[PARTIALLY SOLVED] "502 Bad gateway" error solved in first, "504 Timeout" or "Internal Server Error" comes after

Hi,

After losing several disks on a ZFS volume (which didn’t like my last house changing), I lost my nextcloud configuration. To date, I can no longer access my nextcloud container and take a “502 Bad Gateway” error.

I precise i have a nginx proxy with modSecurity in front of my docker host.
For now, i have disabled modSecurity in my nginx proxy configuration, and I’m using proxy_pass to redirect requests to the nginx container of my nextcloud stack.

http {  
  modsecurity off;
  modsecurity_rules_file /etc/nginx/modsec/main.conf;

  server {
    listen 80;
    server_name nextcloud.domain.tld;
    return 301 https://$server_name:443$request_uri;
  }

  server {
    listen 443 ssl;
    server_name nextcloud.domain.tld;

    ssl_certificate /pki/fullchain.pem;
    ssl_certificate_key /pki/privkey.pem;

    access_log /var/log/nginx/nextcloud_access.log;
    error_log /var/log/nginx/nextcloud_error.log;

    location / {
      proxy_pass https://192.168.0.210:10100;      #IP address of my docker host and port of the web container in my nextcloud stack
    }
}

Now, can you point out my error in the docker-compose.yml file below:

version : '3'
services:


  nextcloud-db:
    image: mariadb:10.6
    container_name: nextcloud-db
    restart: always
    networks:
      - nextcloud
    ports:
      - 10103:3306
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
    volumes:
      - /data_tech/nextcloud/nextcloud_db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=**********
      - MYSQL_PASSWORD=**********
      - MYSQL_DATABASE=**********
      - MYSQL_USER=**********


  nextcloud-redis:
    image: redis:7.0.11
    container_name: nextcloud-redis
    restart: always
    networks:
      - nextcloud
    ports:
      - 10101:6379
    command: redis-server --requirepass **********


  nextcloud-app:
    image: nextcloud:fpm-alpine
    container_name: nextcloud-app
    restart: always
    networks:
      - nextcloud
    ports:
      - 10102:9000
    environment:
      - MYSQL_PASSWORD=**********
      - MYSQL_DATABASE=**********
      - MYSQL_USER=**********
      - MYSQL_HOST=nextcloud-db
      - MYSQL_PORT=10103
      - REDIS_HOST=nextcloud-redis
      - REDIS_HOST_PORT=10101
      - REDIS_HOST_PASSWORD=**********
      - DEFAULT_PHONE_REGION=FR
      - TRUSTED_DOMAINS=nextcloud.domain.tld
    links:
      - nextcloud-db
      - nextcloud-redis
    volumes:
      - /data_tech/nextcloud/nextcloud_web:/var/www/html


  nextcloud-web:
    image: nginx:latest
    container_name: nextcloud-web
    restart: always
    networks:
      - nextcloud
    ports:
      - 10100:443
      - 10099:80
    links:
      - nextcloud-app
    volumes:
      - /pki:/pki:ro    # contain my letsencrypt certificates
      - /data_tech/nextcloud/nginx.conf:/etc/nginx/nginx.conf
      - /data_tech/nextcloud/nextcloud_web:/var/www/html



networks:
  nextcloud:
    external: true

I map the container ports as next :

• nextcloud-db : 10103 (on the port 3306 of the mariadb container)
• nextcloud-app : 10102 (on the port 9000 of the nextcloud:fpm container)
• nextcloud-redis : 10101 (on the port 6379 of the redis container)
• nextcloud-web : 10100 (on the port 443 of the nginx container)

I use the nginx.conf file which is present here [NGINX configuration — Nextcloud latest Administration Manual latest documentation] and just adapt upstream, server_name and ssl_certificate* and mount it in the nginx container as /etc/nginx/nginx.conf

upstream php-handler {
    server 127.0.0.1:10102;
}
....
....

All container are in the same network “nextcloud”, wich is plugged on the docker bridge.

