Until now I use nextloudpi, but read, this will not get updates anymore. So I try Nextcloud AIO. As described in https://github.com/nextcloud/all-in-one/blob/main/local-instance.md I don’t want my NC in public internet. I only want local access. So I followed the installation manual https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md for Traefik 2.
I used the docker-compose.yml from https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml for creating the master-container. I was able to install the container and Nextcloud in version 26, because I have a port-forwarding for ports 80 and 443 to the traefik-container.
But then the problems begin:
I am not able to open the Nextcloud Loginpage from LAN, the website is not found. But I can open the Nextcloud Loginpage from external (smartphone with deactivated WLAN).
I then create a local DNS record in pi-hole for my nextcloud-domain with the ip-address of my NAS, which runs the docker-containers. After this
- the container nextcloud-aio-apache shows status unhealthy
- open the nextcloud-url shows me the login-page from my router Fritzbox 7590ax
I see in the traefik.log, that my nextcloud-domain has get a letsencrypt-certificate. And I have another container, which works with traefik. I can open the url from LAN and public internet. So the problems are related to the nextcloud-aio-installation.
In my router the nextcloud-domain is in the “DNS-Rebind-Protection”.
Here is my static traefik.yml, which is taken from another installation manual, and so some different to the manual https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md:
api: dashboard: true certificatesResolvers: http: acme: email: "xxx" storage: "acme_letsencrypt.json" httpChallenge: entryPoint: http entryPoints: http: address: ":80" http: redirections: entryPoint: to: "https" scheme: "https" https: address: ":443" global: checknewversion: true sendanonymoususage: false providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: true network: "proxy" file: directory: "./conf" watch: true providersThrottleDuration: 10 log: level: "DEBUG" filePath: "/logs/traefik.log" accessLog: filePath: "/logs/access.log"
And here is the dynamic nextcloud.yml configuration:
http: routers: nextcloud: rule: "Host(`nextcloud.xxx.xx`)" entrypoints: - "https" service: nextcloud middlewares: - nextcloud-chain tls: certresolver: "http" services: nextcloud: loadBalancer: servers: - url: "http://192.168.178.57:11000" # Use the host's IP address if Traefik runs outside the host network middlewares: nextcloud-secure-headers: headers: hostsProxyHeaders: - "X-Forwarded-Host" referrerPolicy: "same-origin" https-redirect: redirectscheme: scheme: https nextcloud-chain: chain: middlewares: # - ... (e.g. rate limiting middleware) - https-redirect - nextcloud-secure-headers
Here is the docker-compose.yml, which I used to create the master-container:
version: "3.8" volumes: nextcloud_aio_mastercontainer: name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work services: nextcloud: image: nextcloud/all-in-one:latest restart: always container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly volumes: - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'! ports: - 16000:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md - 16001:8080 - 16002:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md # environment: # Is needed when using any of the options below environment: # - AIO_DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface. - APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md # - APACHE_IP_BINDING=0.0.0.0 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca # - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container which is needed for hardware-transcoding. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using. # - WATCHTOWER_DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock' # networks: # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file # - nextcloud-aio # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588 # caddy: # image: caddy:alpine # restart: always # container_name: caddy # volumes: # - ./Caddyfile:/etc/caddy/Caddyfile # - ./certs:/certs # - ./config:/config # - ./data:/data # - ./sites:/srv # network_mode: "host" # # Optional: If you need ipv6, follow step 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md first and then uncomment the below config in order to activate ipv6 for the internal nextcloud-aio network. # # Please make sure to uncomment also the networking lines of the mastercontainer above in order to actually create the network with docker-compose # # Inspired by https://github.com/mailcow/mailcow-dockerized/blob/master/docker-compose.yml # networks: # nextcloud-aio: # name: nextcloud-aio # This line is not allowed to be changed as otherwise the created network will not be used by the other containers of AIO # driver: bridge # enable_ipv6: true # ipam: # driver: default # config: # - subnet: fd12:3456:789a:2::/64 # IPv6 subnet to use
Do anyone know the cause of my problems? Do you need more information?
Thanks in advance