Hi
I just installed NextCloud and MariaDB on an Ubuntu VM with Docker and it works great going to my .local domain. I would like to enable SSL so i can integrate the calendar on my iphone (and the documentation i read said that you have to have SSL to enable this).
The only SSL tutorials i can find include letsencrypt and nginx for actual domain names, but I just want to run it on my local IP for now.
I’ve tried attaching to the container, making a self-signed certificate and updating the 000-default.conf file in the available-sites folder within the docker container. When i change the *80 to *443 and restart the service, it gets caught up in an endless restart loop.
Can anyone recommend a way (or an article, or a video) to self-sign an SSL cert so i can just run the domain.local version of nextcloud and get the calendar integration working on my phone?
Misconfiguration of Apache is most likely the issue. If you can post your site config maybe we’ll see what’s going on.
Not many attempt this configuration because certbot is so easy to set up and gives you auto-renewing valid certificates.
The .local domain will never be internet-routable so you will be stuck accessing via IP with no possibility of using a valid cert without a name change. You’ll go through a lot of extra trouble to get it working with an invalid domain and cert.
what excatly did you do? docker exec -u www-data nextcloud /bin/sh ?
what you should do:
follow one of how-to-create-a-selfsigned-cert listed here: create self signed certificate - Google-haku and store the cert files somewhere on your host filesystem. e.g. /etc/nextcloud
you may skip this if there are the “snakeoil-cert” file already present in the container. so this would work out of the box. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
get a working apache config. you can’t just change *80 → *443 because you have to tell apache where to find the cert files. and you have to enable ssl for this virtual host.
put the new config file also in /etc/nextcloud
just now you have to examine the apache config inside of the container. docker exec -u www-data nextcloud /bin/sh and search /etc for the apache config. probably you have done that already since you found the 000-default.conf file.
putting it together: assuming you used a docker compose file to start the “stack”. you have to bind the files from your host /etc/nextcloud to the according /etc/apache2-file inside the container. on a cli you would have to add e.g.: -v /etc/nextcloud/000-default.conf:/etc/apache2/000-default.conf:ro -v /etc/nextcloud/selfsigned.key:/etc/ssl/keys/my-selfsigned.key:ro ← and point to /etc/ssl/keys/my-selfsigned.key the vhost *443 section (SSLCertificateKeyFile /etc/ssl/keys/my-selfsigned.key)
and you have to expose the port 443 of the nextcloud in the docker-compose file. i guess only port 80 is exposed by default.
you got the idea? “creating a working ssl apache config on your host and bind it into the container.” that’s it.
to get an idea how a working apache ssl vhost config looks like it’s in this article:
if that was already clear to you please post your 000-default.conf and docker-compose file. someone might be able to help you debugging it.
Wow, really helpful direction. Thank you! I’m still not able to get this to work, but I think i followed what you’ve outlined. I suspect its something in my apache config file.
I noticed that my config file was pointing to my local drive but i mapped the key and crt to /etc/ssl/keys and /etc/ssl/certs, respectively…
I tried updating my 000-default.conf to this, but still no luck
<VirtualHost *:443>
ServerName 192.168.7.104
ErrorLog ${APACHE_LOG_DIR}/nextcloud-error.log
CustomLog ${APACHE_LOG_DIR}/nextcloud-access.log combined
SSLEngine On
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
RewriteEngine On
RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
SSLCertificateFile /etc/ssl/certs/nextcloud.crt
SSLCertificateKeyFile /etc/ssl/keys/nextcloud.key