Nextcloud with Letsencrypt using OMV and docker-compose - Q&A

    • Offizieller Beitrag

    Telling you, I've done this multiple times a day on my certs (way more than 5) and never had an issue.


    But ok, I'll give you the benefit of the doubt. I was constantly adding new/different subdomains so it simply may not have been logging them as duplicates. So we'll say you hit your limit of 5 per day so you had to change your subdomain, because frankly it is irrelevant to this discussion. It still does not change the fact that there is no way you were getting a key before when you said you were.

    • Offizieller Beitrag

    So was helping someone this morning and he ran into this... (couldn't pull a key due to multiple failed tries)... Didn't realize this, but there is another cert provider in the swag container...


    https://docs.linuxserver.io/ge…r-lets-encrypt-vs-zerossl


    So if you run into this problem with Lets Encrypt not letting you pull a key due to failed attempts, duplicate attempts, whatever you want to call it (and you're not clearly lying for attention)... I tested it just for grins and it works just the same. The only difference is it offers unlimited certificate attempts. Only thing I found different from the documentation, is the key I pulled with the swag container, does not link to an account on zerossl's website (which is free if you want to try it).... so you can probably skip that. Still provide an email, because I believe you'll get an email when your cert is about to expire.


    Simply add this environment variable to the swag portion of the docker-compose file


    Code
    - CERTPROVIDER=zerossl

    and deploy the container again. Other than the unlimited attempts, they run, renew, etc. exactly the same.

    I'm stuk. I used the guide

    [How-To] Nextcloud with Letsencrypt using OMV and docker-compose

    For both Nextcloud and Plex, and everything was running fine. After the last update I decided to also make the move to swag.

    Changed evrything to swag in docker compose, but could not get a certificate, challange failled (port forwarding is set right).

    After several attepts to check nginx and php files I used "docker-compose up -d --remove-orphans" which cleaned up the letsencrypt docker files but still no certificate validation.

    The message when running docker logs -f swag is

    Somehow the port setting in swag is not connecting? ............... spent a day googling and searching, but I am stuck.

    Also added CERTPROVIDER=zerossl to prevent problems with too many atempts.

    In Protainer all looks good in network settings : Any clue? Who can point me in the right direction.

    • Offizieller Beitrag

    Post your yml file. Hide all passwords, emails, and keys. It may be just a typo (or not :)).

    Here is the yml file:


    version: "2"

    services:

    nextcloud:

    image: ghcr.io/linuxserver/nextcloud

    container_name: nextcloud

    environment:

    - PUID=1000 #change PUID if needed

    - PGID=100 #change PGID if needed

    - TZ=Europe/Amsterdam

    volumes:

    - /srv/dev-disk-by-label-DockerDisk/docker/appdata/nextcloud/config:/config

    - /srv/dev-disk-by-label-DockerDisk/docker/appdata/nextcloud/data:/data

    depends_on:

    - mariadb

    # ports: # uncomment this and the next line if you want to bypass the proxy

    # - 450:443

    restart: unless-stopped

    mariadb:

    image: ghcr.io/linuxserver/mariadb

    container_name: nextclouddb

    environment:

    - PUID=1000 #change PUID if needed

    - PGID=100 #change PGID if needed

    - MYSQL_ROOT_PASSWORD=***************** #change password

    - TZ=Europe/Amsterdam

    volumes:

    - /srv/dev-disk-by-label-DockerDisk/docker/appdata/nextclouddb:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted

    restart: unless-stopped

    swag:

    image: ghcr.io/linuxserver/swag #uncomment this line and comment the previous one if you want to use the new swag container (see link at bottom of the post)

    container_name: swag

    cap_add:

    - NET_ADMIN

    environment:

    - PUID=1000 #change PUID if needed

    - PGID=100 #change PGID if needed

    - TZ=Europe/Amsterdam

    - URL=**************.net

    - SUBDOMAINS=www,

    - VALIDATION=http

    - CERTPROVIDER=zerossl

    - EMAIL=****************.nl

    volumes:

    - /srv/dev-disk-by-label-DockerDisk/docker/appdata/swag:/config

    ports:

    - 443:443

    - 80:80

    restart: unless-stopped


    Had the ports at 81:80 and 444:443 before, but no difference. Went over this several times, and before swag change was running well over a year.

    • Offizieller Beitrag

    First, 80:80, that has to be changed. the OMV webUI runs on 80. So you either need to change the webUI to another port (I think that is under either Network or General Settings)... or Change the port for swag.


