The Basics
- Nextcloud Server version (e.g., 29.x.x):
31.0.1
- Operating system and version (e.g., Ubuntu 24.04):
Debian Bookworm
- Web server and version (e.g, Apache 2.4.25):
Apacheincluded in nextcloud-aio-mastercontainer
- Reverse proxy and version _(e.g. nginx 1.27.2)
nginx/1.22.1
- PHP version (e.g, 8.3):
8.3.17
- Is this the first time you’ve seen this error? (Yes / No):
Yes, at least on my machine
- When did this problem seem to first start?
with deploying nextcloud-aio-mastercontainer
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
AIO
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
No
Summary of the issue you are facing:
When trying to set up nextcloud AIO, the nextcloud-aio-mastercontainer is not able to resolve nextcloud.com and restarts.
Steps to replicate it (hint: details matter!):
- configure
/etc/docker/daemon.jsonas described in Configuring DNS | dockerlabs (details see below) - Use docker compose and compose.yaml (see below)
- try to run compose.yaml
- See the “bootloop” of the nextcloud-aio-mastercontainer
Log entries
nextcloud-aio-mastercontainer | Could not resolve the host nextcloud.com.
nextcloud-aio-mastercontainer | Most likely the DNS resolving does not work.
nextcloud-aio-mastercontainer | You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html
nextcloud-aio-mastercontainer | Apart from that, there has been this: https://github.com/nextcloud/all-in-one/discussions/2065
nextcloud-aio-mastercontainer exited with code 0
nextcloud-aio-mastercontainer /etc/resolv.conf
sudo docker exec -u33 -it nextcloud-aio-mastercontainer cat /etc/resolv.conf
# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make further changes once it
# has been modified.
nameserver 127.0.0.1
nameserver 46.38.255.230
nameserver 46.38.252.230
nameserver 9.9.9.9
nameserver 2a03:4000:0:1::e1e6
# Based on host file: '/etc/resolv.conf' (legacy)
# Overrides: [nameservers]
docker inspect nextcloud-aio-mastercontainer
[
{
"Id": "efdb9c95c8f713f77ad016da7ca4365660352b8ec28880d1a5234cff124441f8",
"Created": "2025-03-19T08:13:10.081338014Z",
"Path": "/start.sh",
"Args": [],
"State": {
"Status": "restarting",
"Running": true,
"Paused": false,
"Restarting": true,
"OOMKilled": false,
"Dead": false,
"Pid": 0,
"ExitCode": 1,
"Error": "",
"StartedAt": "2025-03-19T12:04:25.119630191Z",
"FinishedAt": "2025-03-19T12:04:33.314491153Z",
"Health": {
"Status": "unhealthy",
"FailingStreak": 0,
"Log": []
}
},
"Image": "sha256:701e11fae8e749770f52b83387d0106e31da93d25bf861d271f13ae8189da592",
"ResolvConfPath": "/var/lib/docker/containers/efdb9c95c8f713f77ad016da7ca4365660352b8ec28880d1a5234cff124441f8/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/efdb9c95c8f713f77ad016da7ca4365660352b8ec28880d1a5234cff124441f8/hostname",
"HostsPath": "/var/lib/docker/containers/efdb9c95c8f713f77ad016da7ca4365660352b8ec28880d1a5234cff124441f8/hosts",
"LogPath": "/var/lib/docker/containers/efdb9c95c8f713f77ad016da7ca4365660352b8ec28880d1a5234cff124441f8/efdb9c95c8f713f77ad016da7ca4365660352b8ec28880d1a5234cff124441f8-json.log",
"Name": "/nextcloud-aio-mastercontainer",
"RestartCount": 1184,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "docker-default",
"ExecIDs": null,
"HostConfig": {
"Binds": [
"/var/run/docker.sock:/var/run/docker.sock:ro"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "bridge",
"PortBindings": {
"8080/tcp": [
{
"HostIp": "",
"HostPort": "8080"
}
]
},
"RestartPolicy": {
"Name": "always",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"ConsoleSize": [
0,
0
],
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "private",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": [],
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": null,
"DeviceCgroupRules": null,
"DeviceRequests": null,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": null,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"Mounts": [
{
"Type": "volume",
"Source": "nextcloud_aio_mastercontainer",
"Target": "/mnt/docker-aio-config",
"VolumeOptions": {}
}
],
