Portainer, Redis, Postgres, Traefik -> insufficient permission on postgres

ℹ️ Support 📦 Appliances (Docker, Snappy, VM, NCP, AIO)
, , , , , ,
1

Hey there,
I wanted to install Nextcloud with docker compose manage by portainer and proxied by traefik. The database is postgres and additionally I am using redis.
At initial start everything seems to wokr, as I can login with my account and can do some stuff there. But if I stop the stack and start it again, I get an error, that the priviliges on oc_migration are insufficient.
But first things first.
This is my docker-compose yaml

networks:
  nextcloud-network:
    external: false
  proxy:
    external: true

volumes:
  nextcloud-data:
  redis-data:
  nextcloud-postgres:

services:
  postgres:
    image: ${NEXTCLOUD_POSTGRES_IMAGE_TAG}
    volumes:
      - nextcloud-postgres:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: ${NEXTCLOUD_DB_NAME}
      POSTGRES_USER: ${NEXTCLOUD_DB_USER}
      POSTGRES_PASSWORD: ${NEXTCLOUD_DB_PASSWORD}
    networks:
      - nextcloud-network
    healthcheck:
      test: [ "CMD", "pg_isready", "-q", "-d", "${NEXTCLOUD_DB_NAME}", "-U", "${NEXTCLOUD_DB_USER}" ]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 60s
    restart: unless-stopped

  redis:
    image: redis:alpine
    command: ["redis-server", "--requirepass", "$NEXTCLOUD_REDIS_PASSWORD"]
    volumes:
      - redis-data:/data
    networks:
      - nextcloud-network
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 60s
    restart: unless-stopped

  nextcloud:
    image: ${NEXTCLOUD_IMAGE_TAG}
    volumes:
      - nextcloud-data:${DATA_PATH}
    environment:
      TZ: Europe/Berlin
      NC_SETUP_CREATE_DB_USER: false
      POSTGRES_HOST: postgres
      DB_PORT: 5432
      POSTGRES_DB: ${NEXTCLOUD_DB_NAME}
      POSTGRES_USER: ${NEXTCLOUD_DB_USER}
      POSTGRES_PASSWORD: ${NEXTCLOUD_DB_PASSWORD}
      REDIS_HOST: redis
      REDIS_HOST_PORT: 6379
      REDIS_HOST_PASSWORD: ${NEXTCLOUD_REDIS_PASSWORD}
      NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USERNAME}
      NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD}
      NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_HOSTNAME}
      OVERWRITECLIURL: ${NEXTCLOUD_URL}
      OVERWRITEPROTOCOL: https
      OVERWRITEHOST: ${NEXTCLOUD_HOSTNAME}
      TRUSTED_PROXIES: 172.16.0.0/12 192.168.0.0/16 10.0.0.0/8 fc00::/7 fe80::/10 2001:db8::/32 sub.server.local sub.myzone.dedyn.io 192.168.178.0/24
    networks:
      - nextcloud-network
      - proxy
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:80/"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 90s
    ports:
      - "8081:80"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.service=nextcloud"
      - "traefik.http.routers.nextcloud.entrypoints=websecure"
      - "traefik.http.routers.nextcloud.rule=Host(`sub.server.local`) || Host(`sub.myzone.dedyn.io`)"
      - "traefik.http.middlewares.nc-rep.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
      - "traefik.http.middlewares.nc-rep.redirectregex.replacement=https://$$1/remote.php/dav/"
      - "traefik.http.middlewares.nc-rep.redirectregex.permanent=true"
      - "traefik.http.middlewares.nc-header.headers.customFrameOptionsValue=SAMEORIGIN"
      - "traefik.http.middlewares.nc-header.headers.customResponseHeaders.Strict-Transport-Security=15552000"
      - "traefik.http.routers.nextcloud.tls=true"
      - "traefik.http.routers.nextcloud.tls.domains[0].main=myzone.dedyn.io"
      - "traefik.http.routers.nextcloud.tls.domains[0].sans=*.myzone.dedyn.io"
      - "traefik.http.routers.nextcloud.tls.certresolver=desec"
      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
      - "traefik.http.services.nextcloud.loadbalancer.passHostHeader=true"
      - "traefik.http.routers.nextcloud.middlewares=nextcloud-redirectregex1,nextcloud-redirectregex2,compresstraefik,nextcloud-securityheaders"
     # Define settings for the compression middleware
      - "traefik.http.middlewares.compresstraefik.compress=true"
      # Settings for the first redirect regex middleware
      - "traefik.http.middlewares.nextcloud-redirectregex1.redirectregex.permanent=true"
      - "traefik.http.middlewares.nextcloud-redirectregex1.redirectregex.regex=https?://([^/]*)/.well-known/(card|cal)dav"
      - "traefik.http.middlewares.nextcloud-redirectregex1.redirectregex.replacement=https://$${1}/remote.php/dav/"
     # Settings for the second redirect regex middleware
      - "traefik.http.middlewares.nextcloud-redirectregex2.redirectregex.permanent=true"
      - "traefik.http.middlewares.nextcloud-redirectregex2.redirectregex.regex=https?://([^/]*)(/.well-known[^#]*)"
      - "traefik.http.middlewares.nextcloud-redirectregex2.redirectregex.replacement=https://$${1}/index.php$${2}"
      # Security headers settings specifically for Nextcloud
      - "traefik.http.middlewares.nextcloud-securityheaders.headers.stsSeconds=15552000"
      - "traefik.http.middlewares.nextcloud-securityheaders.headers.stsIncludeSubdomains=true"
      - "traefik.http.middlewares.nextcloud-securityheaders.headers.stsPreload=true"
      # Specify which Docker network Traefik should use for routing
      - "traefik.docker.network=proxy"