I saw in other post than curling the php-handler upstream can help to diag :

root@SL210:/data_tech/script# curl -v http://127.0.0.1:10102
*   Trying 127.0.0.1:10102...
* Connected to 127.0.0.1 (127.0.0.1) port 10102 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:10102
> User-Agent: curl/7.81.0
> Accept: */*
>
* Empty reply from server
* Closing connection 0
curl: (52) Empty reply from server

I don’t know if the answer is normal ?

.

I really don’t understand and I’m calling for help from @Reiner_Nippes (which I have seen in many posts of this type)… ransom of success?

Afterwards, I accept any help

Best regards,

After a little change in the nginx.conf file mounted in my nextcloud-web container, I notice a slight improvement

upstream php-handler {
    server nextcloud-app:9000;
}

Now I get to the nextcloud page where I have to set the admin account and password, but without CSS formatting.

After setting admin/pasword, I get mainly a “504 Gateway Timeout” error and in rare cases a nextcloud “Internal Server Error” error page still without CSS formatting.

docker logs -f nextcloud-app
Configuring Redis as session handler
Initializing nextcloud 26.0.1.1 …
New nextcloud instance
Initializing finished
[17-May-2023 08:03:48] NOTICE: fpm is running, pid 1
[17-May-2023 08:03:48] NOTICE: ready to handle connections
172.21.0.5 - 17/May/2023:08:03:54 +0000 “GET /index.php” 200
172.21.0.5 - 17/May/2023:08:03:55 +0000 “GET /index.php” 200
172.21.0.5 - 17/May/2023:08:04:07 +0000 “POST /index.php” 302

docker logs -f nextcloud-web
192.168.0.200 - - [17/May/2023:08:05:07 +0000] “POST /index.php HTTP/1.0” 499 0 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 Edg/112.0.1722.48”

Please HELP

Since these containers are all part of the same stack and share the same network you are needlessly complicating your life by having all those extra port mappings.

Get rid of them and then also onto use the container names to reference each other where things need to connect. No 127.0.0.1.

Also, presumably your proxy terminates your TLS (SSL) on it. It’s a little weird to be the connecting from the proxy back to the TLS on your NC web server. But it’s not impossible to do. More typical is that your proxy handles TLS and then it connects plain http to your behind the scenes NC web server.

Your NC config.php will need your proxy in trusted_proxies.

Let’s see… What else. Are you really running NC19? Because if not, the Nginx config in those linked docs (your link was for v19l is very out of date and will not work as-is.

Is your Nginx proxy on a completely separate host or just other container on the same host?

Thanks you @jtr for your time.

Since these containers are all part of the same stack and share the same network you are needlessly complicating your life by having all those extra port mappings.

I do this because my host is running other container and i don’t want to use defaults ports.

Get rid of them and then also onto use the container names to reference each other where things need to connect. No 127.0.0.1.

You’re right, i change even if i haven’t upstream error

Also, presumably your proxy terminates your TLS (SSL) on it. It’s a little weird to be the connecting from the proxy back to the TLS on your NC web server. But it’s not impossible to do. More typical is that your proxy handles TLS and then it connects plain http to your behind the scenes NC web server.

I did so in order to have an ssl ending from one end to the other.

Your NC config.php will need your proxy in trusted_proxies.

Ok, that’s added.

Let’s see… What else. Are you really running NC19? Because if not, the Nginx config in those linked docs (your link was for v19l is very out of date and will not work as-is.

I’m not an idiot, i’m worse !!! I picked back the good nginx.conf version on nextcloud docs

Is your Nginx proxy on a completely separate host or just other container on the same host?

My nginx proxy (with modSecurity off) is running on another host.

.
.
.
Despite all this, I still have my “Internal Server Error” when installing NC (no more “504 Timeout”).

After a lot of tests, the install ends always with “Internal Server Error” but an “F5” press load my nextcloud and all seems OK.

This thread can be closed.