Standard vanilla install vs docker performance

axo · December 7, 2020, 8:21pm

Hello.
I still consider myself a newbie so here is my dumb question:

I have been playing already with 3 instances of nextcloud i setup on a google cloud VM, and now i have another server with hostiso where i setup a new nextcloud server on ubuntu 20.04 with the standard manual install.

During my experiments, i found the SNAP installation to be useless, leaving you with a unusable slow instance of nextcloud from the start.

Now on the new server i see it is very usable to navigate the web interface, use the sync apps and Talk works great. But the collabora part is still very slow to use at all.

I havent jump into playing with Docker yet, i just saw a few overview tutorials and understand that the way it works, applications should be super fast and what not… but i need to ask:
Does a docker installation of nextcloud runs much faster and better in docker or should be about the same under the same specs?
My server now has 4 cores and 8GB of ram all for nextcloud purposes.

Thanks

Reiner_Nippes · December 7, 2020, 9:19pm

try yourself:

without:

with:

axo · December 7, 2020, 9:38pm

So this is where i am right now:

> “so this chit “Playbook” is a script you can run and get all that setup quickly?!”

I will need to rent another one of those virtual servers to play with this stuff and learn. Where do i start?
Thank you for providing me the links, i will proceed to perpetually cook my retina against the black wall and white letters moving up

Reiner_Nippes · December 8, 2020, 8:39am

github.com

ReinerNippes/nextcloud/blob/nextcloud-reloaded/README.md#install

Nextcloud (Latest)
=========

Ansible Playbook to install

* Nextcloud (Latest) - <https://nextcloud.com/>
* nginx - <https://nginx.org/> or Apache <https://httpd.apache.org/>
* PHP - <http://www.php.net/>
* MariaDB - <https://mariadb.org/> or PostgreSQL <https://www.postgresql.org/>
* redis - <https://redis.io/>
* restic backup - <https://restic.readthedocs.io>
* Nextcloud Talk
* Fulltextsearch / Elasticsearch
* Collabora Online <https://www.collaboraoffice.com/>
or
* Onlyoffice <https://www.onlyoffice.com>

In less than 20 minutes.

Most of the settings are recommentations from C. Rieger (nginx) or Daniel Hansson (apache)

This file has been truncated. show original

github.com

ReinerNippes/nextcloud_on_docker/blob/master/README.md#preparation

# Install Nextcloud (Latest) + Database (MariaDB/PostgreSQL/SQLite) + Encryption (Let's Encrypt Certificate/Self-signed) + Extra options on Docker

100% Handsfree & Ready to login.

Right now this will run on Ubuntu 18/20, Debian 9/10, CentOS 7, Amazon Linux 2, VMWare Photon OS

The playbook runs on x86_64 and ARM(64) servers. It's tested on AWS EC2, Scaleway Server and on Rasberry 3+ running Debian 9.

Onlyoffice and Collabora work only on a x86_64 server because there are no ARM(64) images.

> **WARNING**: This a new version of this Playbook using Traefik v2. Don't run this Playbook to update your installation from a previous version of this Playbook. This may break your system.

## Preparation

Install [Ansible](https://www.ansible.com/) and some needed tools by running the following command with a user that can sudo or is root. 
```bash
curl -s https://raw.githubusercontent.com/reinernippes/nextcloud_on_docker/master/prepare_system.sh | /bin/bash
```

Clone this repo and change into the directory nextcloud_on_docker.

This file has been truncated. show original

or

axo · January 5, 2021, 2:30pm

Reiner i was able to setup the server using the docker option and it flies. Pretty awesome stuff.

I have a few questions, remember i am still learning here.

I am browsing and looking into the files here GitHub - ReinerNippes/nextcloud at nextcloud-reloaded
trying to find the actual “script” with the commands executed to setup everything, but i see the .yml files and they look more like pre defined variables than an actual list of commands to be executed.
Maybe this is the ansible language which at the moment i have no clue how it works? or is there a file somewhere where i can see the actual commands being executed one by one?
I set it up with a temporary subdomain (examp2.domain.com) i made for it, and now i would like to actually use the installation and change the domain to (original.domain.com). so this is why i am trying to find the “script” on question 1… i am trying to see what command was used for the certbot and i would like to fix the domain inside the docker containers…
I can search for the domain and i see it in:
/opt/nextcloud/traefik/acme.json
/opt/nextcloud/config/config.php

I can edit those… but whats the actual command you used to run the cert and can i re run it again and fix this install or is better to run the whole playbook from scratch?

How “transparent” and safe is to actually use this installation script? I assume this was setup by you and there are a lot of guys in there that can identify anything fishy… as i was browsing the files i took some time to check what is being pulled from other sites and found encrypted code that i have no clue what is going to do, (backdoor warning flag).
How do you guys manage all this?
Please undertand i am not distrusting YOU. nothing personal, i just want to understand how far anyone can go on github running stuff without compromising security.

Thank you man

Reiner_Nippes · January 5, 2021, 5:23pm

yes. it’s declarative. you describe in the yaml how your system should look like. the “code” is in the ansible modules.

ansible assembles a python script based on your yaml and these modules to be executed on your target host. but the python scripts are temporary. created on-the-fly and deleted after execution. (because some may contain plaintext credentials.)

nana can explain it better:

yes. because you are searching in the wrong direction. (or my documentation is to weak…)

in the following i’m talking about nextcloud_on_docker.
your link in 1. points to nextcloud_reloaded. but /opt/nextcloud/traefik/acme.json exists only in the docker version.

the playbook sets up a traefik container in front of nextcloud/nginx. traefik handles all incoming traffic plus the certificate creation. the file /opt/nextcloud/traefik/acme.json contain the letsencrypt certificats. the traefik base config is in traefik.yml and config.yml. but it’s not good to change this files because on each playbook run they are created from templates and your changes will be lost. so better edit the templates. (but you should not need. and not before you understand traefik.)

But how to change the domain.

easy. change the fqdn in the inventory and rerun the playbook.

that will change the container label.

github.com

ReinerNippes/nextcloud_on_docker/blob/master/roles/docker_container/tasks/nginx.yml#L36


      
              - name: backend
            networks_cli_compatible: true
            volumes:
              - "{{ nextcloud_nginx_dir }}/nginx.conf:/etc/nginx/nginx.conf"
              - "{{ nextcloud_nginx_dir }}/uploadsize.conf:/etc/nginx/conf.d/uploadsize.conf"
            volumes_from:
              - nextcloud
            labels:
              traefik.enable: "true"
              traefik.http.routers.nginx.entrypoints: "web-secure"
              traefik.http.routers.nginx.rule: "Host(`{{ nextcloud_server_fqdn }}`)"
              traefik.http.routers.nginx.middlewares: "nextcloud@file,nextcloud-redirect@file,nextcloud-webfinger@file"
              traefik.http.routers.nginx.service: "nginx"
              traefik.http.services.nginx.loadbalancer.server.port: "80"
              com.centurylinklabs.watchtower.enable: "{{ watchtower_enabled_nginx }}"
              com.centurylinklabs.watchtower.depends-on: "nextcloud"
            state: "{{ state | default('started') }}"
          register: docker_result

traefik is “monitoring” all container labels and will route traffic according to this rules. the certificate will be created on-the-fly.

to change the trusted domain in the /opt/nextcloud/config/config.php as well you have to call the playbook with -e force_nextcloud_config=true as additional parameter. or edit it manually. this is not a template and won’t be changed by the playbook.

examples? or do you mean the docker images?

no problem. since solarwinds trust is a general problem.

but I’m not aware that I have encrypted stuff in the playbook. that’s why i’m asking about an example. my playbook just remove the burden of typing apt update; apt install docker; docker run ...

I can’t speak about the container. here we have to trust Docker, Nextcloud, Postgres, Traefik, and so on.

the good news: that’s open source and the source and the build process should be constantly monitored by a lot of people. ansible for example is used by redhat to run their complete internal it. so they should have a deep interested in not being hacked.

the bad news: see solarwinds.

axo · January 5, 2021, 6:00pm

Dude… no words to thank you enough for the detail/expertise and energy you put in your answers.

Ok no prob. So now i need to learn how to wipe the server clean and run the playbook again. I do not have access with the hosting provider to revert the server, i need to do it myself. (you guys know any command or tool to restore a server to vanilla state whithout being a snapshot tool?)

I got a bit lost with the container label parts you were explaining, but dont worry. I followed the instructions and just set my domain in the inventory file and everything worked perfect.

I will watch the ansible video. I know is a tool to manage multiple clients at once pushing the commands via the playbooks you make… but i will try to find the part explaining how it actually executes the commands or list of commands as for example in snap packages.

