This is the Q&A Thread for that HOWTO: [How-To] Nextcloud with Letsencrypt using OMV and docker-compose
Nextcloud with Letsencrypt using OMV and docker-compose - Q&A
-
- OMV 5.x
- WastlJ
-
-
Your link points to the watchtower in docker-compose guide.
-
Thanks - corrected!
-
-
Question: How do I use the subdomain method to access Nextcloud via the Letsencrypt docker?
Answer:
- Slight change in the docker-compose.yml - nano docker-compose.yml under environment: in the letsencrypt section
- save via CTRL+x and confirm with y
- rebuild containers docker-compose up -d
- cd /srv/dev-disk-by-label-disk1/appdata/letsencrypt/nginx/proxy-confs /srv/dev-disk-by-label-disk1 has to be adjusted
- cp nextcloud.subdomain.conf.sample nextcloud.subdomain.conf this will copy the sample configuration file for nextcloud and removes the .sample so that the file will become active
- docker restart letsencrypt
- cd /srv/dev-disk-by-label-disk1/appdata/nextcloud/config/www/nextcloud/config
- nano config.php
- change following:
- add your domain to the trusted domains:
- delete the line:
- change/add following lines:
Code'overwrite.cli.url' => 'https://nextcloud.your.url', 'overwritehost' => 'nextcloud.your.url', 'overwriteprotocol' => 'https',
- save via CTRL+x and confirm with y
- docker restart nextcloud
- Now your Nextcloud should be accessible via https://nextcloud.your.url
-
To be able to use the subdomain variant you must make sure to have a CNAME for "nextcloud" set up on your dns provider and it is pointing to your A record that points to your server IP
For DuckDNS, you do not need to create CNAMES, as all sub-subdomains automatically point to the same IP as your custom subdomain, but you must make sure that it is pointing to the IP address of your server.
-
@Morlan i am getting right thet the line above isn't correctt ?
cd /srv/dev-disk-by-label-disk1/appdata/nextcloud/www/nextcloud/config
it shoul be:
cd /srv/dev-disk-by-label-disk1/appdata/nextcloud/config/www/nextcloud/config
Anythig else ist to change the letsencrypt configuration in the docker-compose.yml which @macom has made when u use ony a subdomain for your NC.
Simply include under enviroment:ONLY_SUBDOMAINS parameter.Code
Display Moreenvironment: - PUID=1000 #change PUID if needed - PGID=100 #change PGID if needed - TZ=Europe/Berlin # change Time Zone if needed - URL=xxxx.de #insert your domain name - yourdomain.url - SUBDOMAINS=yoursubdomain #needs to be adjusted - ONLY_SUBDOMAIS=true - VALIDATION=http - EMAIL=xxx.yyy@provider.com # define email; required to renew certificate volumes: - /srv/dev-disk-by-label-disk1/appdata/letsencrypt:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted ports: - 444:443 - 81:80
SORRY admin for so much editing this thread, but i did not want to mess it up with some selfmade mistakes.
Tom
-
-
Firstly, I have to say this is an excellent guide. Thanks very much for putting it all together and posting it. I'm impressed and grateful.
I followed the guide with the following modifications:
- The URL for letsencrypt was changed to cloud.mydomain.com. I added no subdomains. This is because http://www.mydomain.com is hosted by my ISP.
- I added the internal IP of my server to the config.php file so that I could get to nextcloud internally via xxx.xxx.xxx.xxx:445. This works okay.
- I used the modifications in post 4 above to use the cloud.mydomain.com subdomain.
I can now access nextcloud via the internal IP: xxx.xxx.xxx.xxx:445.
I cannot access nextcloud via cloud.mydomain.com. This returns ERR_CONNECTION_REFUSED.
I can ping to cloud.mydomain.com and it returns the correct IP. Ports are forwarded as described in the guide.If I clear the letsencrypt docker container log and restart the letsencrypt docker I get:
Bash
Display More[s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing... ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 1000 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=1000 PGID=100 TZ=Australia/Melbourne URL=cloud.mydomain.com SUBDOMAINS= EXTRA_DOMAINS= ONLY_SUBDOMAINS=false DHLEVEL=2048 VALIDATION=http DNSPLUGIN= EMAIL=me@myserver.com STAGING= 2048 bit DH parameters present No subdomains defined E-mail address entered: me@mydomain.com http validation is selected Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for cloud.mydomain.com Waiting for verification... Challenge failed for domain cloud.mydomain.com http-01 challenge for cloud.mydomain.com Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: cloud.mydomain.com Type: connection Detail: Fetching http://cloud.mydomain.com/.well-known/acme-challenge/5YcXjtOUq5VT5bmw5uCPV9RqXIalDkEx6H1G_u_qA3o: Connection refused To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
Is there anything obvious I'm doing wrong?
-
-
@Morlan i am getting right thet the line above isn't correctt ?
cd /srv/dev-disk-by-label-disk1/appdata/nextcloud/www/nextcloud/config
it shoul be:
cd /srv/dev-disk-by-label-disk1/appdata/nextcloud/config/www/nextcloud/config
Yes you are right, thanks for pointing it out. Changed it in the guide.
Anythig else ist to change the letsencrypt configuration in the docker-compose.yml which @macom has made when u use ony a subdomain for your NC.
Simply include under enviroment:ONLY_SUBDOMAINS parameter.It is not necessary to add this parameter and should only be added if you exclusively want to exlude the main domain from your cert.
The offical documentation states for this parameter: If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to true
Firstly, I have to say this is an excellent guide. Thanks very much for putting it all together and posting it. I'm impressed and grateful.
I followed the guide with the following modifications:
- The URL for letsencrypt was changed to cloud.mydomain.com. I added no subdomains. This is because http://www.mydomain.com is hosted by my ISP.
- I added the internal IP of my server to the config.php file so that I could get to nextcloud internally via xxx.xxx.xxx.xxx:445. This works okay.
- I used the modifications in post 4 above to use the cloud.mydomain.com subdomain.
I can now access nextcloud via the internal IP: xxx.xxx.xxx.xxx:445.
I cannot access nextcloud via cloud.mydomain.com. This returns ERR_CONNECTION_REFUSED.
I can ping to cloud.mydomain.com and it returns the correct IP. Ports are forwarded as described in the guide.If I clear the letsencrypt docker container log and restart the letsencrypt docker I get:
Bash
Display More[s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing... ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 1000 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 50-config: executing... Variables set: PUID=1000 PGID=100 TZ=Australia/Melbourne URL=cloud.mydomain.com SUBDOMAINS= EXTRA_DOMAINS= ONLY_SUBDOMAINS=false DHLEVEL=2048 VALIDATION=http DNSPLUGIN= EMAIL=me@myserver.com STAGING= 2048 bit DH parameters present No subdomains defined E-mail address entered: me@mydomain.com http validation is selected Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created Generating new certificate Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for cloud.mydomain.com Waiting for verification... Challenge failed for domain cloud.mydomain.com http-01 challenge for cloud.mydomain.com Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: cloud.mydomain.com Type: connection Detail: Fetching http://cloud.mydomain.com/.well-known/acme-challenge/5YcXjtOUq5VT5bmw5uCPV9RqXIalDkEx6H1G_u_qA3o: Connection refused To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container
Is there anything obvious I'm doing wrong?
The letsencrypt container fails to get your cert either because your port forwardings dont work or your dns is service is not correctly configured. As @macom stated:
To be able to use the subdomain variant you must make sure to have a CNAME for "nextcloud" set up on your dns provider and it is pointing to your A record that points to your server IP
The changes provided bei @tomspatz might not be necessary depending on your dns host.
-
-
If you're using a subdomain other than "nextcloud" then you will also need to:
Edit nextcloud.subdomain.conf which is found in /srv/dev-disk-by-label-disk1/appdata/letsencrypt/nginx/proxy-confs (Change 'disk1' in the path to match your disk name.)
Change server_name nextcloud.*; to server_name yoursubdomain.*; where "yoursubdomain" is whatever subdomain you've chosen.
For example, I wanted NextCloud to be accessible at cloud.mysite.com, so I changed the line to become server_name cloud.*;. You can use whatever subdomain you like as long as you have the appropriate CNAME set up on your DNS records and you edit the server_name property in the file as mentioned above.
I also had to comment-out proxy_max_temp_file_size 2048m; in the above-mentioned file. Prior to doing that I was seeing nginx: [emerg] "proxy_max_temp_file_size" directive invalid value in /config/nginx/proxy-confs/nextcloud.subdomain.conf:29 appear repeatedly in the letsencrypt docker log file. I don't know why this is.
-
one Question
As i understand and so in my System the generated Letsencrypt Cert is only for the connection outside your network:
Internet -> provider A record for my subdomain to IP -> router Port 443 to Port 444 Letsencrypt/Nginx Proxy -> NCInside my network a Windows Server do a Forward-Lookupzone for my subdomain. So it is not possible to reach the Letsencrypt Cert.
Am I right, and this is how this configuration has to work ?
Tom
-
Sorry for noob question
My appdata is in
/sharedfolders/appdata$
on disk
/dev/sdb1
disk is labeled
omvdisk1what I have to chage here:
- /srv/dev-disk-by-label-disk1/appdata/nextcloud/config:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted
- /srv/dev-disk-by-label-disk1/appdata/nextcloud/data:/data #/srv/dev-disk-by-label-disk1 needs to be adjusted
-
-
/srv/dev-disk-by-label-omvdisk1/appdata$/nextcloud/config:/config
/srv/dev-disk-by-label-omvdisk1/appdata$/nextcloud/data:/data
Are you sure about the $ sign in appdata$
-
Are you sure about the $
Sorry, my mistake. Its $ sign from terminal. It's appdata. But my question stay: what is the line, and what to change?
-
then just remove the $ in the two lines I posted
-
-
...
Thank you so much!
-
New problem:
after
sudo docker-compose up -d
I receive error
ERROR: for nextcloud Cannot start service nextcloud: driver failed programming external connectivity on endpoint nextcloud (26f5d205bceee9057b87724716c00a94a68c489fcda224810001c0046d7bad38): Error starting userland proxy: listen tcp 0.0.0.0:445: bind: address already in use
ERROR: Encountered errors while bringing up the project.Port 443 is forwarded to 445
EDIT> I try with port 443 forwarded to 444, same error
-
Can you post your docker-compose file?
-
-
Sounds like there is already another docker container with the exposed port 445. This has nothing to do with your forwards.
-
Can you post your docker-compose file?
Participate now!
Don’t have an account yet? Register yourself now and be a part of our community!