Nextcloud version: 20.0.12 (official nextcloud image)
Operating system and version: docker-compose 1.29.1, apache image
Proxy version: Traefik 2.2.1
PHP version: 7.4.22
The issue:
404 page not found, the containers have the right network settings and the config file has the corresponding IP for the trusted proxy.
This was a working installation on Nextcloud version 17 with Traefik 1.7.16 before the server burned.
No backup of the Nextcloud 17 image or container thus no upgrade possible !
The backup is restored to the data folder and the config.php file of the Nextcloud volume same for the DB, the tables are populated:
MariaDB [nextcloud]> show tables;
±-------------------------------+
| Tables_in_nextcloud |
±-------------------------------+
| oc_accounts |
| oc_activity |
| oc_activity_mq |
| oc_addressbookchanges |
| oc_addressbooks |
| oc_appconfig |
| oc_audioplayer_albums |
| oc_audioplayer_artists |
| oc_audioplayer_genre |
| oc_audioplayer_playlist_tracks |
| oc_audioplayer_playlists |
| oc_audioplayer_stats |
| oc_audioplayer_streams |
| oc_audioplayer_tracks |
| oc_authtoken |
| oc_bookmarks |
| oc_bookmarks_folders |
| oc_bookmarks_folders_bookmarks |
| oc_bookmarks_tags |
| oc_bruteforce_attempts |
| oc_calendar_invitations |
| oc_calendar_reminders |
| oc_calendar_resources |
| oc_calendar_resources_md |
| oc_calendar_rooms |
| oc_calendar_rooms_md |
| oc_calendarchanges |
| oc_calendarobjects |
| oc_calendarobjects_props |
| oc_calendars |
| oc_calendarsubscriptions |
| oc_cards |
| oc_cards_properties |
| oc_carnet_metadata |
| oc_collres_accesscache |
| oc_collres_collections |
| oc_collres_resources |
| oc_comments |
| oc_comments_read_markers |
| oc_credentials |
| oc_dav_cal_proxy |
| oc_dav_shares |
| oc_directlink |
| oc_federated_reshares |
| oc_file_locks |
| oc_filecache |
| oc_filecache_extended |
| oc_files_trash |
| oc_flow_checks |
| oc_flow_operations |
| oc_group_admin |
| oc_group_user |
| oc_groups |
| oc_jobs |
| oc_login_flow_v2 |
| oc_migrations |
| oc_mimetypes |
| oc_mounts |
| oc_notifications |
| oc_notifications_pushtokens |
| oc_oauth2_access_tokens |
| oc_oauth2_clients |
| oc_preferences |
| oc_privacy_admins |
| oc_properties |
| oc_richdocuments_assets |
| oc_richdocuments_direct |
| oc_richdocuments_wopi |
| oc_schedulingobjects |
| oc_share |
| oc_share_external |
| oc_storages |
| oc_systemtag |
| oc_systemtag_group |
| oc_systemtag_object_mapping |
| oc_talk_commands |
| oc_talk_guests |
| oc_talk_participants |
| oc_talk_rooms |
| oc_talk_signaling |
| oc_text_documents |
| oc_text_sessions |
| oc_text_steps |
| oc_trusted_servers |
| oc_twofactor_backupcodes |
| oc_twofactor_providers |
| oc_twofactor_totp_secrets |
| oc_users |
| oc_vcategory |
| oc_vcategory_to_object |
| oc_whats_new |
±-------------------------------+
91 rows in set (0.001 sec)
Nextcloud config/config.php
ââ<?php
$CONFIG = array (
âhtaccess.RewriteBaseâ => â/â,
âmemcache.localâ => â\OC\Memcache\APCuâ,
âapps_pathsâ =>
array (
0 =>
array (
âpathâ => â/var/www/html/appsâ,
âurlâ => â/appsâ,
âwritableâ => false,
),
1 =>
array (
âpathâ => â/var/www/html/custom_appsâ,
âurlâ => â/custom_appsâ,
âwritableâ => true,
),
),
âinstanceidâ => âxxxâ,
