[OUTDATED] Nextcloud + nginx reverse proxy + letsencrypt in docker containers

Snowyo · September 16, 2016, 8:30am

Hey,

I got it running a few minutes ago, I’m just double checking and uploading the hopefully working configuration. Stay tuned

Snowyo · September 16, 2016, 8:34am

Hey,

I finally got a working version again. Seems that keeping old configuration files can trick you very badly ;).

Steps to repoduce:

Be sure to cd to your docker-compose folder
Cancel running docker-containers

docker-compose down

Delete all files/folders (that includes the docker-compose.yml and ./nextcloud and ./proxy directories). Everything will be recreated automatically.

rm ./* -r

Download this docker-compose.yml

curl https://gist.githubusercontent.com/SnowMB/758bb6c993372111629f4e86c0e1de1a/raw/b1e6d4454ef4af302eca19061bebbd573725d96f/docker-compose.yml > docker-compose.yml

Insert your passwords, email-address and domain name into the compose-file

nano docker-compose.yml

Create the folder for the template and use this nginx.tmpl

mkdir proxy/templates -p
curl https://gist.githubusercontent.com/SnowMB/87c5360f9bf81925af26c31f6d71410e/raw/fc8784d1cbc8ad56047b10630b68c1830859bf63/nginx.tmpl > ./proxy/templates/nginx.tmpl

Run docker-compose

docker-compose up -d

When you can confirm that it works I’ll rework the guide in the first post.

tk1 · September 17, 2016, 4:58am

Hey mate, you are an absolute legend!!
Hugely appreciate your time and efforts helping me with this!

I am just away from my Mac atm but will definitely try this out either tonight or tomorrow and report back.

Have a great weekend!

tinsjourney · September 17, 2016, 6:46am

Hello

Had the same issue than tk1, and weren’t able to find why it wasn’t working.
Just retry with your last docker-compose.yml and nginx.tmpl and I can confirm it’s working on my side.

Thanks

tinsjourney · September 17, 2016, 7:30am

Another weird behavior, I can’t upload file more than 1M.

It’s well configured in nextcloud to 10G, but seems that nginx variable client_max_body_size is not set, so we use the default 1M value.

Do you have the same problem ?

tk1 · September 21, 2016, 7:17am

Hi Snowyo

Sincere apologies for the delay in getting back to you…had something come up at work and wasn’t able to get back to this.

Okay the good news is that I have managed to get it working following your latest instructions!!

The only issue I am currently experiencing is (as per tinsjourney above) I cannot seem to upload any files above 4M in size (in fact it might even be less than this but thats just were the desktop client seems to reset).

Steps I have taken to fix this:

Adding the following to ./proxy/conf.d/default.conf

http {
client_max_body_size 30M;
}

I then restarted the nginx container.

This did not fix the problem. Any ideas?

tk1 · September 22, 2016, 1:24am

Did you find any solution to this as yet?

Snowyo · September 22, 2016, 3:14pm

@tinsjourney, @tk1

I have not found a fix for the configuration above. But with digging into the topic I tried out this container image by the same author that combines the docker-gen and nginx reverse proxy function in one container and seems to be more user friendly.

The docker-compose file is very similar to the other configuration:

gist.github.com

https://gist.github.com/SnowMB/758bb6c993372111629f4e86c0e1de1a

docker-compose.yml

version: '2'


services:
  nginx:
    image: jwilder/nginx-proxy
    container_name: nginx
    ports:
      - 80:80
      - 443:443

This file has been truncated. show original

With this configuration there is an easy fix for your problem:

Create a .conf file and add it to the folder ./proxy/conf.d/. The name does not matter.

client_max_body_size 100m;

(You just need this one line)

For more information see GitHub - nginx-proxy/nginx-proxy: Automated nginx proxy for Docker containers using docker-gen

tk1 · September 23, 2016, 7:46am

No luck unfortunately

Tried adding this line to the default.conf file which gets created after running the docker-compose (tried pausing and unpausing etc.) and also tried adding in a separate file.conf to ./proxy/conf.d/ but again, no luck.

Any thoughts?

PS - still not had any further success integrating the wekan container into this setup. My ultimate goal is to be able to integrate wekan and possibly one or two other images (Wordpress etc.) as well. Any help (as always) would be hugely appreciated!

Have a great weekend.

Snowyo · September 23, 2016, 7:56am

Hmm,

For your Wekan container problem you can try this:

There might be an issue with the docker networks. Docker-compose version 2 creates a network for each docker compose file. So when you start the wekan container with a seperate compose file it might not be recognised.

Solution to this is creating a external docker-network like I explained in the initial post. You have to add the nginx proxy, wonderfall/nextcloud and mariadb container to the network. When creating the compose file for your wekan container define the same external network and add the wekan container to it.

tk1 · September 26, 2016, 2:04am

Sorry I am a little confused… Do I create a new docker-network (named something else) so that I end up with two networks? And if so, which containers connect to which network(s)?

If you have the time I would be very grateful for a step-by-step walk through of the process to get this up and running successfully. Once I have learnt how to do this I am hopeful I will be able to replicate the procedure to do the same with a WordPress container!

Appreciate your help very much my friend!

