Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

  • Question: How do I use the subdomain method to access Nextcloud via the Letsencrypt docker?



    Answer:


    • Slight change in the docker-compose.yml - nano docker-compose.yml under environment: in the letsencrypt section
    Code
    - SUBDOMAINS=www,nextcloud
    • save via CTRL+x and confirm with y
    • rebuild containers docker-compose up -d
    • cd /srv/dev-disk-by-label-disk1/appdata/letsencrypt/nginx/proxy-confs /srv/dev-disk-by-label-disk1 has to be adjusted
    • cp nextcloud.subdomain.conf.sample nextcloud.subdomain.conf this will copy the sample configuration file for nextcloud and removes the .sample so that the file will become active
    • docker restart letsencrypt
    • cd /srv/dev-disk-by-label-disk1/appdata/nextcloud/config/www/nextcloud/config
    • nano config.php
    • change following:

      • add your domain to the trusted domains:
    Code
    'trusted_domains' => 
          array (
            0 => 'your.ip:445',
            1 => 'nextcloud.your.url',
          ),
    • delete the line:
    Code
    'overwritewebroot' => '/nextcloud',
    • change/add following lines:
    Code
    'overwrite.cli.url' => 'https://nextcloud.your.url',
          'overwritehost' => 'nextcloud.your.url',
          'overwriteprotocol' => 'https',
    • save via CTRL+x and confirm with y
    • docker restart nextcloud
    • Now your Nextcloud should be accessible via https://nextcloud.your.url
    • Official Post

    To be able to use the subdomain variant you must make sure to have a CNAME for "nextcloud" set up on your dns provider and it is pointing to your A record that points to your server IP


    For DuckDNS, you do not need to create CNAMES, as all sub-subdomains automatically point to the same IP as your custom subdomain, but you must make sure that it is pointing to the IP address of your server.

  • @Morlan i am getting right thet the line above isn't correctt ?


    cd /srv/dev-disk-by-label-disk1/appdata/nextcloud/www/nextcloud/config


    it shoul be:


    cd /srv/dev-disk-by-label-disk1/appdata/nextcloud/config/www/nextcloud/config



    Anythig else ist to change the letsencrypt configuration in the docker-compose.yml which @macom has made when u use ony a subdomain for your NC.
    Simply include under enviroment:ONLY_SUBDOMAINS parameter.




    SORRY admin for so much editing this thread, but i did not want to mess it up with some selfmade mistakes.



    Tom

  • Firstly, I have to say this is an excellent guide. Thanks very much for putting it all together and posting it. I'm impressed and grateful.


    I followed the guide with the following modifications:

    • The URL for letsencrypt was changed to cloud.mydomain.com. I added no subdomains. This is because http://www.mydomain.com is hosted by my ISP.
    • I added the internal IP of my server to the config.php file so that I could get to nextcloud internally via xxx.xxx.xxx.xxx:445. This works okay.
    • I used the modifications in post 4 above to use the cloud.mydomain.com subdomain.

    I can now access nextcloud via the internal IP: xxx.xxx.xxx.xxx:445.
    I cannot access nextcloud via cloud.mydomain.com. This returns ERR_CONNECTION_REFUSED.
    I can ping to cloud.mydomain.com and it returns the correct IP. Ports are forwarded as described in the guide.


    If I clear the letsencrypt docker container log and restart the letsencrypt docker I get:


    Is there anything obvious I'm doing wrong?

  • Yes you are right, thanks for pointing it out. Changed it in the guide.



    Anythig else ist to change the letsencrypt configuration in the docker-compose.yml which @macom has made when u use ony a subdomain for your NC.
    Simply include under enviroment:ONLY_SUBDOMAINS parameter.

    It is not necessary to add this parameter and should only be added if you exclusively want to exlude the main domain from your cert.


    The offical documentation states for this parameter: If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to true




    The letsencrypt container fails to get your cert either because your port forwardings dont work or your dns is service is not correctly configured. As @macom stated:

    To be able to use the subdomain variant you must make sure to have a CNAME for "nextcloud" set up on your dns provider and it is pointing to your A record that points to your server IP

    The changes provided bei @tomspatz might not be necessary depending on your dns host.

  • If you're using a subdomain other than "nextcloud" then you will also need to:


    Edit nextcloud.subdomain.conf which is found in /srv/dev-disk-by-label-disk1/appdata/letsencrypt/nginx/proxy-confs (Change 'disk1' in the path to match your disk name.)


    Change server_name nextcloud.*; to server_name yoursubdomain.*; where "yoursubdomain" is whatever subdomain you've chosen.


    For example, I wanted NextCloud to be accessible at cloud.mysite.com, so I changed the line to become server_name cloud.*;. You can use whatever subdomain you like as long as you have the appropriate CNAME set up on your DNS records and you edit the server_name property in the file as mentioned above.


    I also had to comment-out proxy_max_temp_file_size 2048m; in the above-mentioned file. Prior to doing that I was seeing nginx: [emerg] "proxy_max_temp_file_size" directive invalid value in /config/nginx/proxy-confs/nextcloud.subdomain.conf:29 appear repeatedly in the letsencrypt docker log file. I don't know why this is.

  • one Question


    As i understand and so in my System the generated Letsencrypt Cert is only for the connection outside your network:
    Internet -> provider A record for my subdomain to IP -> router Port 443 to Port 444 Letsencrypt/Nginx Proxy -> NC


    Inside my network a Windows Server do a Forward-Lookupzone for my subdomain. So it is not possible to reach the Letsencrypt Cert.


    Am I right, and this is how this configuration has to work ?



    Tom

  • Sorry for noob question


    My appdata is in


    /sharedfolders/appdata$


    on disk


    /dev/sdb1


    disk is labeled

    omvdisk1


    what I have to chage here:


    - /srv/dev-disk-by-label-disk1/appdata/nextcloud/config:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted


    - /srv/dev-disk-by-label-disk1/appdata/nextcloud/data:/data #/srv/dev-disk-by-label-disk1 needs to be adjusted

    = Fujitsu PRIMERGY TX1310 M3 • 2 x HDD 3.5" 4TB Western Digital Red • Windows Server 2019 • Hyper-V • OMV 5.x =

  • Are you sure about the $

    Sorry, my mistake. Its $ sign from terminal. It's appdata. But my question stay: what is the line, and what to change?

    = Fujitsu PRIMERGY TX1310 M3 • 2 x HDD 3.5" 4TB Western Digital Red • Windows Server 2019 • Hyper-V • OMV 5.x =

  • New problem:


    after


    sudo docker-compose up -d


    I receive error


    ERROR: for nextcloud Cannot start service nextcloud: driver failed programming external connectivity on endpoint nextcloud (26f5d205bceee9057b87724716c00a94a68c489fcda224810001c0046d7bad38): Error starting userland proxy: listen tcp 0.0.0.0:445: bind: address already in use
    ERROR: Encountered errors while bringing up the project.


    Port 443 is forwarded to 445


    EDIT> I try with port 443 forwarded to 444, same error

    = Fujitsu PRIMERGY TX1310 M3 • 2 x HDD 3.5" 4TB Western Digital Red • Windows Server 2019 • Hyper-V • OMV 5.x =

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!