âpasswordsaltâ => âxxxâ,
âsecretâ => âxxxâ,
âtrusted_domainsâ =>
array (
0 => âxxxâ,
),
âtrusted_proxiesâ =>
array (
0 => â172.25.0.2â,
),
âdatadirectoryâ => â/var/www/html/dataâ,
âdbtypeâ => âmysqlâ,
âversionâ => â20.0.12â,
âoverwrite.cli.urlâ => âhttps://xxx.domainâ,
âoverwriteprotocolâ => âhttpsâ,
âdbnameâ => âxxxâ,
âdbhostâ => â172.26.0.2:3306â,
âdbportâ => ââ,
âdbtableprefixâ => âoc_â,
âmysql.utf8mb4â => true,
âdbuserâ => âxxxâ,
âdbpasswordâ => âxxxâ,
âinstalledâ => true,
âtwofactor_enforcedâ => âtrueâ,
âtwofactor_enforced_groupsâ =>
array (
0 => âadminâ,
),
âtwofactor_enforced_excluded_groupsâ =>
array (
),
âmail_smtpmodeâ => âsmtpâ,
âmail_smtpsecureâ => âsslâ,
âmail_sendmailmodeâ => âsmtpâ,
âmail_from_addressâ => âxxxâ,
âmail_domainâ => âxxxâ,
âmail_smtpauthtypeâ => âLOGINâ,
âmail_smtpauthâ => 1,
âmail_smtphostâ => âssl0.ovh.netâ,
âmail_smtpportâ => â465â,
âmail_smtpnameâ => âxxxâ,
âmail_smtppasswordâ => âxxxâ,
âhas_rebuilt_cacheâ => true,
âmaintenanceâ => true,
âthemeâ => ââ,
âloglevelâ => 2,
);
ââ
Canât see anything wrong in the db logs:
$ sudo docker logs nxt_db | tail
2021-08-12 10:00:07 0 [Note] mysqld (mysqld 10.5.9-MariaDB-1:10.5.9+maria~focal) starting as process 1 âŠ
2021-08-12 10:00:07 0 [Warning] You need to use --log-bin to make --binlog-format work.
2021-08-12 10:00:07 0 [Note] InnoDB: Uses event mutexes
2021-08-12 10:00:07 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2021-08-12 10:00:07 0 [Note] InnoDB: Number of pools: 1
2021-08-12 10:00:07 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
2021-08-12 10:00:07 0 [Note] mysqld: O_TMPFILE is not supported on /tmp (disabling future attempts)
2021-08-12 10:00:07 0 [Note] InnoDB: Using Linux native AIO
2021-08-12 10:00:07 0 [Note] InnoDB: Initializing buffer pool, total size = 134217728, chunk size = 134217728
2021-08-12 10:00:07 0 [Note] InnoDB: Completed initialization of buffer pool
2021-08-12 10:00:07 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2021-08-12 10:00:07 0 [Note] InnoDB: 128 rollback segments are active.
2021-08-12 10:00:07 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2021-08-12 10:00:07 0 [Note] InnoDB: Setting file â./ibtmp1â size to 12 MB. Physically writing the file full; Please wait âŠ
2021-08-12 10:00:07 0 [Note] InnoDB: File â./ibtmp1â size is now 12 MB.
2021-08-12 10:00:07 0 [Note] InnoDB: 10.5.9 started; log sequence number 45190; transaction id 20
2021-08-12 10:00:07 0 [Note] Plugin âFEEDBACKâ is disabled.
2021-08-12 10:00:07 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
2021-08-12 10:00:07 0 [Note] InnoDB: Buffer pool(s) load completed at 210812 10:00:07
2021-08-12 10:00:07 0 [Note] Server socket created on IP: â::â.
2021-08-12 10:00:07 0 [Warning] âproxies_privâ entry â@% root@4237f408438fâ ignored in --skip-name-resolve mode.
2021-08-12 10:00:07 0 [Note] Reading of all Master_info entries succeeded
2021-08-12 10:00:07 0 [Note] Added new Master_info ââ to hash table
2021-08-12 10:00:07 0 [Note] mysqld: ready for connections.
Version: â10.5.9-MariaDB-1:10.5.9+maria~focalâ socket: â/run/mysqld/mysqld.sockâ port: 3306 mariadb.org binary distribution
2021-08-10 20:51:22+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.5.9+maria~focal started.
