Nextcloud Docker not statrting

p2w2 · April 3, 2020, 5:49pm

Hello I try to run nextcloud with docker on a arm64(nanopi m4v2 with FriendlyDesktop) system according to the offical nextcloud example
I made some adaptations for the arm system:
First I rebuild the letsencrypt-nginx-proxy-companion so it uses the alpine version for arm architeecture.
For the ngnix-Image I had to made some more adjustments, change Forego and alpine.

ngnix Dockerfile

FROM nginx:1.17.6
LABEL maintainer="Jason Wilder mail@jasonwilder.com"

# Install wget and install/updates certificates
RUN apt-get update \
 && apt-get install -y -q --no-install-recommends \
    ca-certificates \
    wget \
 && apt-get clean \
 && rm -r /var/lib/apt/lists/*


# Configure Nginx and apply fix for very long server names
RUN echo "daemon off;" >> /etc/nginx/nginx.conf \
 && sed -i 's/worker_processes  1/worker_processes  auto/' /etc/nginx/nginx.conf

# Install Forego
RUN wget https://bin.equinox.io/c/ekMN3bCZFUn/forego-stable-linux-arm.tgz \
  && tar -C /usr/local/bin -xvf forego-stable-linux-arm.tgz
RUN chmod u+x /usr/local/bin/forego

ENV DOCKER_GEN_VERSION 0.7.4
# docker-gen-alpine-linux-armhf-0.7.4.tar.gz

RUN wget https://github.com/jwilder/docker-gen/releases/download/$DOCKER_GEN_VERSION/docker-gen-alpine-linux-armhf-$DOCKER_GEN_VERSION.tar.gz \
 && tar -C /usr/local/bin -xvzf docker-gen-alpine-linux-armhf-$DOCKER_GEN_VERSION.tar.gz \
 && rm /docker-gen-alpine-linux-armhf-$DOCKER_GEN_VERSION.tar.gz

COPY network_internal.conf /etc/nginx/

COPY . /app/
WORKDIR /app/

ENV DOCKER_HOST unix:///tmp/docker.sock

VOLUME ["/etc/nginx/certs", "/etc/nginx/dhparam"]

ENTRYPOINT ["/app/docker-entrypoint.sh"]
CMD ["forego", "start", "-r"]

I use following yaml file to start the services:

docker-compose.yml

version: '3'

services:
  db:
    image: postgres:alpine
    restart: always
    volumes:
      - /media/pi/drive1/postgres:/var/lib/postgresql/data
    env_file:
      - db.env

  app:
    image: nextcloud:apache
    restart: always
    volumes:
      - /media/pi/drive1/nextcloud:/var/www/html
    environment:
      - VIRTUAL_HOST="***.myfritz.net"
      - LETSENCRYPT_HOST="****.myfritz.net"
      - LETSENCRYPT_EMAIL="***@***.de"
      - POSTGRES_HOST=db
    env_file:
      - db.env
    depends_on:
      - db
    networks:
      - proxy-tier
      - default

  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    volumes:
      - certs:/etc/nginx/certs:ro
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier

  letsencrypt-companion:
    image: nginx-companion
    restart: always
    volumes:
      - certs:/etc/nginx/certs
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy-tier
    depends_on:
      - proxy

volumes:
  certs:
  vhost.d:
  html:

networks:
  proxy-tier:

After start I get a sadly “This site can’t be reached”

Here are the docker logs:

nginx container

WARNING: /etc/nginx/dhparam/dhparam.pem was not found. A pre-generated dhparam.pem will be used for now while a new one
is being generated in the background.  Once the new dhparam.pem is in place, nginx will be reloaded.
forego      | starting dockergen.1 on port 5000
forego      | starting nginx.1 on port 5100
dockergen.1 | 2020/04/03 15:33:35 Generated '/etc/nginx/conf.d/default.conf' from 3 containers
dockergen.1 | 2020/04/03 15:33:35 Running 'nginx -s reload'
dockergen.1 | 2020/04/03 15:33:35 Error running notify command: nginx -s reload, exit status 1
dockergen.1 | 2020/04/03 15:33:35 Watching docker events
dockergen.1 | 2020/04/03 15:33:35 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
dockergen.1 | 2020/04/03 15:33:35 Received event start for container 52166336b198
dockergen.1 | 2020/04/03 15:33:35 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
2020/04/03 15:35:57 [emerg] 70#70: host not found in upstream ""****.myfritz.net"" in /etc/nginx/conf.d/default.conf:79
nginx: [emerg] host not found in upstream ""****.myfritz.net"" in /etc/nginx/conf.d/default.conf:79
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
dhparam generation complete, reloading nginx
nginx.1     | ***.***.*** - - [03/Apr/2020:15:41:03 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 zgrab/0.x" "-"
nginx.1     | ***.***.*** - - [03/Apr/2020:15:48:25 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/**.**.** Safari/537.36 SE 2.X MetaSr 1.0" "-"
nginx.1     | ***.***.*** - - [03/Apr/2020:16:29:26 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0" "-"
nginx.1     | ***.***.*** - - [03/Apr/2020:16:29:29 +0000] "GET /robots.txt HTTP/1.1" 404 153 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0" "-"
nginx.1     | 2020/04/03 16:29:29 [error] 38#38: *4 open() "/usr/share/nginx/html/robots.txt" failed (2: No such file or directory), client: **.**.**.***, server: localhost, request: "GET /robots.txt HTTP/1.1", host: "**.**.**.***"
nginx.1     | ***.***.*** - - [03/Apr/2020:16:29:29 +0000] "POST /Adminee1a4c5c/Login.php HTTP/1.1" 404 153 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0" "-"
nginx.1     | 2020/04/03 16:29:29 [error] 38#38: *4 open() "/usr/share/nginx/html/Adminee1a4c5c/Login.php" failed (2: No such file or directory), client: ***.***.***, server: localhost, request: "POST /Adminee1a4c5c/Login.php HTTP/1.1", host: "**.**.**.***"

nginx.1     | ***.***.*** - - [03/Apr/2020:15:41:03 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 zgrab/0.x" "-"
nginx.1     | ***.***.*** - - [03/Apr/2020:15:48:25 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/**** Safari/537.36 SE 2.X MetaSr 1.0" "-"
nginx.1     | ***.***.*** - - [03/Apr/2020:16:29:26 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0" "-"
nginx.1     | ***.***.*** - - [03/Apr/2020:16:29:29 +0000] "GET /robots.txt HTTP/1.1" 404 153 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0" "-"
nginx.1     | 2020/04/03 16:29:29 [error] 38#38: *4 open() "/usr/share/nginx/html/robots.txt" failed (2: No such file or directory), client: ***.***.***, server: localhost, request: "GET /robots.txt HTTP/1.1", host: "**.**.**.***"
nginx.1     | ***.***.*** - - [03/Apr/2020:16:29:29 +0000] "POST /Adminee1a4c5c/Login.php HTTP/1.1" 404 153 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0" "-"
nginx.1     | 2020/04/03 16:29:29 [error] 38#38: *4 open() "/usr/share/nginx/html/Adminee1a4c5c/Login.php" failed (2: No such file or directory), client: **.**.**, server: localhost, request: "POST /Adminee1a4c5c/Login.php HTTP/1.1", host: "**.**.**.***"

nextcloud container

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.23.0.3. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.23.0.3. Set the 'ServerName' directive globally to suppress this message
[Fri Apr 03 15:33:35.756667 2020] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.3.16 configured -- resuming normal operations
[Fri Apr 03 15:33:35.756936 2020] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'

encrypt companion container

Info: Custom Diffie-Hellman group found, generation skipped.
Reloading nginx proxy (79ff3d42cd5bafc0d1653fdbf7e17eafc81210a28b3a9bb2db9a11bf48cdd5eb)...
2020/04/03 15:33:37 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification ''
2020/04/03 15:33:37 Generated '/app/letsencrypt_service_data' from 4 containers
2020/04/03 15:33:37 Running '/app/signal_le_service'
2020/04/03 15:33:37 Watching docker events
2020/04/03 15:33:38 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'
/etc/nginx/certs/"*****.myfritz.net" /app

