Nextcloud docker as subfolder behind Traefik

Hi everyone,
I’m quite new to Docker, and I’m trying to get Nextcloud to work as a subfolder of my domain behind the reverse-proxy Traefik.

The problem is a little weird, I can make work as a subdomain of my duckdns address nextcloud.XXX.duckdns.org, but not as a subfolder XXX.duckdns.org/nextcloud.
I prefer the subfolder approach, but i’m having some trouble and it’s driving me crazy ^^

Can anyone help me figure out how to make this work ?

I’m running on a Raspberry Pi 4 with 8GB of ram.
Here is my config.php:

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'overwritehost' => 'XXX.duckdns.org',
  'overwriteprotocol' => 'https',
  'overwritewebroot' => '/nextcloud',
  'trusted_proxies' =>
  array (
    0 => 'traefik',
  ),
  'passwordsalt' => 'XXX',
  'secret' => 'XXX',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => '0.0.0.0:85',
    2 => '10.0.0.3:85',
    3 => 'XXX.duckdns.org',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '19.0.3.1',
  'overwrite.cli.url' => 'https://XXX.duckdns.org/nextcloud',
  'loglevel' => 0,
  'dbname' => 'nextcloud',
  'dbhost' => 'db-nextcloud-maria',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'nextcloud',
  'dbpassword' => 'XXXXXXXXXXX',
  'installed' => true,
  'instanceid' => 'ocnhvv6wef7n',
);

and when I try to access it, the docker log nextcloud is:

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.27.0.9. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.27.0.9. Set the 'ServerName' directive globally to suppress this message
[Wed Sep 23 16:57:39.710120 2020] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.4.10 configured -- resuming normal operations
[Wed Sep 23 16:57:39.710272 2020] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
172.27.0.7 - XXX [23/Sep/2020:16:58:27 +0200] "GET /nextcloud HTTP/1.1" 302 413 "https://XXX.duckdns.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0"
172.27.0.7 - XXX [23/Sep/2020:16:58:27 +0200] "GET /nextcloud/ HTTP/1.1" 302 1126 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0"
172.27.0.7 - XXX [23/Sep/2020:16:58:29 +0200] "GET /nextcloud/login HTTP/1.1" 302 1018 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0"
172.27.0.7 - XXX [23/Sep/2020:16:58:31 +0200] "GET /nextcloud/login HTTP/1.1" 302 1018 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0"
172.27.0.7 - XXX [23/Sep/2020:16:58:34 +0200] "GET /nextcloud/login HTTP/1.1" 302 1018 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0"
172.27.0.7 - XXX [23/Sep/2020:16:58:36 +0200] "GET /nextcloud/login HTTP/1.1" 302 1018 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0"
172.27.0.7 - XXX [23/Sep/2020:16:58:40 +0200] "GET /nextcloud/login HTTP/1.1" 302 1018 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0"

and nextcloud.log:

{"reqId":"hC8j9LCSu628oxhX0Uav","level":2,"time":"2020-09-23T14:58:29+00:00","remoteAddr":"172.27.0.7","user":"--","app":"core","method":"GET","url":"/nextcloud/index.php/","message":"Login failed: 'XXX' (Remote IP: '172.27.0.7')","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0","version":"19.0.3.1"}
{"reqId":"hC8j9LCSu628oxhX0Uav","level":1,"time":"2020-09-23T14:58:29+00:00","remoteAddr":"172.27.0.7","user":"--","app":"core","method":"GET","url":"/nextcloud/index.php/","message":"Bruteforce attempt from \"172.27.0.7\" detected for action \"login\".","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0","version":"19.0.3.1"}
{"reqId":"FKD3SVW1NI1VqBUHBwUg","level":2,"time":"2020-09-23T14:58:31+00:00","remoteAddr":"172.27.0.7","user":"--","app":"core","method":"GET","url":"/nextcloud/index.php/login","message":"Login failed: 'XXX' (Remote IP: '172.27.0.7')","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0","version":"19.0.3.1"}
{"reqId":"FKD3SVW1NI1VqBUHBwUg","level":1,"time":"2020-09-23T14:58:31+00:00","remoteAddr":"172.27.0.7","user":"--","app":"core","method":"GET","url":"/nextcloud/index.php/login","message":"Bruteforce attempt from \"172.27.0.7\" detected for action \"login\".","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0","version":"19.0.3.1"}
{"reqId":"U8xWlVN1rX4aM46TpxWK","level":2,"time":"2020-09-23T14:58:34+00:00","remoteAddr":"172.27.0.7","user":"--","app":"core","method":"GET","url":"/nextcloud/index.php/login","message":"Login failed: 'XXX' (Remote IP: '172.27.0.7')","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0","version":"19.0.3.1"}
{"reqId":"U8xWlVN1rX4aM46TpxWK","level":1,"time":"2020-09-23T14:58:34+00:00","remoteAddr":"172.27.0.7","user":"--","app":"core","method":"GET","url":"/nextcloud/index.php/login","message":"Bruteforce attempt from \"172.27.0.7\" detected for action \"login\".","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0","version":"19.0.3.1"}
{"reqId":"HTYtffzeLAghfkSjUcuA","level":2,"time":"2020-09-23T14:58:36+00:00","remoteAddr":"172.27.0.7","user":"--","app":"core","method":"GET","url":"/nextcloud/index.php/login","message":"Login failed: 'XXX' (Remote IP: '172.27.0.7')","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0","version":"19.0.3.1"}
{"reqId":"HTYtffzeLAghfkSjUcuA","level":1,"time":"2020-09-23T14:58:36+00:00","remoteAddr":"172.27.0.7","user":"--","app":"core","method":"GET","url":"/nextcloud/index.php/login","message":"Bruteforce attempt from \"172.27.0.7\" detected for action \"login\".","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0","version":"19.0.3.1"}
{"reqId":"tGKAlT6DUn9cVTYbZUmd","level":2,"time":"2020-09-23T14:58:40+00:00","remoteAddr":"172.27.0.7","user":"--","app":"core","method":"GET","url":"/nextcloud/index.php/login","message":"Login failed: 'XXX' (Remote IP: '172.27.0.7')","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0","version":"19.0.3.1"}
{"reqId":"tGKAlT6DUn9cVTYbZUmd","level":1,"time":"2020-09-23T14:58:40+00:00","remoteAddr":"172.27.0.7","user":"--","app":"core","method":"GET","url":"/nextcloud/index.php/login","message":"Bruteforce attempt from \"172.27.0.7\" detected for action \"login\".","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0","version":"19.0.3.1"}
{"reqId":"bApTkgFPNyNyHhY87pw7","level":2,"time":"2020-09-23T14:58:45+00:00","remoteAddr":"172.27.0.7","user":"--","app":"core","method":"GET","url":"/nextcloud/index.php/login","message":"Login failed: 'XXX' (Remote IP: '172.27.0.7')","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0","version":"19.0.3.1"}
{"reqId":"bApTkgFPNyNyHhY87pw7","level":1,"time":"2020-09-23T14:58:45+00:00","remoteAddr":"172.27.0.7","user":"--","app":"core","method":"GET","url":"/nextcloud/index.php/login","message":"Bruteforce attempt from \"172.27.0.7\" detected for action \"login\".","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0","version":"19.0.3.1"}