    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy

  nextcloud-cron:
    image: ${NEXTCLOUD_IMAGE_TAG}
    entrypoint: /cron.sh
    volumes:
      - nextcloud-data:${DATA_PATH}
    networks:
      - nextcloud-network

This is the env file

NEXTCLOUD_DB_NAME=nextcloud_db
NEXTCLOUD_DB_USER=nextcloud_user
NEXTCLOUD_DB_PASSWORD=nextcloud_db_pw
DATA_PATH=/mnt/extern/ncdata
NEXTCLOUD_POSTGRES_IMAGE_TAG=postgres
NEXTCLOUD_REDIS_PASSWORD=redis_pw
NEXTCLOUD_ADMIN_USERNAME=horst
NEXTCLOUD_ADMIN_PASSWORD=hosts_passwort
NEXTCLOUD_HOSTNAME=sub.myzone.dedyn.io
NEXTCLOUD_IMAGE_TAG=nextcloud
NEXTCLOUD_URL=https://sub.myzone.dedyn.io

And this is my traefik:

# log default is ERROR, but INFO is more helpful
log:
  level: DEBUG

# enable dashboard on 8080 with NO AUTH
api:
  insecure: true
  dashboard: true

# enable ping so the `traefik healthcheck` works
ping: {}

metrics:
  prometheus:
    entryPoint: metrics
    headerLabels:
      label: headerKey

accessLog: {}

# auto-proxy containers if they have proper labels
# and also use this file for dynamic config (tls)
providers:
  docker:
    exposedByDefault: false
    watch: true
#    network: gateway
  file:
    fileName: /etc/traefik/traefik.yaml
    filename: /etc/traefik/rules.yaml
    watch: true

# listen on 80/443, and redirect all 80 to 443 via 301
entryPoints:
  metrics:
    address: :8082
  web:
    address: :80
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: true
  websecure:
    address: :443
tls:
  certResolver: desec

# Certificates
certificatesResolvers:
  desec:
    acme:
      email: my@mail.de
      storage: /letsencrypt/acme.json
#      caserver: https://acme-v02.api.letsencrypt.org/directory
      dnschallenge:
        provider: desec
        delayBeforecheck: 0
        resolvers: 
          - ns1.desec.io.:53
          - ns2.desec.org.:53

Proof that it works after the stack starts the first time:

image
image490×805 54.1 KB

Now I stop the stack via portainer
After starting the stack again, postgres displays this log