I tried several configurations for VIRTUAL_HOST variable, like host IP, Docker Network IP, Docker Container Name, with/without http/https…
I searched for the issue and found that:
host not found in upstream But that seams ok:

docker network

[
    {
        "Name": "docker_proxy-tier",
        "Id": "c22220a26673f01303d46f806eb9c1092ce5a50998f6bec82c3e56d44cb2cf73",
        "Created": "2020-04-03T15:33:28.089811688Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.24.0.0/16",
                    "Gateway": "172.24.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": true,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "403c4e59f04cd233889b4ae49e23e47261e6c5ed7bb3619ed08b2088ebd0e752": {
                "Name": "docker_app_1",
                "EndpointID": "7f10a1bebdfbe41dcdb7bfaf4be4fb2bb0df20bcadb713d9aef750c54f3cb9f5",
                "MacAddress": "02:42:ac:18:00:03",
                "IPv4Address": "172.24.0.3/16",
                "IPv6Address": ""
            },
            "52166336b1989ed9707be14692206e0b6d9c9a86b63ae1def10eb18246796bd8": {
                "Name": "docker_letsencrypt-companion_1",
                "EndpointID": "5caf4b4b979535769a0e5c4bb4f6a8cfb8d4ab818a8059926c1a7dc3681f5feb",
                "MacAddress": "02:42:ac:18:00:04",
                "IPv4Address": "172.24.0.4/16",
                "IPv6Address": ""
            },
            "79ff3d42cd5bafc0d1653fdbf7e17eafc81210a28b3a9bb2db9a11bf48cdd5eb": {
                "Name": "docker_proxy_1",
                "EndpointID": "740ce13690e01fc9151f4d5ca607f79990d059388ed5ff70e59e1401a58aeb4e",
                "MacAddress": "02:42:ac:18:00:02",
                "IPv4Address": "172.24.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {
            "com.docker.compose.network": "proxy-tier",
            "com.docker.compose.project": "docker",
            "com.docker.compose.version": "1.25.4"
        }
    }
]

I don’t have any expirience with nginx and sorry if my question is stupid, thanks for help in advance

Reiner_Nippes · April 3, 2020, 6:20pm

could you please provide the nginx config file?

could you also check if nextcloud is up&running? that is to say just start the postgresql an dnextcloud container and expose port 80 of the later one. and then just curl http://127.0.0.1 to see if you get some fancy html.

p2w2 · April 4, 2020, 8:42am

Thank for the quick reply.
Yes if I start only postgres and nextcloud with ports: 8080:80 I can access Nextcloud.

Sorry I forgot that:

config

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}
daemon off;
root@79ff3d42cd5b:/etc/nginx# ls
certs  conf.d  dhparam	fastcgi_params	koi-utf  koi-win  mime.types  modules  network_internal.conf  nginx.conf  scgi_params  uwsgi_params  vhost.d  win-utf
root@79ff3d42cd5b:/etc/nginx# cd conf.d/
root@79ff3d42cd5b:/etc/nginx/conf.d# ls
default.conf  uploadsize.conf
root@79ff3d42cd5b:/etc/nginx/conf.d# cat default.conf 
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
  default $http_x_forwarded_proto;
  ''      $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
  default $http_x_forwarded_port;
  ''      $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
  default upgrade;
  '' close;
}
# Apply fix for very long server names
server_names_hash_bucket_size 128;
# Default dhparam
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
# Set appropriate X-Forwarded-Ssl header
map $scheme $proxy_x_forwarded_ssl {
  default off;
  https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                 '"$request" $status $body_bytes_sent '
                 '"$http_referer" "$http_user_agent"';
access_log off;
		ssl_protocols TLSv1.2 TLSv1.3;
		ssl_ciphers '******';
		ssl_prefer_server_ciphers off;
resolver 127.0.0.11;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
	server_name _; # This is just an invalid value which will never trigger on a real hostname.
	listen 80;
	access_log /var/log/nginx/access.log vhost;
	return 503;
}
server {
	server_name _; # This is just an invalid value which will never trigger on a real hostname.
	listen 443 ssl http2;
	access_log /var/log/nginx/access.log vhost;
	return 503;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;
	ssl_certificate /etc/nginx/certs/default.crt;
	ssl_certificate_key /etc/nginx/certs/default.key;
}
# "****.myfritz.net"
upstream "****.myfritz.net" {
				# Cannot connect to network of this container
				server 127.0.0.1 down;
				## Can be connected with "docker_proxy-tier" network
			# docker_app_1
			server 172.24.0.3:80;
}
server {
	server_name "****.myfritz.net";
	listen 80 ;
	access_log /var/log/nginx/access.log vhost;
	location / {
		proxy_pass http://"****.myfritz.net";
	}
}
server {
	server_name "****.myfritz.net";
	listen 443 ssl http2 ;
	access_log /var/log/nginx/access.log vhost;
	return 500;
	ssl_certificate /etc/nginx/certs/default.crt;
	ssl_certificate_key /etc/nginx/certs/default.key;
}

also the config.php from nextcloud:

config.php

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'instanceid' => 'ocghe4rgb6gr',
  'passwordsalt' => '****',
  'secret' => '****',
  'trusted_domains' => 
  array (
    0 => 'localhost:8080',
    1 => '192.168.178.48', //local nanopi address
    2 => '****.myfritz.net',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'pgsql',
  'version' => '18.0.3.0',
  'overwrite.cli.url' => 'http://localhost:8080',
  'dbname' => 'nextcloud',
  'dbhost' => 'postgresdb',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_p2w2',
  'dbpassword' => '****',
  'installed' => true,
//  'overwriteprotocol' => 'https',
);

I also wrote I get a “This site can’t be reached”, I have reported this incorrectly. I get a
500 Internal Server Error if I connect to ***.myfritz.net
If I try to access nextcloud via the IP in my LAN I get: If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

Workaround:

I tried following configuration with another nginx server and it works.
But I only get about 6mb/s in upload and 2mb/s download although I am on the local network and the data is stored on a ssd hard disk (Is that normal?).

docker-compose

version: "3"
services:
  app:
    image: jc21/nginx-proxy-manager:2
    restart: always
    ports:
      # Public HTTP Port:
      - '80:80'
      # Public HTTPS Port:
      - '443:443'
      # Admin Web Port:
      - '81:81'
    volumes:
      # Make sure this config.json file exists as per instructions above:
      - ./config.json:/app/config/production.json
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    depends_on:
      - db
  db:
    image: mariadb
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: "****"
      MYSQL_DATABASE: "****"
      MYSQL_USER: "****"
      MYSQL_PASSWORD: "****"
    ports:
      - '3306:3306'
    volumes:
      - ./data/mysql:/var/lib/mysql

  postgresdb:
    image: postgres:alpine
    restart: always
    volumes:
      - /media/pi/drive1/postgres:/var/lib/postgresql/data
    env_file:
      - db.env

  nextcloud:
    image: nextcloud:apache
    restart: always
    ports:
      - 8080:80
    volumes:
      - /media/pi/drive1/nextcloud:/var/www/html
    environment:
      - POSTGRES_HOST=postgresdb
    env_file:
      - db.env
    depends_on:
      - postgresdb

nginx-manager conf

# ------------------------------------------------------------
# ****.myfritz.net
# ------------------------------------------------------------

server {
  set $forward_scheme http;
  set $server         "192.168.178.48";
  set $port           8080;
  listen 80;
listen 443 ssl http2;
  server_name ****.myfritz.net;
  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-2/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-2/privkey.pem;
  access_log /data/logs/proxy_host-4.log proxy;
  location / {
    # Force SSL
    include conf.d/include/force-ssl.conf;
    # Proxy!
    include conf.d/include/proxy.conf;
  }
  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}