Problem mounting file following docker-compose guide

C4RT-ER · April 14, 2024, 8:33pm

First, bigup for this great job, it’s a super guide !
I want to clarify that I am starting on Docker and that I am visually impaired so not easy for me.

So I meticulously followed your abundantly illustrated guide but I had to rename my file ‘compose.yml’ to 'docker-compose.yml and delete the line ‘version’ from docker-compose.yml file to be treated. Maybe an update to do at your guide ?

Nevertheless I still have a problem with the ‘app’ container that refuses to launch. Here is the error message I have

saisissez ou Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/root/nc-docker/remoteip.conf" to rootfs at "/etc/apache2/conf-available/remoteip.conf": mount /root/nc-docker/remoteip.conf:/etc/apache2/conf-available/remoteip.conf (via /proc/self/fd/6), flags: 0x5000: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected typecollez du code ici

Thanks for your help.
Cu+
C4RTER

wwe · April 15, 2024, 5:51am

@C4RT-ER thank you for the

I noticed warnings regarding version as well. newer docker-compose versions deprecated it… so definitely a good idea to remove in the future… but I don’t think it time already - lot of docker installations e.g. on NAS might run older versions now which still require the version keyword…

I think there is something wrong with the file.

please double check the file exists and has the right name and permissions.

C4RT-ER · April 15, 2024, 8:35am

Hello @wwe;

Here’s a docker ps -a

CONTAINER ID   IMAGE                            COMMAND                  CREATED        STATUS                  PORTS      NAMES
de3b77e9e0a7   nextcloud:27                     "/var/www/html/custo…"   13 hours ago   Created                            test-nc-notify_push-1
e9b4e8043ec1   nextcloud:27                     "/cron.sh"               13 hours ago   Created                            test-nc-cron-1
7fd21baeb8a1   nextcloud/aio-imaginary:latest   "/start.sh"              13 hours ago   Created                            test-nc-imaginary-1
dafc25164f09   nextcloud:27                     "/entrypoint.sh apac…"   13 hours ago   Created                 80/tcp     test-nc-app-1
f2b0fd76943d   postgres:15                      "docker-entrypoint.s…"   13 hours ago   Up 13 hours (healthy)   5432/tcp   test-nc-db-1
0715d52a14f9   redis:bookworm                   "docker-entrypoint.s…"   13 hours ago   Up 13 hours (healthy)   6379/tcp   test-nc-redis-1

and a ls

drwxr-xr-x  9 root    root    4096 avril 15 10:27 ./
drwx------ 13 root    root    4096 avril 15 10:27 ../
drwxr-xr-x  2 test-nc test-nc 4096 avril 14 19:06 apps/
drwxr-xr-x  2 test-nc test-nc 4096 avril 14 19:06 config/
-rwxr-xr-x  1 test-nc test-nc  270 avril 14 18:46 cron.sh*
drwxr-xr-x  2 test-nc test-nc 4096 avril 14 19:06 data/
drwx------ 19 test-nc test-nc 4096 avril 14 21:38 db/
-rw-r--r--  1 root    root     743 avril 14 18:44 distantip.conf
-rw-r--r--  1 root    root    4977 avril 14 21:28 docker-compose.yml
-rw-r--r--  1 root    root     278 avril 14 18:40 .env
drwxr-xr-x  5 test-nc test-nc 4096 avril 14 21:29 nextcloud/
-rw-r--r--  1 root    root     682 avril 14 18:42 nextcloud.env
-rw-r--r--  1 test-nc test-nc    0 avril 14 19:06 redis-session.ini
drwxr-xr-x  2 root    root    4096 avril 14 20:12 remoteip.conf/
drwxr-xr-x  2 root    root    4096 avril 14 19:27 secrets/

I stored files in “/root/nc-docker” this path is it good ?

other weird, when I throw my “docker-compose up -d”
the proxy network refuses to create itself I am obliged to create it myself.

 docker-compose up -d
[+] Running 1/0
 ✔ Network test-nc_default  Created                                                                                                                      0.1s
Error response from daemon: network proxy not found

Have a nice day

wwe · April 15, 2024, 10:01am

I assume this is the Apache remoteip.conf ?

maybe this is the same for humans but computers don’t know to remoteip.conf and distantip.conf into the file

and you have a directory named remoteip.conf… which definitely doesn’t fit compose.yml

C4RT-ER · April 15, 2024, 11:00am

I deleted the folder ‘remoteip.conf’ and recreated the file of the same name with the content you gave in your tutorial. I also checked the file ‘distantip.conf’ and it is compliant.