PostgreSQL Database directory appears to contain a database; Skipping initialization

2025-04-28 19:17:02.031 UTC [1] LOG:  starting PostgreSQL 17.4 (Debian 17.4-1.pgdg120+2) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit

2025-04-28 19:17:02.031 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432

2025-04-28 19:17:02.031 UTC [1] LOG:  listening on IPv6 address "::", port 5432

2025-04-28 19:17:02.036 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"

2025-04-28 19:17:02.046 UTC [30] LOG:  database system was shut down at 2025-04-28 19:16:48 UTC

2025-04-28 19:17:02.053 UTC [1] LOG:  database system is ready to accept connections

2025-04-28 19:17:11.978 UTC [44] ERROR:  permission denied for table oc_migrations

2025-04-28 19:17:11.978 UTC [44] STATEMENT:  SELECT "version" FROM "oc_migrations" WHERE "app" = $1 ORDER BY "version" ASC

This is what nextcloud displays in logs:

Previous: PDOException: SQLSTATE[42501]: Insufficient privilege: 7 ERROR:  permission denied for table oc_migrations

Trace: #0 /var/www/html/3rdparty/doctrine/dbal/src/Driver/PDO/Statement.php(130): PDOStatement->execute(NULL)

#1 /var/www/html/3rdparty/doctrine/dbal/src/Connection.php(1104): Doctrine\DBAL\Driver\PDO\Statement->execute()

#2 /var/www/html/lib/private/DB/Connection.php(419): Doctrine\DBAL\Connection->executeQuery('SELECT "version...', Array, Array, NULL)

#3 /var/www/html/lib/private/DB/ConnectionAdapter.php(50): OC\DB\Connection->executeQuery('SELECT "version...', Array, Array)

#4 /var/www/html/lib/private/DB/QueryBuilder/QueryBuilder.php(289): OC\DB\ConnectionAdapter->executeQuery('SELECT `version...', Array, Array)

#5 /var/www/html/lib/private/DB/MigrationService.php(173): OC\DB\QueryBuilder\QueryBuilder->executeQuery()

#6 /var/www/html/lib/private/DB/MigrationService.php(248): OC\DB\MigrationService->getMigratedVersions()

#7 /var/www/html/lib/private/DB/MigrationService.php(410): OC\DB\MigrationService->getMigrationsToExecute('latest')

#8 /var/www/html/lib/private/DB/MigrationService.php(387): OC\DB\MigrationService->migrateSchemaOnly('latest')

#9 /var/www/html/lib/private/Setup/AbstractDatabase.php(140): OC\DB\MigrationService->migrate('latest', true)

#10 /var/www/html/lib/private/Setup.php(319): OC\Setup\AbstractDatabase->runMigrations(NULL)

#11 /var/www/html/core/Command/Maintenance/Install.php(80): OC\Setup->install(Array, NULL)

#12 /var/www/html/3rdparty/symfony/console/Command/Command.php(326): OC\Core\Command\Maintenance\Install->execute(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

#13 /var/www/html/3rdparty/symfony/console/Application.php(1078): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))


#14 /var/www/html/3rdparty/symfony/console/Application.php(324): Symfony\Component\Console\Application->doRunCommand(Object(OC\Core\Command\Maintenance\Install), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

#15 /var/www/html/3rdparty/symfony/console/Application.php(175): Symfony\Component\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

#16 /var/www/html/lib/private/Console/Application.php(187): Symfony\Component\Console\Application->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

#17 /var/www/html/console.php(87): OC\Console\Application->run(Object(Symfony\Component\Console\Input\ArgvInput))

#18 /var/www/html/occ(33): require_once('/var/www/html/c...')

#19 {main}

Retrying install...

After the container stops reinstalling and allows me to access the web page, I get this

image
image490×805 96.7 KB

image
image447×747 94.6 KB

I entered he postgres password below but it did not help, as I get back to the insallation screen you can see above.

What did I already do:
I tried to stop the containers sequentially and postgres as last one. This seemed to work once or twice, but the error appeared again after a while.

