Forcing Docker Nextcloud install to use Letsencrypt cert?

    • OMV 4.x
    • Resolved
    • Forcing Docker Nextcloud install to use Letsencrypt cert?

      OMV: version 4.1.23-1

      First of all I'm a complete noob when it comes to Docker. I have done a fresh install of OMV and on my previous install I had installed Nextcloud and Letsencrypt natively but now I wanted to try it the Docker way. I have both Letsencrypt and Nextcloud installed (followed the TDL youtube videos) in Docker and they both work but I have no idea how to force the Nextcloud install to use the Letsencrypt certificate?

      Right now Nextcloud is using a self-signed certificate, which prevents me from opening Nextcloud due to HSTS. This is the error I get when I try to go to the Nextcloud site "Firefox does not trust this site because it uses a certificate that is not valid for [mydomain]:444.
      Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT".
    • Morlan wrote:

      This is the most up to date guide regarding nextcloud and letsencrypt on omv: forum.openmediavault.org/index…g-OMV-and-docker-compose/ (but it requires a reinstall of nextcloud and letsencrypt)

      This official guide by Linuxserver is also great: blog.linuxserver.io/2019/04/25…rypt-nginx-starter-guide/
      Thanks for the reply, I deleted all the Docker containers created by following TDL's videos and recreated them by following the instructions in that first link. However it did not work, the certificate is still self-signed and therefore I can't access Nextcloud due to HSTS.

      Letsencrypt does work as I did receive the "Congratulations! Your certificate and chain have been saved at" -message but something is apparently broken with the proxy? I'm using no-ip.org as my DDNS. Here is the contents of my /srv/dev-disk-by-label-disk/appdata/nextcloud/config/www/nextcloud/config/config.php:


      PHP Source Code

      1. <?php
      2. $CONFIG = array (
      3. 'memcache.local' => '\\OC\\Memcache\\APCu',
      4. 'datadirectory' => '/data',
      5. 'instanceid' => 'ocwqcj7tkba9',
      6. 'trusted_proxies' =>
      7. array (
      8. 0 => 'letsencrypt',
      9. ),
      10. 'overwritewebroot' => '/nextcloud',
      11. 'overwrite.cli.url' => 'https://[mydomain].no-ip.org/nextcloud',
      12. 'trusted_domains' =>
      13. array (
      14. 0 => '[mydomain].no-ip.org:443',
      15. ),
      16. );
      Display All
    • Have you enabled the proxy configuration for nextcloud in letsencrypt? First two steps of "Configuration of proxy".


      • cd /srv/dev-disk-by-label-disk1/appdata/letsencrypt/nginx/proxy-confs /srv/dev-disk-by-label-disk1 has to be adjusted
      • cp nextcloud.subfolder.conf.sample nextcloud.subfolder.conf this will copy the sample configuration file for nextcloud and removes the .sample so that the file will become active
      And restarted the container after modifications?
      Odroid HC2 - armbian - OMV4.x | Asrock Q1900DC-ITX - Intenso SSD 120GB - OMV4.x
      :!: Backup - Solutions to common problems - OMV setup videos - OMV4 Documentation - user guide :!:
    • @macom: Yes I did those steps as well, this is what my /srv/dev-disk-by-label-disk/appdata/letsencrypt/nginx/proxy-confs/nextcloud.subfolder.conf looks like:



      Source Code

      1. # Assuming this container is called "letsencrypt", edit your nextcloud container's config
      2. # located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
      3. # 'trusted_proxies' => ['letsencrypt'],
      4. # 'overwritewebroot' => '/nextcloud',
      5. # 'overwrite.cli.url' => 'https://your-domain.com/nextcloud',
      6. #
      7. # Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
      8. # array (
      9. # 0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
      10. # 1 => 'your-domain.com',
      11. # ),
      12. # Redirects for DAV clients
      13. location = /.well-known/carddav {
      14. return 301 $scheme://$host/nextcloud/remote.php/dav;
      15. }
      16. location = /.well-known/caldav {
      17. return 301 $scheme://$host/nextcloud/remote.php/dav;
      18. }
      19. location /nextcloud {
      20. return 301 $scheme://$host/nextcloud/;
      21. }
      22. location ^~ /nextcloud/ {
      23. include /config/nginx/proxy.conf;
      24. resolver 127.0.0.11 valid=30s;
      25. set $upstream_nextcloud nextcloud;
      26. rewrite /nextcloud(.*) $1 break;
      27. proxy_pass https://$upstream_nextcloud:443;
      28. proxy_max_temp_file_size 2048m;
      29. proxy_set_header Range $http_range;
      30. proxy_set_header If-Range $http_if_range;
      31. proxy_set_header Connection $http_connection;
      32. proxy_redirect off;
      33. proxy_ssl_session_reuse off;
      34. }
      Display All
    • Yes I have restarted both the letsencrypt and nextcloud containers. And here is the nextcloud docker log, it has some errors:

