Nginx Proxy Manager in macvlan network unable to resolve nextcloud-aio-apache (Docker advice)

bejoro · March 18, 2026, 12:43pm

Please, I would ask for your help even if this is not a genuine Nextcloud AIO problem but more of a understanding Docker problem on my side.

For quite some time, everything was working perfectly fine. Nginx PM in his macvlan pointing at nextcloud-aio-apache:11000.

Suddenly after an update of Nextcloud, Nginx PM or Docker, I don’t know what caused that, Nginx PM was not able to resolve the hostname “nextcloud-aio-apache” any more (nginx pm error log). I tried an external Caddy container and the same problem.

So I started digging, I am no Docker expert but I know the basics (I hope). The network “nextcloud-aio” was already in the Nginx PM compose file at the bottom as external, but somehow not “connected” to the container.

I added it to the networks section of the service and everything seemed to work again until I had to redeploy/recreate the Nginx PM container. The container would not start and complained about an already exposed port 80. I restarted the container and everything worked fine again. But after an server reboot or an recreate after an update the same problem again.

I assigned the port 80 and port 443 of the Nginx PM directly to the macvlan interface ip addr. But still, then I get the following error message if I recreate the container. If I restart the container after the container already exists, no error and everything works again.

Error response from daemon: failed to set up container networking: driver failed programming external connectivity on endpoint nginx-proxy-manager (189e2123699b8b7444c4a251f0096317ebd3234903870aefe76955fc60d3eb0c): failed to bind host port 192.168.178.35:80/tcp: cannot assign requested address

My Nginx PM compose file:

services:
  nginxpm:
    image: 'jc21/nginx-proxy-manager:latest'
    container_name: nginx-proxy-manager
    restart: unless-stopped
    networks:
      nginxpm-network:
        ipv4_address: ${NGINXPM_IP4_ADDR}    #Change, your nginx-pm ip-address (macvlan)
        mac_address: xx:xx:xx:xx:xx:xx  # your mac address (von Fritzbox übernommen, nach erstem Start)
      nextcloud-aio:
    ports:
      # These ports are in format <host-port>:<container-port>
      - '${NGINXPM_IP4_ADDR}:80:80' # Public HTTP Port
      - '${NGINXPM_IP4_ADDR}:443:443' # Public HTTPS Port
      - '${NGINXPM_IP4_ADDR}:81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP

    # Uncomment the next line if you uncomment anything in the section
    # environment:
      # Uncomment this if you want to change the location of
      # the SQLite DB file within the container
      # DB_SQLITE_FILE: "/data/database.sqlite"

      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'

    volumes:
      - ${APPDATA}/nginx-proxy-manager/data:/data
      - ${APPDATA}/nginx-proxy-manager/letsencrypt:/etc/letsencrypt

networks:
  nginxpm-network:
    name: macvlan       # network name of your macvlan network
    external: true
  nextcloud-aio:
    name: nextcloud-aio
    external: true

What am I doing wrong?

If I remove the interface ip addr in front of the port mappings, I will occasionally get an error message that port 80 was already assigned (I have not been able to reproduce this error today).

Any advice would be very much appreciated. Thank you!

bejoro · March 19, 2026, 7:14pm

sudo docker ps --format "table {{.Names}}\t{{.Ports}}"

nextcloud-aio-apache            80/tcp, 0.0.0.0:11000->11000/tcp
nextcloud-aio-nextcloud         9000/tcp
nextcloud-aio-imaginary
nextcloud-aio-fulltextsearch    9200/tcp, 9300/tcp
nextcloud-aio-redis             6379/tcp
nextcloud-aio-database          5432/tcp
nextcloud-aio-whiteboard        3002/tcp
nextcloud-aio-notify-push
nginx-proxy-manager             80-81/tcp, 443/tcp
nextcloud-aio-mastercontainer   80/tcp, 8443/tcp, 9000/tcp, 0.0.0.0:8080->8080/tcp, [::]:8080->8080/tcp

In the Nextcloud AIO compose file only port 8080 has been exposed.

Why do I get the error message from above if I recreate the Nginx PM container?

What can I do to resolve this?

docker port nextcloud-aio-mastercontainer
8080/tcp -> 0.0.0.0:8080

docker port nextcloud-aio-apache
11000/tcp -> 0.0.0.0:11000

docker port nginx-proxy-manager

wwe · March 19, 2026, 9:03pm

I’m not deep into AiO so bare with me. AFAIK AiO is rectreating containers and networks from time to time (e.g. upgrade or restart) I assume this is the reason for disconnected network - you simply connected the old version which doesn’t exist anymore.