I changed the credentials to easier ones and used another datadir, without success.

I grranted permission to the db user in this way, but it seems, that it does not grant the permission, the permission is not persisted, or is not the solution:

docker-compose exec postgres psql -U `${{NEXTCLOUD_DB_USER} -d}$`{NEXTCLOUD_DB_NAME}

Berechtigungen erteilen:
GRANT ALL PRIVILEGES ON DATABASE `${{NEXTCLOUD_DB_NAME} TO}$`{NEXTCLOUD_DB_USER};
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO ${NEXTCLOUD_DB_USER};

GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO ${NEXTCLOUD_DB_USER};

I googled for this error but did not find any applicable solution and hoped, that you would be able to help me.
Thank you very much :-*

2

Hello @j0chn, welcome to the Nextcloud community! :handshake:
your setup looks pretty complex so I didnt follow in depth. I would recommend you start with a simple setup and extend once you now it works well - my very basic checklist is major upgrade, backup and restore, test from desktop and mobile.

Please look at How to docker-compose with notify_push (2024) for working advanced example.

as I didn’t find a way to integrate existing setup into portainer and some other portainer limitations I never adopted the tool so no idea in this terms - but you definitely must avoid auto-updating of NC and postgres - sooner than later you are in trouble.

3

Hey @wwe,
Thanks for your welcome and you answer.
I thought I got a simple setup, but I guess I was wrong than :smiley:

What would be a simple setup than? I guess it is not related to traefik or cron, so I would have to change something on postgres or nextcloud itself.

I also tried you advanced example, but there I got an error with the reference to the files.on the host machine. I will try to get this fixed and if this does not work, I would try AIO once.

Thx and best regards
j0chn

4

Ah, I get what you meant with a simple setup.
I commented the redis and postgres directives in the nextcloud service and started it. The nextcloud setup was set to use sqlite, so I do not have to setup any other database.
This worked fine for the installation process, but when I restarted the stack, I again had to setup nextcloud, as if the sqlite database was not persisted.
After adding redis again, I got the same problem.

Btw. this is the error, when setting up nextcloud like in your complex example:

Configuring Redis as session handler

Configuring Redis as session handler

/entrypoint.sh: 111: cannot create /usr/local/etc/php/conf.d/redis-session.ini: Permission denied

It’s the user I created which has insufficient permission

5

in non-root setup you must create redis-session.ini with the right permissions beforehand and add it as bind mount to the container:

and create required mount points

6

This is what I got so far:
only starting the nextcloud service without cron / postgres / redis, I get into the installation screen in web. But even choosing sqlite, the data is not persisted. The db file but exists in my data folder on the server.

After setting up the volumes within docker compose correctly and creating the folders and files on the server correctly (at least I assume so (chown to test-nc and chmod to 777 testwise)), I am able to get thorugh the initial setup and the data folder and the postgres folder are filled.

image
image

Now I get this error:

Error while trying to initialise the database: An exception occurred while executing a query: SQLSTATE[42P07]: 
Duplicate table: 7 ERROR:  relation "oc_migrations" already exists

And this is my updated docker compose:

networks:
  nextcloud-network:
    external: false
  proxy:
    external: true

volumes:
  nextcloud-data:
  redis-data:
  nextcloud-postgres:

services:
  postgres:
    image: ${NEXTCLOUD_POSTGRES_IMAGE_TAG}
    volumes:
      - /mnt/extern/ncpostgres:/var/lib/postgresql/data
      - /etc/passwd:/etc/passwd:ro
    environment:
      POSTGRES_DB: ${NEXTCLOUD_DB_NAME}
      POSTGRES_USER: ${NEXTCLOUD_DB_USER}
      POSTGRES_PASSWORD: ${NEXTCLOUD_DB_PASSWORD}
    user: ${UID}:${GID}
    networks:
      - nextcloud-network
    healthcheck:
      test: [ "CMD", "pg_isready", "-q", "-d", "${NEXTCLOUD_DB_NAME}", "-U", "${NEXTCLOUD_DB_USER}" ]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 60s
    restart: unless-stopped

