I would love to know how that happened.
Nextcloud with Letsencrypt using OMV and docker-compose - Q&A
-
- OMV 5.x
- WastlJ
-
-
Which file should I edit to increase the pm.max_children parameter?
3) I got "server reached pm.max_children" errors from the php log, which were solved by increasing the max_children in a similar fashion to what's being explained here.
-
I have not done it, but I assume it is
config_path/nextcloud/php/www2.conf
-
I will try. Thanks
-
Hello everyone,
First I am not native, so sorry for typos writing.
I am installing (at least trying) to install Nextcloud on OMV using Docker + Portainer + Swag with a DuckDNS URL.
Error:
From my local network:
I can access my OMV (http://myip) but I cannot access Nextcloud (http://myip/nextcloud). Message is System Failure. Press left mouse button to continue. Page doesn't exist)
Fom external network:
When I choose mydomain.duckdns.org, the system shows a welcome page of SWAG (Welcome to your SWAG instance)
When I choose mydomain.duckdns.org/nextcloud, the system shows nextcloud's starting page (OK). I should delete https because if not the Nextcloud says my access is not trustful
What I did:
Forward ports in Router:
Ext:80, Int:81
Ext:443, Int:444
Checked docker user for taking PUID, PGID
Followed the How-to guide of macom (thanks by the way): https://forum.openmediavault.o…omv-and-docker-compose%2F
I copied the following, adapting to my case (DuckDNS)
Code
Alles anzeigenversion: "2" services: nextcloud: image: ghcr.io/linuxserver/nextcloud container_name: nextcloud environment: - PUID=1002 #change PUID if needed - PGID=100 #change PGID if needed - TZ=Europe/Berlin #change Time Zone if needed volumes: - /srv/dev-disk-by-uuid/Appdata/nextcloud/config:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted - /srv/dev-disk-by-uuid/Appdata/nextcloud/data:/data #/srv/dev-disk-by-label-disk1 needs to be adjusted depends_on: - mariadb # ports: # uncomment this and the next line if you want to bypass the proxy # - 450:443 restart: unless-stopped mariadb: image: ghcr.io/linuxserver/mariadb container_name: nextclouddb environment: - PUID=1002 #change PUID if needed - PGID=100 #change PGID if needed - MYSQL_ROOT_PASSWORD=mypassword #change password - TZ=Europe/Berlin #Change Time Zone if needed volumes: - /srv/dev-disk-by-uuid/Appdata/nextclouddb:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted restart: unless-stopped swag: image: linuxserver/swag #swag is the replacement for letsencrypt (see link below) container_name: swag cap_add: - NET_ADMIN environment: - PUID=1002 #change PUID if needed - PGID=100 #change PGID if needed - TZ=Europe/Berlin # change Time Zone if needed - URL=mydomain.duckdns.org #insert your domain name - yourdomain.url - DUCKDNSTOKEN=mytoken - SUBDOMAINS=wildcard - VALIDATION=duckdns - EMAIL=mymail # define email; required to renew certificate volumes: - /srv/dev-disk-by-uuid/Appdata/swag:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted ports: - 444:443 - 81:80 restart: unless-stopped
All logs were OK
Created the copy of nextcloud.subfolder.conf.sample with name nextcloud.subfolder.conf and deleted the sample one
Adapted the file /srv/dev-disk-by-label-disk1/appdata/nextcloud/config/www/nextcloud/config/config.php
PHP
Alles anzeigen<?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'trusted_proxies' => array ( 0 => 'swag', ), 'overwritewebroot' => '/nextcloud', 'overwrite.cli.url' => 'https://mydomain.duckdns.org/nextcloud', 'trusted_domains' => array ( 0 => 'mydomain.duckdns.org', ), 'instanceid' => 'xxxxxx', 'passwordsalt' => 'xxx+xxxx+xxxx', 'secret' => 'xxxxxx/', 'dbtype' => 'sqlite3', 'version' => '21.0.2.1', 'installed' => true, );
Restarted all containers
I am not so expert with these topics, but I am pretty sure I followed all the steps correct. I think the problem is my ISP is not giving me the option of NAT Loopback and I don't know how to workaround it
Thanks in advance for the help!
-
I think that you should access this URL: https://nextcloud.mydomain.duckdns.org
-
/srv/dev-disk-by-uuid/
This is probably wrong: it should/must have also a series of numbers that identify the external drive.
otherwise you're making a folder "Appdata" inside the folder ".../dev-disk-by-uuid" on the root drive.
Will continue to help you in a few hours, if noone comes first.
I think that you should access this URL: https://nextcloud.mydomain.duckdns.org
This is only for subdomain, NOT subfolder
-
First I am not native
I am pretty sure you are. Somewhere
- URL=mydomain.duckdns.org #insert your domain name - yourdomain.url
- DUCKDNSTOKEN=mytokenYou need to add the token. Or did you remove it for privacy reasons? Than it is totally ok
If you use this URL, then you need to use this URL and subdomain to reach your server. This sounds like you are not trying like this
I cannot access Nextcloud (http://myip/nextcloud).
Also check the log files of your containers.
-
I think that you should access this URL: https://nextcloud.mydomain.duckdns.org
I use subfolders instead of subdomains, I think is also right
This is probably wrong: it should/must have also a series of numbers that identify the external drive.
otherwise you're making a folder "Appdata" inside the folder ".../dev-disk-by-uuid" on the root drive.
Will continue to help you in a few hours, if noone comes first.
This is only for subdomain, NOT subfolder
I edited, don't know if this is sensible data. Total path:
/srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/nextcloud/config:/config
I am pretty sure you are. Somewhere
You need to add the token. Or did you remove it for privacy reasons? Than it is totally ok
If you use this URL, then you need to use this URL and subdomain to reach your server. This sounds like you are not trying like this
Also check the log files of your containers.
I added the token (removed for privacy reasons)
I am not sure I understood, should I use for example nextcloud.mydomain.duckdns.org ?
Thanks for all comments!
-
Which file should I edit to increase the pm.max_children parameter?
I have not done it, but I assume it is
config_path/nextcloud/php/www2.conf
It's that file, yes.
After testing several configurations (and reading about it) I found that for my setup (me and the wife, and occasionally family access), the best option was with "pm = ondemand" instead of "dynamic"
Some food for thoughts:
PHP-FPM 'ondemand' Process Manager VS 'dynamic' | Webcore Community | Webcore Cloud
How To Prevent PHP-FPM From Consuming Too Much RAM in Linux (tecmint.com)
Editing the file, will make it something like:
Codepi@XXXXXXX:~ $ cat /srv/dev-disk-by-label-sd_configs/@appdata/nextcloud/config/php/www2.conf ; Edit this file to override www.conf and php-fpm.conf directives and restart the container ; Pool name [www] pm = ondemand pm.max_children = 70 pm.process_idle_timeout = 3s pm.max_requests = 200
If you want to keep "dynamic", then you need to edit the file with something like this:
Code
Alles anzeigenpi@XXXXXXX:~ $ cat /srv/dev-disk-by-label-sd_configs/@appdata/nextcloud/config/php/www2.conf ; Edit this file to override www.conf and php-fpm.conf directives and restart the container ; Pool name [www] pm = dynamic pm.max_children = 70 ; All these values will need to be "played" until you find the "sweet spot" pm.start_servers = 35 ; And this pm.min_spare_servers = 30 ; Also this one pm.max_spare_servers = 70 ; Again, this also pm.max_requests = 200 ; And ditto...
This is all "academic" and depends on your Hardware (processor/memory) and how many active accesses you have at any given time.
You will have to find/tune the best for your situation.
