Hi,
I’m trying to run Nextcloud (with OnlyOffice) on my Raspberry Pi 5 as a Docker Container.
I have a Cloudflare Tunnel on rpi, I can access the Nextcloud with Cloudflare Domain “nc.mydomain.com” via web browser.
But unfortunately I couldn’t access it via Desktop or Mobile applications !
During the initial installation, I was able to access it once and connect the applications, but even though I made no changes, the next day it always appeared offline via the mobile/desktop application, and I cannot log in again (the login screen does not even appear).
I search all the possible articles, documents more than 5 days and still i couldn’t find a solution to Login from Desktop or Mobile applications (even if i tried all the possible suggestions or workarounds one by one)
Can you help and guide me about what am i missing?
Note: Nginx Proxy (nextcloud-fx-web container) is configured only for ONLYOFFICE. I wasn’t able to run the built-in Collabora Online Server (CODE) or external CODE server so that I found an alternative method to using the OnlyOffice (with some nginx proxy configurations) an because of that used the OnlyOffice. I don’t have any idea about the nginx configuration but at least this method worked, I can add or edit the Office files (docx, xlsx, pptx etc.)
Btw, even if I tried to configure a fallback conf for the onlyoffice in the nginx config I couldn’t succeded so that I have to always up/run the OnlyOffice container, otherwise Nextcloud Web doesn’t run.
[/details]
The Basics
- Nextcloud Server version (e.g., 29.x.x):
30.0.5.1
- Operating system and version (e.g., Ubuntu 24.04):
Linux 6.6.62+rpt-rpi-2712 aarch64
- PHP version (e.g, 8.3):
8.2.27
- Database version:
Mysql 11.4.4
- Is this the first time you’ve seen this error? (Yes / No):
Yes
- When did this problem seem to first start?
5 days ago
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
Docker Compose
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
Yes
Summary of the issue you are facing:
-
NextCloud Web App running and I can access it from nc.mydomain.com
-
Desktop App (on MacOs) installed and configured at the beginning but right now it doesn’t connect to the server, So that I tried to remove account and re-add it.
-
But this time it doesn’t found/validate the server url. Failed to connect to Nextcloud at https://nc.mydomain.com
Unknown error
-
Mobile App
-
I tried to enter the local ip address to the Desktop/Mobile application server address (instead of nc.mydomain.com) this time it opens the web browser to login screen and process but the opened web url is nc.mydomain.com not showing the IP address (192.168.68.58) and if completed and granted the permissions on the web, Desktop application doesn’t accept the permissions and give below error.
configurations of my setup
- Cloudflare configs:
docker-compose.yml:
name: nextcloud-fx
services:
app:
container_name: nextcloud-fx-app #app-server
image: nextcloud:fpm #FPM version
restart: unless-stopped
networks:
- nextcloud-fx
expose:
- '80'
- '9000' #nginx proxy for ONLYOFFICE
volumes:
- /DATA/AppData/nextcloud-fx/nextcloud:/var/www/html
- ./php.ini:/usr/local/etc/php/conf.d/custom.ini
environment:
- MYSQL_HOST=nextcloud-fx-db
- MYSQL_PASSWORD=REDACTED
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=REDACTED
- TZ=Europe/Istanbul
- MEMORY_LIMIT=1024M
- UPLOAD_MAX_SIZE=10G
- OPCACHE_MEM_SIZE=128
- NEXTCLOUD_TRUSTED_DOMAINS=nc.mydomain.com rpi.local
- TRUSTED_PROXIES=nextcloud-fx-web
- REDIS_HOST=nextcloud-fx-cache