2021-08-10 20:51:23+00:00 [Note] [Entrypoint]: Switching to dedicated user âmysqlâ
2021-08-10 20:51:23+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.5.9+maria~focal started.
2021-08-12 09:28:36+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.5.9+maria~focal started.
2021-08-12 09:28:36+00:00 [Note] [Entrypoint]: Switching to dedicated user âmysqlâ
2021-08-12 09:28:36+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.5.9+maria~focal started.
2021-08-12 09:48:25+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.5.9+maria~focal started.
2021-08-12 09:48:25+00:00 [Note] [Entrypoint]: Switching to dedicated user âmysqlâ
2021-08-12 09:48:25+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.5.9+maria~focal started.
2021-08-12 10:00:07+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.5.9+maria~focal started.
2021-08-12 10:00:07+00:00 [Note] [Entrypoint]: Switching to dedicated user âmysqlâ
2021-08-12 10:00:07+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.5.9+maria~focal started.
Tested with both version 1 & 2 of Traefik and also Nextcloud 19 image, always 404 page not found !
The Traefik dashboard works, no warnings or errors and canât see anything useful in its logs:
$ sudo docker logs traefik | tail -10
time=â2021-07-23T10:14:18-04:00â level=debug msg=âAdding tracing to middlewareâ entryPointName=https routerName=traefik-rtr@docker middlewareName=middlewares-secure-headers@file
time=â2021-07-23T10:14:18-04:00â level=debug msg=âCreating middlewareâ entryPointName=https routerName=traefik-rtr@docker middlewareName=middlewares-rate-limit@file middlewareType=RateLimiterType
time=â2021-07-23T10:14:18-04:00â level=debug msg=âUsing IPStrategyâ entryPointName=https routerName=traefik-rtr@docker middlewareName=middlewares-rate-limit@file middlewareType=RateLimiterType
time=â2021-07-23T10:14:18-04:00â level=debug msg=âAdding tracing to middlewareâ middlewareName=middlewares-rate-limit@file entryPointName=https routerName=traefik-rtr@docker
time=â2021-07-23T10:14:18-04:00â level=debug msg=âCreating middlewareâ entryPointName=https middlewareType=Recovery middlewareName=traefik-internal-recovery
time=â2021-07-23T10:14:18-04:00â level=debug msg=âCreating TCP server 0 at 172.26.0.3:443â routerName=nextcloud-tcp@docker serviceName=nextcloud-tcp-svc serverName=0 entryPointName=https
time=â2021-07-23T10:14:18-04:00â level=debug msg=âAdding route nextcloud.opensolutions.ovh on TCPâ entryPointName=https routerName=nextcloud-tcp@docker
time=â2021-07-23T10:14:20-04:00â level=debug msg=âAuthentication succeededâ middlewareType=BasicAuth middlewareName=middlewares-basic-auth@file
time=â2021-07-23T10:14:25-04:00â level=debug msg=âAuthentication succeededâ middlewareName=middlewares-basic-auth@file middlewareType=BasicAuth
time=â2021-07-23T10:14:30-04:00â level=debug msg=âAuthentication succeededâ middlewareName=middlewares-basic-auth@file middlewareType=BasicAuth
Cannot interpret nextcloud log:
$ sudo docker logs nxt | tail -30
AH00558: apache2: Could not reliably determine the serverâs fully qualified domain name, using 172.26.0.3. Set the âServerNameâ directive globally to suppress this message
[Thu Aug 12 10:00:13.897608 2021] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.4.22 configured â resuming normal operations
[Thu Aug 12 10:00:13.897921 2021] [core:notice] [pid 1] AH00094: Command line: âapache2 -D FOREGROUNDâ
#3 /var/www/html/3rdparty/doctrine/dbal/lib/Doctrine/DBAL/Query/QueryBuilder.php(206): OC\DB\Connection->executeQuery(âSELECT * FROM `âŠâ, Array, Array)
#4 /var/www/html/lib/private/DB/QueryBuilder/QueryBuilder.php(248): Doctrine\DBAL\Query\QueryBuilder->execute()
