfile","line":2}
{"level":"info","ts":1674940370.4686441,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"warn","ts":1674940370.468789,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}
{"level":"warn","ts":1674940370.4687965,"logger":"http","msg":"automatic HTTP->HTTPS redirects are disabled","server_name":"srv1"}
{"level":"warn","ts":1674940370.468881,"logger":"tls","msg":"YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place","docs":"https://caddyserver.com/docs/automatic-https#on-demand-tls"}
{"level":"info","ts":1674940370.4688935,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00069e310"}
{"level":"info","ts":1674940370.4689507,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/mnt/docker-aio-config/caddy/"}
{"level":"info","ts":1674940370.4689684,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1674940370.4689775,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1674940370.468989,"logger":"http","msg":"enabling HTTP/3 listener","addr":":8443"}
{"level":"info","ts":1674940370.4690452,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
{"level":"info","ts":1674940370.4691014,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
{"level":"error","ts":1674940370.4691176,"msg":"unable to create folder for config autosave","dir":"/root/.config/caddy","error":"mkdir /root/.config: permission denied"}
{"level":"info","ts":1674940370.4691231,"msg":"serving initial configuration"}
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.20.0.3. Set the 'ServerName' directive globally to suppress this message
[Sat Jan 28 21:12:50.961470 2023] [ssl:warn] [pid 111] AH01906: 172.20.0.3:8080:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Jan 28 21:12:50.961508 2023] [ssl:warn] [pid 111] AH01909: 172.20.0.3:8080:0 server certificate does NOT include an ID which matches the server name
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.20.0.3. Set the 'ServerName' directive globally to suppress this message
[Sat Jan 28 21:12:51.020779 2023] [ssl:warn] [pid 111] AH01906: 172.20.0.3:8080:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Jan 28 21:12:51.020804 2023] [ssl:warn] [pid 111] AH01909: 172.20.0.3:8080:0 server certificate does NOT include an ID which matches the server name
[Sat Jan 28 21:12:51.022448 2023] [mpm_prefork:notice] [pid 111] AH00163: Apache/2.4.54 (Debian) PHP/8.1.14 OpenSSL/1.1.1n configured -- resuming normal operations
[Sat Jan 28 21:12:51.022463 2023] [core:notice] [pid 111] AH00094: Command line: 'apache2 -D FOREGROUND'