Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

    I'm trying to figure this out for a couple of weeks now. It is still not working, though. Could you please share your whole (anonymised) config.cfg? Thanks a lot!

    Zitat von Morlan

    tThere are already some errors. 80-81 means that you opened a range of ports.

    Also I need some more detailed infos. Can you show a screenshot of the options window when press edit of the http-server and https-server?

    Did you follow the guide regards the port assignments of the docker containers?

    Thanks, I guess I misunderstood how to assign the ports. See attached screenshots for my current setup.



    Good news: the previous error messages are gone. The bad news: it's still not working...I get an 'unable to connect' message when I try to connect to 'https://nextcloud.my.duckdns.org'. I also tried with http. That is the address I should use, right?


    Looking at docker logs letsencrypt -f, I get error messages for nginx: [emerg] "proxy_max_temp_file_size" directive invalid value in /config/nginx/proxy-confs/nextcloud.subdomain.conf:33. If I check that file, it says proxy_max_temp_file_size 2048m;, which does not look very wrong if I compare to the nginx docs.


    Logs for docker logs nextcloud -f give PHP Fatal error: Uncaught Error: Call to a member function getLogger() on null in /config/www/nextcloud/cron.php:162. That does not seem to be causing my problem, but I might be wrong.


    Where do I go from here? If it's any use, I've posted my docker-compose.yml here, and my config.php here.

    Zitat von Morlan

    Change it to proxy_max_temp_file_size 1024m;

    Done. Going forward step by step...Previous error messages gone. Can anyone explain what was the problem here?


    But still not working properly...Now when I go to https://nextcloud.my.duckdns.org, I receive

    Code
    Internal Server Error

The server encountered an internal error and was unable to complete your request.
Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.
More details can be found in the webserver log.

    In the letsencrypt logs, I see nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html), but at the end of the log it says server ready. Not sure if the LuaJIT error has anything to do with my server error.


    The nextcloud logs say PHP Fatal error: Uncaught Error: Call to a member function getLogger() on null in /config/www/nextcloud/cron.php:162

    Stack trace:

    #0 {main}

    thrown in /config/www/nextcloud/cron.php on line 162.


    Any suggestions?

    Zitat von Morlan

    The LuaJIT error can be ignored.

    So the problem has probaly something to do with your mentioned error message in the nextcloud logs. Does access to Nextcloud still work over the local ip?

    I was never able to access nextcloud in any way, locally or over the internet.


    To be sure: I should open the local ip of my raspberry pi on port 444 (I configured port sharing for 443 to 444), right ? That doesnt work, nor port 443.

    I have a question regarding [How-To] onlyoffice in nextcloud docker. This is an excellent guide, but does not have a Q&A, and one cannot reply to the original guide.


    I followed the guide and all went as expected other than that the system doesn't work. When browse to nextcloud.mysite.com/onlyoffice it simply redirects to nextcloud.mysite.com (the standard nextcloud default page). I suspect this has something to do with the nginx config files, but I can't work out what. I am, incidently, using a subdomain for nextcloud... I use cloud.mysite.com for nextcloud. The nginx config file in the guide appears to be appropriate for subdirectory rather than subdomain. Any thoughts? Maybe we need a separate thread for a Q&A related to this How-To.


    - Andrew


    UPDATE:

    The OnlyOffice docker image is not compatible with ARM-based single board computers. So, this will not work on Raspberry Pi, Odroid, etc. Maybe this could be added to the original guide.

    What happens if you use https://mysite.com/onlyoffice?


    ------------------------------------------------------------------------------------------------------


    Zitat von mtthsdzwn

    My docker-compose file is here, my config file for nextcloud is here. Thanks for all your effort trying to solve this.

    Is the config.php copied directly ? Because some of the trailing , are missing e.g.

    Code
      'overwritehost' => 'nextcloud.my.duckdns.org'
or
    1 => 'nextcloud.my.duckdns.org'

    Otherwise your configs look good to me.

    https://mysite.com/onlyoffice won't work because mysite.com hosts a commercially-provided website, and I use a subdomain cloud.mysite.com to redirect traffic to a local server for NextCloud. If I browse using the IP address of the PC running OMV https://192.168.xxx.xxx/onlyoffice I get ERR_CONNECTION_REFUSED.


    I also had a look at the log from the onlyoffice docker container and It contains:

    standard_init_linux.go:211: exec user process caused "exec format error"


    Thanks for your suggestion and help... and the help you've provided to so many others too. :)

    Zitat von Kritta

    What is the best (correct, or preferred) method for renewing the letsencrypt cert under this setup?

    Zitat von Morlan

    Should be done automatically


    Hello everyone, I successfully have installed NextCloud, MariaDB and LetsEncrypt via your great guide here, almost 3 months ago, using my subdomain (instead of domain/folder/ set-up) with duckdns.org.


    But it's time to get Let's Encrypt renewed and I still have a deadline in 7 days; it is still expiring. Not sure how it is supposed to be done automatically, nor do I know how many days in advance this is supposed to happen...