For reverse proxy you should create a network manually which you configure in AiO (and in your reverseproxy as well) --env APACHE_ADDITIONAL_NETWORK="" see all-in-one/reverse-proxy.md at main · nextcloud/all-in-one · GitHub

--env APACHE_ADDITIONAL_NETWORK="" This can be used to put the sibling apache container that is created by AIO into a specified network - useful if your reverse proxy runs as a container on the same host. See this documentation

I’m also unsure if Docker DNS for macvlan is possible - IMO docker doesn’t provide it’s magic internal DNS on external networks like macvlan or ipvlan.

bejoro · March 19, 2026, 9:49pm

Thank you very much.

I have created a new bridge network. Removed the nextcloud-aio network from my nginx pm compose file and added instead the newly created bridge network.

In the nextcloud compose file I added the new network to APACHE_ADDITIONAL_NETWORK=""

Nextcloud-AIO down, recreate, AIO WebUI, start all containers, Nextcloud works.

This works but if I recreate the Nginx PM container I still get the error message:

Error response from daemon: failed to set up container networking: driver failed programming external connectivity on endpoint nginx-proxy-manager (168f6814c7f8bf70e26515f878cb922840cf3ef8dbf9f2d2d65ce066fd02ba2e): failed to bind host port 192.168.178.35:80/tcp: cannot assign requested address

If the Nginx PM container already exists it starts/restarts fine and the reverse proxy is working and I get the Nextcloud login.

That’s such an unusual behaviour I have never had before with docker. Something seems to be off with the macvlan. I have no idea any more.

I could switch to Caddy instead of Nginx PM but I couldn’t figure out, how to get MeshCentral working with Caddy. With Nginx PM it was easy peasy. But that’s a different story.

wwe · March 20, 2026, 11:44am

OK, I think I got the problem..

based on this

I assume your variable ${NGINXPM_IP4_ADDR} with content 192.168.178.35 is expected to define nginx address in the nginxpm-network: (which is you macvlan I assume)..

but at the same time you try to expose host ports: with this IP address

contrary to you your own comment # These ports are in format <host-port>:<container-port>

this is exactly what Docker complains about

bejoro · March 20, 2026, 1:44pm

Thanks for your reply.

Yes, the variable ${NGINXPM_IP4_ADDR} contains the mentioned ip addr of the nginx pm in the macvlan network.

I added the ip address to the port mapping to bind the port to an interface. If I don’t do that the recreation complains about an already assigned port 80 (host?). Which is not the case neither in the nextcloud-aio nor macvlan network nor in the new nginxpm-bridge-network.

The docker host uses port 80 for its web interface (Open Media Vault) redirected to htps/443. That’s the reason for macvlan und why I tried to bind the port 80 to the macvlan ip addr/interface.

Port mappings without interface binding:

- 80:80
- 443:443

Result after --force-recreate

Error response from daemon: failed to set up container networking: driver failed programming external connectivity on endpoint nginx-proxy-manager (428f92da8fb640b430294d6b8534c05f17e02f1fa69beefd310b4605fc52acb4): failed to bind host port 0.0.0.0:80/tcp: address already in use

Which would make sense, because the docker host uses port 80 already.

The macvlan interface assignment to the port was a test to see if it solves the problem which doesn’t or rises a different problem. I don’t know.

Btw, the comments are from the original nginx PM compose file. Sorry for the confusion.

bejoro · March 20, 2026, 7:31pm

First: All this has nothing to do with Nextcloud AIO, nextcloud-aio network etc.

I have done a lot of research and the solution is very simple:

MACVLAN does not support port mapping!

The container in a macvlan network acts like any bare metal machine in your network. If you open a specific port on that machine, for example port 80 or port 443, the software on that machine is reachable by these ports. There is no port mapping on that machine (of course there are ways but not without any additional software and configuration).

A container with exposed ports in a macvlan network acts like a machine on which these ports are reachable or passed through to the underlying software. A port mapping makes no sense in this case and is not possible (the macvlan driver does not support it).

If you add a service to your macvlan network, remove any port mapping in the compose file or your docker command line.

And that’s the reason for the strange behavior and error messages.

Just google for “Docker macvlan port mapping” and you will find the information.

Example:

Blocking and changing ports in macvlan

https://forums.docker.com/t/blocking-and-changing-ports-in-macvlan/119631

system · March 28, 2026, 7:32pm

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.