#5 /var/www/html/lib/private/AppConfig.php(345): OC\DB\QueryBuilder\QueryBuilder->execute()
#6 /var/www/html/lib/private/AppConfig.php(110): OC\AppConfig->loadConfigValues()
#7 /var/www/html/lib/private/AppConfig.php(301): OC\AppConfig->getApps()
#8 /var/www/html/lib/private/legacy/OC_App.php(957): OC\AppConfig->getValues(false, âinstalled_versiâŠâ)
#9 /var/www/html/lib/private/Server.php(668): OC_App::getAppVersions()
#10 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(155): OC\Server->OC{closure}(Object(OC\Server))
#11 /var/www/html/3rdparty/pimple/pimple/src/Pimple/Container.php(118): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility{closure}(Object(Pimple\Container))
#12 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(122): Pimple\Container->offsetGet(âOC\Memcache\FacâŠâ)
#13 /var/www/html/lib/private/ServerContainer.php(156): OC\AppFramework\Utility\SimpleContainer->query(âOC\Memcache\FacâŠâ, true)
#14 /var/www/html/lib/private/Server.php(1677): OC\ServerContainer->query(âOC\Memcache\FacâŠâ)
#15 /var/www/html/lib/private/Server.php(1017): OC\Server->getMemCacheFactory()
#16 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(155): OC\Server->OC{closure}(Object(OC\Server))
#17 /var/www/html/3rdparty/pimple/pimple/src/Pimple/Container.php(118): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility{closure}(Object(Pimple\Container))
#18 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(122): Pimple\Container->offsetGet(âOCP\Lock\ILockiâŠâ)
#19 /var/www/html/lib/private/ServerContainer.php(156): OC\AppFramework\Utility\SimpleContainer->query(âOCP\Lock\ILockiâŠâ, true)
#20 /var/www/html/lib/private/Server.php(1977): OC\ServerContainer->query(âOCP\Lock\ILockiâŠâ)
#21 /var/www/html/lib/private/Files/View.php(118): OC\Server->getLockingProvider()
#22 /var/www/html/lib/private/Server.php(395): OC\Files\View->__construct()
#23 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(155): OC\Server->OC{closure}(Object(OC\Server))
#24 /var/www/html/3rdparty/pimple/pimple/src/Pimple/Container.php(118): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility{closure}(Object(Pimple\Container))
#25 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(122): Pimple\Container->offsetGet(âOC\Files\Node\HâŠâ)
#26 /var/www/html/lib/private/ServerContainer.php(156): OC\AppFramework\Utility\SimpleContainer->query(âOC\Files\Node\HâŠâ, true)
#27 /var/www/html/lib/private/Server.php(1324): OC\ServerContainer->query(âOC\Files\Node\HâŠâ)
#28 /var/www/html/lib/base.php(595): OC\Server->boot()
#29 /var/www/html/lib/base.php(1091): OC::init()
#30 /var/www/html/console.php(49): require_once(â/var/www/html/lâŠâ)
#31 /var/www/html/occ(11): require_once(â/var/www/html/câŠâ)
docker-compose-t2.yml
version: â3.7â
########################### NETWORKS
networks:
t2_proxy:
external:
name: t2_proxy
default:
driver: bridge
########################### SERVICES
services:
# All services / apps go below this line
traefik:
hostname: traefik
image: traefik:2.2.1
container_name: traefik
restart: unless-stopped
domainname: ${DOMAINNAME}
command: # CLI arguments
- --global.checkNewVersion=true
- --global.sendAnonymousUsage=true
- --entryPoints.http.address=:80
- --entryPoints.https.address=:443
- --entryPoints.traefik.address=:8080
- --api=true
- --api.insecure=true
# - --serversTransport.insecureSkipVerify=true
- --log=true
- --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
- --accessLog=true
- --accessLog.filePath=/traefik.log
- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
- --accessLog.filters.statusCodes=400-499
- --providers.docker=true
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.docker.defaultrule=Host({{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME
)