I relaunch ‘docker-compose up -d’ and the error message looks like the one you describe concerning ‘notify_push’.

[root@cassiopea:~/nc-docker] # docker-compose up -d
[+] Running 7/7
 ✔ Network test-nc_default          Created                                                                          0.1s
 ✔ Container test-nc-db-1           Healthy                                                                          0.1s
 ✔ Container test-nc-redis-1        Healthy                                                                          0.1s
 ✔ Container test-nc-app-1          Started                                                                          0.1s
 ✔ Container test-nc-imaginary-1    Started                                                                          0.1s
 ✔ Container test-nc-cron-1         Started                                                                          0.1s
 ✔ Container test-nc-notify_push-1  Created                                                                          0.1s
Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: ru          nc create failed: unable to start container process: exec: "/var/www/html/custom_apps/notify_push/bin/x86_64/notify_push":           stat /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push: no such file or directory: unknown

So I continue the tutorial by trying to install manually ‘notify_push’ but worry this time with Nextcloud:

[root@cassiopea:~/nc-docker] 1 # docker compose exec app php occ app:install notify_push
Nextcloud is not installed - only a limited number of commands are available

  There are no commands defined in the "app" namespace.

wwe · April 15, 2024, 11:26am

give it some time - NC installs once container is “started”… depending on your download and system speed it takes few minutes… check progress using “docker compose logs”

C4RT-ER · April 15, 2024, 1:20pm

Sorry for my impatience. It has been over an hour since the containers were created, but the same error message is still being sent:

Nextcloud is not installed - only a limited number of commands are available

My dedicated server and on a 1Gb fiber link it seems so abnormally long that you think ?

wwe · April 15, 2024, 7:17pm

it should not take more than few minutes. an hour is definitely too long. check the logs

C4RT-ER · April 15, 2024, 7:36pm

Yes I have the impression that the container reboots in loop

[root@cassiopea:~/nextcloud-docker] # docker ps -a
CONTAINER ID   IMAGE                            COMMAND                  CREATED       STATUS                          PORTS      NAMES
49bf8ffba609   nextcloud:27                     "/var/www/html/custo…"   4 hours ago   Created                         80/tcp     test-nc-notify_push-1
e59ee2278043   nextcloud:27                     "/cron.sh"               4 hours ago   Up 3 hours                      80/tcp     test-nc-cron-1
b167cb0ad0d8   nextcloud/aio-imaginary:latest   "/start.sh"              4 hours ago   Up 3 hours (healthy)            9000/tcp   test-nc-imaginary-1
cb676130d3b8   nextcloud:27                     "/entrypoint.sh apac…"   4 hours ago   Restarting (1) 41 seconds ago              test-nc-app-1
8211089df5d3   redis:bookworm                   "docker-entrypoint.s…"   4 hours ago   Up 4 hours (healthy)            6379/tcp   test-nc-redis-1
8454f4232429   postgres:15                      "docker-entrypoint.s…"   4 hours ago   Up 4 hours (healthy)            5432/tcp   test-nc-db-1

What can i do ?

