Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

    • OMV 4.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • mrr147 wrote:

      Hi
      First of all thank you for this guide.

      I ran into a problem.
      Everything went smoothly but after configuration of proxy step, I get Internal Server Error when I try to reach https://your.url/nextcloud
      Full erroe message:
      Internal Server Error
      The server encountered an internal error and was unable to complete your request.Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report. More details can be found in the webserver log.
      I'm running OMV 4.1.31 version.

      Can anyone help?

      EDIT:
      Dammit, I've messed up proxy file... It works fine. Thanks!
      I have the same error what have you done?

      Runing OMV 5 and used macom´s instrustion.

      My nextcloud.subfolder.conf looks like

      Source Code

      1. # Assuming this container is called "letsencrypt", edit your nextcloud container's config
      2. # located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
      3. # 'trusted_proxies' => ['letsencrypt'],
      4. # 'overwritewebroot' => '/nextcloud',
      5. # 'overwrite.cli.url' => 'https://your-domain.com/nextcloud',
      6. #
      7. # Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
      8. # array (
      9. # 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
      10. # 1 => 'your-domain.com',
      11. # ),
      12. # Redirects for DAV clients
      13. location = /.well-known/carddav {
      14. return 301 $scheme://$host/nextcloud/remote.php/dav;
      15. }
      16. location = /.well-known/caldav {
      17. return 301 $scheme://$host/nextcloud/remote.php/dav;
      18. }
      19. location /nextcloud {
      20. return 301 $scheme://$host/nextcloud/;
      21. }
      22. location ^~ /nextcloud/ {
      23. include /config/nginx/proxy.conf;
      24. resolver 127.0.0.11 valid=30s;
      25. set $upstream_nextcloud nextcloud;
      26. rewrite /nextcloud(.*) $1 break;
      27. proxy_pass https://$upstream_nextcloud:443;
      28. proxy_max_temp_file_size 2048m;
      29. proxy_set_header Range $http_range;
      30. proxy_set_header If-Range $http_if_range;
      31. proxy_set_header Connection $http_connection;
      32. proxy_redirect off;
      33. proxy_ssl_session_reuse off;
      34. }
      Display All

      and the config.php

      PHP Source Code

      1. <?php
      2. $CONFIG = array (
      3. 'memcache.local' => '\OC\Memcache\APCu',
      4. 'datadirectory' => '/data',
      5. );
      6. 'trusted_proxies' =>
      7. array (
      8. 0 => 'letsencrypt',
      9. ),
      10. 'overwritewebroot' => '/nextcloud',
      11. 'overwrite.cli.url' => 'https://mydns/nextcloud',
      12. 'trusted_domains' =>
      13. array (
      14. 0 => 'mydns:443',
      15. ),
      Display All

      thx
      Niklas

      The post was edited 3 times, last by sjomen ().

    • think thats happens most of us non pros ;)

      your line 5 must go to the end - thats should be all

      maybe add to trusted_domains array
      1 => '192.168.1.1', or what ever is the local IP of your host
      in my case i don't need the :443 port - but, not sure ;)

      main "fail" is just line 5 that must go to the end ;)
      ___________________________
      OMV5@AsRock j3455 8GB RAM
    • draddy wrote:

      but got onyl

      502 Bad Gateway


      also with
      192.168.177.40:4433 i only get a "site not reachable"
      Thats strange. In my setup i was able to go to https://myserverip:4433 and got a site which told me that onlyoffice is ready.

      Your compose file looks good to me.

      Maybe try this subfolder.conf

      Source Code

      1. location /onlyoffice {
      2. return 301 $scheme://$host/onlyoffice/;
      3. }
      4. location ^~ /onlyoffice/ {
      5. rewrite /onlyoffice/(.*) /$1 break;
      6. proxy_pass https://192.168.177.40:4433;
      7. proxy_redirect off;
      8. proxy_set_header Host $host;
      9. proxy_set_header X-Real-IP $remote_addr;
      10. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      11. proxy_set_header X-Forwarded-Host $host/onlyoffice;
      12. proxy_set_header X-Forwarded-Proto $scheme;
      13. }
      Display All
    • draddy wrote:

      think thats happens most of us non pros ;)

      your line 5 must go to the end - thats should be all

      maybe add to trusted_domains array
      1 => '192.168.1.1', or what ever is the local IP of your host
      in my case i don't need the :443 port - but, not sure ;)

      main "fail" is just line 5 that must go to the end ;)
      so i edit is like this but same think happend again

      PHP Source Code

      1. <?php
      2. $CONFIG = array (
      3. 'memcache.local' => '\OC\Memcache\APCu',
      4. 'datadirectory' => '/data',
      5. ),
      6. 'trusted_proxies' =>
      7. array (
      8. 0 => 'letsencrypt',
      9. ),
      10. 'overwritewebroot' => '/nextcloud',
      11. 'overwrite.cli.url' => 'https://mydns/nextcloud',
      12. 'trusted_domains' =>
      13. array (
      14. 0 => 'mydns',
      15. 1 => 'localip',
      16. );
      Display All

      Still
      Internal Server Error

      ngnix error log

      Source Code

      1. 2020/02/07 19:04:52 [error] 384#384: *1 connect() failed (111: Connection refused) while connecting to upstream, client: ip, server: _, request: "GET /nextcloud/ HTTP/2.0", upstream: "https:/localip/", host: "mydns"

      The post was edited 2 times, last by sjomen ().

    • you restarted nextcloud and letsencrypt after changing this?


      but ... you now changed line 5 to the end, ok, why you add in line 5 a ), know? that will close your "$Config = array and the rest will still not load ;)

      here is my:

      PHP Source Code

      1. <?php
      2. $CONFIG = array ( #OPEN CONFIG ARRAY
      3. 'memcache.local' => '\\OC\\Memcache\\APCu',
      4. 'datadirectory' => '/data',
      5. 'trusted_proxies' =>
      6. array ( #OPEN PROXY ARRAY
      7. 0 => 'letsencrypt',
      8. ), #CLOSE PROXY
      9. 'overwritewebroot' => '/nextcloud',
      10. 'overwrite.cli.url' => 'https://mydnsname.org/nextcloud',
      11. 'trusted_domains' =>
      12. array ( #OPEN DOMAIN ARRAY
      13. 0 => 'mydnsname.org',
      14. 1 => '192.168.177.40',
      15. ), #CLOSE DOMAIN
      16. );#CLOSE CONFIG EOF
      Display All

      i just add some commends (#) for you to make the arrays clear ;)

      hope it helps


      @Morlan yeah, looks like ;) will give it some try later the day and if i still hang on, i will "call" you to a new post ;) thx so long
      ___________________________
      OMV5@AsRock j3455 8GB RAM
    • draddy wrote:

      you restarted nextcloud and letsencrypt after changing this?


      but ... you now changed line 5 to the end, ok, why you add in line 5 a ), know? that will close your "$Config = array and the rest will still not load ;)

      here is my:

      PHP Source Code

      1. <?php
      2. $CONFIG = array ( #OPEN CONFIG ARRAY
      3. 'memcache.local' => '\\OC\\Memcache\\APCu',
      4. 'datadirectory' => '/data',
      5. 'trusted_proxies' =>
      6. array ( #OPEN PROXY ARRAY
      7. 0 => 'letsencrypt',
      8. ), #CLOSE PROXY
      9. 'overwritewebroot' => '/nextcloud',
      10. 'overwrite.cli.url' => 'https://mydnsname.org/nextcloud',
      11. 'trusted_domains' =>
      12. array ( #OPEN DOMAIN ARRAY
      13. 0 => 'mydnsname.org',
      14. 1 => '192.168.177.40',
      15. ), #CLOSE DOMAIN
      16. );#CLOSE CONFIG EOF
      Display All
      i just add some commends (#) for you to make the arrays clear ;)

      hope it helps
      Thanks a lot now i have the start page from nextcloud some stupid mistakes
      THX
    • @draddy Thank you! I went and reread my config file as well, and noticed the line 5 closed the config brackets before reaching the rest of the info, should've caught that earlier! Now I am able to get to the nextcloud admin creation page.

      I still feel a bit disheartened as now I'm having some kind of issue with mysql and mariadb..

      When I try and create an admin user in the nextcloud install wizard prompt I receive the error message:

      "Error while trying to create admin user: Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [1045] Access denied for user 'root'@'nextcloud.nextcloud_default' (using password: YES)"

      I followed the "How to" exactly, using my MYSQL_ROOT_PASSWORD as the password for the user "root", and then tried to make a MariaDB/MYSQL database with the database: nextcloud and database host: nextclouddb, which seems to line up with what's written in the docker-compose.yml file.

      I tried searching around for answers to the issue, and they pertained to creating a new database / user in CLI instead of the nextcloud wizard, but I didn't seem to have any luck following their instructions.

      Does anybody here have any experience with this very final issue? :D

      (Also, oddly enough I can only access the nextcloud.xxx.duckdns.org, all other URLS, including the localip:444 still send me to the "Welcome to our server" page. Is this normal?)
    • Well it’s normal. The 'overwrite.cli.url' => will change the other addresses.

      The MySQL error seems to come from a new version of MariaDB. I circumvented it by defining a nextcloud database when setting up the MariaDB container. For this method to work you first need to delete your MariaDB app data folder.
      Then add these environmental variables to the MariaDB section of the docker-compose.yml:


      Source Code

      1. - MYSQL_DATABASE=nextcloud
      2. - MYSQL_USER=nextcloud
      3. - MYSQL_PASSWORD=secretpassword
      this will create a database at the creation of the container. So again docker-compose up -d
      Then in the Nextcloud admin setup page you enter
      user: nextcloud
      database: nextcloud
      Password: secretpassword
      Database host: nextclouddb
    • Morlan wrote:

      Well it’s normal. The 'overwrite.cli.url' => will change the other addresses.

      The MySQL error seems to come from a new version of MariaDB. I circumvented it by defining a nextcloud database when setting up the MariaDB container. For this method to work you first need to delete your MariaDB app data folder.
      Then add these environmental variables to the MariaDB section of the docker-compose.yml:


      Source Code

      1. - MYSQL_DATABASE=nextcloud
      2. - MYSQL_USER=nextcloud
      3. - MYSQL_PASSWORD=secretpassword
      this will create a database at the creation of the container. So again docker-compose up -d
      Then in the Nextcloud admin setup page you enter
      user: nextcloud
      database: nextcloud
      Password: secretpassword
      Database host: nextclouddb
      Good to know about the overwrite!

      And also good to hear this isn't a new frontier for the people here either, will definitely give this a try.

      I went to /srv/dev-disk-by-name-disk1/appdata, but there is no "mariaDB" folder, there is letsencrypt / nextcloud / nextclouddb available. Are we talking about the nextclouddb, or should I have mariaDB named folder in here?

      Thanks again Morlan! You've been incredibly helpful with this.
    • soo, back to big problems -joke :P

      just if someone else try to get onlyoffice working with this setup here is my composer "extension" just add to end of the nextcloud composer file

      Source Code

      1. onlyofficedocker:
      2. image: onlyoffice/documentserver:latest
      3. container_name: onlyofficedocker
      4. stdin_open: true
      5. restart: always
      6. environment:
      7. - JWT_ENABLED=true
      8. - JWT_SECRET=superSecretShareKey #you will need this in nextcloud after
      9. ports:
      10. - 4433:443
      11. volumes:
      12. - /media/ssd/appdata/onlyoffice/DocumentServer/data/:/var/www/onlyoffice/Data
      13. - /media/ssd/appdata/onlyoffice/DocumentServer/logs:/var/log/onlyoffice
      14. - /media/ssd/appdata/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice
      15. - /media/ssd/appdata/onlyoffice/DocumentServer/db:/var/lib/postgresql
      16. - /media/ssd/appdata/onlyoffice/DocumentServer/fonts:/usr/share/fonts/truetype/custom
      17. - /media/ssd/appdata/onlyoffice/DocumentServer/forgotten:/var/lib/onlyoffice/documentserver/App_Data/cache/files/forgotten
      18. - /media/ssd/appdata/onlyoffice/DocumentServer/data/:/var/www/onlyoffice/Data onlyoffice/documentserver
      Display All


      don't ask me the last line - but in my tests it looks like its needed this way ^^

      subfolder config for letsencrypt by @Morlan (works perfekt, thx m8)

      Source Code

      1. location /onlyoffice {
      2. return 301 $scheme://$host/onlyoffice/;
      3. }
      4. location ^~ /onlyoffice/ {
      5. rewrite /onlyoffice/(.*) /$1 break;
      6. proxy_pass https://<yourLocalIP>:4433; #need to change!
      7. proxy_redirect off;
      8. proxy_set_header Host $host;
      9. proxy_set_header X-Real-IP $remote_addr;
      10. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      11. proxy_set_header X-Forwarded-Host $host/onlyoffice;
      12. proxy_set_header X-Forwarded-Proto $scheme;
      13. }
      Display All

      you need a local cert - just follow this steps line by line in cli: and fill in the informations needed (you can also skip most but: (Common Name (e.g. server FQDN or YOUR name)) is requiered) - here you enter your localip.

      Source Code

      1. mkdir -p /app/onlyoffice/DocumentServer/data/certs
      2. cd /app/onlyoffice/DocumentServer/data/certs
      3. openssl genrsa -out onlyoffice.key 4096
      4. openssl req -new -key onlyoffice.key -out onlyoffice.csr
      5. openssl x509 -req -days 3650 -in onlyoffice.csr -signkey onlyoffice.key -out onlyoffice.crt
      6. openssl dhparam -out dhparam.pem 4096
      7. chmod 400 onlyoffice.key
      8. chmod 400 onlyoffice.crt
      9. chmod 400 onlyoffice.csr
      10. chmod 400 dhparam.pem

      after this is all done compose the docker docker-compose up -d

      if all went ok - you should see a "Thank you for choosing ONLYOFFICE!" if you connect to https://<OMVIP>:4433

      know you can just add it to your next cloud (sry for german screenshot :P) (you will find this in Settings after Installing the "OnlyOffice" pack in your Nextcloud)


      soo, hm, just good luck ;)
      ___________________________
      OMV5@AsRock j3455 8GB RAM

      The post was edited 1 time, last by draddy ().