    So per the guide, modem/router redirects 80/443 to ports 81 and 444 to OMV & container(s), whist keeping port 80 (internal network) for http access and the actual OMV WebUI.


    But when I login to the container docker exec -it letsencrypt /bin/bash and run certbot renew I get the following error (replaced my subdomain with XXXXX):



    I made sure my modem/router has again open port 80->81 (due to many attacks lately, fail2ban went nuts) whilst already using 443->444 to OMV as usual; I can access NextCloud from outside without problems.


    I was hoping to avoid deleting the "letsencrypt" container and re-create it, via some separate docker-compose file as I am afraid this may screw up my NextCloud working setup :(


    Can I kindly also ask macom or Morlan for your valuable experience/knowledge? Any help from anyone faced this, is very welcome.


    Here are the files I think you may need:


    For /appdata/letsencrypt/nginx/proxy-confs/ I copied nextcloud.subdomain.conf.sample as nextcloud.subdomain.conf and changed the subdomain parameter server_name nextcloud.*; to mine: server_name XXXXX.*; of course.


    Then for config.php for NextCloud:


    Finally, the part of docker-compose.yml used for Let's Encrypt where ports are redirected (without changing default ports on the NextCloud section):

    Thank you everyone in advance.

    OpenMediaVault 6.9.13-1 • Intel NUC NUC6CAYH • Intel Celeron J3455 • 2x4GB RAM • Samsung 870 QVO 4TB • USB Boot (System)

    3 Mal editiert, zuletzt von Konsti ()

    On the first glance it looks like a port forwarding problem.


    Does your letsencrypt.log in /config/log/letsencrypt/ also give this error when you restart the container with docker restart letsencrypt?

    Hi Morlan thank you for replying to me, appreciate it. I looked for /config/log/letsencrypt/letsencrypt.log in my main OMV system partition, there is none. Did you mean inside the letsencrypt container after I log in with docker exec -it letsencrypt /bin/bash ?


    If yes, then that log is empty (zero bytes). I did restart the docker before accessing it via shell. I paste the contents of zcat letsencrypt.log.2.gz

    As you can see there's no explicit mention of the problem... Seems the same as if I force to certbot renew.

    Otherwise, the contents of /var/log/letsencrypt/letsencrypt.log inside the container are much different, as I can see.

    Thanks.

    OpenMediaVault 6.9.13-1 • Intel NUC NUC6CAYH • Intel Celeron J3455 • 2x4GB RAM • Samsung 870 QVO 4TB • USB Boot (System)

    Einmal editiert, zuletzt von Konsti ()

    Sorry my directions were misleading. I meant the log inside the container.

    Also did you triple-check that your port 80 forwarding is correct?


    What is the output when you enter the container and then type ./app/le-renew.sh

    Thanks Morlan I am puzzled now.


    First of all, the redirections worked great all this time, so you would expect (per docker-compose.yml too) to be:

    Router from internet 80:443 pushed to 81:444 to OMV (static IP) respectively. Still work great so far.


    However, running what you asked prompted to success now? Have a look at the log:

    What do you make out of this? Why would ./app/le-renew.sh from within the container work but not certbot renew or the cron ?


    How can I validate the cron running in this letsencrypt container? Perhaps there's some syntax or other error on some file, inside the container?


    UPDATE: What would you make out of this, Morlan ?


    Thanks!

    OpenMediaVault 6.9.13-1 • Intel NUC NUC6CAYH • Intel Celeron J3455 • 2x4GB RAM • Samsung 870 QVO 4TB • USB Boot (System)

    Einmal editiert, zuletzt von Konsti ()

    Well I think certbot renew needs the extra parameter which are provided by the script. That the script failed when run by the cron-job might be due to the fact that you closed port 80 in between (or is this incorrect?).

    Indeed, I keep port 80 on my modem/router closed due to multiple attacks, as there is no real need: neither the mobile app nor the MacOS client connect to NextCloud on simple http. I opened it just earlier today.


    Side note: Also I point out that the need to go sub-domain setup (with duckdns.org) rather than /nextcloud/ folder is because of the computer (macOS) client that asks a URL during installation and connection of the account(s).


    So this means that cron runs each day... OK then I will need to redo the renewal manually via your tip of running ./app/le-renew.sh from within the container OR leave port 80 open for 24h and let the cron re-run successfully, I guess..!


    But this also means that this tip/post on the previous page to just run certbot renew in a Docker installation, will most likely fail for some people, better run ./app/le-renew.sh instead, no?


    Thank you very much for your time and input, Morlan. I hope others will profit from this and can confirm this too!

    OpenMediaVault 6.9.13-1 • Intel NUC NUC6CAYH • Intel Celeron J3455 • 2x4GB RAM • Samsung 870 QVO 4TB • USB Boot (System)

    Einmal editiert, zuletzt von Konsti ()

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden