SSL connection to Docker container

    • OMV 3.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • SSL connection to Docker container

      Hi there,

      I´m trying out Docker for some days now and it seems that my Nextcloud container is running fine. It´s working via port 80 and is reachable from internet. There´s no simple way of implementing SSL in the container. OMV itself is set to always use SSL on port 443, but how do I have to configure OMV/Docker to use SSL even for Docker container ("redirect"/"reverse proxy"?)

      Thanks in advance,

      Thomas

      The post was edited 1 time, last by _thomas_ ().

    • Hello _thomas_, I'm exactly on the same situation, my Docker config for Nextcloud with a proxy and LetsEncrypt is fully functional on my linux desktop (test box) but on OVM it's only acception port 80, haven't figured out how to open 443 traffic for the Docker containers. Have you solved this, has anyone ran into this before?

      Thanks guys,

      Manro
    • macom wrote:

      Might be I did not get the problem, but why not change the ports of OMV in the GUI of OMV in General Settings.
      Thanks macom, already tried that, actually in order to have the Nextcloud container working with port 80 it's necessary (AFAIK) to change the OMV web GUI from port 80 to something different, 8080 in my case.

      I did the same thing to port 443 of the OMV web GUI, changed it to port 8443 even when it was not configured to use SSL connection just in case, but still cannot reach the Docker container on port 443.

      Any help will be greatly appreciated.

      Thanks guys!
    • Does your docker allow configuration of the ports it listens on? Those that have that capability usually do it by configuring a port on the host that is forwarded to one in the container via an environment variable like this:

      -p xxxx:yyyy

      Where xxxx is the port the host is listening on and yyyy is a the port the container is listening on.

      Have you consulted the documentation for the specific docker you are using?
      OMV 4.x - ASRock Rack C2550D4I - 16GB ECC - Silverstone DS380
    • gderf wrote:

      Does your docker allow configuration of the ports it listens on? Those that have that capability usually do it by configuring a port on the host that is forwarded to one in the container via an environment variable like this:

      -p xxxx:yyyy

      Where xxxx is the port the host is listening on and yyyy is a the port the container is listening on.

      Have you consulted the documentation for the specific docker you are using?
      Thanks gderf, to be honest I'm pretty new to it, but if I understood it correctly can I do something like -p 8043:443 to forward port 8043 from host to port 443 on the container?

      I've read the Docker documentation on how to make Nextcloud with a proxy, mysql and letsencrypt and actually it's working like a charm on my test environment, and old desktop running Ubuntu 17.10 with docker on it, but I haven't found a way to make it work on OMV.

      Rgds,
    • gderf wrote:

      Does your docker allow configuration of the ports it listens on? Those that have that capability usually do it by configuring a port on the host that is forwarded to one in the container via an environment variable like this:

      -p xxxx:yyyy

      Where xxxx is the port the host is listening on and yyyy is a the port the container is listening on.

      Have you consulted the documentation for the specific docker you are using?
      Thanks gderf, to be honest I'm pretty new to it, but if I understood it correctly can I do something like -p 8043:443 to forward port 8043 from host to port 443 on the container?

      I've read the Docker documentation on how to make Nextcloud with a proxy, mysql and letsencrypt and actually it's working like a charm on my test environment, and old desktop running Ubuntu 17.10 with docker on it, but I haven't found a way to make it work on OMV.

      Rgds,
    • Hey,
      I’m by no means an expert, but I have been trying to do this for a while and I think this might help. I, too, had been trying to get NextCloud from docker running SSL. I installed a NC docker container (wonderfall/nextcloud) and now have it running through OMV letsencrypt cert with SSL. Here was my process.
      1. Install NC (wonderfall/nextcloud) through docker webgui inside OMV
      2. Opened the port 8888 in router
      3. Setup directories like the image below (I’m not sure if the /etc/ section helped, but I just added it (these are the location of my OMV letsencrypt key and nginx)
      4. Do initial setup of NC by logging in with IP:8888
      5. Go to the docker config directory of NC you created earlier in step 3 (in my case it was /etc/home/Docker/conf/nextcloud)
      6. Open & edit config.php with the sections highlighted with your WANIP & Domain
      7. Go to OMV nginx directory and open/edit to add the proxy (in my case directory was /etc/nginx/site-available/openmediavault-webgui)
      8. Check and restart nginx with nginx -t and /etc/init.d/nginx restart (to check for syntax errors)
      9. Now try accessing NC via yourdomain/nextcloud/
      Hopefully this works for you.