    • Agricola wrote:

      macom wrote:

      Let's check if docker and docker-compose are installed correctly. What is the output of
      dpkg -l | grep docker?
      I know you were working with @stinkycheese problems, but I just noticed your post and ran the command. Here's what I got.

      Source Code

      1. ii docker-ce 5:19.03.4~3-0~debian-buster arm64 Docker: the open-source application container engine
      2. ii docker-ce-cli 5:19.03.4~3-0~debian-buster arm64 Docker CLI: the open-source application container engine
      3. ii docker-compose 1.21.0-3 all Punctual, lightweight development environments using Docker
      4. ii golang-docker-credential-helpers 0.6.1-2 arm64 native stores to safeguard Docker credentials
      5. ii python3-docker 3.4.1-4 all Python 3 wrapper to access docker.io's control socket
      6. ii python3-dockerpty 0.4.1-1 all Pseudo-tty handler for docker Python client (Python 3.x)
      7. ii python3-dockerpycreds 0.3.0-1 all Python3 bindings for the docker credentials store API
      After trying docker-compose from the command line I tried to use the stacks tab in Portainer to run the yml file and I get this failure notice. Maybe that will shed some light:

      Hi,

      How did you solved your problem ?
      I have the same with my RockPro64 (really hesitating to by a HC2...).
    • @aldrick Here's an article that gives a work around to replace the new version of iptables in Buster to "legacy". Apparently the "new" iptables in Buster prevent Docker-network from working properly. I hope that helps. I'm assuming you are using OMV 5. If you are on OMV 4 then this is not going to help you.
      OMV 5 (current) - NanoPi M4: Nextcloud, Plex, & Heimdall - Acer Aspire T180: backup - Odroid XU4: Pi-Hole (DietPi) - Odroid HC2, Raspberry Pi 3B+, and HP dx2400: testing.
    • hi,

      update for nextcloud 18.0.1 is available - but i only got a "Parsing response failed. File not found." error on the very 1st step with the buildin webupdater.

      can someone tell me the trick to get it working? ;)

      thx

      €dit: ok - done - 2 solutions:
      1. add (if not done) export port like 444 to the nextcloud 443 port

      2. remove the 2 lines from your config.php and restart nextcloud docker

      Source Code

      1. 'overwritewebroot' => '/nextcloud',
      2. 'overwrite.cli.url' => 'https://your.host/nextcloud',
      docker restart nextcloud

      3. connect to nextcloud via browser with
      https://<yourhostip>:444

      4. run the update from the webgui

      5. readd the 2 lines from stepp 2 in config.php and restart docker

      solution2: (for me the "better" since i don't have to change files ...
      1. ssh to host

      2. run
      docker exec -it nextcloud sudo -u abc php /config/www/nextcloud/updater/updater.phar
      say yes to update
      say no to occ upgrade (will not work the default way)
      keep maintenance mode if ask

      3. run
      docker exec -it nextcloud sudo -u abc php /config/www/nextcloud/occ upgrade

      4. run
      docker exec -it nextcloud sudo -u abc php /config/www/nextcloud/occ maintenance:mode --off

      5. connect to your nextcloud like you always do - done.


      keep playing!
      draddy
      ___________________________
      OMV5@AsRock j3455 8GB RAM

      The post was edited 1 time, last by draddy ().

    • New

      I'm getting an error when trying to obtain my letsencrypt cert. I'm using the free provider SPDNS.ORG. It seems that my domain is not reachable when you add the "www" in front of it.

      The exact error messages look like this:

      Performing the following challenges:
      http-01 challenge for mySPDNS.org
      Challenge failed for domain
      ...
      Domain: mySPDNS.org
      Type: dns
      Detail: DNS problem: NXDOMAIN looking up A for
      mySPDNS.org - check that a DNS record exists for
      this domain



      Is that something I can fix? I tried without the subdomain parameter, but then this happens:

      The following errors were reported by the server:

      Domain: mySPDNS.org
      Type: connection
      Detail: Fetching
      mySPDNS.org/.well-known/acme-c…z8sgLBjd73c1vjhBJmXtS3WA:
      Connection refused

      To fix these errors, please make sure that your domain name was
      entered correctly and the DNS A/AAAA record(s) for that domain
      contain(s) the right IP address. Additionally, please check that
      your computer has a publicly routable IP address and that no
      firewalls are preventing the server from communicating with the
      client. If you're using the webroot plugin, you should also verify
      that you are serving files from the webroot path you provided.