-
I edited, don't know if this is sensible data. Total path:
/srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/nextcloud/config:/config
The UUID can be showned with no problem: noone will be able to hack you with the ID of the disk,
I added the token (removed for privacy reasons)
I am not sure I understood, should I use for example nextcloud.mydomain.duckdns.org ?
That is a good policy, hide the token.
Now, some more pointers to your YML and config:
Since you're using "wildcard" with "duckdns" validation, and you used "subfolder", the way to access via WAN will need to be:
"https://<something>.mydomain.duckdns.org/nextcloud/" where <something> can be for eg. "www".
To be sure that SWAG is running OK, just fire up "https://www.mydomain.duckdns.org/" and the page with SWAG will show up.
As for your "config.php":
You need to add your Local IP as in:
-
The UUID can be showned with no problem: noone will be able to hack you with the ID of the disk,
That is a good policy, hide the token.
Now, some more pointers to your YML and config:
Since you're using "wildcard" with "duckdns" validation, and you used "subfolder", the way to access via WAN will need to be:
"https://<something>.mydomain.duckdns.org/nextcloud/" where <something> can be for eg. "www".
To be sure that SWAG is running OK, just fire up "https://www.mydomain.duckdns.org/" and the page with SWAG will show up.
As for your "config.php":
You need to add your Local IP as in:
Changed but same errors, tried https://www.mydomain.duckdns.org/ with and without www. Should I change the dbtype? I am a bit frustrated I don't know what is wrong....
PHP
Alles anzeigen<?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'trusted_proxies' => array ( 0 => 'swag', ), 'overwritewebroot' => '/nextcloud', 'overwrite.cli.url' => 'https://www.mydomain.duckdns.org/nextcloud', 'trusted_domains' => array ( 0 => 'https://myip:450', 1 => 'mydomain.duckdns.org', ), 'instanceid' => 'ocsznujt0lhn', 'passwordsalt' => 'xxx+xxx+xx', 'secret' => 'xxx/', 'dbtype' => 'sqlite3', 'version' => '21.0.2.1', 'installed' => true, );
-
I also add info of swag log I didn't detect anything wrong:
Code
Alles anzeigenActions Using Let's Encrypt as the cert provider SUBDOMAINS entered, processing Wildcard cert for enciclopedia.duckdns.org will be requested E-mail address entered: xxxx@gmail.com duckdns validation is selected the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org Certificate exists; parameters unchanged; starting nginx Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind, and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key. [cont-init.d] 50-config: exited 0. [cont-init.d] 60-renew: executing... The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am). [cont-init.d] 60-renew: exited 0. [cont-init.d] 70-templates: executing... [cont-init.d] 70-templates: exited 0. [cont-init.d] 90-custom-folders: executing... [cont-init.d] 90-custom-folders: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done.
From nextcloud:
Code
Alles anzeigen_ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io ------------------------------------- To support LSIO projects visit: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 1002 User gid: 100 ------------------------------------ [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 40-config: executing... [cont-init.d] 40-config: exited 0. [cont-init.d] 50-install: executing... [cont-init.d] 50-install: exited 0. [cont-init.d] 60-memcache: executing... [cont-init.d] 60-memcache: exited 0. [cont-init.d] 70-aliases: executing... [cont-init.d] 70-aliases: exited 0. [cont-init.d] 90-custom-folders: executing... [cont-init.d] 90-custom-folders: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services
-
I am a bit frustrated I don't know what is wrong....
Don't be, most of us have been where you are, but after having things running (and learning how it works) then it becomes easier.
Most of the times, it's better to start again fresh to clear all issues that might be preventing it from starting.
Start by deleting all folders that were created by the stack and then post your YML on a code box, hiding/masking only your PASSWORD; DUCKDNS TOKEN and the DOMAIN.
Then it's possible to edit it step by step and see what is wrong.
To delete the folders, according to the path you have, will be something like (make sure it's correct):
sudo rm -rf /srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/*
-
Don't be, most of us have been where you are, but after having things running (and learning how it works) then it becomes easier.