My docker-compose for nextcloud is

nextcloud:
    image: nextcloud
    container_name: nextcloud
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${DOCKERCONFDIR}/nextcloud:/var/www/html
    depends_on:
      - db-nextcloud-maria
    environment:
      - MYSQL_HOST=db-nextcloud-maria
      - MYSQL_DATABASE=${MARIADB_MYSQL_DATABASE}
      - MYSQL_USER=${MARIADB_MYSQL_USER}
      - MYSQL_PASSWORD=${MARIADB_MYSQL_PASSWORD}
      - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
      - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
      - NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS}
      - TRUSTED_PROXIES=traefik
      - OVERWRITEHOST=${NEXTCLOUD_OVERWRITEHOST}
      - OVERWRITEPROTOCOL=https
      - OVERWRITEWEBROOT=${NEXTCLOUD_OVERWRITEWEBROOT}
    ports:
      - 85:80
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.rule=(Host(`XXX.duckdns.org`) && PathPrefix(`/nextcloud`))"
      - "traefik.http.routers.nextcloud.entrypoints=websecure"
      - "traefik.http.routers.nextcloud.tls.certresolver=myresolver"

db-nextcloud-maria:
    image: linuxserver/mariadb
    container_name: db-nextcloud-maria
    hostname: ${DOCKERHOSTNAME}
    environment:
      - PGID=${PGID}
      - PUID=${PUID}
      - MYSQL_ROOT_PASSWORD=${MARIADB_MYSQL_ROOT_PASSWORD}
      - MYSQL_DATABASE=${MARIADB_MYSQL_DATABASE}
      - MYSQL_USER=${MARIADB_MYSQL_USER}
      - MYSQL_PASSWORD=${MARIADB_MYSQL_PASSWORD}
      - TZ=${TZ}
    logging:
      driver: json-file
      options:
        max-file: ${DOCKERLOGGING_MAXFILE}
        max-size: ${DOCKERLOGGING_MAXSIZE}
    restart: unless-stopped
    ports:
      - ${MARIADB_PORT_3306}:3306
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${DOCKERCONFDIR}/db-nextcloud-maria:/config

Does anyone have any idea what’s happening and how to solve it ?

Many thanks to anyone who tries to help, this is driving me crazy :slight_smile:

Subfolder hosting with Traefik is messy. Why not do it with a subdomain like cloud.example.com?
That should work very easily with no special settings required.

Edit: yes I realize you wrote the same already, but seriously don’t waste your time. Subfolder hosting is also much less secure. If you are concerned about the double subdomain, just register a real domain yourself :wink: You can get a great free dynamic DNS service with https://1984.is and the domains are cheap too.

1 Like

Thank you, I’ll go with subdomain then :slight_smile:
I had a preference for subfolder because it makes more sense in my mind but since you wrote that subdomains are more secure, i’ll go with it.
I’ll check https://1984.is, it looks pretty nice. Thanks again for the all the advice :slightly_smiling_face:

1 Like