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware",
"/sys/devices/virtual/powercap"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
],
"Init": true
},
"GraphDriver": {
"Data": {
"ID": "efdb9c95c8f713f77ad016da7ca4365660352b8ec28880d1a5234cff124441f8",
"LowerDir": "/var/lib/docker/overlay2/281ec49f157ba6d6ac71e971a0456cfc21657db35749009f72682d9ed92b0d05-init/diff:/var/lib/docker/overlay2/c33f25c83d62e78260a9cb2e91082bd656e7dc4987a4bde0649d3665ee734e54/diff:/var/lib/docker/overlay2/d5f8d1dff3fa0f0c533525701d027e572fae263db2bf5af3095ed711b9321d56/diff:/var/lib/docker/o
"MergedDir": "/var/lib/docker/overlay2/281ec49f157ba6d6ac71e971a0456cfc21657db35749009f72682d9ed92b0d05/merged",
"UpperDir": "/var/lib/docker/overlay2/281ec49f157ba6d6ac71e971a0456cfc21657db35749009f72682d9ed92b0d05/diff",
"WorkDir": "/var/lib/docker/overlay2/281ec49f157ba6d6ac71e971a0456cfc21657db35749009f72682d9ed92b0d05/work"
},
"Name": "overlay2"
},
"Mounts": [
{
"Type": "bind",
"Source": "/var/run/docker.sock",
"Destination": "/var/run/docker.sock",
"Mode": "ro",
"RW": false,
"Propagation": "rprivate"
},
{
"Type": "volume",
"Name": "nextcloud_aio_mastercontainer",
"Source": "/var/lib/docker/volumes/nextcloud_aio_mastercontainer/_data",
"Destination": "/mnt/docker-aio-config",
"Driver": "local",
"Mode": "z",
"RW": true,
"Propagation": ""
}
],
"Config": {
"Hostname": "efdb9c95c8f7",
"Domainname": "",
"User": "root",
"AttachStdin": false,
"AttachStdout": true,
"AttachStderr": true,
"ExposedPorts": {
"80/tcp": {},
"8080/tcp": {},
"8443/tcp": {},
"9000/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"NEXTCLOUD_UPLOAD_LIMIT=16G",
"NEXTCLOUD_ADDITIONAL_APKS=imagemagick",
"NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick",
"APACHE_IP_BINDING=127.0.0.1",
"BORG_RETENTION_POLICY=--keep-within=7d --keep-weekly=4 --keep-monthly=6",
"NEXTCLOUD_DATADIR=/var/nextcloud-data",
"APACHE_PORT=11000",
"PHP_MEMORY_LIMIT=1G",
"COLLABORA_SECCOMP_DISABLED=true",
"NEXTCLOUD_MEMORY_LIMIT=1024M",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"PHPIZE_DEPS=autoconf \t\tdpkg-dev dpkg \t\tfile \t\tg++ \t\tgcc \t\tlibc-dev \t\tmake \t\tpkgconf \t\tre2c",
"PHP_INI_DIR=/usr/local/etc/php",
"PHP_CFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64",
"PHP_CPPFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64",
"PHP_LDFLAGS=-Wl,-O1 -pie",
"GPG_KEYS=1198C0117593497A5EC5C199286AF1F9897469DC C28D937575603EB4ABB725861C0779DC5C0A9DE4 AFD8691FDAEDF03BDF6E460563F15A9B715376CA",
"PHP_VERSION=8.3.17",
"PHP_URL=https://www.php.net/distributions/php-8.3.17.tar.xz",
"PHP_ASC_URL=https://www.php.net/distributions/php-8.3.17.tar.xz.asc",
"PHP_SHA256=6158ee678e698395da13d72c7679a406d2b7554323432f14d37b60ed87d8ccfb"
],
"Cmd": null,
"Healthcheck": {
"Test": [
"CMD-SHELL",
"/healthcheck.sh"
]
},
"Image": "nextcloud/all-in-one:latest",
"Volumes": null,
"WorkingDir": "/var/www/docker-aio",
"Entrypoint": [
"/start.sh"
],
"OnBuild": null,
"Labels": {
"com.docker.compose.config-hash": "931347d2ff458ce97ffd51fba517e3a48a0b466cc782ba59d3051a298efa58bf",
"com.docker.compose.container-number": "1",
"com.docker.compose.depends_on": "",
"com.docker.compose.image": "sha256:701e11fae8e749770f52b83387d0106e31da93d25bf861d271f13ae8189da592",
"com.docker.compose.oneoff": "False",
"com.docker.compose.project": "nextcloud-aio",
"com.docker.compose.project.config_files": "/opt/stacks/nextcloud-aio/compose.yaml",
"com.docker.compose.project.working_dir": "/opt/stacks/nextcloud-aio",
"com.docker.compose.replace": "24e6a39e69aef009688862ee2e33665dcc0ac2bac1280eddff1cd16c1dac68fa",
"com.docker.compose.service": "nextcloud-aio-mastercontainer",
"com.docker.compose.version": "2.21.0"
},
"StopSignal": "SIGQUIT"
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "",
"SandboxKey": "",
"Ports": {},
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"MacAddress": "",
"DriverOpts": null,
"GwPriority": 0,
"NetworkID": "4216e774f4569e93b3ca6475ed05778001df4819ac405f42137177b4d8d473fe",
"EndpointID": "",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DNSNames": null