wwe · April 15, 2024, 8:18pm

one more time

C4RT-ER · April 16, 2024, 12:00pm

Hello @wwe
This morning I decided to start from scratch. I still have the problem of creating the proxy network that is not done, so forced manually created

docker network create proxy

Before lauching anything, here is the status of my newly created files

[root@cassiopea:~/nc-docker] # ll
total 56
drwxr-xr-x  8 root    root    4096 avril 16 12:39 ./
drwx------ 13 root    root    4096 avril 16 12:38 ../
drwxr-xr-x  2 test-nc test-nc 4096 avril 16 12:39 apps/
drwxr-xr-x  2 test-nc test-nc 4096 avril 16 12:39 config/
-rwxr-xr-x  1 test-nc test-nc  270 avril 16 12:38 cron.sh*
drwxr-xr-x  2 test-nc test-nc 4096 avril 16 12:39 data/
drwxr-xr-x  2 test-nc test-nc 4096 avril 16 12:39 db/
-rw-r--r--  1 root    root    4930 avril 16 12:35 docker-compose.yml
-rw-r--r--  1 root    root     286 avril 16 12:36 .env
drwxr-xr-x  2 test-nc test-nc 4096 avril 16 12:39 nextcloud/
-rw-r--r--  1 root    root     682 avril 16 12:37 nextcloud.env
-rw-r--r--  1 test-nc test-nc    0 avril 16 12:39 redis-session.ini
-rw-r--r--  1 root    root     743 avril 16 12:38 remoteip.conf
drwxr-xr-x  2 root    root    4096 avril 16 12:39 secrets/

Then i launch the script and as expected I have an error message regarding notify push

Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/var/www/html/custom_apps/notify_push/bin/x86_64/notify_push": stat /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push: no such file or directory: unknown

a quick glance with ‘docker ps -a’ shows me all my containers up. The two tests to check the state of redis and PostgreSQL are ok and the I manage to connect to my Nextcloud container to launch the manual configuration of notify_push. So there was a problem on my side. Again sorry for asking you wrongly. L launch the installation and the activation of notify push… It’s ok

I take the opportunity to take a look at the logs of the containers but there are alerts that do not seem good. In the first lines of the log I have this alert that appears :

chmod: changing permissions of '/var/run/postgresql': Operation not permitted

Then this alert comes back in loop :

2024-04-16 11:41:51.822 UTC [57] FATAL:  role "test-nc" does not exist

Is this normal ?

I finally push the third line but also the message of error

[root@cassiopea:~/nc-docker] # docker compose exec app sh -c 'php occ notify_push:setup https://${OVERWRITEHOST}/push'
✓ redis is configured
🗴 can't connect to push server: cURL error 7: Failed to connect to blackcat-studio.net port 443 after 55 ms: Couldn't connect to server (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://blackcat-studio.net/push/test/cookie

An idea to help me ?
Thanks

wwe · April 17, 2024, 9:07am

good hint, thank you. the network proxy is not automatically created as it is of type “external” which is supposed to be created manually in advance. The idea is to use this network as connector between different compose projects and for this reason it makes no sense to create this network from one of the projects.

your notify_push can not connect to the server using public DNS name. My Linux and Docker knowledge is too limited to understand the reason but I see this frequently - for some reason containers on the same docker host can not talk to each other using public DNS names. My best solution so far is to add public DNS aliases to my reverse proxy container like described here: Probably DNS help with NC Docker + Collabora + Wireguard tunnel - #5 by wwe To be more precise you wil have to add “aliases” to your reverse proxy:

    networks:
      proxy:
        aliases:
          - blackcat-studio.net

I see this error as well… doesn’t seem to be an issue. but I’m wondering your system compains about “test-nc” as well? this is my project name did you adopt it or keep using mine (see .env)

UPDATE: the error is generated by healthcheck. Without user it defaults to a “current user” from the OS which doesn’t exist inside of container (details) adopting healthcheck fixes the problem:

      test: ["CMD-SHELL", "pg_isready -d `cat $$POSTGRES_DB_FILE` -U `cat $$POSTGRES_USER_FILE`"]

