No longer accessible after AIO

Some years ago I hd a nextcloud in a Raspbneryy PI; then I bought a PC exposed port 89 & 443 to my static piblic IP; I have a machine with Ubuntu and the Apache server in my LAN (192,168.1.2) which has multiple virtual servers.

```

mune@fedehome:~$ ls /var/www/html/

index.html nextmune.munerotto.it test.php www.mune.it www.munerotto.it```

mune@fedehome:~$ ls /etc/apache2/sites-enabled/

000-default.conf nextmune.munerotto.it.conf www.mune.it.conf www.munerotto.it.confnextmune.munerotto.it-le-ssl.conf www.mune.it-le-ssl.conf

```

``www.munerotto.it-le-ssl.conf`` (``/var/www/html/www.munerotto.it/``) is my own web home.

In June, to install nextcloud’s AI, I installed Nextcloud-AIO which uses docker and it stopped working; I was never able to use the AI, but -with the help of openAI- both my site and nextcloud worked again (there was probably a ReverseProxy in Apache’s VHost.conf). Last week I changed addresses to the LAN (the server from 192.168.2.200 to 192.168.1.2) but nextcloud didn’t recover. The Apache conf file of the two vhosts for nextcloud:

```

mune@fedehome:~$ cat /etc/apache2/sites-enabled/nextmune.munerotto.it.conf

<VirtualHost *:80>

ServerName nextmune.munerotto.it

DocumentRoot /var/www/html/nextmune.munerotto.it

# Reverse Proxy per Nextcloud AIO

ProxyPreserveHost On

ProxyPass / https://127.0.0.1:8080/

ProxyPassReverse / https://127.0.0.1:8080/

```

and

```

mune@fedehome:~$ cat /etc/apache2/sites-enabled/nextmune.munerotto.it-le-ssl.conf

<VirtualHost *:443>

ServerName nextmune.munerotto.it

# Reverse Proxy per Nextcloud AIO (HTTP sulla porta 8081)

ProxyPreserveHost On

ProxyPass / http://127.0.0.1:8180/

ProxyPassReverse / http://127.0.0.1:8180/

# Configurazione SSL

SSLEngine on

SSLCertificateFile /etc/letsencrypt/live/nextmune.munerotto.it/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/nextmune.munerotto.it/privkey.pem

Include /etc/letsencrypt/options-ssl-apache.conf

```

----------------------------

I understood that

• Nextcloud AIO uses docker
• inside the docker it uses caddy as web server
  • caddy answer to ``https://127.0.0.1:8180`` (not sure)

The Basics

• Nextcloud Server version (e.g., 29.x.x):
  • I don't know how to get it
• Operating system and version (e.g., Ubuntu 24.04):
  • UBUNTU 22.04.5 LTS
• Web server and version (e.g, Apache 2.4.25):
  • Apache/2.4.52 (Ubuntu)

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

mune@fedehome:~$ sudo cat /var/www/html/nextmune.munerotto.it/config/config.php
<?php
$CONFIG = array (
  'instanceid' => 'XXXXXXXXXXXXXXXXXXX',
  'passwordsalt' => 'YYYYYYYYYYYYYYYYYYYYYY',
  'secret' => 'ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ',
  'trusted_domains' => 
  array (
    0 => 'nextmune.munerotto.it',
    1 => '192.168.1.2',
    3 => 'localhost',
  ),
  'datadirectory' => '/opt/nextcloud_data',
  'dbtype' => 'mysql',
  'version' => '30.0.11.1',
  'overwrite.cli.url' => 'https://192.168.1.2',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => '---',
  'dbpassword' => '----',
  'mail_smtpmode' => 'smtp',
  'mail_smtpsecure' => 'ssl',
  'mail_sendmailmode' => 'smtp',
  'mail_smtpauth' => 1,
  'mail_domain' => '---',
  'mail_from_address' => '---',
  'mail_smtphost' => '----',
  'mail_smtpport' => '465 ',
  'mail_smtpname' => '---',
  'mail_smtppassword' => '---',
  'mail_smtpauthtype' => 'LOGIN',
  'installed' => true,
  'logfile' => '/var/log/nextcloud.log',
  'maintenance' => false,
  'loglevel' => 2,
  'theme' => '',
  'updater.secret' => '-----',
  'ai_assistant_provider' => 'openai',
  'ai_assistant_openai_api_key' => '-----',
  'ai_assistant_openai_model' => 'gpt-4',
  'push_provider' => '\\OC\\Notifications\\Push',
);


(Can't find occ.)

Apps

The output of occ app:list (if possible).

Tips for increasing the likelihood of a response

• Use the preformatted text formatting option in the editor for all log entries and configuration output.
• If screenshots are useful, feel free to include them.
  • If possible, also include key error output in text form so it can be searched for.
• Try to edit log output only minimally (if at all) so that it can be ran through analyzers / formatters by those trying to help you.

Didn’t recover how? What happens when you access it?

Your provided configuration does not look like Nextcloud All-In-One (AIO). Are you sure that’s what you’re using?

As long the modem/router forward ports 80/443, the IP change should have been transparent for the web server -and. as conseguent, to NC. That is what with “recover” I meant.

You are right: I have the same feeling. I think that when in June I made that upgrade I made an Nextcloud FRANKSTEIN installation: one half is an old PHP/HTML and a half which is docker based; how it worked up to the last week is a mystery. I think the config.php is the one I used with PHP/HTML one.

I have a simple idea.

1. I can make a backup (beside all the files already synced on my machine there are cooking recipes);
2. delete everything;
3. reinstall the latest NC from scratch;
4. fill the brand new NC with the backup;

Is it feasible solution?

mune@fedehome:/var/www/html/nextmune.munerotto.it$ sudo -E -u www-data php occ config:list system
Nextcloud is in maintenance mode, no apps are loaded.
Commands provided by apps are unavailable.
{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": {
            "0": "nextmune.munerotto.it",
            "1": "192.168.1.2",
            "3": "localhost"
        },
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "30.0.11.1",
        "overwrite.cli.url": "https:\/\/192.168.1.2",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_smtpsecure": "ssl",
        "mail_sendmailmode": "smtp",
        "mail_smtpauth": 1,
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465 ",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauthtype": "LOGIN",
        "installed": true,
        "logfile": "\/var\/log\/nextcloud.log",
        "maintenance": true,
        "loglevel": 2,
        "theme": "",
        "updater.secret": "***REMOVED SENSITIVE VALUE***",
        "ai_assistant_provider": "openai",
        "ai_assistant_openai_api_key": "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",
        "ai_assistant_openai_model": "gpt-4",
        "push_provider": "\\OC\\Notifications\\Push"
    }
}

I inspected the backup I made with with mariadb-dump --single-transaction --default-character-set=utf8mb4 -h ‘127.0.0.1’ -u ‘ncuser’ -p’MYPWD’ nextcloud > /tmp/nextcloud-sqlbkp_maria_date +"%Y%m%d".bak

and the last two users created in NC (out of the 4 total + root) are missing, this makes clear I was using something else. Then I checked the past commands: grep docker .bash_history | grep -E ‘exec|run’

and it shows that I issued commands for

nextcloud-aio-mastercontainer and nextcloud-aio-nextcloud

I think It’s better to clear all and start from scratch but I need help to generate a backup and choose a new distribution of NC (my feeling is that the docker was not the only option - it created isssues with my apache)..

I reinstalled nextcloud-AIO docker; I have a a mariadb dump of the previous istance of NC and a sync of the files in a folder in my main PC.

I removed the old NC with sudo apt purge docker-* .

I installed NC-AIO-docker-25_Autumn following the steps on this guide How to Install Nextcloud with Docker: A Step-by-Step Guide , which is basically the standard one but it makes the debian package use the latest stable release.

