Traefik 2 - nexcloud 19 - (docker-compose) : cannot see login page / status 200 in logs

🚧 Installation
1

Hello

I had traefik2 + nginx + nextcloud working with docker-compose.
Few week ago it stopped working for weird reason (and I changed a lot of things so cannot rollback)
I tried to remove nginx (replaced by apache) to isolate the issue but still the same. I guess it comes from traefik, or security in nextcloud, (or network in swarm ??) but don’t know where to look anymore…

I get properly the status page of nextcloud

https://nextcloud.domain.be/status.php
{
“installed”: true,
“maintenance”: false,
“needsDbUpgrade”: false,
“version”: “19.0.12.0”,
“versionstring”: “19.0.12”,
“edition”: “”,
“productname”: “Steppers”,
“extendedSupport”: false
}
10.0.1.3 - - [28/May/2021:13:36:51 +0000] "HEAD /status.php HTTP/1.1" 200 1514 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15"

But if I try to reach the login page, I get ‘Bad Gateway’ after some time (a time out ?)
But I see in apache log that nextcloud replied with 200 !!!
10.0.1.3 - - [28/May/2021:13:30:04 +0000] "GET /index.php/login HTTP/1.1" 200 5034 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36"

In traefik I see the following for the login page call:
021-05-28T13:51:00Z" level=debug msg="vulcand/oxy/roundrobin/rr: begin ServeHttp on request" Request="{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/index.php/login\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"Proto\":\"HTTP/2.0\",\"ProtoMajor\":2,\"ProtoMinor\":0,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"en,fr-BE;q=0.9,fr-FR;q=0.8,fr;q=0.7,en-US;q=0.6\"],\"Cache-Control\":[\"max-age=0\"],\"Cookie\":[\"_ga=GA1.2.1459894290.1521357716; experimentation_subject_id=ImMyNGJhNGUxLWJmZmEtNGUyOC1iODA4LTU0NDczZTBkNjQyZCI%3D--2c756b4cef21c0872cce6f82b8ade18bfcbcf175; _fbp=fb.1.1591527514444.643587881; _fbc=fb.1.1600693021828.IwAR2LUlSk5fARQEz8uJz9y_tWZ7F0th7p7dqGEhDLGd7LWi7Zi38FBwiBaec; mp_a36067b00a263cce0299cfd960e26ecf_mixpanel=%7B%22distinct_id%22%3A%20%22173234909ce3d3-05f1d2b1d32e1f-4353760-140000-173234909d06f0%22%2C%22%24device_id%22%3A%20%22173234909ce3d3-05f1d2b1d32e1f-4353760-140000-173234909d06f0%22%2C%22%24initial_referrer%22%3A%20%22https%3A%2F%2Fwww.domain.be%2Fwp-admin%2Fupdate.php%3Faction%3Dupload-plugin%22%2C%22%24initial_referring_domain%22%3A%20%22www.domain.be%22%7D; _gid=GA1.2.1165212142.1622186899; oc_sessionPassphrase=0aIVd4u7X3D%2FzAD2LKJNbR5a3%2B%2BHSN509jQ2NovebKL5SiaIYgDtYjmER6ZoYRtjjNxlL0DncmkgrOAi9FpOBHNOu0S7ylgNoIqLrYPNGTvjwZh8e9DTYd4cdIZaDdIN; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; ocpdo29osxkn=a0d09d27a1032acde7608eb5d0d92aa6; ochx1ncyvqdv=d48f1a5e346a5c128b029fc93a579d55\"],\"Sec-Ch-Ua\":[\"\\\" Not A;Brand\\\";v=\\\"99\\\", \\\"Chromium\\\";v=\\\"90\\\", \\\"Google Chrome\\\";v=\\\"90\\\"\"],\"Sec-Ch-Ua-Mobile\":[\"?0\"],\"Sec-Fetch-Dest\":[\"document\"],\"Sec-Fetch-Mode\":[\"navigate\"],\"Sec-Fetch-Site\":[\"none\"],\"Sec-Fetch-User\":[\"?1\"],\"Upgrade-Insecure-Requests\":[\"1\"],\"User-Agent\":[\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36\"],\"X-Forwarded-Host\":[\"nextcloud.domain.be\"],\"X-Forwarded-Port\":[\"443\"],\"X-Forwarded-Proto\":[\"https\"],\"X-Forwarded-Server\":[\"f7d8afd38a24\"],\"X-Real-Ip\":[\"10.0.0.2\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"nextcloud.domain.be\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"10.0.0.2:25847\",\"RequestURI\":\"/index.php/login\",\"TLS\":null}"