C4RT-ER · April 17, 2024, 2:06pm

Hi @wwe, thanks for your detailed answer

I modified the service networks by adding my domain as an alias. A puzzle because docker did not want my synthaxe so I had to try several before it was taken into account. I started again from scratch and this time, I no longer have an error message in the logs

db-1           | PostgreSQL init process complete; ready for start up.
db-1           |
db-1           | 2024-04-17 13:39:21.922 UTC [1] LOG:  starting PostgreSQL 15.6 (Debian 15.6-1.pgdg120+2) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit
db-1           | 2024-04-17 13:39:21.923 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
db-1           | 2024-04-17 13:39:21.923 UTC [1] LOG:  listening on IPv6 address "::", port 5432
db-1           | 2024-04-17 13:39:21.930 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
db-1           | 2024-04-17 13:39:21.944 UTC [51] LOG:  database system was shut down at 2024-04-17 13:39:21 UTC
db-1           | 2024-04-17 13:39:21.953 UTC [1] LOG:  database system is ready to accept connections
db-1           | 2024-04-17 13:44:22.037 UTC [49] LOG:  checkpoint starting: time
db-1           | 2024-04-17 13:45:23.485 UTC [49] LOG:  checkpoint complete: wrote 615 buffers (3.8%); 1 WAL file(s) added, 0 removed, 0 recycled; write=61.348 s, sync=0.021 s, total=61.448 s; sync files=677, longest=0.003 s, average=0.001 s; distance=3916 kB, estimate=3916 kB
db-1           | 2024-04-17 13:49:22.585 UTC [49] LOG:  checkpoint starting: time
db-1           | 2024-04-17 13:49:26.330 UTC [49] LOG:  checkpoint complete: wrote 38 buffers (0.2%); 0 WAL file(s) added, 0 removed, 0 recycled; write=3.714 s, sync=0.009 s, total=3.746 s; sync files=31, longest=0.006 s, average=0.001 s; distance=190 kB, estimate=3543 kB
db-1           | 2024-04-17 13:54:22.429 UTC [49] LOG:  checkpoint starting: time
db-1           | 2024-04-17 13:54:24.562 UTC [49] LOG:  checkpoint complete: wrote 22 buffers (0.1%); 0 WAL file(s) added, 0 removed, 0 recycled; write=2.110 s, sync=0.008 s, total=2.133 s; sync files=14, longest=0.005 s, average=0.001 s; distance=134 kB, estimate=3202 kB
redis-1        | 1:C 17 Apr 2024 13:39:20.352 # WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition. Being disabled, it can also cause failures without low memory condition, see https://github.com/jemalloc/jemalloc/issues/1328. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
redis-1        | 1:C 17 Apr 2024 13:39:20.353 * oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
redis-1        | 1:C 17 Apr 2024 13:39:20.353 * Redis version=7.2.4, bits=64, commit=00000000, modified=0, pid=1, just started
redis-1        | 1:C 17 Apr 2024 13:39:20.353 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
redis-1        | 1:M 17 Apr 2024 13:39:20.353 * monotonic clock: POSIX clock_gettime
redis-1        | 1:M 17 Apr 2024 13:39:20.354 * Running mode=standalone, port=6379.
redis-1        | 1:M 17 Apr 2024 13:39:20.355 * Server initialized
redis-1        | 1:M 17 Apr 2024 13:39:20.355 * Ready to accept connections tcp
redis-1        | 1:M 17 Apr 2024 13:46:05.603 * 100 changes in 300 seconds. Saving...
redis-1        | 1:M 17 Apr 2024 13:46:05.604 * Background saving started by pid 126
redis-1        | 126:C 17 Apr 2024 13:46:05.616 * DB saved on disk
redis-1        | 126:C 17 Apr 2024 13:46:05.617 * Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB
redis-1        | 1:M 17 Apr 2024 13:46:05.704 * Background saving terminated with success
db-1           | 2024-04-17 13:59:22.661 UTC [49] LOG:  checkpoint starting: time
db-1           | 2024-04-17 13:59:24.397 UTC [49] LOG:  checkpoint complete: wrote 19 buffers (0.1%); 0 WAL file(s) added, 0 removed, 0 recycled; write=1.714 s, sync=0.008 s, total=1.736 s; sync files=14, longest=0.005 s, average=0.001 s; distance=107 kB, estimate=2893 kB
cron-1         | crond: can't change directory to '/home/cron'
cron-1         | crond: USER cron pid  37 cmd php -f /var/www/html/cron.php

however when I launch the third modif line of notify_push I always have an error message:(

[root@cassiopea:~/nc-docker] 1 # docker compose exec app sh -c 'php occ notify_push:setup https://blackcat-studio.net/push'
✓ redis is configured
🗴 can't connect to push server: cURL error 7: Failed to connect to blackcat-studio.net port 443 after 0 ms: Couldn't connect to server (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://blackcat-studio.net/push/test/cookie

I’m lost I don’t know what to do:(

wwe · April 18, 2024, 7:00am

did you see this part?

wwe:

C4RT-ER:

cURL error 7: Failed to connect to blackcat-studio.net port 443

your notify_push can not connect to the server using public DNS name. My Linux and Docker knowledge is too limited to understand the reason but I see this frequently - for some reason containers on the same docker host can not talk to each other using public DNS names. My best solution so far is to add public DNS aliases to my reverse proxy container like described here: Probably DNS help with NC Docker + Collabora + Wireguard tunnel - #5 by wwe To be more precise you wil have to add “aliases” to your reverse proxy:
    networks:
      proxy:
        aliases:
          - blackcat-studio.net

C4RT-ER · April 18, 2024, 8:12am

Yes i follow your advices and modified my docker-compose.yml but no change

wwe · April 18, 2024, 9:55am

it’s not just “try and error”. nobody can know what is wrong with your system. as an admin it is your task to analyze the issue. to see why the connection fails you should troubleshoot the connection. e.g. run 'curl -v https://blackcat-studio.net` which will show the ip it connects to and allow to understand where is the problem…

C4RT-ER · April 18, 2024, 1:27pm

Hi Willi,
You are entirely right, I must not wait for everything to fall cooked and premade, it is for this reason that I cling to tuto because I sincerely think that it is very well designed even if it is perfectible (specify that the ‘version’ is optional, in the docker-compose.yml file, the creation of the proxy network which is not automatic). I am not a system administrator, but a simple individual self-taught and disabled.

The reason I come here is that I’m a novice, and I come looking for help and advice to learn from my mistakes. If we were all able to fend for ourselves, what would be the use of this forum ?

Before following this tutorial I used an NC under Docker too, it was a patchwork of several tutorials a little wobbly, but NC worked on my domain in https.
So there is no reason why your tutorial does not work with your help, I hope we will find what is wrong. Here is the result of the order you advised me to make. For info the redirection of ports 80 and 443 points to the ip of my router on which is connected my dedicated server.

root@cassiopea:~ # curl -v https://blackcat-studio.net
*   Trying <routeur_IP:443>...
* connect to <routeur_IP> port 443 failed: Connection refused
* Failed to connect to blackcat-studio.net port 443 after 27 ms: Connection refused
* Closing connection 0
curl: (7) Failed to connect to blackcat-studio.net port 443 after 27 ms: Connection refused

The problem does not come from notify-push ?

wwe · April 18, 2024, 7:55pm

don’t get me wrong. I definitely spend long time to create the guide and I’m happy you are almost ready. but as described at the beginning the guide is intended for experienced users and other more simple and polished solutions exist.

Nevertheless I will try to help with the remaining issues as it seems only short path remains. In my eyes the setup is well described and especially the drawing should provide good understanding. Let me know if you can’t follow the references. Many different topics play a role - most of them are easy once you get the clue but very overwhelming when you don’t know right terms and new into the topic.

Your specific problem is little unclear for me: the current problem - container connects to the {public ip of the router} and fails sounds like “rebind protection” - a security measure which prevents connections to public DNS records going back into internal network… but this should not happen at all! last advise I provided is supposed to create a “Docker internal” DNS record similar to “split-brain DNS” splitbraindns so all connections from containers on “proxy” network to your public DNS are re-routed straight to the reverse proxy. but as curl still shows your public IP this setting doesn’t become effective… maybe due missing restart, maybe for other reasons.

I would recommend you double-check the alias setting and if you don’t spot any issues post you effective compose.yml, reverse proxy config (post compose.yml as well) and other logs

C4RT-ER · April 18, 2024, 10:44pm

Good evening Willi,
Thanks again for continuing to help me. I could have used another method without any difficulty, but what would I have learned?
As a complement, I would like to add that I had to reinstall my server last night following a complete kernel crash. We can’t get our hands on it. So I have since last night a brand new server under Kubunu 22.04LTS with only major Docker installation.
Kubuntu 22.04 is installed on a dedicated server (PC - I5 - 16GB Ram - 1TB SSD). This PC is directly connected to my ISP’s router which assigns it an IP 192.168.1.48. I have established a redirection of ports 80 and 443 to the IP 192.168.1.48 of my server. On my domain side, I set up a DNS zone that points directly to the public IP of my ISP router.

services:
  nextcloud_db:
    image: mariadb
    container_name: nextcloud_db
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
     - ./db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=$NEXTCLOUD_MYSQL_ROOT_PASSWORD  # Mot de passe de l'utilisateur root de mariadb
      - MYSQL_DATABASE=$NEXTCLOUD_MYSQL_DATABASE  # Nom de la base de données à créer à l'initialisation du conteneur
      - MYSQL_USER=$NEXTCLOUD_MYSQL_USER  # Nom de l'utilisateur de la base de données créée
      - MYSQL_PASSWORD=$NEXTCLOUD_MYSQL_PASSWORD  # Mot de passe de l'utilisateur créé
    networks:
      - lan
  nextcloud-redis:
    image: redis:latest
    container_name: nextcloud-redis
    env_file: .env
    hostname: nextcloud-redis
    restart: unless-stopped
  nexcloud_app:
    image: nextcloud
    container_name: nextcloud
    restart: always
    ports:
     - 8080:80
    links:
     - nextcloud_db
     - nextcloud-redis
    volumes:
     - ./data:/var/www/html
     - /media/nextcloud-data:/var/www/html/data
    environment:
      - MYSQL_HOST=nextcloud_db  # Nom du conteneur de la base de données
      - MYSQL_DATABASE=$NEXTCLOUD_MYSQL_DATABASE  # Nom de la base de données
      - MYSQL_USER=$NEXTCLOUD_MYSQL_USER  # Nom de l'utilisateur de la base de données
      - MYSQL_PASSWORD=$NEXTCLOUD_MYSQL_PASSWORD  # Mot de passe de l'utilisateur de la base de données
    networks:
      - lan
      - traefik_network
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik_network"
      - "traefik.http.routers.nextcloud.entrypoints=web,websecure"
      - "traefik.http.routers.nextcloud.rule=Host(`${NEXTCLOUD_URL}`)"
      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
      - "traefik.http.routers.nextcloud.tls=true"
      - "traefik.http.routers.nextcloud.tls.certresolver=leresolver"
      - "traefik.http.routers.nextcloud.middlewares=nextcloud"
      - "traefik.http.middlewares.nextcloud.headers.stsSeconds=155520011"
      - "traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains=true"
      - "traefik.http.middlewares.nextcloud.headers.stsPreload=true"
volumes:
  db:
  html:
 
networks:
  lan:
  traefik_network:
    external: true

I could access my site locally via 192.168.1.x:8080 or via https://blackcat-studio.net without any problems. Traeffik was doing his job properly. NC on the other hand was very slow, because not optimized with error messages in the admin panel. Hence my choice to switch to your more serious work:)

Currently if I do some tests:

curl -v https://blackcat-studio.net

root@cassiopea:~/nc-docker # curl -v https://blackcat-studio.net
*   Trying <MyPublicIP>:443...
* connect to <MyPublicIP> port 443 failed: Connection refused
* Failed to connect to blackcat-studio.net port 443 after 50 ms: Connection refused
* Closing connection 0
curl: (7) Failed to connect to blackcat-studio.net port 443 after 50 ms: Connection refused

docker ps -a

root@cassiopea:~/nc-docker # docker ps -a
CONTAINER ID   IMAGE                            COMMAND                  CREATED        STATUS                  PORTS      NAMES
c243c45b7cd9   nextcloud:28                     "/cron.sh"               12 hours ago   Up 12 hours             80/tcp     c4rter-cron-1
f596605168ac   nextcloud:28                     "/var/www/html/custo…"   12 hours ago   Up 12 hours             80/tcp     c4rter-notify_push-1
5dc985c011fc   nextcloud/aio-imaginary:latest   "/start.sh"              12 hours ago   Up 12 hours (healthy)   9000/tcp   c4rter-imaginary-1
26d883b482e1   nextcloud:28                     "/entrypoint.sh apac…"   12 hours ago   Up 12 hours             80/tcp     c4rter-app-1
3efee3bca609   postgres:15                      "docker-entrypoint.s…"   12 hours ago   Up 12 hours (healthy)   5432/tcp   c4rter-db-1
59de37240867   redis:bookworm                   "docker-entrypoint.s…"   12 hours ago   Up 12 hours (healthy)   6379/tcp   c4rter-redis-1

netstat -an | grep 80 & 443
root@cassiopea:~/nc-docker # netstat -an | grep 80
tcp        0      0 192.168.1.48:46036      192.168.1.4:8009        ESTABLISHED
tcp        0      0 192.168.1.48:52540      192.168.1.101:8009      ESTABLISHED
unix  3      [ ]         STREAM     CONNECTED     28809
unix  3      [ ]         STREAM     CONNECTED     27805    @/tmp/.ICE-unix/1519
unix  2      [ ACC ]     STREAM     LISTENING     1236237  /run/containerd/s/b582ea17ac3951108ddd36d169e67fa8e8041a8bb7b34682a1df85e43f173a68
unix  3      [ ]         STREAM     CONNECTED     29280
unix  3      [ ]         SEQPACKET  CONNECTED     30800
unix  3      [ ]         STREAM     CONNECTED     1236244  /run/containerd/s/b582ea17ac3951108ddd36d169e67fa8e8041a8bb7b34682a1df85e43f173a68
unix  3      [ ]         STREAM     CONNECTED     27800
unix  3      [ ]         STREAM     CONNECTED     26180    /run/user/1000/pipewire-0
unix  3      [ ]         STREAM     CONNECTED     27803    /run/user/1000/bus
unix  3      [ ]         STREAM     CONNECTED     27806    /run/user/1000/bus
unix  3      [ ]         SEQPACKET  CONNECTED     30801
unix  3      [ ]         STREAM     CONNECTED     27804
unix  3      [ ]         STREAM     CONNECTED     27807    /run/user/1000/bus
unix  3      [ ]         STREAM     CONNECTED     23807


root@cassiopea:~/nc-docker # netstat -an | grep 443
udp6       0      0 2a01:e0a:5e1:dcc0:48493 2a00:1450:4007:810::443 ESTABLISHED
unix  3      [ ]         STREAM     CONNECTED     24432    /run/user/1000/bus
unix  3      [ ]         STREAM     CONNECTED     22443
unix  3      [ ]         STREAM     CONNECTED     28443    /run/dbus/system_bus_socket

Nothing seems to listen on 80 & 443 ports.

Now here’s the actual logs https://pastebin.com/FsAyCtF5

Last I replaced your user ‘nc-test’ with c4rter with UID/GID 1004:1004 rights.

Here I think I gave you all the cards, thanking you for the analysis you will make of them. Again I thank you for your expertise and help.

Have a good night in *Switzerland
Cu+
C4RTER

wwe · April 19, 2024, 6:09am

this is the case if you follow the guide exactly - the assumption is you have a reverse proxy e.g. traefik in place which expose ports 80 and 443 connects to Nextcloud app using internal Docker network “proxy”. I think I have to work out the networking topic more precise…

your cloud is listening on port 8080 on the host. is it you current setup or the old one?