For a while now, I have been trying to install Nextcloud All in One behind a Reverse Proxy. The guide recommends using- network_mode: "host". But I want to avoid using this. The reason is that I want to portforward the Caddy container, because my OpenMediavault Dashboard is already at ports 443 and 80, and I want to keep it that way. (My router is correctly set up so that 443 and 80 direct to the Caddy Container).
So the Nextcloud container is āhealthyā now. But these are the logs:
[09-Dec-2023 23:07:39] NOTICE: fpm is running, pid 683
[09-Dec-2023 23:07:39] NOTICE: ready to handle connections
Activating Collabora config...
Failed to activate any config changes
Server error: `GET https://cloud.domain.tld/hosting/discovery` resulted in a `502 Bad Gateway` response
Just to see what would happen I changed it to 127.0.0.1.
This is the outcome.
Nextcloud logs:
āā"
System config value trusted_proxies => 0 set to string 127.0.0.1
System config value trusted_proxies => 1 set to string ::1
Config value base_endpoint for app notify_push set to https://cloud.domain.tld/push
richdocuments 8.2.3 installed
richdocuments enabled
Config value wopi_url for app richdocuments set to https://cloud.domain.tld/
System config value allow_local_remote_servers set to boolean true
No ipv6-address found for cloud.domain.tld.
Config value wopi_allowlist for app richdocuments set to <public_ip>,127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1
spreed 17.1.3 installed
spreed enabled
Added cloud.domain.tld:3478.
Added cloud.domain.tld:3478.
There is nothing to delete.
Added signaling server https://cloud.domain.tld/standalone-signaling/.
Config value recording_servers of app spreed deleted
System config value enabledPreviewProviders => 0 set to string OC\Preview\Imaginary
System config value preview_imaginary_url set to string http://nextcloud-aio-imaginary:9000
+ '[' true = true ']'
+ '[' 11000 = 443 ']'
+ '[' 127.0.0.1 = 127.0.0.1 ']'
++ dig nextcloud-aio-apache A +short +search
++ grep '^[0-9.]\+$'
++ sort
++ head -n1
+ IPv4_ADDRESS_APACHE=192.168.96.10
++ dig nextcloud-aio-apache AAAA +short +search
++ grep '^[0-9a-f:]\+$'
++ sort
++ head -n1
+ IPv6_ADDRESS_APACHE=
++ dig nextcloud-aio-mastercontainer A +short +search
++ grep '^[0-9.]\+$'
++ sort
++ head -n1
+ IPv4_ADDRESS_MASTERCONTAINER=192.168.96.2
++ dig nextcloud-aio-mastercontainer AAAA +short +search
++ grep '^[0-9a-f:]\+$'
++ sort
++ head -n1
+ IPv6_ADDRESS_MASTERCONTAINER=
+ sed -i 's|^;listen.allowed_clients|listen.allowed_clients|' /usr/local/etc/php-fpm.d/www.conf
+ sed -i 's|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,192.168.96.10,,192.168.96.2,|' /usr/local/etc/php-fpm.d/www.conf
+ sed -i '/^listen.allowed_clients/s/,,/,/g' /usr/local/etc/php-fpm.d/www.conf
+ sed -i '/^listen.allowed_clients/s/,$//' /usr/local/etc/php-fpm.d/www.conf
+ grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
listen.allowed_clients = 127.0.0.1,::1,192.168.96.10,192.168.96.2
+ set +x
[09-Dec-2023 23:33:20] NOTICE: fpm is running, pid 710
[09-Dec-2023 23:33:20] NOTICE: ready to handle connections
Activating Collabora config...
Failed to activate any config changes
Server error: `GET https://cloud.domain.tld/hosting/discovery` resulted in a `502 Bad Gateway` response
Really hope someone can help me out here. I really have no idea what is going on. With all these tests I also turned on the Cloudflare DNS proxy on again btw.
yes, I did leave the domaincheck on. because if you change the caddyfile line to reverse_proxy nextcloud-aio-domaincheck:11000 before you open nextcloud-aio for the first time, the domaincheck works. Only make sure to change it back to reverse_proxy nextcloud-aio-apache:11000 before you actually install the nextcloud containers.
@kromsam Iām also trying to get Nextcloud AIO running behind Caddy but for some reason I canāt adapt your solution to my server. My NC docker-compose.yaml is functionally identical to yours with the exception that I have port 8080 bound to 8080 on the host network and I have caddy in a separate docker-compose.yaml (I have a lot of different things running on this server, so I want to keep everything separated for ease of maintenance). Before anyone asks, yes, caddy is on the same Docker network as the Nextcloud container.
The relevant part of my Caddyfile looks like this:
Iāve verified that port 8080 on the host is accessible to the web. Iāve also done some investigating by using curl to inspect the container:
loren@kerbol$ curl 172.29.0.2:8080
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
</p>
<hr>
<address>Apache/2.4.58 (Unix) Server at localhost Port 8080</address>
</body></html>
loren@kerbol$ curl 172.29.0.2:11000
curl: (7) Failed to connect to 172.29.0.2 port 11000 after 0 ms: Couldn't connect to server
loren@kerbol$
When I attempt to access the base domain (https://nextcloud.my.domain), I get an HTTP 502 response, which I believe is just caddyās default response when it tries to reverse proxy to something that doesnāt respond. When I access https://nextcloud.my.domain:8080 (Iāve set up port forwarding on port 8080 temporarily), I get a NET::ERR_CERT_AUTHORITY_INVALID error reported from my browser.
Do you (or anyone else) have insights as to what Iāve done wrong?
It turns out I was trying to access port 8080 over WAN; you have to access it over LAN. Once you do so, the AIO container will set up Nextcloud for you, which will start the server behind port 11000. At this point, you can just point your reverse proxy at 11000 and youāre in business.
Basically, donāt try to set up Nextcloud AIO unless you (a) are on the local network or (b) have a VPN connection in to that network.
Could you please explain further, with your configuration of 2 containers one for Caddy and the other for AIO, what do you mean by āaccess over LANā ?
Basically, the AIO configuration page only accepts traffic from your local network; you canāt access it from a remote computer (unless you use a VPN to connect to your local network). That means that youāll need to access the AIO container from something like 192.168.1.x:8080, while the main Nextcloud instance can be proxied to the internet with Caddy or something else at port 11000.