Snowyo · September 26, 2016, 7:29am

Ok Sorry for the confusion

It depends a little on where you started. If you started with my original guide from the first post you have created a docker network in the past and can use that one. The solution I posted later didn’t use an external network.

What I got from reading the guides for the containers and Issues on GitHub is the following:

For the docker-gen container to create the right proxy configuration it needs to be in the same network as the container to be proxied (in your case Nextcloud and Wekan)
Docker-Compose (v2) creates a default docker-network for all containers in the file (that is the reason why my later example didn’t need one)
If you use two docker-compose files (as you said you do), the only solution to get the containers in the same network is to use an external defined one

So the step by step solution would be the following:

Check if you (still) got the network with docker network ls. Look for something like that

3202169f7225 nginx-proxy bridge local

If you don’t have it create it with

docker network create -d bridge nginx-proxy

Go to your compose files. Start with the file where you defined the nginx-proxy and docker-gen container. I asume it is your nextcloud configuration. Add to the end of the file (replace the dots with spaces)

networks:
…proxy-tier:
…external:
…name: nginx-proxy

Now add to the nginx-proxy container, the docker-gen container, the database and the nextcloud container these lines. (replace the dots with spaces)

networks:
…- proxy-tier

Repeat steps 2 and 3 for your Wekan compose file.

tk1 · September 26, 2016, 11:34pm

Cheers mate, I’ll try this now!

BTW - I found this yesterday -->
http://steveltn.me/2015/12/18/nginx-acme/

Seems to simplify things greatly. Apparently not compatible with v2 docker-compose but wondering does this matter?
Have written to the author for some guidance on integration with other containers but not heard back as yet. Will keep you posted if/when I hear anything.

Thanks again my friend!

Snowyo · September 27, 2016, 9:27am

Hey,

Could be a possibility, but as far as I see it has one downside: It requires you to list all domains in the https-portal compose file. Your setup with 2 seperate compose files or dynamically adding containers for other sub domains seems impossible without reconfiguring and restarting https-portal.

There is a somewhat simpler solution than the 3 containers (nginx, docker-gen, letsencrypt) that I postet before. It uses the same tech, but combines nginx and docker-gen in one container. With that setup the template file is included in the container, so you don’t have to worry about that anymore. It is heavily used (>5million pulls from dockerhub) and developed (currently > 30 pull requests on github).
When going through the comits to the template file in the container, I saw that there are some security issues adressed, that I would not have ever known of. So I feel better off having the community keeping track of it

In my test the letsencrypt integration worked without any problems and personally I’ll go with this container from now on. When I have some free time I’ll rewrite the whole guide and give some new docker-compose examples.

yatzy · September 28, 2016, 2:34pm

Hey,

Thank you Snowoy for the great work. I have now repeated your instructions couple of times but all the times I get to the same error. I get the service up and running quite stably, but when I fill the login credentials for the db I get following error message

							Error while trying to create admin user: Failed to connect to the database: An exception occured in driver: SQLSTATE[HY000] [2002] Can't connect to local MySQL server through socket '/run/mysqld/mysqld.sock' (2 "No such file or directory")

Just can’t figure out what this is about…

tinsjourney · September 29, 2016, 5:44am

thanks for this info.

I confirm it works when adding the line to ./proxy/conf.d

FYI I also try a per virtual host conf described here https://github.com/jwilder/nginx-proxy#per-virtual_host
but it doesn’t work when you first start your container and wait for let’s encrypt request on port 80.
Once you have a valid certificate, and you had your custom nginx con to ./proxy/vhost.d/{VIRTUAL_HOST} there’s no problem.
need to check with JrCs/docker-letsencrypt-nginx-proxy-companion

Snowyo · September 29, 2016, 8:39am

@yatzy can you post the docker compose logs?

docker-compose logs

Possible solutions I can think of right know:

Check the volume in your database container for typos.

volumes:
- ./nextcloud/db:/var/lib/mysql

And try deleting the db folder and restart the containers.

docker-compose down
sudo rm nextcloud/db/ -r
docker-compose up -d

@tinsjourney thanks for the info

yatzy · September 29, 2016, 4:11pm

Heres the docker-compose logs
pastebin

Could not find anything unusual from db container. Worth of noting that I’m somewhat new to docker, but I guess ‘docker inspect mariadb:10’ was what you were looking for?

After restarting the containers could not connect to nextcloud anymore.

Thank you for your help! It would be brilliant to get this working.

Snowyo · September 30, 2016, 8:15am

I meant the volume definition in the compose file.

I compared your log with the logs of my working setup and found no unusual lines or errors. Could you show the compose file? (remember to replace/delete passwords / domain name before uploading)

Rednas16 · November 27, 2016, 10:50pm

hey snowyo

i’ve been messing around with owncloud for years, never got it working …

now nextcloud’s guideline are a little more user friendly, I got it working but when I try to configure the fancy performance enhancing thingies like php-fpm and memchache, my knowlege results in a broken dedicated ubuntu server wich i need to reinstall… also reverse dns a lot of trial and error

so now i want to figure things out with docker

do you have any tips or guides? github sents me to : https://github.com/indiehosters/nextcloud

thx anyway