Most of the times, it's better to start again fresh to clear all issues that might be preventing it from starting.
Start by deleting all folders that were created by the stack and then post your YML on a code box, hiding/masking only your PASSWORD; DUCKDNS TOKEN and the DOMAIN.
Then it's possible to edit it step by step and see what is wrong.
To delete the folders, according to the path you have, will be something like (make sure it's correct):
sudo rm -rf /srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/*
Should I remove the containers? Or just delete the folders, adapt the stack and execute?
-
I deleted folders, images, containers, networks, recreate the Appdata, restart stack with the following code
Code
Alles anzeigenversion: "2" services: nextcloud: image: ghcr.io/linuxserver/nextcloud container_name: nextcloud environment: - PUID=1002 #change PUID if needed - PGID=100 #change PGID if needed - TZ=Europe/Berlin #change Time Zone if needed volumes: - /srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/nextcloud/config:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted - /srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/nextcloud/data:/data #/srv/dev-disk-by-label-disk1 needs to be adjusted depends_on: - mariadb #ports: # uncomment this and the next line if you want to bypass the proxy #- 450:443 restart: unless-stopped mariadb: image: ghcr.io/linuxserver/mariadb container_name: nextclouddb environment: - PUID=1002 #change PUID if needed - PGID=100 #change PGID if needed - MYSQL_ROOT_PASSWORD=mypassword #change password - TZ=Europe/Berlin #Change Time Zone if needed volumes: - /srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/nextclouddb:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted restart: unless-stopped swag: image: linuxserver/swag #swag is the replacement for letsencrypt (see link below) container_name: swag cap_add: - NET_ADMIN environment: - PUID=1002 #change PUID if needed - PGID=100 #change PGID if needed - TZ=Europe/Berlin # change Time Zone if needed - URL=mydomain.duckdns.org #insert your domain name - yourdomain.url - DUCKDNSTOKEN=mytoken - SUBDOMAINS=wildcard - VALIDATION=duckdns - EMAIL=mymail # define email; required to renew certificate volumes: - /srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/swag:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted ports: - 444:443 - 81:80 restart: unless-stopped
Nextcloud log
Code
Alles anzeigen[cont-init.d] 10-adduser: exited 0., [cont-init.d] 20-config: executing... , [cont-init.d] 20-config: exited 0., [cont-init.d] 30-keygen: executing... , generating self-signed keys in /config/keys, you can replace these with your own keys if required, Generating a RSA private key, .................................................................................+++++, ...........................................................+++++, writing new private key to '/config/keys/cert.key', -----, [cont-init.d] 30-keygen: exited 0., [cont-init.d] 40-config: executing... , [cont-init.d] 40-config: exited 0., [cont-init.d] 50-install: executing... , [cont-init.d] 50-install: exited 0., [cont-init.d] 60-memcache: executing... , [cont-init.d] 60-memcache: exited 0., [cont-init.d] 70-aliases: executing... , [cont-init.d] 70-aliases: exited 0., [cont-init.d] 90-custom-folders: executing... , [cont-init.d] 90-custom-folders: exited 0., [cont-init.d] 99-custom-files: executing... , [custom-init] no custom files found exiting..., [cont-init.d] 99-custom-files: exited 0., [cont-init.d] done., [services.d] starting services, [services.d] done.
