SSL connection to Docker container

  • Hi there,


    I´m trying out Docker for some days now and it seems that my Nextcloud container is running fine. It´s working via port 80 and is reachable from internet. There´s no simple way of implementing SSL in the container. OMV itself is set to always use SSL on port 443, but how do I have to configure OMV/Docker to use SSL even for Docker container ("redirect"/"reverse proxy"?)


    Thanks in advance,


    Thomas

  • Hello _thomas_, I'm exactly on the same situation, my Docker config for Nextcloud with a proxy and LetsEncrypt is fully functional on my linux desktop (test box) but on OVM it's only acception port 80, haven't figured out how to open 443 traffic for the Docker containers. Have you solved this, has anyone ran into this before?


    Thanks guys,


    Manro

  • Might be I did not get the problem, but why not change the ports of OMV in the GUI of OMV in General Settings.

    Thanks macom, already tried that, actually in order to have the Nextcloud container working with port 80 it's necessary (AFAIK) to change the OMV web GUI from port 80 to something different, 8080 in my case.


    I did the same thing to port 443 of the OMV web GUI, changed it to port 8443 even when it was not configured to use SSL connection just in case, but still cannot reach the Docker container on port 443.


    Any help will be greatly appreciated.


    Thanks guys!

  • Does your docker allow configuration of the ports it listens on? Those that have that capability usually do it by configuring a port on the host that is forwarded to one in the container via an environment variable like this:


    -p xxxx:yyyy


    Where xxxx is the port the host is listening on and yyyy is a the port the container is listening on.


    Have you consulted the documentation for the specific docker you are using?

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 5.x on ASRock Rack C2550D4I C0 Stepping - 16GB ECC - Silverstone DS380 + Silverstone DS380 DAS Box.

  • Thanks gderf, to be honest I'm pretty new to it, but if I understood it correctly can I do something like -p 8043:443 to forward port 8043 from host to port 443 on the container?


    I've read the Docker documentation on how to make Nextcloud with a proxy, mysql and letsencrypt and actually it's working like a charm on my test environment, and old desktop running Ubuntu 17.10 with docker on it, but I haven't found a way to make it work on OMV.


    Rgds,

  • Thanks gderf, to be honest I'm pretty new to it, but if I understood it correctly can I do something like -p 8043:443 to forward port 8043 from host to port 443 on the container?


    I've read the Docker documentation on how to make Nextcloud with a proxy, mysql and letsencrypt and actually it's working like a charm on my test environment, and old desktop running Ubuntu 17.10 with docker on it, but I haven't found a way to make it work on OMV.


    Rgds,

  • You can only do what the container was specifically built to allow for. That's why I asked if you looked at the documentation for the specific Nextcloud container you are using.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 5.x on ASRock Rack C2550D4I C0 Stepping - 16GB ECC - Silverstone DS380 + Silverstone DS380 DAS Box.

  • Hey,
    I’m by no means an expert, but I have been trying to do this for a while and I think this might help. I, too, had been trying to get NextCloud from docker running SSL. I installed a NC docker container (wonderfall/nextcloud) and now have it running through OMV letsencrypt cert with SSL. Here was my process.

    • Install NC (wonderfall/nextcloud) through docker webgui inside OMV
    • Opened the port 8888 in router
    • Setup directories like the image below (I’m not sure if the /etc/ section helped, but I just added it (these are the location of my OMV letsencrypt key and nginx)
    • Do initial setup of NC by logging in with IP:8888
    • Go to the docker config directory of NC you created earlier in step 3 (in my case it was /etc/home/Docker/conf/nextcloud)
    • Open & edit config.php with the sections highlighted with your WANIP & Domain
    • Go to OMV nginx directory and open/edit to add the proxy (in my case directory was /etc/nginx/site-available/openmediavault-webgui)
    • Check and restart nginx with nginx -t and /etc/init.d/nginx restart (to check for syntax errors)
    • Now try accessing NC via https://yourdomain/nextcloud/

    Hopefully this works for you.


  • Hey,
    I’m by no means an expert, but I have been trying to do this for a while and I think this might help. I, too, had been trying to get NextCloud from docker running SSL. I installed a NC docker container (wonderfall/nextcloud) and now have it running through OMV letsencrypt cert with SSL. Here was my process.

    • Install NC (wonderfall/nextcloud) through docker webgui inside OMV
    • Opened the port 8888 in router
    • Setup directories like the image below (I’m not sure if the /etc/ section helped, but I just added it (these are the location of my OMV letsencrypt key and nginx)
    • Do initial setup of NC by logging in with IP:8888
    • Go to the docker config directory of NC you created earlier in step 3 (in my case it was /etc/home/Docker/conf/nextcloud)
    • Open & edit config.php with the sections highlighted with your WANIP & Domain
    • Go to OMV nginx directory and open/edit to add the proxy (in my case directory was /etc/nginx/site-available/openmediavault-webgui)
    • Check and restart nginx with nginx -t and /etc/init.d/nginx restart (to check for syntax errors)
    • Now try accessing NC via https://yourdomain/nextcloud/

    Hopefully this works for you.

    Thank you for writing this down @colehan! I would, however, not change /etc/nginx/site-available/openmediavault-webgui, as this may get replaced. Better practice IMO would be to add an additional file to /etc/nginx/openmediavault-webgui.d/ (e.g. nextclound.conf) and then add the block in your source code to this new file. Explanation: All files "*.conf" in the folder "openmediavault-webgui.d" are added via include at the end of the "openmediavault-webgui" file


    I made almost everything work, but am currently stuck, because of the security warnings Nextcloud produces. Ideas anyone?

    Code
    The "X-XSS-Protection" HTTP header is not set to "1; mode=block". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
    The "X-Content-Type-Options" HTTP header is not set to "nosniff". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
    The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

    Here's the solution to the problem of multiple headers:
    The issue lies within both /nginx/sites-enabled/nginx.conf, but also /nextcloud/lib/private/legacy/response.php, as the headers are defined there as well. In addition to commenting out the headers in nginx.conf (using #), comment out ("//" or /* */ for php) the lines at the end of the response.php and the warnings should disappear. Apparently, this is a precaution by Nextcloud, should your server not send those security headers). As OMV already includes most and I would like security measures to apply to all my services, I removed all headers from those files and created and additionalsecurity.conf that I placed in /etc/nginx/openmediavault-webgui.d/ - here's the content of my file:



    Code
    add_header Referrer-Policy "no-referrer";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    Hint: Make sure to check your server settings using https://scan.nextcloud.com or https://securityheaders.com/

  • hey peeps,


    I have sabnzbd, sonarr, radarr, lidarr all running in docker containers.


    I have also installed the lets encrypt docker container but have no idea how to configure it.


    I have a domain (no need for DDNS)


    Can anyone assist me with configuring letsencrypt thru the gui so that i can connect to all my containers thru https?


    Any help would be greatly appreciated


    thanks in advance

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!