I was just searching for an example to show you and found the section where there is a script that takes care of my previous certbot question

No i didnt mean in the docker containers…
but here is an example,
Somewhere during the installation process i found a reference to this script: https://bootstrap.pypa.io/get-pip.py as part of the setup.
scroll down to DATA = b"""and everything else below is encrypted.
Ok i see this is the
“The Python Packaging Authority (PyPA)” and i need to believe they are trustable or go find a milking cows job instead (Solarwinds). lol

Thanks a lot man once again. I am having fun learning all this

Reiner_Nippes · January 5, 2021, 7:02pm

scripts/remove_all_docker_stuff.sh ; sudo rm -rf /opt/nextcloud ← clean

maybe you want to spare the traefik folder. because if you repeat that too often on one day you will be block by letsencrypt for a week.

put ansible-playbooks -vvvv before nextcloud.yml and you’ll the path to the python script that is executed.

python just became “Programming language of year”. that makes it also the perfect target for hackers to install backdoors. hope the maintainer of pypa.io know their job.

axo · January 16, 2021, 3:29pm

UPDATE!! The server just came back up on its own…
i am assuming my VPS provider was having some issues, but at the same time, while the server was down i was still able to SSH to it. so im confused. I would like to still learn how to check the logs on this docker instance to make sure everything is fine.

Hello again !!

My server went down since last night … its showing 502 Bad Gateway.
I was using the docker installation from your playbook. So i need to learn to find the logs now and check whats going on. I could not find anything under /var/log

The only thing that may have caused the issue was an update that popped up in the web interface yesterday, but it didnt look like any major update… I dont remember exactly what it was, and i cant tell for sure the issue started right there as i didnt use the server much, i was working locally.

Thank you!

axo · July 9, 2021, 1:00pm

Hello again Reiner.

I have been using your setup of Nextcloud on Docker all this time since this post was created.
I have been using it mostly without any major issues (i get colabora disconnecting, apps crashing every now and then) but a reboot always took care of the issues.

This was my first ever experiment to learn Docker, and besides watching some video tutorials, and using the playbook, i haven’t had much time to keep playing with it. So please keep in mind i am an absolute noob.

Now for the past few days the server went 404 via web, desktop client and mobile app.
I am trying to troubleshoot it and just learn how to pull logs from docker.

I can see in the logs below, that the nginx server is not being found, and a bunch of other errors related… but i have no clue where to start or what to do.

I would like to fix this so i can learn from a real life scenario, and try to save the data and setup, otherwise ill have to start from scratch. I do have all the files backed up tho.

If you got a minute could you please take a look at these and help me with some tips? Does it look like fixable or i need to setup a new server?
The issue just popped out of nothing, i haven’t been doing anything else on this server except an apt update maybe 20 days ago or so…

Thank you

Docker status:

root@vmi284507:/etc# service docker status
● docker.service - Docker Application Container Engine
    Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
    Active: active (running) since Thu 2021-07-08 20:32:19 EDT; 1min 59s ago
TriggeredBy: ● docker.socket
      Docs: https://docs.docker.com
  Main PID: 80074 (dockerd)
     Tasks: 48
    Memory: 86.8M
    CGroup: /system.slice/docker.service
            ├─80074 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
            ├─80500 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.x.x.7 -container-port 443
            └─80524 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.x.x.7 -container-port 80

Jul 08 20:32:12 vmi284507.contaboserver.net dockerd[80074]: time="2021-07-08T20:32:12.126863241-04:00" level=warning msg="Your kernel does not support CPU realtime scheduler"
Jul 08 20:32:12 vmi284507.contaboserver.net dockerd[80074]: time="2021-07-08T20:32:12.127007790-04:00" level=warning msg="Your kernel does not support cgroup blkio weight"
Jul 08 20:32:12 vmi284507.contaboserver.net dockerd[80074]: time="2021-07-08T20:32:12.127157499-04:00" level=warning msg="Your kernel does not support cgroup blkio weight_de>
Jul 08 20:32:12 vmi284507.contaboserver.net dockerd[80074]: time="2021-07-08T20:32:12.128542808-04:00" level=info msg="Loading containers: start."
Jul 08 20:32:12 vmi284507.contaboserver.net dockerd[80074]: time="2021-07-08T20:32:12.441045543-04:00" level=info msg="Default bridge (docker0) is assigned with an IP addres>
Jul 08 20:32:19 vmi284507.contaboserver.net dockerd[80074]: time="2021-07-08T20:32:19.010546747-04:00" level=info msg="Loading containers: done."
Jul 08 20:32:19 vmi284507.contaboserver.net dockerd[80074]: time="2021-07-08T20:32:19.085591693-04:00" level=info msg="Docker daemon" commit=b0f5bc3 graphdriver(s)=overlay2 >
Jul 08 20:32:19 vmi284507.contaboserver.net dockerd[80074]: time="2021-07-08T20:32:19.086463075-04:00" level=info msg="Daemon has completed initialization"
Jul 08 20:32:19 vmi284507.contaboserver.net systemd[1]: Started Docker Application Container Engine.
Jul 08 20:32:19 vmi284507.contaboserver.net dockerd[80074]: time="2021-07-08T20:32:19.170098686-04:00" level=info msg="API listen on /run/docker.sock"