  redis:
    image: redis:alpine
    command: ["redis-server", "--requirepass", "${NEXTCLOUD_REDIS_PASSWORD}"]
    volumes:
      - redis-data:/data
    networks:
      - nextcloud-network
    user: ${UID}:${GID}
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 60s
    restart: unless-stopped

  nextcloud:
    image: nextcloud:${NEXTCLOUD_VERSION}
    user: ${UID}:${GID}
    volumes:
      - ${DATA_PATH}:/var/www/html/data
      - /usr/local/etc/php/conf.d/redis-session.ini:/usr/local/etc/php/conf.d/redis-session.ini
      
    environment:
      TZ: Europe/Berlin
      NC_SETUP_CREATE_DB_USER: false
      POSTGRES_HOST: postgres
      DB_PORT: 5432
      POSTGRES_DB: ${NEXTCLOUD_DB_NAME}
      POSTGRES_USER: ${NEXTCLOUD_DB_USER}
      POSTGRES_PASSWORD: ${NEXTCLOUD_DB_PASSWORD}
      REDIS_HOST: redis
      REDIS_HOST_PORT: 6379
      REDIS_HOST_PASSWORD: ${NEXTCLOUD_REDIS_PASSWORD}
      NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USERNAME}
      NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD}
      NEXTCLOUD_TRUSTED_DOMAINS: ${NEXTCLOUD_HOSTNAME}
      OVERWRITECLIURL: ${NEXTCLOUD_URL}
      OVERWRITEPROTOCOL: https
      OVERWRITEHOST: ${NEXTCLOUD_HOSTNAME}
      TRUSTED_PROXIES: 172.16.0.0/12 192.168.0.0/16 10.0.0.0/8 fc00::/7 fe80::/10 2001:db8::/32 sub.server.local sub.myzone.dedyn.io 192.168.178.0/24
    networks:
      - nextcloud-network
      - proxy
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:80/"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 90s
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.service=nextcloud"
      - "traefik.http.routers.nextcloud.entrypoints=websecure"
      - "traefik.http.routers.nextcloud.rule=Host(`sub.server.local`) || Host(`sub.myzone.dedyn.io`)"
      - "traefik.http.middlewares.nc-rep.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
      - "traefik.http.middlewares.nc-rep.redirectregex.replacement=https://$$1/remote.php/dav/"
      - "traefik.http.middlewares.nc-rep.redirectregex.permanent=true"
      - "traefik.http.middlewares.nc-header.headers.customFrameOptionsValue=SAMEORIGIN"
      - "traefik.http.middlewares.nc-header.headers.customResponseHeaders.Strict-Transport-Security=15552000"
      - "traefik.http.routers.nextcloud.tls=true"
      - "traefik.http.routers.nextcloud.tls.domains[0].main=myzone.dedyn.io"
      - "traefik.http.routers.nextcloud.tls.domains[0].sans=*.myzone.dedyn.io"
      - "traefik.http.routers.nextcloud.tls.certresolver=desec"
      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
      - "traefik.http.services.nextcloud.loadbalancer.passHostHeader=true"
      - "traefik.http.routers.nextcloud.middlewares=nextcloud-redirectregex1,nextcloud-redirectregex2,compresstraefik,nextcloud-securityheaders"
     # Define settings for the compression middleware
      - "traefik.http.middlewares.compresstraefik.compress=true"
      # Settings for the first redirect regex middleware
      - "traefik.http.middlewares.nextcloud-redirectregex1.redirectregex.permanent=true"
      - "traefik.http.middlewares.nextcloud-redirectregex1.redirectregex.regex=https?://([^/]*)/.well-known/(card|cal)dav"
      - "traefik.http.middlewares.nextcloud-redirectregex1.redirectregex.replacement=https://$${1}/remote.php/dav/"
     # Settings for the second redirect regex middleware
      - "traefik.http.middlewares.nextcloud-redirectregex2.redirectregex.permanent=true"
      - "traefik.http.middlewares.nextcloud-redirectregex2.redirectregex.regex=https?://([^/]*)(/.well-known[^#]*)"
      - "traefik.http.middlewares.nextcloud-redirectregex2.redirectregex.replacement=https://$${1}/index.php$${2}"
      # Security headers settings specifically for Nextcloud
      - "traefik.http.middlewares.nextcloud-securityheaders.headers.stsSeconds=15552000"
      - "traefik.http.middlewares.nextcloud-securityheaders.headers.stsIncludeSubdomains=true"
      - "traefik.http.middlewares.nextcloud-securityheaders.headers.stsPreload=true"
      # Specify which Docker network Traefik should use for routing
      - "traefik.docker.network=proxy"