Mariadb log (nextclouddb)
Code
Alles anzeigen2021-07-04 0:14:31 0 [Note] mysqld (mysqld 10.4.20-MariaDB-1:10.4.20+maria~bionic-log) starting as process 344 ..., 2021-07-04 0:14:31 0 [Note] InnoDB: Using Linux native AIO, 2021-07-04 0:14:31 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins, 2021-07-04 0:14:31 0 [Note] InnoDB: Uses event mutexes, 2021-07-04 0:14:31 0 [Note] InnoDB: Compressed tables use zlib 1.2.11, 2021-07-04 0:14:31 0 [Note] InnoDB: Number of pools: 1, 2021-07-04 0:14:31 0 [Note] InnoDB: Using SSE2 crc32 instructions, 2021-07-04 0:14:31 0 [Note] mysqld: O_TMPFILE is not supported on /tmp (disabling future attempts), 2021-07-04 0:14:31 0 [Note] InnoDB: Initializing buffer pool, total size = 256M, instances = 1, chunk size = 128M, 2021-07-04 0:14:31 0 [Note] InnoDB: Completed initialization of buffer pool, 2021-07-04 0:14:31 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority()., 2021-07-04 0:14:31 0 [Note] InnoDB: 128 out of 128 rollback segments are active., 2021-07-04 0:14:31 0 [Note] InnoDB: Creating shared tablespace for temporary tables, 2021-07-04 0:14:31 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ..., 2021-07-04 0:14:31 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB., 2021-07-04 0:14:31 0 [Note] InnoDB: 10.4.20 started; log sequence number 60976; transaction id 20, 2021-07-04 0:14:31 0 [Note] InnoDB: Loading buffer pool(s) from /config/databases/ib_buffer_pool, 2021-07-04 0:14:31 0 [Note] Plugin 'FEEDBACK' is disabled., 2021-07-04 0:14:31 0 [Note] InnoDB: Buffer pool(s) load completed at 210704 0:14:31, 2021-07-04 0:14:31 0 [Note] Server socket created on IP: '::'., 2021-07-04 0:14:31 0 [Note] Reading of all Master_info entries succeeded, 2021-07-04 0:14:31 0 [Note] Added new Master_info '' to hash table, 2021-07-04 0:14:31 0 [Note] mysqld: ready for connections., Version: '10.4.20-MariaDB-1:10.4.20+maria~bionic-log' socket: '/var/run/mysqld/mysqld.sock' port: 3306 mariadb.org binary distribution, 2021-07-04 0:14:33 0 [Note] mysqld (initiated by: root[root] @ localhost []): Normal shutdown, 2021-07-04 0:14:33 0 [Note] Event Scheduler: Purging the queue. 0 events, 2021-07-04 0:14:33 0 [Note] InnoDB: FTS optimize thread exiting., 2021-07-04 0:14:33 0 [Note] InnoDB: Starting shutdown..., 2021-07-04 0:14:33 0 [Note] InnoDB: Dumping buffer pool(s) to /config/databases/ib_buffer_pool, 2021-07-04 0:14:33 0 [Note] InnoDB: Buffer pool(s) dump completed at 210704 0:14:33, 2021-07-04 0:14:34 0 [Note] InnoDB: Removed temporary tablespace data file: "ibtmp1", 2021-07-04 0:14:34 0 [Note] InnoDB: Shutdown completed; log sequence number 60985; transaction id 23, 2021-07-04 0:14:34 0 [Note] mysqld: Shutdown complete, , Database Setup Completed, [cont-init.d] 40-initialise-db: exited 0., [cont-init.d] 90-custom-folders: executing... , [cont-init.d] 90-custom-folders: exited 0., [cont-init.d] 90-warning: executing... , [cont-init.d] 90-warning: exited 0., [cont-init.d] 99-custom-scripts: executing... , [custom-init] no custom files found exiting..., [cont-init.d] 99-custom-scripts: exited 0., [cont-init.d] done., [services.d] starting services, [services.d] done., 210704 00:14:35 mysqld_safe Logging to syslog., 210704 00:14:35 mysqld_safe Starting mysqld daemon with databases from /config/databases
Swag log
Code
Alles anzeigen[cont-init.d] 10-adduser: exited 0., [cont-init.d] 20-config: executing... , [cont-init.d] 20-config: exited 0., [cont-init.d] 30-keygen: executing... , generating self-signed keys in /config/keys, you can replace these with your own keys if required, Generating a RSA private key, .....+++++, writing new private key to '/config/keys/cert.key', -----, [cont-init.d] 30-keygen: exited 0., [cont-init.d] 50-config: executing... , Variables set:,
In the folder /srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/swag/nginx/proxy-confs created the file nextcloud.subfolder.conf as copy of nextcloud.subfolder.conf.sample, then deleted the sample file.