- --providers.docker.exposedByDefault=false
- --providers.docker.network=t2_proxy
- --providers.docker.swarmMode=false
- --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
# - --providers.file.filename=/path/to/file # Load dynamic configuration from a file.
- --providers.file.watch=true # Only works on top level files in the rules folder
# - --certificatesResolvers.dns-ovh.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
- --certificatesResolvers.dns-ovh.acme.email=$OVH_EMAIL
- --certificatesResolvers.dns-ovh.acme.storage=/acme.json
- --certificatesResolvers.dns-ovh.acme.dnsChallenge.provider=ovh
networks:
- t2_proxy
security_opt:
- no-new-privileges:true
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
- target: 8080
published: 8080
protocol: tcp
mode: host
volumes:
- $DOCKERDIR/traefik2/rules:/rules
- /var/run/docker.sock:/var/run/docker.sock:ro
- $DOCKERDIR/traefik2/acme/acme.json:/acme.json
- $DOCKERDIR/traefik2/traefik.log:/traefik.log
- $DOCKERDIR/shared:/shared
env_file:
- .env
# secrets:
# - ovh_app_key
# - ovh_key
# - ovh_app_secret
environment:
- OVH_API_EMAIL=${OVH_EMAIL}
- OVH_ENDPOINT=ovh-eu
- OVH_APPLICATION_KEY=XXX
- OVH_APPLICATION_SECRET=XXX
- OVH_CONSUMER_KEY=XXX
labels:
- âtraefik.enable=trueâ
# HTTP-to-HTTPS Redirect
- âtraefik.http.routers.http-catchall.entrypoints=httpâ
- âtraefik.http.routers.http-catchall.rule=HostRegexp({host:.+}
)â
- âtraefik.http.routers.http-catchall.middlewares=redirect-to-httpsâ
- âtraefik.http.middlewares.redirect-to-https.redirectscheme.scheme=httpsâ
# HTTP Routers
- âtraefik.http.routers.traefik-rtr.entrypoints=httpsâ
- âtraefik.http.routers.traefik-rtr.rule=Host(traefik.$DOMAINNAME
)â
- âtraefik.http.routers.traefik-rtr.tls=trueâ
# - âtraefik.http.routers.traefik-rtr.tls.certresolver=dns-ovhâ # Comment out this line after first run of traefik to force the use of wildcard certs
- âtraefik.http.routers.traefik-rtr.tls.domains[0].main=*.$DOMAINNAMEâ
- âtraefik.http.routers.traefik-rtr.tls.domains[0].sans=$DOMAINNAMEâ
## Services - API
- âtraefik.http.routers.traefik-rtr.service=api@internalâ
## Middlewares
- âtraefik.http.routers.traefik-rtr.middlewares=chain-basic-auth@fileâ
db:
image: mariadb
container_name: nxt_db
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: always
volumes:
# - /var/lib/docker/volumes/nextcloud_db/_data:/var/lib/mysql:rw
# - $DOCKERDIR/db/data/mysql:/var/lib/mysql:rw
- db:/var/lib/mysql
secrets:
- os_secret
environment:
- MYSQL_ROOT_PASSWORD=xxxxxx
# networks:
# default:
# ipv4_address: â172.20.0.3â
nextcloud:
container_name: nxt
image: nextcloud:20-apache
restart: always
depends_on:
- db
networks:
- t2_proxy
- default
# ports:
# - â443:443â
security_opt:
- no-new-privileges:true
volumes:
# - $DOCKERDIR/nxt:/config
# - $DOCKERDIR/nxt/data:/var/www/html:rw
- nextcloud:/var/www/html
environment:
- NODE_ENV=production
- MYSQL_HOST=db
labels:
- âtraefik.enable=trueâ
- âtraefik.docker.network=traefik_proxyâ
## TCP Routers
- âtraefik.tcp.routers.nextcloud-tcp.entrypoints=httpsâ
- âtraefik.tcp.routers.nextcloud-tcp.rule=HostSNI(nextcloud.$DOMAINNAME
)â
- âtraefik.tcp.routers.nextcloud-tcp.tls.certresolver=ovh-euâ
- âtraefik.tcp.routers.nextcloud-tcp.tls.passthrough=trueâ
## TCP Services
- âtraefik.tcp.routers.nextcloud-tcp.service=nextcloud-tcp-svcâ
- âtraefik.tcp.services.nextcloud-tcp-svc.loadbalancer.server.port=443â
volumes:
db:
nextcloud:
secrets:
os_secret:
file: $SECRETSDIR/mysql_pwd