The Basics
- Nextcloud Server version (e.g., 29.x.x):
30.0.2
- Operating system and version (e.g., Ubuntu 24.04):
nomad Cluster
- Web server and version (e.g, Apache 2.4.25):
nextcloud:30.0.2 image
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
Container
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
external load balancer
Summary of the issue you are facing:
Due to design, we build our container with the apps inside the container itself and not on a volume. Therefore, we use two different pods for the Nextcloud and the notify_push servers without shared volume. Both are reachable through an external load balancer. Now we face the issue that we want to use notify_push, mostly for push notifications with the Talk feature. While both services are reachable from outside and within, the push notify service is not able to reach the Nextcloud server during the self-test.
www-data@nextcloud:~/html$ php occ notify_push:setup https://next.cloud/push
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
🗴 push server can't connect to the Nextcloud server
error sending request for url (https://next.cloud/index.php/apps/notify_push/test/cookie)
We can reach the nextcloud server through the provided url and curl from within the notify_push pod and get back the cookie.
For our setup we mostly used the AIO Deployments which minor changes to the nomad cluster and major changes due to the missing shared volumes.
Our main questions are right now if the issue we are facing has something to do with our design, so that both services (push and nextcloud) have to access the same binary and path, or if this is still a network error we have to troubleshoot?
Nextcloud
Configuration
Our changed entrypoint script
#!/bin/bash
export NOTIFY_PUSH_PATH="/usr/src/nextcloud/apps/notify_push/bin/x86_64/notify_push"
if [ -z "$NEXTCLOUD_HOST" ]; then
echo "NEXTCLOUD_HOST needs to be provided. Exiting!"
exit 1
elif [ -z "$POSTGRES_HOST" ]; then
echo "POSTGRES_HOST needs to be provided. Exiting!"
exit 1
elif [ -z "$REDIS_HOST" ]; then
echo "REDIS_HOST needs to be provided. Exiting!"
exit 1
fi
# Only start container if nextcloud is accessible
while ! nc -z "$NEXTCLOUD_HOST" 443; do
echo "Waiting for Nextcloud to start..."
sleep 5
done
# Funktion, um Sonderzeichen im Passwort zu URL-encodieren
url_encode_password() {
local raw_password="$1"
local encoded_password=""
local char
# Gehe jedes Zeichen im Passwort durch und kodieren, falls notwendig
for (( i=0; i<${#raw_password}; i++ )); do
char="${raw_password:i:1}"
case "$char" in
[a-zA-Z0-9] )
# alphanumerische Zeichen bleiben unverändert
encoded_password+="$char"
;;
" " )
# Leerzeichen werden zu '%20'
encoded_password+="%20"
;;
"!" )
encoded_password+="%21"
;;
"\"" )
encoded_password+="%22"
;;
"#" )
encoded_password+="%23"
;;
"$" )
encoded_password+="%24"
;;
"%" )
encoded_password+="%25"
;;
"&" )
encoded_password+="%26"
;;
"'" )
encoded_password+="%27"
;;
"(" )
encoded_password+="%28"
;;
")" )
encoded_password+="%29"
;;
"*" )
encoded_password+="%2A"
;;
"+" )
encoded_password+="%2B"
;;
"," )
encoded_password+="%2C"
;;
"/" )
encoded_password+="%2F"
;;
":" )
encoded_password+="%3A"
;;
";" )
encoded_password+="%3B"
;;
"<" )
encoded_password+="%3C"
;;
"=" )
encoded_password+="%3D"
;;
">" )
encoded_password+="%3E"
;;
"?" )
encoded_password+="%3F"
;;
"@" )
encoded_password+="%40"
;;
"[" )
encoded_password+="%5B"
;;
"\\" )
encoded_password+="%5C"
;;
"]" )
encoded_password+="%5D"
;;
"^" )
encoded_password+="%5E"
;;
"_" )
encoded_password+="%5F"
;;
"{" )
encoded_password+="%7B"
;;
"|" )
encoded_password+="%7C"
;;
"}" )
encoded_password+="%7D"
;;
"~" )
encoded_password+="%7E"
;;
* )
# Alle anderen Zeichen werden ebenfalls durch %HEX ersetzt
encoded_password+=$(printf '%%%02X' "'$char")
;;
esac
done
echo "$encoded_password"
}
POSTGRES_PASSWORD=$(url_encode_password "$POSTGRES_PASSWORD")
# Correctly set CPU_ARCH for notify_push
CPU_ARCH="$(uname -m)"
export CPU_ARCH
if [ -z "$CPU_ARCH" ]; then
echo "Could not get processor architecture. Exiting."
exit 1
elif [ "$CPU_ARCH" != "x86_64" ]; then
export CPU_ARCH="aarch64"
fi
# Add warning
if ! [ -f $NOTIFY_PUSH_PATH ]; then
echo "The notify_push binary was not found."
echo "Most likely is DNS resolution not working correctly."
echo "You can try to fix this by configuring a DNS server globally in dockers daemon.json."
echo "See https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
echo "Afterwards a restart of docker should automatically resolve this."
echo "Additionally, make sure to disable VPN software that might be running on your server"
echo "Also check your firewall if it blocks connections to github"
echo "If it should still not work afterwards, feel free to create a new thread at https://github.com/nextcloud/all-in-one/discussions/new?category=questions and post the Nextcloud container logs there."
echo ""
echo ""
exit 1
fi
echo "notify-push was started"
# Set a default value for POSTGRES_PORT
if [ -z "$POSTGRES_PORT" ]; then
POSTGRES_PORT=5432
fi
# Set a default for redis db index
if [ -z "$REDIS_DB_INDEX" ]; then
REDIS_DB_INDEX=0
fi
# Set a default for db type
if [ -z "$DATABASE_TYPE" ]; then
DATABASE_TYPE=postgres
elif [ "$DATABASE_TYPE" != postgres ] && [ "$DATABASE_TYPE" != mysql ]; then
echo "DB type must be either postgres or mysql"
exit 1
fi
# Set sensitive values as env
export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB"
export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST:$NOMAD_HOST_PORT_db/$REDIS_DB_INDEX"
echo $NOTIFY_PUSH_PATH
# Run it
$NOTIFY_PUSH_PATH \
--database-prefix="oc_" \
--nextcloud-url "https://$NC_DOMAIN" \
--port 7867