Images:

root@vmi284507:/etc# docker images
REPOSITORY                      TAG          IMAGE ID       CREATED        SIZE
nginx                           alpine       b9e2356ea1be   2 days ago     22.8MB
nextcloud                       fpm-alpine   236141c6113c   2 days ago     568MB
collabora/code                  latest       9a428589679f   2 days ago     1.39GB
redis                           alpine       500703a12fa4   2 days ago     32.3MB
portainer/portainer-ce          latest       8bd64518b976   2 weeks ago    210MB
mariadb                         latest       6d5c5ed114ad   2 weeks ago    408MB
traefik                         latest       99f7809fa346   2 weeks ago    92MB
tecnativa/docker-socket-proxy   latest       e419047c5d43   5 months ago   21.1MB
adminer                         latest       234dd75608e9   5 months ago   91.3MB
containrrr/watchtower           latest       2ddeb26d6d30   6 months ago   15.2MB

Traefik image log:

root@vmi284507:~# docker logs e949deee693e
time="2021-06-23T00:00:19Z" level=info msg="Configuration loaded from file: /traefik.yaml"
2021/06/23 03:10:55 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/06/23 03:10:55 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/06/23 03:10:55 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/06/23 03:10:55 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/06/23 03:10:55 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/06/23 03:10:55 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
unexpected EOF
2021/06/29 03:14:13 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/06/29 03:14:13 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/06/29 22:51:24 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/06/29 22:51:24 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/06/29 22:51:24 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/06/29 22:51:24 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/06/29 22:51:24 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/06/30 03:14:27 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/06/30 03:14:27 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/06/30 03:14:27 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/06/30 03:14:27 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/06/30 03:14:27 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/06/30 03:14:27 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/07/06 01:07:02 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/07/06 01:07:02 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/07/06 01:07:02 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/07/06 01:07:03 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/07/06 01:07:03 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/07/06 01:07:03 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/07/06 01:07:04 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/07/06 01:14:04 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/07/06 11:29:19 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/07/06 11:29:20 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
2021/07/06 13:37:39 reverseproxy.go:476: httputil: ReverseProxy read error during body copy: unexpected EOF
time="2021-07-07T00:02:32Z" level=error msg="service \"nginx\" error: unable to find the IP address for the container \"/nginx\": the server is ignored" providerName=docker container=nginx-0e1433223a0648bf5419adb72b608a96172bf890ff8facea2a3f1e0f5c78f691
time="2021-07-07T00:02:34Z" level=error msg="service \"nginx\" error: unable to find the IP address for the container \"/nginx\": the server is ignored" providerName=docker container=nginx-0e1433223a0648bf5419adb72b608a96172bf890ff8facea2a3f1e0f5c78f691
time="2021-07-07T00:02:36Z" level=error msg="service \"nginx\" error: unable to find the IP address for the container \"/nginx\": the server is ignored" providerName=docker container=nginx-0e1433223a0648bf5419adb72b608a96172bf890ff8facea2a3f1e0f5c78f691
time="2021-07-07T00:02:36Z" level=error msg="service \"nginx\" error: unable to find the IP address for the container \"/nginx\": the server is ignored" providerName=docker container=nginx-0e1433223a0648bf5419adb72b608a96172bf890ff8facea2a3f1e0f5c78f691
time="2021-07-07T00:02:37Z" level=error msg="service \"nginx\" error: unable to find the IP address for the container \"/nginx\": the server is ignored" providerName=docker container=nginx-0e1433223a0648bf5419adb72b608a96172bf890ff8facea2a3f1e0f5c78f691
time="2021-07-07T00:02:37Z" level=error msg="service \"nginx\" error: unable to find the IP address for the container \"/nginx\": the server is ignored" providerName=docker container=nginx-0e1433223a0648bf5419adb72b608a96172bf890ff8facea2a3f1e0f5c78f691
time="2021-07-07T00:02:38Z" level=error msg="service \"nginx\" error: unable to find the IP address for the container \"/nginx\": the server is ignored" providerName=docker container=nginx-0e1433223a0648bf5419adb72b608a96172bf890ff8facea2a3f1e0f5c78f691
time="2021-07-07T00:02:38Z" level=error msg="service \"nginx\" error: unable to find the IP address for the container \"/nginx\": the server is ignored" providerName=docker container=nginx-0e1433223a0648bf5419adb72b608a96172bf890ff8facea2a3f1e0f5c78f691
time="2021-07-07T00:02:41Z" level=error msg="service \"nginx\" error: unable to find the IP address for the container \"/nginx\": the server is ignored" providerName=docker container=nginx-0e1433223a0648bf5419adb72b608a96172bf890ff8facea2a3f1e0f5c78f691
time="2021-07-07T00:02:41Z" level=error msg="service \"nginx\" error: unable to find the IP address for the container \"/nginx\": the server is ignored" providerName=docker container=nginx-0e1433223a0648bf5419adb72b608a96172bf890ff8facea2a3f1e0f5c78f691
time="2021-07-07T13:52:04Z" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=web-secure
time="2021-07-07T13:52:04Z" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=web