In the folder /srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/nextcloud/config/www/nextcloud/config
Original file
New file:
PHP
Alles anzeigen<?php $CONFIG = array ( 'memcache.local' => '\OC\Memcache\APCu', 'datadirectory' => '/data', 'trusted_proxies' => array ( 0 => 'swag', ), 'overwritewebroot' => '/nextcloud', 'overwrite.cli.url' => 'https://mydomain.duckdns.org/nextcloud', 'trusted_domains' => array ( 0 => 'mydomain.duckdns.org:443', ), );
Swag log after restart:
Code
Alles anzeigen[cont-init.d] 50-config: exited 0. [cont-init.d] 60-renew: executing... The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am). [cont-init.d] 60-renew: exited 0. [cont-init.d] 70-templates: executing... [cont-init.d] 70-templates: exited 0. [cont-init.d] 90-custom-folders: executing... [cont-init.d] 90-custom-folders: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done.
Nextcloud log after restart
Code
Alles anzeigen[cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-config: executing... [cont-init.d] 20-config: exited 0. [cont-init.d] 30-keygen: executing... using keys found in /config/keys [cont-init.d] 30-keygen: exited 0. [cont-init.d] 40-config: executing... [cont-init.d] 40-config: exited 0. [cont-init.d] 50-install: executing... [cont-init.d] 50-install: exited 0. [cont-init.d] 60-memcache: executing... [cont-init.d] 60-memcache: exited 0. [cont-init.d] 70-aliases: executing... [cont-init.d] 70-aliases: exited 0. [cont-init.d] 90-custom-folders: executing... [cont-init.d] 90-custom-folders: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done.
Now I test https://mydomain.duckdns.org/nextcloud
Inside of my network: Error connection TimeOut
Outside of my network: ER_CERT_COMMON_NAME_INVALID but using advanced settings I could allow the connection. If I connect to https://mydomain.duckdns.org I have the SWAG instance message, and through https://mydomain.duckdns.org/nextcloud I configured the connection.
So again, my problem is again through my internal network
-
n the folder /srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/swag/nginx/proxy-confs created the file nextcloud.subfolder.conf as copy of nextcloud.subfolder.conf.sample, then deleted the sample file.
You don't need to delete the sample, every time SWAG is restarted, it will create the file again,
But, let's try differently, since you're using wildcard:
1 - Delete the subfolder.conf: rm -f /srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/swag/nginx/proxy-confs/nextcloud.subfolder.conf
2 - rename the subdomain.conf: cp /srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/swag/nginx/proxy-confs/nextcloud.subdomain.conf.sample /srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/swag/nginx/proxy-confs/nextcloud.subdomain.conf
3 - Restart SWAG: docker restart swag
4 - Check the logs for errors: docker logs -f swag (exit with Ctrl+C)
Now, uncomment the "ports" on the "Nextcloud" service of the YML (lines #15 && #16):
Redploy the stack, and edit the "config.php" as per these instructions from Morlan, following the instructions after "nano config.php" :
RE: Nextcloud with Letsencrypt using OMV and docker-compose - Q&A
nano /srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/nextcloud/config/www/nextcloud/config.php
Restart Nextcloud and access it with "https://nextcloud.yoursubdomain.duckdns.org"
-
You don't need to delete the sample, every time SWAG is restarted, it will create the file again,
....
Again, deleted folders.