    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy

  cron:
    image: nextcloud:${NEXTCLOUD_VERSION}
    restart: unless-stopped
   # special UID handling https://github.com/nextcloud/docker/issues/1740
    environment:
      - UID=${UID}
    depends_on:
      - nextcloud
    volumes:
      - ./data:/var/www/html/data
      - /home/user/portainer/scripts/nc_cron.sh:/cron.sh
    entrypoint: /cron.sh

I checked your link and can’t see anything which should cause the problem.

Thanks for your further assistance.
Best regards
Matthias

7

I have no clue what is wrong - if there is an issue with portainer or maybe something else in your setup. Look at

both are proven to work with native docker compose on many/most Linux systems.

I’m little curios about your ls output

it looks like you ncdata folder holds postgres artefacts? did you somehow merge different volumes into one place?

if yes this could be a reason - all the volumes should be entirely separated… in other words all of the following volume mounts should never point to the same physical location…

/mnt/extern/.. makes me think you are using kind of external drive? try “real” internal storage to avoid permission issues which can arise with external mounts and uncommon file systems

another hint - cron should have same mounts and ENV as NC app - but for the sake of simplicity I would first focus on data persistence and keep cron away.

btw it looks really weird how you mix different volume mount techniques - technically it’s not wrong but myself I would not feel comfortable if I must keep track and e.g. run backups from many different places:

8

Hey,
thanks again for the replay,
I was now able to get it running again, after the stack was stopped. I separated the nextcloud volumes “app, data, config, nextcloud”.
As the files were created on the external drive aswell, I do not assume that it was a permission problem but more a problem of not persisitng th eother folders on the hosts hard drive.
But I sometimes the container becomes unhealthy. I had no time checking the reason for this yet, but would search for it online or create a new topic.
And in addition, I got several problems in my admin config page as well