      Source Code

      1. location ^~ /nextcloud/ {
      2. proxy_pass http://127.0.0.1:8888/;
      3. proxy_set_header Host $host;
      4. proxy_set_header X-Real-IP $remote_addr;
      5. proxy_set_header HTTP_X-Forwarded-For
      6. $proxy_add_x_forwarded_for;
      7. add_header X-Content-Type-Options "nosniff";
      8. add_header X-Frame-Options "SAMEORIGIN";
      9. add_header X-XSS-Protection "1; mode=block";
      10. }
      11. }
      Display All
      Images
      • 3.png

        646.29 kB, 1,366×660, viewed 81 times
      • 5.png

        55.2 kB, 596×549, viewed 110 times
      • 6.png

        27.17 kB, 399×244, viewed 92 times
      2.2.14 (stone burner)
      AMD Athlon(tm) 5350 APU
      Linux 3.16.0-0.bpo.4-amd64
    • colehan wrote:

      Hey,
      I’m by no means an expert, but I have been trying to do this for a while and I think this might help. I, too, had been trying to get NextCloud from docker running SSL. I installed a NC docker container (wonderfall/nextcloud) and now have it running through OMV letsencrypt cert with SSL. Here was my process.
      1. Install NC (wonderfall/nextcloud) through docker webgui inside OMV
      2. Opened the port 8888 in router
      3. Setup directories like the image below (I’m not sure if the /etc/ section helped, but I just added it (these are the location of my OMV letsencrypt key and nginx)
      4. Do initial setup of NC by logging in with IP:8888
      5. Go to the docker config directory of NC you created earlier in step 3 (in my case it was /etc/home/Docker/conf/nextcloud)
      6. Open & edit config.php with the sections highlighted with your WANIP & Domain
      7. Go to OMV nginx directory and open/edit to add the proxy (in my case directory was /etc/nginx/site-available/openmediavault-webgui)
      8. Check and restart nginx with nginx -t and /etc/init.d/nginx restart (to check for syntax errors)
      9. Now try accessing NC via yourdomain/nextcloud/
      Hopefully this works for you.
      Thank you for writing this down @colehan! I would, however, not change /etc/nginx/site-available/openmediavault-webgui, as this may get replaced. Better practice IMO would be to add an additional file to /etc/nginx/openmediavault-webgui.d/ (e.g. nextclound.conf) and then add the block in your source code to this new file. Explanation: All files "*.conf" in the folder "openmediavault-webgui.d" are added via include at the end of the "openmediavault-webgui" file

      I made almost everything work, but am currently stuck, because of the security warnings Nextcloud produces. Ideas anyone?

      Source Code

      1. The "X-XSS-Protection" HTTP header is not set to "1; mode=block". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
      2. The "X-Content-Type-Options" HTTP header is not set to "nosniff". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
      3. The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
      Here's the solution to the problem of multiple headers:
      The issue lies within both /nginx/sites-enabled/nginx.conf, but also /nextcloud/lib/private/legacy/response.php, as the headers are defined there as well. In addition to commenting out the headers in nginx.conf (using #), comment out ("//" or /* */ for php) the lines at the end of the response.php and the warnings should disappear. Apparently, this is a precaution by Nextcloud, should your server not send those security headers). As OMV already includes most and I would like security measures to apply to all my services, I removed all headers from those files and created and additionalsecurity.conf that I placed in /etc/nginx/openmediavault-webgui.d/ - here's the content of my file:


      Source Code

      1. add_header Referrer-Policy "no-referrer";
      2. add_header X-Robots-Tag none;
      3. add_header X-Download-Options noopen;
      4. add_header X-Permitted-Cross-Domain-Policies none;
      Hint: Make sure to check your server settings using scan.nextcloud.com or securityheaders.com/

      The post was edited 3 times, last by sNiXx: adding additional information, adding solution ().