      Brainfuck Source Code

      1. [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
      2. [s6-init] ensuring user provided files have correct perms...exited 0.
      3. [fix-attrs.d] applying ownership & permissions fixes...
      4. [fix-attrs.d] done.
      5. [cont-init.d] executing container initialization scripts...
      6. [cont-init.d] 10-adduser: executing...
      7. -------------------------------------
      8. _ ()
      9. | | ___ _ __
      10. | | / __| | | / \
      11. | | \__ \ | | | () |
      12. |_| |___/ |_| \__/
      13. Brought to you by linuxserver.io
      14. We gratefully accept donations at:
      15. https://www.linuxserver.io/donate/
      16. -------------------------------------
      17. GID/UID
      18. -------------------------------------
      19. User uid: 1002
      20. User gid: 100
      21. -------------------------------------
      22. [cont-init.d] 10-adduser: exited 0.
      23. [cont-init.d] 20-config: executing...
      24. [cont-init.d] 20-config: exited 0.
      25. [cont-init.d] 30-keygen: executing...
      26. using keys found in /config/keys
      27. [cont-init.d] 30-keygen: exited 0.
      28. [cont-init.d] 40-config: executing...
      29. [cont-init.d] 40-config: exited 0.
      30. [cont-init.d] 50-install: executing...
      31. [cont-init.d] 50-install: exited 0.
      32. [cont-init.d] 60-memcache: executing...
      33. [cont-init.d] 60-memcache: exited 0.
      34. [cont-init.d] 99-custom-files: executing...
      35. [custom-init] no custom files found exiting...
      36. [cont-init.d] 99-custom-files: exited 0.
      37. [cont-init.d] done.
      38. [services.d] starting services
      39. [services.d] done.
      40. {"reqId":"nPksvVCT7YY0DgivNVQ8","level":3,"time":"2019-08-31T06:45:00+00:00","remoteAddr":"","user":"--","app":"cron","method":"","url":"\/nextcloud\/cron.php","message":{"Exception":"Exception","Message":"Not installed","Code":0,"Trace":[{"file":"\/config\/www\/nextcloud\/lib\/base.php","line":646,"function":"checkInstalled","class":"OC","type":"::","args":[]},{"file":"\/config\/www\/nextcloud\/lib\/base.php","line":1056,"function":"init","class":"OC","type":"::","args":[]},{"file":"\/config\/www\/nextcloud\/cron.php","line":41,"args":["\/config\/www\/nextcloud\/lib\/base.php"],"function":"require_once"}],"File":"\/config\/www\/nextcloud\/lib\/base.php","Line":277,"CustomMessage":"--"},"userAgent":"--","version":""}
      Display All
    • Morlan wrote:

      please change your router forward from external 443 to internal 444 and delete the other rule with 444
      Thanks a lot for the help, that was the problem! I fixed the port forwards and I can now access the Nextcloud setup page. I had to also activate Pure NAT for NAT reflection in my pfSense advanced settings in order to access the site from within the LAN.

      One more question; what should I set as the "Database host" in the Nextcloud setup page? I have tried localhost:3306 but I just get this error message when trying to finish the setup:

      Error while trying to create admin user: Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [2002] No such file or directory


      If i try 127.0.0.1:3306 I get this error message:


      Error while trying to create admin user: Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [2002] Connection refused

    • Morlan wrote:

      please change your router forward from external 443 to internal 444 and delete the other rule with 444
      Thanks a lot for the help, that was the problem! I fixed the port forwards and I can now access the Nextcloud setup page. I had to also activate Pure NAT for NAT reflection in my pfSense advanced settings in order to access the site from within the LAN.

      One more question; what should I set as the "Database host" in the Nextcloud setup page? I have tried localhost:3306 but I just get this error message when trying to finish the setup:

      • Error while trying to create admin user: Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [2002] No such file or directory


      If i try 127.0.0.1:3306 I get this error message:


      • Error while trying to create admin user: Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [2002] Connection refused
    • jackster wrote:

      what should I set as the "Database host" in the Nextcloud setup page?
      If you used the docker-compose file: nextclouddb

      from the guide:
      select MySQL/MariaDB
      • Database user --> "root"
      • Database password --> password which has been specified in the docker-compose file with MYSQL_ROOT_PASSWORD
      • Database name --> "nextcloud"
      • localhost host --> "nextclouddb"
      Odroid HC2 - armbian - OMV4.x | Asrock Q1900DC-ITX - Intenso SSD 120GB - OMV4.x
      :!: Backup - Solutions to common problems - OMV setup videos - OMV4 Documentation - user guide :!:
    • Users Online 1

      1 Guest