My new stack:
Code
Alles anzeigenversion: "2" services: nextcloud: image: ghcr.io/linuxserver/nextcloud container_name: nextcloud environment: - PUID=1002 #change PUID if needed - PGID=100 #change PGID if needed - TZ=Europe/Berlin #change Time Zone if needed volumes: - /srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/nextcloud/config:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted - /srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/nextcloud/data:/data #/srv/dev-disk-by-label-disk1 needs to be adjusted depends_on: - mariadb ports: # uncomment this and the next line if you want to bypass the proxy - 450:443 restart: unless-stopped mariadb: image: ghcr.io/linuxserver/mariadb container_name: nextclouddb environment: - PUID=1002 #change PUID if needed - PGID=100 #change PGID if needed - MYSQL_ROOT_PASSWORD=371e647ad4 #change password - TZ=Europe/Berlin #Change Time Zone if needed volumes: - /srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/nextclouddb:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted restart: unless-stopped swag: image: linuxserver/swag #swag is the replacement for letsencrypt (see link below) container_name: swag cap_add: - NET_ADMIN environment: - PUID=1002 #change PUID if needed - PGID=100 #change PGID if needed - TZ=Europe/Berlin # change Time Zone if needed - URL=mydomain.duckdns.org #insert your domain name - yourdomain.url - DUCKDNSTOKEN=mytoken - SUBDOMAINS=wildcard - VALIDATION=duckdns - EMAIL=mymail@gmail.com # define email; required to renew certificate volumes: - /srv/dev-disk-by-uuid-5e9600b0-9d65-44b6-8128-3435708c1d7d/Appdata/swag:/config #/srv/dev-disk-by-label-disk1 needs to be adjusted ports: - 444:443 - 81:80 restart: unless-stopped
Restarted the 3 containers:
Log Nextclouddb
Code
Alles anzeigen, Database Setup Completed, [cont-init.d] 40-initialise-db: exited 0., [cont-init.d] 90-custom-folders: executing... , [cont-init.d] 90-custom-folders: exited 0., [cont-init.d] 90-warning: executing... , , [cont-init.d] 90-warning: exited 0., [cont-init.d] 99-custom-scripts: executing... , [custom-init] no custom files found exiting..., [cont-init.d] 99-custom-scripts: exited 0., [cont-init.d] done., [services.d] starting services, [services.d] done., 210709 22:02:34 mysqld_safe Logging to syslog., 210709 22:02:34 mysqld_safe Starting mysqld daemon with databases from /config/databases
Log Nextcloud
Code
Alles anzeigen[cont-init.d] done., [services.d] starting services, [services.d] done., Could not open input file: /config/www/nextcloud/cron.php, Could not open input file: /config/www/nextcloud/cron.php, Could not open input file: /config/www/nextcloud/cron.php, [cont-finish.d] executing container finish scripts..., [cont-finish.d] done., [s6-finish] waiting for services., , [cont-init.d] 10-adduser: exited 0., [cont-init.d] 20-config: executing... , [cont-init.d] 20-config: exited 0., [cont-init.d] 30-keygen: executing... , generating self-signed keys in /config/keys, you can replace these with your own keys if required, Generating a RSA private key, ................................+++++, ............+++++, writing new private key to '/config/keys/cert.key', -----, [cont-init.d] 30-keygen: exited 0., [cont-init.d] 40-config: executing... , [cont-init.d] 40-config: exited 0., [cont-init.d] 50-install: executing... , [cont-init.d] 50-install: exited 0., [cont-init.d] 60-memcache: executing... , [cont-init.d] 60-memcache: exited 0., [cont-init.d] 70-aliases: executing... , [cont-init.d] 70-aliases: exited 0., [cont-init.d] 90-custom-folders: executing... , [cont-init.d] 90-custom-folders: exited 0., [cont-init.d] 99-custom-files: executing... , [custom-init] no custom files found exiting..., [cont-init.d] 99-custom-files: exited 0., [cont-init.d] done., [services.d] starting services, [services.d] done.