time="2021-07-07T13:52:04Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web
time="2021-07-07T13:52:04Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web-secure
time="2021-07-07T13:52:04Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web-secure
time="2021-07-07T13:52:04Z" level=error msg="close tcp [::]:80: use of closed network connection" entryPointName=web
time="2021-07-07T13:52:04Z" level=error msg="close tcp [::]:443: use of closed network connection" entryPointName=web-secure
time="2021-07-07T13:52:04Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web
time="2021-07-07T13:52:04Z" level=error msg="Failed to list containers for docker, error error during connect: Get \"http://dockerproxy:2375/v1.24/containers/json?limit=0\": context canceled" providerName=docker
time="2021-07-07T13:52:57Z" level=info msg="Configuration loaded from file: /traefik.yaml"
time="2021-07-07T14:28:22Z" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=web-secure
time="2021-07-07T14:28:22Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web-secure
time="2021-07-07T14:28:22Z" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=web
time="2021-07-07T14:28:22Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web-secure
time="2021-07-07T14:28:22Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web
time="2021-07-07T14:28:22Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web
time="2021-07-07T14:28:22Z" level=error msg="close tcp [::]:80: use of closed network connection" entryPointName=web
time="2021-07-07T14:28:22Z" level=error msg="close tcp [::]:443: use of closed network connection" entryPointName=web-secure
time="2021-07-07T14:28:22Z" level=error msg="Failed to list containers for docker, error Cannot connect to the Docker daemon at tcp://dockerproxy:2375. Is the docker daemon running?" providerName=docker
time="2021-07-07T14:28:22Z" level=error msg="Failed to list containers for docker, error Cannot connect to the Docker daemon at tcp://dockerproxy:2375. Is the docker daemon running?" providerName=docker
time="2021-07-07T14:28:22Z" level=error msg="Failed to list containers for docker, error Cannot connect to the Docker daemon at tcp://dockerproxy:2375. Is the docker daemon running?" providerName=docker
time="2021-07-07T14:28:22Z" level=error msg="Failed to list containers for docker, error Cannot connect to the Docker daemon at tcp://dockerproxy:2375. Is the docker daemon running?" providerName=docker
time="2021-07-07T14:30:57Z" level=info msg="Configuration loaded from file: /traefik.yaml"
time="2021-07-08T18:14:17Z" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=web
time="2021-07-08T18:14:17Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web
time="2021-07-08T18:14:17Z" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=web-secure
time="2021-07-08T18:14:17Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web-secure
time="2021-07-08T18:14:17Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web
time="2021-07-08T18:14:17Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web-secure
time="2021-07-08T18:14:17Z" level=error msg="close tcp [::]:80: use of closed network connection" entryPointName=web
time="2021-07-08T18:14:17Z" level=error msg="close tcp [::]:443: use of closed network connection" entryPointName=web-secure
time="2021-07-08T18:14:40Z" level=info msg="Configuration loaded from file: /traefik.yaml"
time="2021-07-08T18:14:48Z" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=web-secure
time="2021-07-08T18:14:48Z" level=error msg="Error while starting server: accept tcp [::]:443: use of closed network connection" entryPointName=web-secure
time="2021-07-08T18:14:48Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web-secure
time="2021-07-08T18:14:48Z" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=web
time="2021-07-08T18:14:48Z" level=error msg="Error while starting server: accept tcp [::]:80: use of closed network connection" entryPointName=web
time="2021-07-08T18:14:48Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web
time="2021-07-08T18:15:02Z" level=info msg="Configuration loaded from file: /traefik.yaml"
time="2021-07-08T18:26:58Z" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=web-secure
time="2021-07-08T18:26:58Z" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=web
time="2021-07-08T18:26:58Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web
time="2021-07-08T18:26:58Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web-secure
time="2021-07-08T18:26:58Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web
time="2021-07-08T18:26:58Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web-secure
time="2021-07-08T18:26:58Z" level=error msg="close tcp [::]:80: use of closed network connection" entryPointName=web
time="2021-07-08T18:26:58Z" level=error msg="close tcp [::]:443: use of closed network connection" entryPointName=web-secure
time="2021-07-08T18:27:48Z" level=info msg="Configuration loaded from file: /traefik.yaml"
time="2021-07-09T00:31:59Z" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=web-secure
time="2021-07-09T00:31:59Z" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=web
time="2021-07-09T00:31:59Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web
time="2021-07-09T00:31:59Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web
time="2021-07-09T00:31:59Z" level=error msg="close tcp [::]:80: use of closed network connection" entryPointName=web
time="2021-07-09T00:31:59Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web-secure
time="2021-07-09T00:31:59Z" level=error msg="Error while starting server: http: Server closed" entryPointName=web-secure
time="2021-07-09T00:31:59Z" level=error msg="close tcp [::]:443: use of closed network connection" entryPointName=web-secure
time="2021-07-09T00:32:20Z" level=info msg="Configuration loaded from file: /traefik.yaml"