My config is the following :

docker-compose
 nextcloud-apache:
    image: arm32v7/nextcloud:19.0.12-apache
    volumes:
      -  /mnt/usb-disk1/nextcloud/data:/var/www/html
    networks:
      - proxy
    environment:
      - MYSQL_HOST=xxx
      - MYSQL_PASSWORD=xxx
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=xxx
    ports:
      - 8080:80
    deploy:
      placement:
        constraints:
          - node.labels.type == vp
      replicas: 1
      labels: 
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.routers.nginxnextcloud-http.entrypoints=web"
        - "traefik.http.routers.nginxnextcloud-https.rule=Host(`nextcloud.domain.be`)"
        - "traefik.http.routers.nginxnextcloud-http.middlewares=https-redirect"
        - "traefik.http.middlewares.https-redirect.redirectScheme.scheme=https"   
        - "traefik.http.middlewares.https-redirect.redirectScheme.permanent=true"   
        - "traefik.http.routers.nginxnextcloud-https.entrypoints=websecure"
        - "traefik.http.routers.nginxnextcloud-https.service=nginxnextcloud"
        - "traefik.http.routers.nginxnextcloud-https.tls=true"
        - "traefik.http.routers.nginxnextcloud-https.tls.certresolver=myresolver"
        - "traefik.http.services.nginxnextcloud.loadbalancer.server.port=80"
        - "traefik.http.routers.nginxnextcloud-https.middlewares=nextcloud2"
        - "traefik.http.middlewares.nextcloud2.headers.stsSeconds=155520011"
        - traefik.http.middlewares.nextcloud2.headers.stsIncludeSubdomains=true
        - traefik.http.middlewares.nextcloud2.headers.stsPreload=true
        - traefik.http.middlewares.nextcloud2.headers.contentTypeNosniff=true
        - traefik.http.middlewares.nextcloud2.headers.browserXSSFilter=true
        - traefik.http.middlewares.nextcloud2_redirect.redirectregex.permanent=true
        - traefik.http.middlewares.nextcloud2_redirect.redirectregex.regex=/.well-known/(card|cal)dav
        - traefik.http.middlewares.nextcloud2_redirect.redirectregex.replacement=/remote.php/dav/

config.php
<?php
$CONFIG = array (
‘memcache.local’ => ‘\OC\Memcache\APCu’,
‘apps_paths’ =>
array (
0 =>
array (
‘path’ => ‘/var/www/html/apps’,
‘url’ => ‘/apps’,
‘writable’ => false,
),
1 =>
array (
‘path’ => ‘/var/www/html/custom_apps’,
‘url’ => ‘/custom_apps’,
‘writable’ => true,
),
),
‘instanceid’ => ‘ochx1ncyvqdv’,
‘overwriteprotocol’ => ‘https’,
‘trusted_proxies’ =>
array (
0 => ‘traefik’,
1 => ‘nginxnextcloud’,
2 => ‘localhost’,
3 => ‘nginx’,
4 => ‘10.0.1.0/8’,
5 => ‘172.0.0.0/8’
),
‘debug’ => ‘false’,
‘passwordsalt’ => ‘xxxxxxxxxxxxxxxxxxxxxxxxxx’,
‘secret’ => ‘xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx’,
‘trusted_domains’ =>
‘trusted_domains’ =>
array (
0 => ‘nextcloud.domain.be’,
),
‘datadirectory’ => ‘/var/www/html/data’,
‘dbtype’ => ‘mysql’,
‘version’ => ‘19.0.12.0’,
‘overwrite.cli.url’ => ‘https://nextcloud.domain.be’,
‘dbname’ => ‘nextcloud’,
‘dbhost’ => ‘dbnc’,
‘dbport’ => ‘3306’,
‘dbtableprefix’ => ‘oc_’,
‘mysql.utf8mb4’ => true,
‘dbuser’ => ‘nextcloud’,
‘dbpassword’ => ‘xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx’,
‘installed’ => true,
‘app_install_overwrite’ =>
array (
0 => ‘camerarawpreviews’,
1 => ‘files_ebookreader’,
2 => ‘files_readmemd’,
),
‘maintenance’ => false,
‘loglevel’ => 0,
‘theme’ => ‘’,
‘logfile’ => ‘nextcloud.log’,
‘logdateformat’ => ‘F d, Y H:i:s’,
);

Any help, tip, info is welcome :slight_smile:
Thanks

2

first look on your config doesn’t show real problems - the only one I see is duplicated config.php >> ‘trusted_domains’ => entry - but most likely this is not a problem.

From what you described it looks you don’t follow systematic troubleshooting path but rather try&error of different settings like

  • why? If worked once most often the easiest way to recover is to restore the “last known good” config. especially docker gives you the power to control installed versions really good (if you don’t choose latest)

I would suggest you backup you DB and data and start from scratch. When you started, most likely you followed some tutorial, maybe you even made installation own docs - with working installation as a result - just perform same steps and install new instance with another domain name - you can still keep your “production” containers - and compare the settings and logs of the new installation vs broken one - this could help you to recover your “production” or start with a new one without loosing your data… in my eyes this is the biggest advantage of docker - you can run multiple independent installations really easy.

my personal best practice is to have one Nextcloud instance where I host my data and another one where I try things out and test new releases (different hosts behind same traefik) - as the dev instance has no useful data it doesn’t cost me anything so I can test functionality, apps and settings, perform backup/restore testing without impact for my production users.

another hint which helped me some times already - just throw away your containers (keep configs and volumes) and try with fresh images (keep the version to avoid issues from update process).