As the web site/machine/address can’t be dedicated i needed a Reverse Proxy in the apache vhost configuration in my server machine. I followed the document in git_hub all-in-one/reverse-proxy.md at main · nextcloud/all-in-one · GitHub and Reverse Proxy Setup | nextcloud/all-in-one | DeepWiki .

All the tree are equal. When NC id started says apache uses port 11000 and configure vhost accordingly:

mune@fedehome:~$ cat startnext.sh#! /bin/bashsudo docker run 
–init 
–sig-proxy=false 
–name nextcloud-aio-mastercontainer 
–restart always 
–publish 8080:8080 
–env APACHE_PORT=11000 
–env APACHE_IP_BINDING=0.0.0.0 
–env APACHE_ADDITIONAL_NETWORK=“” 
–env SKIP_DOMAIN_VALIDATION=true 
–volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config 
-volume /var/run/docker.sock:/var/run/docker.sock:ro 
ghcr.io/nextcloud-releases/all-in-one:latest

Pointing the browser to https://192.168.1.2:8080 appears the NC where I logged with the passphrase I got in June.

Moreover I doublecheck is running with

mune@fedehome:~$ curl -vvvk https://127.0.0.1:8080
*   Trying 127.0.0.1:8080...
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=DE; ST=BE; L=Local; O=Dev; CN=nextcloud.local
*  start date: Jun  7 22:36:36 2025 GMT
*  expire date: Jun  5 22:36:36 2035 GMT
*  issuer: C=DE; ST=BE; L=Local; O=Dev; CN=nextcloud.local
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/1.1
> Host: 127.0.0.1:8080
> User-Agent: curl/7.81.0
> Accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< Date: Mon, 27 Oct 2025 12:12:19 GMT
< Server: Apache/2.4.65 (Unix)
< X-Powered-By: PHP/8.4.13
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Location: /login
< Content-Length: 0
< Content-Type: text/html; charset=UTF-8
< Set-Cookie: PHPSESSID=49c0f1db27a14982403847d8e4202660; path=/
< 
* Connection #0 to host 127.0.0.1 left intact

moreover docker ps says that NC’s Apache listen on port 11000:

mune@fedehome:~$ docker ps
CONTAINER ID   IMAGE                                               COMMAND                  CREATED        STATUS                  PORTS                                                                                      NAMES
cbab1297d586   ghcr.io/nextcloud-releases/aio-apache:latest        "/start.sh /usr/bin/…"   19 hours ago   Up 19 hours (healthy)   80/tcp, 0.0.0.0:11000->11000/tcp                                                           nextcloud-aio-apache
fb53b6f23a91   ghcr.io/nextcloud-releases/aio-nextcloud:latest     "/start.sh /usr/bin/…"   19 hours ago   Up 19 hours (healthy)   9000/tcp                                                                                   nextcloud-aio-nextcloud
427856217b25   ghcr.io/nextcloud-releases/aio-clamav:latest        "/start.sh /usr/bin/…"   19 hours ago   Up 19 hours (healthy)                                                                                              nextcloud-aio-clamav
588a73837881   ghcr.io/nextcloud-releases/aio-redis:latest         "/start.sh"              19 hours ago   Up 19 hours (healthy)   6379/tcp                                                                                   nextcloud-aio-redis
0b41b8927b73   ghcr.io/nextcloud-releases/aio-postgresql:latest    "/start.sh"              19 hours ago   Up 19 hours (healthy)   5432/tcp                                                                                   nextcloud-aio-database
2b6157e5d785   ghcr.io/nextcloud-releases/aio-whiteboard:latest    "/start.sh"              19 hours ago   Up 19 hours (healthy)   3002/tcp                                                                                   nextcloud-aio-whiteboard
176c480f02d9   ghcr.io/nextcloud-releases/aio-notify-push:latest   "/start.sh"              19 hours ago   Up 19 hours (healthy)                                                                                              nextcloud-aio-notify-push
a02712c27595   ghcr.io/nextcloud-releases/aio-talk:latest          "/start.sh superviso…"   19 hours ago   Up 19 hours (healthy)   0.0.0.0:3478->3478/tcp, 0.0.0.0:3478->3478/udp, [::]:3478->3478/tcp, [::]:3478->3478/udp   nextcloud-aio-talk
1b6f234f8778   ghcr.io/nextcloud-releases/aio-collabora:latest     "/start-collabora-on…"   19 hours ago   Up 19 hours (healthy)   9980/tcp                                                                                   nextcloud-aio-collabora
07bfec91f6a9   ghcr.io/nextcloud-releases/all-in-one:latest        "/start.sh"              19 hours ago   Up 19 hours (healthy)   80/tcp, 8443/tcp, 9000/tcp, 0.0.0.0:8080->8080/tcp, [::]:8080->8080/tcp                    nextcloud-aio-mastercontainer 