Traefik.yaml file:

root@vmi284507:~# docker exec -it e949deee693e /bin/sh
/ # ls
acme.json      dev            entrypoint.sh  home           media          opt            root           sbin           sys            traefik.yaml   var
bin            dynamic.yaml   etc            lib            mnt            proc           run            srv            tmp            usr

/ # cat traefik.yaml
## Static Configuration

api:
  dashboard: false

entryPoints:
  web:
    address: ':80'
    http:
      redirections:
        entryPoint:
          to: web-secure

  web-secure:
    address: ':443'
    http:
      middlewares:
        - secureHeaders@file
      tls:
        certResolver: letsencrypt

providers:
  docker:
    exposedByDefault: false
    endpoint: 'tcp://dockerproxy:2375'
    network: 'dockerproxy'
  file:
    watch: true
    filename: 'dynamic.yaml'

log:
  level: error
  
certificatesResolvers:
  letsencrypt:
    acme:
      email: "axo@nextcloudserver.com"
      storage: 'acme.json'
      tlsChallenge: {}
/ #

Reiner_Nippes · July 9, 2021, 3:09pm

what’s next in this line?

and did you try a sudo systemctl restart docker. just to be sure all container are restarted?

axo · July 9, 2021, 4:19pm

Blockquote

Thank you for replying so quick!!

I posted the output of the docker images… are you refering to the nextcloud image line??

root@vmi284507:/etc# docker images
REPOSITORY                      TAG          IMAGE ID       CREATED        SIZE
nginx                           alpine       b9e2356ea1be   2 days ago     22.8MB
**nextcloud                       fpm-alpine   236141c6113c   2 days ago     568MB**
collabora/code                  latest       9a428589679f   2 days ago     1.39GB
redis                           alpine       500703a12fa4   2 days ago     32.3MB
portainer/portainer-ce          latest       8bd64518b976   2 weeks ago    210MB
mariadb                         latest       6d5c5ed114ad   2 weeks ago    408MB
traefik                         latest       99f7809fa346   2 weeks ago    92MB
tecnativa/docker-socket-proxy   latest       e419047c5d43   5 months ago   21.1MB
adminer                         latest       234dd75608e9   5 months ago   91.3MB
containrrr/watchtower           latest       2ddeb26d6d30   6 months ago   15.2MB

I just tried this option to see if there was any difference but the problem persists… yes i had fully rebooted the server several times in the past 48 hours. So far since the issue started, i upgraded all the packages on the server so now i have the latest nextcloud packages and everything else… i restarted the server and services multiple times during the troubleshooting.

This VPS is an ubuntu server and the only thing running on it is the docker with my nextcloud installation and the other dependencies your playbook setup for it… i haven’t setup anything else that may had interfered.