}
}
}
}
]
Configuration
compose.yaml
services:
nextcloud-aio-mastercontainer:
image: nextcloud/all-in-one:latest
init: true
restart: always
container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
- /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
network_mode: bridge # add to the same network as docker run would do
ports:
- 8080:8080
environment:
# Is needed when using any of the options below
# AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
# AIO_COMMUNITY_CONTAINERS: # With this variable, you can add community containers very easily. See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers
APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
# APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
COLLABORA_SECCOMP_DISABLED: true # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
# FULLTEXTSEARCH_JAVA_OPTIONS: "-Xms1024M -Xmx1024M" # Allows to adjust the fulltextsearch java options. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-fulltextsearch-java-options
NEXTCLOUD_DATADIR: /var/nextcloud-data # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
# NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
NEXTCLOUD_UPLOAD_LIMIT: 16G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
# NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
NEXTCLOUD_MEMORY_LIMIT: 1024M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
PHP_MEMORY_LIMIT: 1G
# NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nextcloud container (Useful e.g. for LDAPS) See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
# NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
# NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud
# NEXTCLOUD_ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud.
# NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
# SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation
# TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
# WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
# security_opt: ["label:disable"] # Is needed when using SELinux
volumes:
# If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
/etc/docker/daemon.json
{
"dns" : [ "127.0.0.1", "46.38.255.230" , "46.38.252.230", "9.9.9.9", "2a03:4000:0:1::e1e6" ],
"iptables": false,
"default-network-opts": {"bridge":{"com.docker.network.enable_ipv6":"true"}}
}
(on the host (127.0.0.1) an unbound is running)
Since I’m not sure if my firewall is the reason, here is the current setting. But even with completely disabled firewall, the container is not able to resolve nextcloud.com
firewalld-cmd --list-all-zones
sudo firewall-cmd --list-all-zones
block
target: %%REJECT%%
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
dmz
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
docker (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: br-93aa469f0d6f
sources:
services:
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
drop
target: DROP
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
external
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
forward: yes
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
home
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
internal (active)
target: default
icmp-block-inversion: no
interfaces: br-d5ef610dde03 docker0 lo veth49fd155
sources:
services: dhcpv6-client mdns samba-client ssh
ports: 10000/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="172.17.0.0/16" masquerade
public (active)
target: DROP
icmp-block-inversion: yes
interfaces: ens3
sources:
services: dhcpv6-client http https ssh
ports:
protocols:
forward: yes
masquerade: yes
forward-ports:
source-ports:
icmp-blocks: echo-request
rich rules:
rule family="ipv6" service name="http" accept
rule family="ipv6" service name="https" accept
rule family="ipv4" source address="172.17.0.0/16" masquerade
trusted (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: tailscale0
sources:
services:
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
work
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Any help is appreciated!