    That's the first thing you need to address.

    • Offizieller Beitrag

    Port settings are right at the top of the OMV menu bar under General Settings, but why didn't you leave it the way it was before; as 81:80 and 444:443?


    Indentation of the yml file matters. You may have a small indentation problem but we cannot see it. Your copy/paste into the post left it flat so it's not possible to see that indentation. Place your yml file in a code block from the menu bar above, as:

    Thanks for the replies. OMV runs on 8081 so should not conflict, but changed the setting back to 81:80 and 444:443 (and of course changed the port forward to the router again).


    After docker-compose-d and docker logs -f swag see feedback below. During the time the certificate authentication is running i checked and port 80 is open (which closes again after I receive the error. I can also not find the logfile anywhere (not in root or docker directories)

    I only use the DNS to redirect my IP address, I don't have a website or any other items set. (simple Hostname A). No issues on another server or with previous install.

    I managed to receive a certificate by changing my dns from only domainname.net to also http://www.domainname.net.


    After that I had a problem that i could not log into nextcloud "trusted domain problem. I needed to remove the :443 after the domain name ....


    Code
    'trusted_proxies' => 
  array (
    0 => 'swag',
  ),
  'overwritewebroot' => '/nextcloud',
  'overwrite.cli.url' => 'https://your.url/nextcloud',
  'trusted_domains' => 
  array (
    0 => 'your.url',
  ),

    That got it to work.

    Is there a way to add a perl executable to this setup?


    Some nextcloud addons, such as CameraRaw, require perl to work. I have CameraRaw installed and it generates a lot of errors:


    Exception: No perl executable found. Camera Raw Previews app will not work.

    Zitat von Kritta

    Is there a way to add a perl executable to this setup?


    Some nextcloud addons, such as CameraRaw, require perl to work. I have CameraRaw installed and it generates a lot of errors:


    Exception: No perl executable found. Camera Raw Previews app will not work.

    Did you enable the previews on your "config.php" (make a copy of it before changing anything?

    Code
    'enable_previews' => true,

    On an older version there was also, a specific for "RAW" but don't see it anymore on v21:


    Some food for thoughts about "Previews":

    Understanding and improving Nextcloud Previews – Own your bits

    • Offizieller Beitrag
    Zitat von Agricola

    At least I get a different response to docker-compose up -d this time around:


    Code
    root@m4omv5:/home/docker1/nextcloud# docker-compose up -d
Creating network "nextcloud_default" with the default driver
ERROR: Failed to program FILTER chain: iptables failed: iptables --wait -I FORWARD -o br-0b1adf19895e -j DOCKER: iptables v1.8.2 (nf_tables):  RULE_INSERT failed (Invalid argument): rule in chain FORWARD
 (exit status 4)

    all I did was run apt-get reinstall docker-compose and then the up -d command above. What have I done now?

    Hmm, weird.


    If it were me, before I tried reinstalling... I'd uninstall docker with the webUI... Maybe even run apt-autoremove (make sure it doesn't want to uninstall openmediavault before accepting) to remove any dangling packages from docker. apt autoclean to clean anything up... then use the webUI to reinstall docker.


    As long as your containers are not stored at /var/lib, and you point at your containers in the docker settings after reinstall... there's shouldn't be any real risk of data and configuration loss for your containers.

    • Offizieller Beitrag

    KM0201 where did you get that (old) post? I haven’t had Nextcloud on my NanoPi M4 in maybe a year or more. It’s just a backup server now. At the time Docker would not work with the M4 and the new ip tables. Once I was able to revert to the older legacy ip tables Nextcloud installed fine. This was before ryecoaaron put an ip tables switch in (I think) OMV-extras, so I had to search the web for a command line solution.

    • Offizieller Beitrag
    Zitat von Agricola

    KM0201 where did you get that (old) post? I haven’t had Nextcloud on my NanoPi M4 in maybe a year or more. It’s just a backup server now. At the time Docker would not work with the M4 and the new ip tables. Once I was able to revert to the older legacy ip tables Nextcloud installed fine. This was before ryecoaaron put an ip tables switch in (I think) OMV-extras, so I had to search the web for a command line solution.

    That's a really good freaking question..lol. I swear I had an alert pop up on it and clicked it and read the post... I didn't even look at the date, and now I see I don't have an alert on it (that was how I found it)..


    ?(

    • Offizieller Beitrag

    Forum gremlins at work.

    • Offizieller Beitrag

    KM0201 That was post #38 of this thread; October 7th, 2019!

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden