Nextcloud AIO - Talk not working

Nextcloud AIO 8.1
Traefik 2.11
Debian 12
New installation

Hello, I was able to get Nextcloud AIO running but the only thing that is not working is talk (neither chat nor calls).

When opening the chat I get an error message:

Fehler beim Herstellen der Signalisierungsverbindung. Möglicherweise stimmt etwas in der Konfiguration des Signalisierungsservers nicht

The logs of the talk container say the following:

root@Nextcloud:~# docker logs nextcloud-aio-talk
++ hostname -i
++ grep -oP '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+'
++ head -1
++ dig nextcloud-aio-talk IN A +short +search
++ grep '^[0-9.]\+$'
++ sort
++ head -n1
++ dig nextcloud-aio-talk AAAA +short +search
++ grep '^[0-9a-f:]\+$'
++ head -n1
++ sort
+ set +x
Janus commit: 63ee713102f453447e3c912a7bb45791d4d198c5
Compiled on:  Thu Mar 28 14:59:05 UTC 2024

Logger plugins folder: /usr/local/lib/janus/loggers
  Starting Meetecho Janus (WebRTC Server) v0.14.1

Checking command line arguments...
Debug/log level is 3
Debug/log timestamps are disabled
Debug/log colors are disabled
[WARN] Janus is deployed on a private address ( but you didn't specify any STUN server! Expect trouble if this is supposed to work over the internet and not just in a LAN...
main.go:135: Starting up version 1.2.3~docker/go1.21.6 as pid 44
main.go:144: Using a maximum of 4 CPUs
[37] 2024/04/16 07:25:26.167520 [INF] Starting nats-server
[37] 2024/04/16 07:25:26.167632 [INF]   Version:  2.10.12
[37] 2024/04/16 07:25:26.167635 [INF]   Git:      [121169ea]
[37] 2024/04/16 07:25:26.167637 [INF]   Name:     NCDO4457P7MXSE2555CXOBLXSWQYYG353XN6U3Y3J26DMW4EHOLSUACP
[37] 2024/04/16 07:25:26.167640 [INF]   ID:       NCDO4457P7MXSE2555CXOBLXSWQYYG353XN6U3Y3J26DMW4EHOLSUACP
[37] 2024/04/16 07:25:26.167647 [INF] Using configuration file: /etc/nats.conf
natsclient.go:93: Could not create connection (nats: no servers available for connection), will retry in 1s
[37] 2024/04/16 07:25:26.168073 [INF] Listening for client connections on
[37] 2024/04/16 07:25:26.168084 [INF] Server is ready
Exec: /opt/eturnal/erts-14.0.2/bin/erlexec -noinput +Bd -boot /opt/eturnal/releases/1.12.0/start -mode embedded -boot_var SYSTEM_LIB_DIR /opt/eturnal/lib -config /opt/eturnal/releases/1.12.0/sys.config -args_file /opt/eturnal/releases/1.12.0/vm.args -erl_epmd_port 3470 -start_epmd false -- foreground
Root: /opt/eturnal
[WARN] libcurl not available, Streaming plugin will not have RTSP support
[WARN] libogg not available, Streaming plugin will not have file-based Opus streaming
[WARN] No Unix Sockets server started, giving up...
[WARN] The 'janus.transport.pfunix' plugin could not be initialized
natsclient.go:108: Connection established to nats:// (NCDO4457P7MXSE2555CXOBLXSWQYYG353XN6U3Y3J26DMW4EHOLSUACP)
grpc_common.go:167: WARNING: No GRPC server certificate and/or key configured, running unencrypted
grpc_common.go:169: WARNING: No GRPC CA configured, expecting unencrypted connections
backend_storage_static.go:72: Backend backend-1 added for
hub.go:202: Using a maximum of 8 concurrent backend connections per host
hub.go:209: Using a timeout of 10s for backend connections
hub.go:262: Not using GeoIP database
mcu_janus.go:292: Connected to Janus WebRTC Server 0.14.1 by Meetecho s.r.l.
mcu_janus.go:298: Found JANUS VideoRoom plugin 0.0.9 by Meetecho s.r.l.
mcu_janus.go:303: Data channels are supported
mcu_janus.go:307: Full-Trickle is enabled
mcu_janus.go:309: Maximum bandwidth 1048576 bits/sec per publishing stream
mcu_janus.go:310: Maximum bandwidth 2097152 bits/sec per screensharing stream
mcu_janus.go:316: Created Janus session 7688376158824584
mcu_janus.go:323: Created Janus handle 1180322413642906
main.go:271: Using janus MCU
hub.go:387: Using a timeout of 10s for MCU requests
backend_server.go:114: No IPs configured for the stats endpoint, only allowing access from
main.go:347: Listening on
client.go:283: Client from has RTT of 12 ms (12.065478ms)
capabilities.go:151: Capabilities expired for, updating
capabilities.go:248: Could not get capabilities for Get "": tls: failed to verify certificate: x509: certificate signed by unknown authority

So I thought I just had to add my certificates to the container, but when trying to copy them I get an error

“Roof of container is read only”

How can I get this fixed?

Any help is appreciated!

Hi, are you using a self-signed certificate?

No, I use a certificate issued by a root CA.

So it is not a publicly trusted certificate?

No it’s not

I see. See GitHub - nextcloud/all-in-one: 📦 The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance. then