Thank you

Reiner_Nippes · July 10, 2021, 5:35pm

sorry. my fault. i wanted to see the output of docker ps
e.g.:

sudo docker ps
CONTAINER ID   IMAGE                                  COMMAND                  CREATED          STATUS                             PORTS                                      NAMES
4a94081c442e   adminer:latest                         "entrypoint.sh docke…"   15 seconds ago   Up 13 seconds (health: starting)   8080/tcp                                   adminer
3ebeeceb3118   portainer/portainer-ce:latest          "/portainer --host u…"   24 seconds ago   Up 20 seconds                      8000/tcp, 9000/tcp                         portainer
b709d876015b   nginx:alpine                           "/docker-entrypoint.…"   5 minutes ago    Up 5 minutes                       80/tcp                                     nginx
8f014cd60cfd   nextcloud:fpm-alpine                   "/entrypoint.sh php-…"   5 minutes ago    Up 5 minutes                       9000/tcp                                   nextcloud
d786ef488847   redis:alpine                           "docker-entrypoint.s…"   5 minutes ago    Up 5 minutes (healthy)             6379/tcp                                   redis
d47c208a9b03   postgres:11-alpine                     "docker-entrypoint.s…"   5 minutes ago    Up 5 minutes (healthy)             5432/tcp                                   nextcloud-db
168c234d662e   traefik:latest                         "/entrypoint.sh trae…"   6 minutes ago    Up 6 minutes                       0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   traefik
e384917812f6   tecnativa/docker-socket-proxy:latest   "/docker-entrypoint.…"   6 minutes ago    Up 6 minutes                       2375/tcp                                   dockerproxy
4ae6493896e7   containrrr/watchtower:latest           "/watchtower --clean…"   6 minutes ago    Up 6 minutes                       8080/tcp                                   watchtower

and docker logs nginx

axo · July 10, 2021, 6:57pm

Ok no prob…

Here:

root@vmi284507:~# docker ps
CONTAINER ID   IMAGE                                  COMMAND                  CREATED        STATUS                  PORTS                                      NAMES
0bdd4e53e31c   collabora/code:latest                  "/bin/sh -c 'bash st…"   19 hours ago   Up 19 hours             9980/tcp                                   collabora_online
1b91597298b7   nextcloud:fpm-alpine                   "/entrypoint.sh php-…"   3 days ago     Up 2 hours              9000/tcp                                   nextcloud
57c005edc8e7   portainer/portainer-ce:latest          "/portainer --host u…"   2 weeks ago    Up 19 hours             8000/tcp, 9000/tcp                         portainer
949d37692f05   mariadb:latest                         "docker-entrypoint.s…"   2 weeks ago    Up 19 hours (healthy)   3306/tcp                                   nextcloud-db
e949deee693e   traefik:latest                         "/entrypoint.sh trae…"   2 weeks ago    Up 19 hours             0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   traefik
1824b5446fe9   tecnativa/docker-socket-proxy:latest   "/docker-entrypoint.…"   5 months ago   Up 19 hours             2375/tcp                                   dockerproxy
a8b7247157e6   containrrr/watchtower:latest           "/watchtower --clean…"   6 months ago   Up 19 hours             8080/tcp                                   watchtower

root@vmi284507:~# docker logs nginx
Error: No such container: nginx

nginx shows in the images, but i get this error like it does not exists…
i have been watching and reading docker tutorials but i cant figure how to make the nginx part to work again in this container… tutorials are showing things in docker composer and this setup was done with your script, i am completely lost and im trying to avoid losing this setup.
Thank you man for any help!

Reiner_Nippes · July 11, 2021, 9:28am

try docker ps -a to show all container. also the stopped once.

if nginx appears as a stopped container run docker start nginx to restart it.

axo · July 11, 2021, 6:12pm

docker ps -a
CONTAINER ID   IMAGE                                  COMMAND                  CREATED        STATUS                    PORTS                                      NAMES
0bdd4e53e31c   collabora/code:latest                  "/bin/sh -c 'bash st…"   42 hours ago   Up 42 hours               9980/tcp                                   collabora_online
1b91597298b7   nextcloud:fpm-alpine                   "/entrypoint.sh php-…"   4 days ago     Up 26 hours               9000/tcp                                   nextcloud
290effaca15d   redis:alpine                           "docker-entrypoint.s…"   4 days ago     Exited (0) 41 hours ago                                              redis
57c005edc8e7   portainer/portainer-ce:latest          "/portainer --host u…"   2 weeks ago    Up 42 hours               8000/tcp, 9000/tcp                         portainer
949d37692f05   mariadb:latest                         "docker-entrypoint.s…"   2 weeks ago    Up 42 hours (healthy)     3306/tcp                                   nextcloud-db
e949deee693e   traefik:latest                         "/entrypoint.sh trae…"   2 weeks ago    Up 42 hours               0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   traefik
1824b5446fe9   tecnativa/docker-socket-proxy:latest   "/docker-entrypoint.…"   5 months ago   Up 42 hours               2375/tcp                                   dockerproxy
a8b7247157e6   containrrr/watchtower:latest           "/watchtower --clean…"   6 months ago   Up 42 hours               8080/tcp                                   watchtower

No nginx is not showing up as a container… it shows when i list images…

docker start nginx
Error response from daemon: No such container: nginx
Error: failed to start containers: nginx

Should i try to docker run nginx instead? do i need any special flags or how do i make sure it gets integrated with the rest like it was before? this is the part i am lost and afraid to overwrite something that will render the current nextcloud setup unusable.