- PHP_MEMORY_LIMIT=1024M
- PHP_UPLOAD_LIMIT=1024M
depends_on:
- db
- cache
#ONLYOFFICE
onlyoffice:
container_name: nextcloud-fx-onlyoffice #onlyoffice-document-server
image: onlyoffice/documentserver:latest
restart: unless-stopped
environment:
- JWT_SECRET=REDACTED
networks:
- nextcloud-fx
expose:
- '80'
- '443'
volumes:
- /DATA/AppData/nextcloud-fx/onlyoffice/data:/var/www/onlyoffice/Data
- /DATA/AppData/nextcloud-fx/onlyoffice/log:/var/log/onlyoffice
# This Nginx container added as reverse proxy for the Nextcloud to only work the ONYLOFFICE purpose
web:
container_name: nextcloud-fx-web #nginx-server
image: nginx
restart: always
networks:
- nextcloud-fx
ports:
- 6880:80
- 6443:443
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
# NOTE: The `volumes` included here should match those of the `app` container (unless you know what you're doing)
- /DATA/AppData/nextcloud-fx/nextcloud:/var/www/html
depends_on:
- app
- onlyoffice
#ONLYOFFICE
db:
image: mariadb:11.4
container_name: nextcloud-fx-db
hostname: nextcloud-fx-db
command: --transaction-isolation=READ-COMMITTED --skip-log-bin --binlog-expire-logs-seconds=86400 --skip-innodb-read-only-compressed --log_bin_trust_function_creators=true
environment:
- MYSQL_ALLOW_EMPTY_PASSWORD=no
- MYSQL_DATABASE=nextcloud
- MYSQL_PASSWORD=REDACTED
- MYSQL_USER=REDACTED
- MARIADB_AUTO_UPGRADE=1
restart: unless-stopped
ports:
- 6806:3306
volumes:
- /DATA/AppData/nextcloud-fx/mysql:/var/lib/mysql
networks:
- nextcloud-fx
cache:
image: redis:alpine
container_name: nextcloud-fx-cache
...
cron:
container_name: nextcloud-fx-cron
image: nextcloud:fpm
...
previewgen:
container_name: nextcloud-fx-previewgen
image: nextcloud:fpm
...
nginx.conf: Nginx proxy and this conf file added to run OnlyOffice otherwise it doesn’t work
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
upstream backend {
server nextcloud-fx-app:9000;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
# https://docs.nextcloud.com/server/30/admin_manual/installation/nginx.html
types {
text/javascript mjs;
}
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
map $http_host $this_host {
"" $host;
default $http_host;
}
map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
"" $scheme;
}
map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
"" $this_host;
}
server {
listen 80;
# The below allows for being behind a reverse proxy and allowing the Nextcloud app to connect
server_tokens off;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/html;
client_max_body_size 10G; # 0=unlimited - set max upload size
fastcgi_buffers 64 4K;
gzip off;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
#Your web server is not properly set up to resolve `.well-known` URLs, failed on: `/.well-known/webfinger` - https://docs.nextcloud.com/server/30/admin_manual/issues/general_troubleshooting.html#service-discovery
rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger/ permanent;
rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo/ permanent;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location / {
rewrite ^/remote/(.*) /remote.php last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ =404;
}
# ONLYOFFICE
location ~* ^/ds-vpath/ {
rewrite /ds-vpath/(.*) /$1 break;
proxy_pass http://nextcloud-fx-onlyoffice;
proxy_redirect off;
client_max_body_size 100m;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $the_host/ds-vpath;
proxy_set_header X-Forwarded-Proto $the_scheme;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS off;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass backend;
