Nextcloudpi port change

Copaxy · July 2, 2021, 10:55pm

Operation System: OMV5
Nextcloud version: 20
NextcloudPi version: 1.34.6

I want to change the internal port of my nextcloudpi docker. I want to run a nginx reverse proxy and need port 80 and 443 free for nginx. I changed the internal ports of nextcloudPi in my docker settings already but i cannot reach my nextcloud page. My NextcloudPi page i can reach.

I just wanna change the internal ports not the external. Everything should be still reachable through port 80 and 443 as external ports from my reverse proxy, just the internal ports should be different ones.

my config.php looks like this:

<?php
$CONFIG = array (
  'passwordsalt' => 'xx',
  'secret' => 'xx',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    11 => '91.20.172.98',
    1 => '172.17.0.9',
    5 => 'nextcloudpi.local',
    7 => 'nextcloudpi',
    8 => 'nextcloudpi.lan',
    6 => 'mylocalhost1',
    22 => 'mylocalhost',
    12 => 'mysubdomain.de',
    21 => 'mysubdomain.de',
  ),
  'datadirectory' => '/data/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '20.0.8.1',
  'overwrite.cli.url' => 'https://mysubdomain.de/',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'ncadmin',
  'dbpassword' => 'mydbpassword',
  'installed' => true,
  'instanceid' => 'myinstanceid',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '/var/run/redis/redis.sock',
    'port' => 0,
    'timeout' => 0.0,
    'password' => 'mypassword',
  ),
  'tempdirectory' => '/var/www/nextcloud/data/tmp',
  'mail_smtpmode' => 'sendmail',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_from_address' => 'admin',
  'mail_domain' => 'ownyourbits.com',
  'preview_max_x' => '2048',
  'preview_max_y' => '2048',
  'jpeg_quality' => '60',
  'overwriteprotocol' => 'https',
  'maintenance' => false,
  'loglevel' => 2,
);

Can someone help me what i am doing wrong?

OliverV · July 5, 2021, 12:51pm

What exactly did you change?

Copaxy · July 5, 2021, 1:23pm

I went in my docker settings (portainer) changed the ports to p8081:80 and p4433:443 because i want my internal port 80 and 443 free for other use

Larry_Boyd · July 5, 2021, 5:20pm

Try forcing the external port number in overwrite.cli.url, as in https://mysubdomain.de:443/

Why do you need to “free” the ports? Can’t you just put in a name-based virtual host for the other service? Or add another internal IP address?

Copaxy · July 5, 2021, 6:24pm

The reason is because nextcloudPi has letsencrypt included in the image and so blocks port 80 and 443 but i need port 80 and 443 open because i use a reverse proxy which forces to use port 80 and 443.
Because nginx needs port 80 and 433 i need to make space. Because i want to let the reverse proxy handle the things for what request goes to what device or docker that i can use multiple dockers which all need port 80.

For example i run a bitwarden docker, my reverse proxy and my nextcloudpi. Thats why i want to change the internal port of nextcloudPi so that my reverse proxy can send the requests over my subdomain to nextcloudpi. Otherwise i have to run just nextcloudpi without reverse proxy and then also can’t run bitwarden.

I hope i explained it better. Sorry if i explain it a bit messy.

Larry_Boyd · July 5, 2021, 6:44pm

I’m making some assumptions here to fill in what you didn’t describe. It sounds to me that you have letsencrypt on the nextcloud “container”, configured with certbot running in standalone mode, which means that it is using ports 80 and 443 and forcing your nextcloud onto alternative ports. That correct?

The solution is to use certbot in either webroot or nginx mode. This way both certbot and nextcloud can be handled by the same port through the same webserver rather than having to muck around with filtering the letsencrypt and nextcloud traffic to different ports.

Larry_Boyd · July 5, 2021, 6:50pm

For example;

certbot certonly --webroot --text --email me@myserver.net --webroot -w /var/www/nextcloud -d nextcloud.myserver.net --agree-tos --renew-by-default

This presumes that the webroot for nextcloud.myserver.net is located at /var/www/nextcloud/

What happens here, is that certbot copies a verification file into the webroot, performs the verification step, and then deletes it. It doesn’t actually have to listen on any port, thus there is no port conflict.

