Nextcloud on a subdomain?

AIS_Todd · March 7, 2019, 8:16pm

Hi,

My VPS account uses Plesk web admin on top of Ubuntu 18.04 with Apache 2.4.29 and PHP 7.2.15.

I have a docker application that I can get running with Nextcloud and MySQL images (Docker Compose using a .yml file). Now I need to know how I can redirect any site visitors that reach mysubdomain.mydomain.com toward the Nextcloud server so I can complete the web wizard portion of this installation.

Thanks for any insight.

Reiner_Nippes · March 7, 2019, 10:44pm

well. it’s not the answer to your question, but you can setup nextcloud on the cli:

docker exec --user www-data nextcloud php occ  maintenance:install \
    --database {{ nextcloud_db_type }} --database-host db --database-name {{ nextcloud_db_name }} \
    --database-table-prefix {{ nextcloud_db_prefix }} --database-user {{ nextcloud_db_user }} \
    --database-pass {{ lookup('password', '{{ nextcloud_credential_store }}/database_user_secret chars=ascii_letters,digits length=32') }} \
    --admin-user {{ nextcloud_admin }} --admin-pass {{ nextcloud_passwd }} --data-dir {{ nextcloud_container_data_dir }}

the {{ }}variables needs to be replaced with your setting values.

to answer your question: in the docker compose you expose the internal ports (80/443) of the webserver to the world (or not). if the Apache 2.4.29 is listening to port (80/443) to the world you have to configure it as a reverse proxy. that is to say each connection to http(s)://mysubdomain.mydomain.com has to be redirected to the docker containers exposed ports.

one would need your docker compose file to answer precisely.

AIS_Todd · March 8, 2019, 6:34am

Thanks very much for taking time to reply. I am struggling with this more than I hoped I would.

My current docker-compose.yml file looks as follows:

> version: '3' 
> 
> services:
> 
>   db:
>     image: mysql:latest
>     container_name: nextcloud-mysql
>     networks:
>       - nextcloud_network
>     volumes:
>       - /opt/mysql/data:/var/lib/mysql
>       - /opt/mysql/log:/var/log/mysql
>       - /opt/mysql/config:/etc/mysql/conf.d
>       - /etc/localtime:/etc/localtime:ro
>     environment:
>       - MYSQL_ROOT_PASSWORD=secret
>       - MYSQL_USER=mysql_user
>       - MYSQL_PASSWORD=secret
>       - MYSQL_DATABASE=nextcloud
>     restart: unless-stopped
>   
>   app:
>     image: nextcloud:latest
>     container_name: nextcloud
>     networks:
>       - nextcloud_network
>     depends_on:
>       - db
>     volumes:
>       - /opt/nextcloud/www:/var/www/html
>       - /opt/nextcloud/data:/var/www/html/data/
>       - /opt/nextcloud/config:/var/www/html/config/
>       - /opt/nextcloud/apps:/var/www/html/apps/
>       - /opt/nextcloud/custom_apps:/var/www/html/custom_apps/
>       - /opt/nextcloud/themes:/var/www/html/themes/
>       - /etc/localtime:/etc/localtime:ro
>     environment:
>       - MYSQL_HOST=db
>     restart: unless-stopped
> 
> volumes:
>   nextcloud:
>   db:
> 
> networks:
>   nextcloud_network:

I had the following in there as well, but pointing a browser toward port 4433 produced a “SSL_ERROR_RX_RECORD_TOO_LONG” error, so I removed it.

> ports:
>       - "4433:80"

My VPS (Plesk web admin) is set up to use nginx for serving static files. That might be relevant, I’m not sure. In any case, I am grateful for all advice.

AIS_Todd · March 13, 2019, 6:50pm

I’m still making mistakes with this installation. I think I can get the Docker Compose application up okay by using the .yml file above. When I enter docker-compose up -d and then docker ps -a, I receive information that both the container nextcloud and the container nextcloud-mysql have a status of “Up x minutes” with ports open on 80/tcp (nextcloud) and both 3306/tcp and 33060/tcp (nextcloud-mysql).

I can then enter chown -R www-data:www-data /opt/nextcloud without any problem, but when I point my browser toward either https://mydomain.com/nextcloud or http://mydomain.com/nextcloud, I receive the following error message:

You do not have permission to access this document.

Is this some other chown thing I’m missing (e.g parent directories), or maybe htaccess configuration? What newbie mistake am I making?

Thanks for any insight.

AIS_Todd · March 18, 2019, 7:54pm

Okay, the docker container with Nextcloud & MySQL images seems to be running fine (I entered docker-compose up -d using the .yml file above). I think I finished all the other configurations that the Server Admin manual recommends (e.g. Apache mods). My /opt/nextcloud directory comes up as follows:

drwxr-xr-x 9 www-data www-data 4096 Feb 17 15:51 nextcloud

When I point my browser toward http://xxx.xxx.xxx.xxx/nextcloud (my remote server’s IP address), I get the following error page:

Forbidden
You don't have permission to access /nextcloud on this server.
--
Apache Server at xxx.xxx.xxx.xxx Port 80

That’s the point where my newbiness has me stumped. Any insight is appreciated.

pete.dawgg · March 19, 2019, 11:26am

if your only requirement is nc on a subdomain (and not necessarily using docker) it’s (probably) much easier using a native install with an additional dns-entry and an apache vhost.
GOOD LUCK!

AIS_Todd · March 19, 2019, 9:41pm

Thanks very much for the suggestion. Docker is not mission-critical for my Nextcloud project, but I was hoping to migrate my server’s software over to Docker containers (possibly contained themselves within one or more LXD containers).

I’ll go back to Square One of the Server Admin Manual and see if I have more success with the snap-based instructions. If any Nextcloud contributors are monitoring, I would appreciate Docker instructions included in the documentation, for future consideration during version upgrades.

Thanks again.

pete.dawgg · March 22, 2019, 10:28am

i think apache, mysql and php is very standard and generic stuff in a debian installation (hence: LAMP); so unless you have very special (esoteric) requirements using docker or snap will just add an unnecessary layer of complexity and decrease performance. i followed the admin handbook quite closely (except for some minor modifications; i run nc.mydomain.com) on my debian-9 system and it works really well. nextcloud and LE-certificate-updates are scripted and run almost automatically.
for le-cert-management i use getssl (a simple bash-script) which is much lighter and more flexible than certbot.
GOOD LUCK!

peteman52 · March 22, 2019, 10:53am

You are totally right !

AIS_Todd · March 25, 2019, 6:11pm

Thanks once again for the great recommendation. For now, both Docker and Snap are out, tar balls are in.

One (newbie) question: since I have Lets Encrypt set up already for my domain (administered through my VPS’s Plesk webapp), do I need a separate certificate for Nextcloud?

Thanks for any insight.

pete.dawgg · March 26, 2019, 10:35am

i think this depends on the way the certs were created. i use getssl for le-cert-management and it lets you include subdomains you need certs for. you can just try to use the cert you have for your subdomain and if it does not work request another one for it.
GOOD LUCK!

AIS_Todd · March 26, 2019, 7:41pm

Thanks very much for the information, I’ll try exactly that approach.