fastcgi_intercept_errors on;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
}
}
config.php:
<?php
$CONFIG = array (
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'nextcloud-fx-cache',
'port' => 6379,
),
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'upgrade.disable-web' => true,
'instanceid' => 'REDACTED',
'passwordsalt' => 'REDACTED',
'secret' => 'REDACTED',
/* FX */
'maintenance_window_start' => 1,
'check_data_directory_permissions' => false,
'trusted_domains' =>
array (
0 => 'rpi.local:6880', /* local dns of the Raspberry Pi */
1 => 'rpi.local', /* local dns of the Raspberry Pi */
2 => 'nc.mydomain.com', /* cloudflare domain */
3 => 'nextcloud-fx-onlyoffice',
4 => 'nextcloud-fx-app',
5 => 'nextcloud-fx-web',
6 => '192.168.1.62', /* local IP (eth0) of the Raspberry Pi */
7 => '192.168.68.58', /* local IP (wlan0) of the Raspberry Pi */
),
'allowed_admin_ranges' =>
array (
0 => '192.168.1.0/24',
1 => '192.168.68.0/24',
2 => '172.20.0.1/16', /* docker network ip */
),
'trusted_proxies' =>
array (
0 => 'nextcloud-fx-web',
/* CloudFlare IP Ranges */
1 => '103.21.244.0/22',
2 => '103.22.200.0/22',
3 => '103.31.4.0/22',
4 => '104.16.0.0/13',
5 => '104.24.0.0/14',
6 => '108.162.192.0/18',
7 => '131.0.72.0/22',
8 => '141.101.64.0/18',
9 => '162.158.0.0/15',
10 => '172.64.0.0/13',
11 => '173.245.48.0/20',
12 => '188.114.96.0/20',
13 => '190.93.240.0/20',
14 => '197.234.240.0/22',
15 => '198.41.128.0/17',
16 => '2400:cb00::/32',
17 => '2606:4700::/32',
18 => '2803:f800::/32',
19 => '2405:b500::/32',
20 => '2405:8100::/32',
21 => '2a06:98c0::/29',
22 => '2c0f:f248::/32',
),
'overwrite.cli.url' => 'https://nc.mydomain.com',
'overwriteprotocol' => 'https',
'htaccess.RewriteBase' => '/',
'default_phone_region' => 'TR',
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\BMP',
4 => 'OC\\Preview\\XBitmap',
5 => 'OC\\Preview\\MP3',
6 => 'OC\\Preview\\TXT',
7 => 'OC\\Preview\\MarkDown',
8 => 'OC\\Preview\\OpenDocument',
9 => 'OC\\Preview\\HEIC',
10 => 'OC\\Preview\\Image',
11 => 'OC\\Preview\\TIFF',
12 => 'OC\\Preview\\Movie',
),
'onlyoffice' =>
array (
'DocumentServerUrl' => '/ds-vpath/',
'DocumentServerInternalUrl' => 'http://nextcloud-fx-onlyoffice/',
'StorageUrl' => 'http://nextcloud-fx-web/',
'jwt_secret' => 'REDACTED',
),
'fulltextsearch' => [
'enabled' => true,
'platform' => 'ElasticSearch',
'elasticSearchServer' => 'http://nextcloud-fx-fulltextsearch:9200',
],
'mail_from_address' => 'REDACTED',
'mail_smtpmode' => 'smtp',
'mail_sendmailmode' => 'smtp',
'mail_domain' => 'gmail.com',
'mail_smtphost' => 'smtp.gmail.com',
'mail_smtpport' => '587',
'mail_smtpauth' => 1,
'mail_smtpname' => 'REDACTED@gmail.com',
'mail_smtppassword' => 'REDACTED',
'memories.exiftool' => '/var/www/html/custom_apps/memories/bin-ext/exiftool-aarch64-glibc',
'memories.vod.path' => '/var/www/html/custom_apps/memories/bin-ext/go-vod-aarch64',
'memories.gis_type' => 1,
'memories.db.triggers.fcu' => true,
'preview_max_x' => 2048,
'preview_max_y' => 2048,
'facerecognition.external_model_url' => 'nextcloud-fx-facerecognition:6885',
'facerecognition.external_model_api_key' => 'REDACTED',
/* FX */
'datadirectory' => '/var/www/html/data',
'version' => '30.0.5.1',
'dbtype' => 'mysql',
'dbname' => 'nextcloud',
'dbhost' => 'nextcloud-fx-db',
'dbport' => '',
'dbuser' => 'nextcloud',
'dbpassword' => 'nextcloud',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'installed' => true,
'enable_previews' => true,
'maintenance' => false,
);