Thank you

Reiner_Nippes · July 11, 2021, 7:16pm

normally yes.

you need a lot of flags and parameters.

re-run the playbook. (short answer.)

long version: the playbook is idempotent. you can rerun it without problems. nevertheless it will run for example apt update && apt dist-upgrade. that is to say there is a minimal risk that something might go wrong.
to minimize the risk disable all unnecessary role in nextdocker.yml. that is done by commenting out all lines in the roles: section except line 11.

github.com

ReinerNippes/nextcloud_on_docker/blob/master/nextdocker.yml#L11


      
          #!/usr/bin/env ansible-playbook
          
          - name: install nextcloud
            hosts: nextcloud
            become: true
          
            roles:
              - { role: prep_ufw,          when: ansible_os_family == "Debian" or ansible_os_family == "Ubuntu" }
              - { role: prep_os,           when: (state is undefined or 'absent' not in state) }
              - { role: prep_docker,       when: (state is undefined or 'absent' not in state) }
              - docker_container
              - { role: nextcloud_config,  when: (state is undefined or 'absent' not in state) }
              - { role: prep_backup,       when: restic_repo != '' }
          
            post_tasks:
              - name: We are ready
                debug:
                  msg: 
                    - "Your Nextcloud at https://{{ nextcloud_server_fqdn }} is ready."
                    - "Login with user: {{ nextcloud_admin }} and password: {{ nextcloud_passwd }} "
                    - "Other secrets you'll find in the directory {{ nextcloud_credential_store }} "

just put a ‘#’ at the beginning of line 8-10 and 12,13

that should restore the nginx container.

do you have a backup?

axo · July 11, 2021, 10:19pm

Thank you reiner, yes i have a backup of my nextcloud folder just in case.
I am learning to setup docker containers manually on a spare computer i have at home so i can play and learn how they work. I may actually make it the main server as i had too many glitches in the contabo VPS, every 2 weeks or so i had to restart the server because of random error 500s and collabora stops working, or my carnet notes… etc

Ill will give your instructions a go to see if i can fix it.

Thank you

axo · July 14, 2021, 12:54am

Ok another newbie question:

I am experimenting with docker and in the past couple days have learned some tricks…
I installed docker on a linux Mint machine. I created a container with ubuntu:latest and i login to this server in docker. Then i am running your docker on nextcloud playbook on it. But it does not work like it did on a regular ubuntu server… i get an error:

TASK [prep_ufw : Configuring port/protocol/network rules] ***********************************************************************************************
Wednesday 14 July 2021  00:50:18 +0000 (0:00:02.212)       0:00:04.239 ******** 
failed: [localhost] (item={'port': 22, 'rule': 'allow'}) => changed=false 
  ansible_loop_var: item
  commands:
  - /usr/sbin/ufw status verbose
  item:
    port: 22
    rule: allow
  msg: |-
    ERROR: problem running iptables: iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)
    Perhaps iptables or your kernel needs to be upgraded.
failed: [localhost] (item={'port': 80, 'rule': 'allow'}) => changed=false 
  ansible_loop_var: item
  commands:
  - /usr/sbin/ufw status verbose
  item:
    port: 80
    rule: allow
  msg: |-
    ERROR: problem running iptables: iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)
    Perhaps iptables or your kernel needs to be upgraded.
failed: [localhost] (item={'port': 443, 'rule': 'allow'}) => changed=false 
  ansible_loop_var: item
  commands:
  - /usr/sbin/ufw status verbose
  item:
    port: 443
    rule: allow
  msg: |-
    ERROR: problem running iptables: iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)
    Perhaps iptables or your kernel needs to be upgraded.

Actual kernel:

# uname -a
Linux 1d2f4293eb07 5.4.0-77-generic #86-Ubuntu SMP Thu Jun 17 02:35:03 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

# cat /etc/*-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.2 LTS"
NAME="Ubuntu"
VERSION="20.04.2 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.2 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
#

Besides trying to find a solution for this, my question is should i run services in these docker server containers or they are stripped down in a way that most things may not work like in my example here?
Thank you