Die Konfiguration des Reverse-Proxy-Headers ist falsch. Dies stellt ein Sicherheitsproblem dar und kann es einem Angreifer ermöglichen, seine IP-Adresse so zu fälschen, wie sie für Nextcloud sichtbar ist. Weitere Informationen finden Sie in der Dokumentation ↗.
Unsicherer Zugriff auf die Website über HTTP. Es wird dringend empfohlen, Ihren Server so einzurichten, dass HTTPS erforderlich ist. Ohne HTTPS funktionieren einige wichtige Webfunktionen wie "Kopieren in die Zwischenablage" oder "Service Worker" nicht! Weitere Informationen finden Sie in der Dokumentation ↗.
3 Fehler in den Protokollen seit 4. Mai 2025, 22:30:00
Der Server hat keine konfigurierte Startzeit für das Wartungsfenster. Das bedeutet, dass ressourcenintensive tägliche Hintergrundaufgaben auch während Ihrer Hauptnutzungszeit ausgeführt werden. Wir empfehlen, das Wartungsfenster auf eine Zeit mit geringer Nutzung festzulegen, damit Benutzer weniger von der Belastung durch diese umfangreichen Aufgaben beeinträchtigt werden. Weitere Informationen finden Sie in der Dokumentation ↗.
One or more mimetype migrations are available. Occasionally new mimetypes are added to better handle certain file types. Migrating the mimetypes take a long time on larger instances so this is not done automatically during upgrades. Use the command `occ maintenance:repair --include-expensive` to perform the migrations.
Hintergrundaufgaben mit Ajax auszuführen kann lange Wartezeiten verursachen. Wir empfehlen Cron zu verwenden. Weitere Informationen finden Sie in der Dokumentation ↗.
Einige Header sind in Ihrer Instanz nicht richtig eingestellt - Der `Strict-Transport-Security`-HTTP-Header ist nicht gesetzt (er sollte mindestens `15552000` Sekunden betragen). Für erhöhte Sicherheit wird empfohlen, HSTS zu aktivieren. Weitere Informationen finden Sie in der Dokumentation ↗.
Einige fehlende optionale Indizes wurden erkannt. Gelegentlich werden neue Indizes hinzugefügt (von Nextcloud oder installierten Anwendungen), um die Datenbankleistung zu verbessern. Das Hinzufügen von Indizes kann manchmal eine Weile dauern und die Leistung vorübergehend beeinträchtigen, daher wird dies bei Upgrades nicht automatisch durchgeführt. Sobald die Indizes hinzugefügt wurden, sollten Abfragen an diese Tabellen schneller sein. Bitte den Befehl `occ db:add-missing-indices` verwenden, um sie hinzuzufügen. Fehlende Indizes: "dav_shares_resourceid_type" in Tabelle "dav_shares", "dav_shares_resourceid_access" in Tabelle "dav_shares", "mail_messages_strucanalyz_idx" in Tabelle "mail_messages", "mail_acc_prov_idx" in Tabelle "mail_accounts", "mail_alias_accid_idx" in Tabelle "mail_aliases", "oc_npushhash_di" in Tabelle "notifications_pushhash", "fs_storage_path_prefix" in Tabelle "filecache", "fs_name_hash" in Tabelle "filecache", "systag_by_objectid" in Tabelle "systemtag_object_mapping", "systag_objecttype" in Tabelle "systemtag_object_mapping", "mail_messages_mb_id_uid_uidx" in Tabelle "mail_messages", "mail_smime_certs_uid_email_idx" in Tabelle "mail_smime_certificates", "mail_trusted_senders_idx" in Tabelle "mail_trusted_senders", "mail_coll_idx" in Tabelle "mail_coll_addresses" Weitere Informationen finden Sie in der Dokumentation ↗.
Die Datenbank wird für transaktionale Dateisperren verwendet. Um die Leistung zu verbessern, konfigurieren Sie bitte Memcache, falls verfügbar. Weitere Informationen finden Sie in der Dokumentation ↗.
Es wurde kein Speichercache konfiguriert. Um die Leistung zu verbessern, konfigurieren Sie bitte Memcache, sofern verfügbar. Weitere Informationen finden Sie in der Dokumentation ↗.
Für Ihre Installation ist keine Standard-Telefonregion festgelegt. Dies ist erforderlich, um Telefonnummern in den Profileinstellungen ohne Ländervorwahl zu überprüfen. Um Nummern ohne Ländervorwahl zuzulassen, fügen Sie bitte "default_phone_region" mit dem entsprechenden ISO 3166-1-Code der Region zu Ihrer Konfigurationsdatei hinzu. Weitere Informationen finden Sie in der Dokumentation ↗.
Sie haben Ihre E-Mail-Serverkonfiguration noch nicht festgelegt oder überprüft. Gehen Sie bitte zu den "Grundeinstellungen", um diese festzulegen. Benutzen Sie anschließend den Button "E-Mail senden" unterhalb des Formulars, um Ihre Einstellungen zu überprüfen. Weitere Informationen finden Sie in der Dokumentation ↗.

But I will search for them as wel.
Thank you for your help!!!
Best regards
j0chn

9

you’ll find answers in the docs and topics tagged setup_warning and Frequent Nextcloud 31 (Hub 10) update issues

10

The stack crashed my hole system.
I dropped this and installed AIO. This seems to work so far, except, that I can’t reach nextcloud login. But I will search forum and try this and that before posti g a new thread.
Thanks for your help.