Copaxy · July 5, 2021, 8:30pm

I am sorry for describing so bad… Yes i run a nextcloudPi container and because of letsencrypt or cerbot (I am sorry, i am not so familiar with special nextcloud or nextcloud image relatet knowledge) it forces me to use port 80 and 443 instead of a normal nextcloud container with just port 80 what i can adjust.
I have also run one time a nextcloud container on ports 8080:80 and it worked with nginx. But i would like to have the benefits of nextcloudPi (backup function etc.), so i try to get it running the same way but as you explained i face the port issue.

I am not sure so please correct me when i am wrong.

So do you mean that if i can let it run through “one” port i can for example take a random port like for example 8081 and can then use it with nginx together and same as with my bitwarden container tell nginx to connect it to my subdomain? So it is not forcing me to use those two fixed ports? Or am i on the wrong train?

Larry_Boyd · July 6, 2021, 1:17pm

I mean forget all about port 8080 or 8081. They are irrelevant. Each container has a different IP address, therefore there is no port collision even if they use the same ports!

subdomain1_public_ip:443 → host proxy → nc-letsencrypt:443
subdomain2_public_ip:443 → host proxy → bitwarden:443

Copaxy · July 6, 2021, 4:59pm

Ahh okey i begin to understand. Yeah true makes sense. But then i don’t untderstand why when i want to launch my nextcloudPI container it says it can’t launch because of the already in use port 80 and 443?
Then what is blocking it?

Is this the certbot thing you before said? that if it is in standalone mode it forces me to use certain ports because it wants to handle the traffic for letsencrypt differently then the normal nextcloud traffic on one random port (port 80 or whatever intern)?

Because in total there are 3 ports needed. One for the ncp panel, then the letsencrypt thing traffic port and a nextcloud port.

Is this what you mean is my problem?

Larry_Boyd · July 9, 2021, 7:24pm

Sorry for the delay, I’ve been a bit busy.

Run this;

netstat -ltnp | grep ":80 \|:443 "

That will tell you what processes are listening on ports 80 and 443.

For example, on my server, I have apache (httpd) only;

# netstat -ltnp | grep ":80 \|:443 "
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      759870/httpd        
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      759870/httpd

This server runs multiple virtual hosts, and uses letsencrypt for the SSL cert.

Copaxy · July 9, 2021, 10:48pm

No problem, no need to say sorry. I am happy that someone is helping me because i dont know how to solve that.

When i run the command you say i get this output:

root@raspberrypi:~# netstat -ltnp | grep ":80 \|:443 "
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      3116/docker-proxy
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      2671/docker-proxy
tcp6       0      0 :::80                   :::*                    LISTEN      3190/docker-proxy
tcp6       0      0 :::443                  :::*                    LISTEN      2695/docker-proxy

It looks like one of them is definitely my nginx reverse proxy container but i dont know what the others are…
okey i tested a bit, it seems like that this output is only the proxy nothing else. But still i dont understand a thing here or how to solve this problem…

I guess as you say i have to somehow modify the nextcloudPI container.

Copaxy · July 24, 2021, 11:30am

So i am writing a final post for people with the same Problem or with the same plans.

I did solve the problem now and it is working.

What i did:

Based on Larrys post i went in my docker containers command window and got this result.

So it did work (explanation see in the post of Larry above)

Then i went in my docker container again and changed the internal ports of nextcloudPi
Then make sure in the confi.php of the nextcloudPi container you have

'overwrite.cli.url' => 'https://mysubdomain.mydomain.com'

Make sure you adjusted the trusted domains in the config.php
Then it still will not work yet BUT after the next few steps. You go into your ReverseProxy and set a Proxy host for the nextcloudPi container

Missing Pictures in post below

location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }

After all this is should work. Everything works very flawless.

So i hope it could help someone.

Copaxy · July 24, 2021, 11:36am

Somehow the pictures are not able to be uploaded. It always throws an error

Maxxxel · April 15, 2022, 3:41pm

Sorry for necro… but recently im in a similar situation and dont know the right way to do that.
I have a RPi 4 running a webserver with some sites, now i want to run NCP as a docker image reachable by cloud.domain.net.

My domain is already secured by certbot.

Whats the right way to do that?