Log SWAG
Code
Alles anzeigen[cont-init.d] 10-adduser: exited 0., [cont-init.d] 20-config: executing... , [cont-init.d] 20-config: exited 0., [cont-init.d] 30-keygen: executing... , generating self-signed keys in /config/keys, you can replace these with your own keys if required, Generating a RSA private key, ........+++++, .........................................................+++++, writing new private key to '/config/keys/cert.key', -----, [cont-init.d] 30-keygen: exited 0., [cont-init.d] 50-config: executing... , Variables set:, 2 grep: /config/nginx/resolver.conf: No such file or directory Setting resolver to 127.0.0.11 grep: /config/nginx/worker_processes.conf: No such file or directory Setting worker_processes to 8 Created .donoteditthisfile.conf Using Let's Encrypt as the cert provider SUBDOMAINS entered, processing Wildcard cert for mydomain.duckdns.org will be requested E-mail address entered: mymail@gmail.com duckdns validation is selected the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org Generating new certificate Account registered. Requesting a certificate for *.mydomain.duckdns.org Hook '--manual-auth-hook' for mydomain.duckdns.org ran with output: OKsleeping 60 Saving debug log to /var/log/letsencrypt/letsencrypt.log Hook '--manual-auth-hook' for mydomain.duckdns.org ran with error output: % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 2 0 2 0 0 3 0 --:--:-- --:--:-- --:--:-- 3 Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/mydomain.duckdns.org/fullchain.pem Key is saved at: /etc/letsencrypt/live/mydomain.duckdns.org/privkey.pem This certificate expires on 2021-10-07. These files will be updated when the certificate renews. New certificate generated; starting nginx Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind, and add a new env variable "MAXMINDDB_LICENSE_KEY", set to your license key. [cont-init.d] 50-config: exited 0. [cont-init.d] 60-renew: executing... The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am). [cont-init.d] 60-renew: exited 0. [cont-init.d] 70-templates: executing... [cont-init.d] 70-templates: exited 0. [cont-init.d] 90-custom-folders: executing... [cont-init.d] 90-custom-folders: exited 0. [cont-init.d] 99-custom-files: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done.
I followed your instructions concerning the sample and created the file
Swag log
Code... The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am). [cont-init.d] 60-renew: exited 0. [cont-init.d] 70-templates: executing... ... [cont-init.d] 99-custom-files: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done.
config.php
PHP
Alles anzeigen<?php $CONFIG = array ( 'memcache.local' => '\OC\Memcache\APCu', 'datadirectory' => '/data', 'trusted_proxies' => array ( 0 => 'swag', ), 'overwrite.cli.url' => 'https://nextcloud.mydomain.duckdns.org', 'overwritehost' => 'nextcloud.mydomain.duckdns.org', 'overwriteprotocol' =>'https', 'trusted_domains' => array ( 0 => 'myip:445', 1 => 'nextcloud.mydomain.duckdns.org', ), );
Restarted nextcloud, log
Code
Alles anzeigen[cont-init.d] 10-adduser: exited 0., [cont-init.d] 20-config: executing... , [cont-init.d] 20-config: exited 0., [cont-init.d] 30-keygen: executing... , using keys found in /config/keys, ... [cont-init.d] 60-memcache: exited 0., [cont-init.d] 70-aliases: executing... , [cont-init.d] 70-aliases: exited 0., ... [cont-init.d] 99-custom-files: exited 0., [cont-init.d] done., [services.d] starting services, [services.d] done.
Again, problems, from my local IP I cannot access
I have a raspi with home assistant & adguard home, I don't know if somehow I can provide a rule for solve this problem....
-
0 => 'myip:445',
Change line #14 of the "config.php" to:
When you write in the browser "https://YOURinternalIP:450", the name will change to the normal URL.
That is OK and normal.
-
Tried,
After the warning ( MOZILLA_PKIX_error_self_signed_cert), I accepted but I got 504 Gateway time-out (nginx/1.18.0). Same with the duckdns address (ERR_CONNECTION_TIMED_OUT). It worked from external network. Any ideas?
PS: Please share a patreon/ buy-me-a-coffee link afterwards, appretiate your tips! Thanks for support
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!