The apache vhost in my server is

mune@fedehome:~$ cat /etc/apache2/sites-enabled/nextmune.munerotto.it-le-ssl.conf 
<VirtualHost *:443>
    ServerName nextmune.munerotto.it
    DocumentRoot /var/www/html/nextmune.munerotto.it
 
    # Reverse proxy based on https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html
    RewriteEngine On
    ProxyPreserveHost On
    RequestHeader set X-Real-IP %{REMOTE_ADDR}s
    AllowEncodedSlashes NoDecode
    
    # Adjust the two lines below to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
    ProxyPass / http://127.0.0.1:11000/ nocanon
    ProxyPassReverse / http://127.0.0.1:11000/
    
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
    RewriteRule .? "ws://127.0.0.1:11000/%1" [P,L,UnsafeAllow3F] # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below

    # Enable h2, h2c and http1.1
    Protocols h2 h2c http/1.1
    
    # Solves slow upload speeds caused by http2
    H2WindowSize 5242880

    # TLS
    SSLEngine               on
    SSLProtocol             -all +TLSv1.2 +TLSv1.3
    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
    SSLHonorCipherOrder     off
    SSLSessionTickets       off

    # Disable HTTP TRACE method.
#    TraceEnable off
#    <Files ".ht*">
#        Require all denied
#    </Files>

    SSLCertificateFile /etc/letsencrypt/live/nextmune.munerotto.it-0001/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/nextmune.munerotto.it-0001/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    # Disable HTTP TRACE method.
    TraceEnable off
    <Files ".ht*">
        Require all denied
    </Files>

    # Support big file uploads
    LimitRequestBody 0
    Timeout 86400
    ProxyTimeout 86400
</VirtualHost>

I have a mariadb dump saved before deleting all:

sudo docker exec -it nextcloud-aio-nextcloud  ./mariadb-dump --single-transaction --default-character-set=utf8mb4 -h ‘127.0.0.1’ -u ‘ncuser’ -p’MYPWD’ nextcloud
sudo docker cp nextcloud-aio-database /mnt/data/database-dump-251026.sql tmp/

Now it seems it uses PostgreSQL and mariaDB:

mune@fedehome:~$ sudo docker exec -it nextcloud-aio-database  mysql 
OCI runtime exec failed: exec failed: unable to start container process: exec: "mysql": executable file not found in $PATH: unknown
mune@fedehome:~$ sudo docker exec -it nextcloud-aio-database psql
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL:  role "postgres" does not exist
mune@fedehome:~$ 

I did all from scratch beside keeping the dir in /var/www/html/nextmune.munerotto.it/ (so the config.php).
But still the NC isn’t reachable on my standard https address,
Is something wrong?

Finally I was able to get my nextcloud working again.

It was such a silly little thing: everything started because I redesigned the LAN; the problem was that in the file /etc/hosts of the ubuntu web server there still was the entry 192.168.2.200 nextmune, I edited it as192.168.1.2 nextmuneand new plain html installation worked.