11

At least part of your initial problem is that this is not a a valid volume configuration for the nextcloud app container. It had two problems:

  • no coverage of /var/www/html
  • the mounting of the nextcloud-data volume at /mnt/extern/ncdata within the container (which won’t be visible to Nextcloud unless you use NEXTCLOUD_DATA_DIR to define a custom data directory location; though I suspect you were really trying to do something else such as use /mnt/extern/ncdata on your underlying host anyhow).

Refs:

12

Oh dear,
I guess I found the problem.
After AIO was not reachable form my domain, I wanted to test the “normal” compose with mariadb, there I saw the environment variable “mariadb_host = maraidb” and saw, that the service for the database was called mariadb. After checking my compose,I saw, that it was the same way (but with postgres" and only the postgres container was unnamed. After naming it postgres, it seems to work…
I will try some mor things, but think, that’s it.

13

Notify push got an error
[root@j0chnsServer 29]# docker-compose exec nextcloud sh -c ‘php occ notify_push:setup https://${OVERWRITEHOST
}/push’
✓ redis is configured
🗴 can’t connect to push server: Could not detect any host
But I will try to investigate this further tomorrow.
And the container was unhealthy after a short time again. Will have a look on this tomorrow :wink:

14

Health Check of nextcloud container was curling localhost:80. removed it and will check again.
notifiy push container got no permission on “notify_push” file, even I set it to 777 testwise.

15

I dropped arch on my server and installed debian instead. I guess it is more because of the fresh system and not because of the OS, but the container seems to stay healthy.
But therefore I get this cron error :frowning:
crond: USER cron pid 36 cmd php -f /var/www/html/cron.php
Doctrine\DBAL\Exception: Failed to connect to the database: An exception occurred in the driver: SQLSTATE[08006] [7] could not translate host name "postgres" to address: Name or service not known in /var/www/html/lib/private/DB/Connection.php:237 Stack trace:
#0 /var/www/html/3rdparty/doctrine/dbal/src/Connection.php(458): OC\DB\Connection->connect()
#1 /var/www/html/3rdparty/doctrine/dbal/src/Connection.php(416): Doctrine\DBAL\Connection->getDatabasePlatformVersion()
#2 /var/www/html/3rdparty/doctrine/dbal/src/Connection.php(323): Doctrine\DBAL\Connection->detectDatabasePlatform()
#3 /var/www/html/lib/private/DB/Connection.php(903): Doctrine\DBAL\Connection->getDatabasePlatform()
#4 /var/www/html/lib/private/DB/ConnectionAdapter.php(235): OC\DB\Connection->getDatabaseProvider()
#5 /var/www/html/lib/private/DB/QueryBuilder/QueryBuilder.php(96): OC\DB\ConnectionAdapter->getDatabaseProvider()
#6 /var/www/html/lib/private/AppConfig.php(1226): OC\DB\QueryBuilder\QueryBuilder->expr()
#7 /var/www/html/lib/private/AppConfig.php(243): OC\AppConfig->loadConfig(NULL, false)
#8 /var/www/html/lib/private/AppConfig.php(1366): OC\AppConfig->searchValues('enabled', false, 2)
#9 /var/www/html/lib/private/App/AppManager.php(136): OC\AppConfig->getValues(false, 'enabled')
#10 /var/www/html/lib/private/App/AppManager.php(157): OC\App\AppManager->getInstalledAppsValues()
#11 /var/www/html/lib/private/legacy/OC_App.php(188): OC\App\AppManager->getInstalledApps()
#12 /var/www/html/lib/private/AppFramework/Bootstrap/Coordinator.php(48): OC_App::getEnabledApps()
#13 /var/www/html/lib/base.php(675): OC\AppFramework\Bootstrap\Coordinator->runInitialRegistration()
#14 /var/www/html/lib/base.php(1171): OC::init()
#15 /var/www/html/cron.php(24): require_once('/var/www/html/l...')
#16 {main}

But I still got the problem with notify push. I checked the permissions on hard disk and container level and on both it is set to 777 and my generated nextcloud user is the owner. On disk it is set to user:user in container it is uuid:guid.

16

this is the latest point when you start from the beginning - please provide all you configs and logs as requested per support template or even better create new topic with new data.